The System Administrator's Guide to the Galaxy

1000base-cX A Gigabit Ethernet speci cation calling for a special 150-ohm twinaxial cable with two copper cores.
1000base-LX A Gigabit Ethernet speci cation support- ing long distances using singlemode ber optic cable.
1000base-sX A Gigabit Ethernet speci cation using multimode ber optic cable and supporting distances shorter than those supported by 100Base-LX.
1000base-t A Gigabit Ethernet speci cation that calls for CAT5e or CAT6 cable grades, using all four wire pairs and with a 100-meter maximum segment length.
1000base-X A collective term for the two Gigabit Eth- ernet ber optic con gurations, plus a short-run copper alternative.
100base-t A collective term for the 100Base-T4 and 100Base-TX speci cations.
100base-t4 An alternative Fast Ethernet speci cation that calls for four wire pairs of CAT3 UTP cable.
100base-tX The primary Fast Ethernet copper cable speci cation using two wire pairs on CAT5 cable, with a 100-meter maximum segment length.
100base-X A collective term for the 100Base-TX and 100Base-FX Fast Ethernet speci cations.
10base-FL A 10-Mbps Ethernet physical layer speci - cation calling for ber optic cable.
10Gbase-er A 10 Gigabit Ethernet LAN speci cation calling for singlemode ber optic cable and extra-long wavelength signaling.

10Gbase-ew A 10 Gigabit Ethernet WAN speci cation calling for singlemode ber optic cable and extra-long wavelength signaling.
10Gbase-Lr A 10 Gigabit Ethernet LAN speci cation calling for singlemode ber optic cable and long wave- length signaling.
10Gbase-Lw A 10 Gigabit Ethernet WAN speci ca- tion calling for singlemode ber optic cable and long wavelength signaling.
10Gbase-sr A 10 Gigabit Ethernet LAN speci cation calling for multimode ber optic cable and short wave- length signaling.
10Gbase-sw A 10 Gigabit Ethernet WAN speci ca- tion calling for multimode ber optic cable and short wavelength signaling.
10Gbase-t A 10 Gigabit Ethernet speci cation calling for copper-based UTP cables with a 100-meter maxi- mum segment length.
110 block A type of patch panel used for UTP cable connections in telecommunications rooms.
5-4-3 rule An Ethernet policy stating that a network can have as many as ve cable segments, connected by four repeaters, of which three of the segments can be mixing segments.
66 block A type of patch panel typically used for tele- phone cable connections in telecommunications rooms.
8p8c A type of modular connector used for UTP cables in a LAN environment. Similar to and often mistaken for the RJ45 connector.

abstract syntax The native format used by a computer to encode information generated by an application or process.
access control list (acL) A list of users, or groups of users, who are permitted to access a resource, as well as the degree of access each user or group is permitted.
active mode An FTP operational mode in which the client sends its IP address and an ephemeral port num- ber to the server, and the server initiates the connection establishment process.
ad hoc topology A type of wireless networking topol- ogy in which all of the network devices in the BSS are mobile or portable and there is no central access point or base station.
address resolution protocol (arp) A data-link layer protocol that resolves IP addresses into hardware addresses.
aDsL termination Unit-remote (atU-r) The hard- ware device located at the client side of an ADSL con- nection. Also called a DSL transceiver or a DSL modem. The ATU-R connects to the computer by using either
a USB port or a standard Ethernet network interface adapter. See also Asymmetrical Digital Subscriber Line (ADSL), Digital Subscriber Line Access Multiplexer (DSLAM).
asymmetrical Digital subscriber Line (aDsL) A point-to-point, digital WAN technology that uses standard telephone lines to provide consumers with high-speed Internet access, remote LAN access, and other services. The term “asymmetric” refers to the fact that the service provides a higher transmission rate for downstream than for upstream traf c. Downstream transmission rates can be up to 8.448 Mbps, whereas upstream rates range up to 640 Kbps. See also Digital Subscriber Line (DSL).

attenuation A type of signal degradation character- ized by a signal’s weakening in strength the longer it travels on a network medium.
authentication The process of verifying a user’s iden- tity, for the purpose of distinguishing legitimate users from uninvited guests.
authentication header (ah) One of the protocols used by IPsec to protect data as it is transmitted over the network. AH provides authentication, anti-replay, and data integrity services, but it does not encrypt the data.
authorization The process of verifying the level of ac- cess to a protected resource that an authenticated user should receive.
automatic MDI/MDIX con guration (Auto-MDIX) A feature by which Ethernet devices automatically con g- ure the crossover circuits needed to establish network connections.
autonegotiation A mechanism by which Ethernet systems sense the capabilities of the networks to which they are connected and adjust their speed and duplex status accordingly.
autonomous system (as) The largest and highest- level administrative unit on the Internet.
backbone A network segment that connects multiple other networks together, forming an internetwork.
backoff period An interval that Ethernet systems wait after a collision occurs before retransmitting their data.
baseband network A network that uses a medium that can carry only one signal at a time.
basic rate interface (bri) An ISDN service that consists of two 64-Kbps B channels plus one 16-Kbps D channel, enabling users to combine the B channels for a single 128-Kbps data pipe or use them separately. Also called 2B+D, BRI is the primary consumer ISDN service used for Internet access and remote network- ing. See also Integrated Services Digital Network (ISDN), Primary Rate Interface (PRI).

asynchronous transfer mode (atm)

A network communications technology based on 53-byte cells,

designed to carry voice, data, and video traf c over LANs and WANs at speeds ranging from 25.6 Mbps to 2.46 Gbps.

basic service set (bss) A geographical area within which properly equipped wireless stations can communicate.
basic service set identi er (BSSID) In wireless net- working, the 6-byte MAC address of the basic service set. In an ad hoc network, the BSSID is a randomly generated number.
bNc connector A type of bayonet connector used on RG-58 coaxial cables.
bootstrap protocol (bOOtp) An IP address assign- ment protocol, progenitor to DHCP, that can assign addresses but not reclaim them for reassignment.
border Gateway protocol (bGp) The exterior gateway routing protocol now in use on the Internet.
bounded media A type of network in which signals are restricted to a speci c location. Also known as wired media.
bridge A data-link layer device that splits a LAN into two separate collision domains and lters the packets passing between them by using their hardware ad- dresses.
bridge loop A condition that can occur when bridges or switches that have redundant paths through the network begin forwarding traf c in an endless cycle.
broadband network A network that uses a medium that can carry multiple signals simultaneously, by using a technique called multiplexing.
broadband over power lines (bpL) A data transmis- sion technology that is designed to supply homes with Internet access by using the public electric power grid.
broadcast domain The group of computers that will receive a broadcast message transmitted by any one of its members.
broadcast storm A type of switching loop in which broadcast packets are forwarded endlessly around the network.
buffer over ow A condition in which a program sends too much data to a buffer and the data spills over into an area of memory intended for another purpose.

bus topology An arrangement of network connections in which each node is connected to the next one, with both ends terminated to prevent signal re ection.
butt set The standard tool of a telephone network technician, consisting of a one-handed portable telephone with alligator clips for connecting to any accessible line.
cable certi er A handheld cable testing device that compares the actual performance levels of a cable to a set of standardized levels.
cable television (catv) network A private metropol- itan area network (MAN) constructed and owned by a cable television company for the purpose of delivering TV signals to customers in a particular region. Because the network technology they use is compatible with data networking, many CATV companies are now also in the business of providing Internet access to consum- ers by using the same network that delivers the televi- sion service. The downstream transmission rates for a CATV Internet connection far exceed those of standard dial-ups and most other consumer Internet solutions, and the cost is usually very competitive.
cache array routing protocol (carp) An application layer protocol that enables clients to route requests for speci c URLs to the proxy server containing that cached data.
caching-only server In DNS, a server that clients use to resolve names, but that is not the authoritative source for any domain.
carrier sense multiple access with collision avoid- ance (csma/ca) The media access control mecha- nism used by 802.11 wireless LANs, a variation of the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) mechanism used by Ethernet.
channel A division within a speci ed frequency band that enables multiple networks to coexist in the same area by using different parts of the available bandwidth.
channel bonding A technique for combining two 20-MHz 802.11n channels into one 40-MHz channel, increasing the network’s data transfer rate.

channel service unit/data service unit (csU/DsU)
A hardware device that terminates the end of a leased line connection and provides testing and diagnostic capabilities. See also leased line.
classless inter-Domain routing (ciDr) A subnet- ting method that enables administrators to place the division between the network bits and the host bits anywhere in the address, not just between octets. This makes it possible to create networks of various sizes.
client/server networking A computing model in which data processing tasks are distributed between clients—which request, display, and manipulate infor- mation—and servers, which supply and store informa- tion and resources.
collision In local area networking, a condition in which two computers transmit data at precisely the same time and their signals both occupy the same cable, causing data loss.
collision domain A group of network devices con- nected in such a way that if two devices transmit at the same time, a collision occurs.
convergence The process of updating the routing tables on all of a network’s routers in response to a change in the network (such as the failure or addition of a router).
count-to-in nity problem A condition that occurs when a router detects a failure in the network, modi es the appropriate entry in its routing table accordingly, and then has that entry updated by an advertisement from another router before it can broadcast it in its own advertisements. The routers then proceed to bounce their updates back and forth, increasing the metric for the same entry each time until it reaches in nity (16).
crimper A cable installer’s tool for attaching connec- tors to bulk cables.
crossover cable An unshielded twisted pair cable with the transmit pins in each connector wired to the receive pins in the other connector.
crosstalk A type of signal interference common to UTP cables, caused by signals from one wire bleeding over into another.

cut-through switch A type of switch that begins forwarding an incoming packet as soon as it reads the destination hardware address.
cyclical redundancy check (crc) An error-detection mechanism in which a computer performs a calculation on a data sample with a speci c algorithm and then transmits the data and the results of the calculation
to another computer. The receiving computer then performs the same calculation and compares its results to those supplied by the sender. If the results match, the data has been transmitted successfully. If the results do not match, the data has been damaged in transit.
data encapsulation The process by which information generated by an application is packaged for transmis- sion over a network by successive protocols operating at the various layers of the Open Systems Interconnec- tion (OSI) reference model.
datagram A term for the unit of data used by the Internet Protocol (IP) and other network layer protocols.
delayed acknowledgment A TCP packet acknowledg- ment method in which systems do not have to generate a separate acknowledgment message for every data message they receive.
demarc Short for demarcation point, the location where outside services enter a building.
demarc extension In a structured cabling system, the next device on the inside of a building adjacent to a demarc.
denial of service (Dos) A type of security attack that degrades the performance of a system by ooding it with incoming traf c.
dense wave division multiplexing (DwDm) A
data transmission technique used on SONET links
that calls for the use of devices called erbium-doped ber ampli ers (EDFAs), which are designed to am-
plify wavelengths in the 1,525–1,565-nanometer or 1,570–1,610-nanometer bands without converting them to electrical signals. This is a cheaper and more ef cient method of transmitting long-range optical signals than the optical-electrical-optical (OEO) regenerators they replace.

Dhcp relay agent A software module located in a computer or router on a particular network segment that enables the other systems on that segment to be serviced by a DHCP server located on a remote segment.
dig A name resolution utility that has largely replaced nslookup in most UNIX and Linux distributions.
Digital signal 1 (Ds1) A framing method used on leased lines that consists of 8-bit channels called Digital Signal 0s (DS0s), plus a framing bit used for synchronization.
Digital subscriber Line (DsL) A type of point-to- point, digital WAN connection that uses standard telephone lines to provide high-speed communica- tions. DSL is available in many different forms, includ- ing Asymmetrical Digital Subscriber Line (ADSL) and high-bit-rate Digital Subscriber Line (HDSL). The various DSL technologies differ greatly in their speeds and in the maximum possible distance between the installa- tion site and the telephone company’s nearest central of ce. DSL connections are used for many applica- tions, ranging from LAN and PBX interconnections to consumer Internet access. See also Asymmetrical Digital Subscriber Line (ADSL).
Digital subscriber Line access multiplexer (DsLam)
The hardware device located at the server side of an ADSL connection. See also ADSL Termination Unit- Remote (ATU-R), Asymmetrical Digital Subscriber Line (ADSL).
direct route A routing table entry for a destination on a local network.
Direct-sequence spread spectrum (Dsss) A type of radio frequency modulation used on 802.11 net- works that modulates the signal by using a digital code called a chip, which has a bit rate larger than that of the data signal.
distance vector protocol A routing protocol that uses metrics based on the number of hops to the destination.
distributed denial of service (DDos) A type of denial of service attack perpetrated by one attacker using remotely controlled computers scattered around the Internet.

distribution system (Ds) In wireless networking, an architectural element that connects basic service sets together.
domain An organizational construct used to build a hierarchy not unlike the directory tree in a le system, for the purpose of delegating responsibility for network administration.
Domain Name system (DNs) A database service that converts computer names to IP addresses and addresses back into names.
Dynamic Host Con guration Protocol (DHCP) A service that automatically con gures the TCP/IP client computers on a network by assigning them unique Internet Protocol (IP) addresses and other con guration parameters.
dynamic Nat A network address translation technique that translates each unregistered address to one of
the available registered addresses.
dynamic routing A method for updating routing tables in which routers use specialized protocols to automatically create routing table entries.
e-1 A dedicated telephone connection, also called a leased line, running at 2.048 Mbps. An E-1 is the closest European equivalent to a T-1. See also T-1, leased line.
e-3 A dedicated telephone connection, also called a leased line, running at 34.368 Mbps. An E-3 is the Euro- pean equivalent of a T-3. See also T-3, leased line.
electromagnetic interference (emi) A type of radia- tion that affects the quality of electrical signals traveling over a network medium.
encapsulating security payload (esp) One of the protocols used by IPsec to protect data as it is transmit- ted over the network. ESP provides encryption, authen- tication, anti-replay, and data integrity services.
end system On a TCP/IP network, a computer or other device that is the original sender or ultimate recipient of a transmission.

end-to-end principle A guiding principle of network design stating that it is inherently more ef cient to implement application functions in end systems rather than intermediate systems (routers).
enhanced interior Gateway routing protocol (eiGrp) A hybrid protocol developed in response to the complaints directed at RIP.
ephemeral port number A TCP or UDP port number of 1024 or higher, chosen at random by a TCP/IP client computer during the initiation of a transaction with a server.
evolved hspa Also known as HSPA+, a cellular com- munications standard that appeared in 2008 and is now widely implemented that can boost downstream data rates to 84 Mbps by using multiple-input, multiple- output (MIMO) technology.
extended service set (ess) In wireless networking, the combination of two or more basic service sets using a common service set identi er and the distribution system that connects them together.
extensible authentication protocol (eap) A shell protocol that enables systems to use various types of authentication mechanisms.
exterior gateway protocol (eGp) A type of routing protocol that updates the border routers in different autonomous systems.
F connector A type of screw-on connector used on various types of coaxial cable.
fast link pulse (FLp) A variation on the NLP signals used by 10Base-T and 10Base-FL networks that enables Ethernet devices to autonegotiate their speed and duplex status.
ber optic A type of cable that carries light pulse signals over conductors made of plastic or glass.
Fiber Optic inter-repeater Link (FOirL) An early Ethernet physical layer speci cation calling for ber optic cable.

File transfer protocol (Ftp) An application-layer TCP/IP protocol that enables an authenticated client to connect to a server and transfer les to and from its drives.
rewall A hardware or software product that protects a network from unauthorized access by outside parties while letting appropriate traf c through.
sh tape A tool used by cable installers to pull cables through walls and other closed spaces.
ow control A function of certain data transfer pro- tocols that enables a system receiving data to transmit signals to the sender instructing it to slow down or speed up its transmissions.
FLp burst A 16-bit data packet included within a burst of link pulses.
forwarder A DNS server that is deliberately con gured to receive recursive queries from other servers.
frame A unit of data that is constructed, transmit- ted, and received by data-link layer protocols such as Ethernet.
frame aggregation A data transmission technique that combines the payload data from several frames into one large frame, thus reducing the amount of over- head and increasing the information throughput of the network.
frame relay A WAN technology in which two systems are each connected to a frame relay network called
a cloud, and a virtual circuit is established between them through the cloud. The advantages of frame relay over a leased line are that the amount of bandwidth provided by the connection is exible and that one site can be connected to numerous other sites via multiple virtual circuits. See also leased line.
Frequency-hopping spread spectrum (Fhss) A type of radio frequency modulation used on 802.11b networks that uses a predetermined code or algorithm to dictate frequency shifts that occur continually, in discrete increments, over a wide band of frequencies.

Ftp bounce A type of security attack that involves the use of the Port command in the FTP protocol to gain access to ports in another computer that are otherwise blocked.
Fttx A generic term for various multimedia services that run on ber optic cable delivered close to the end user’s premises.
full-duplex A communication mode in which a device can transmit and receive data simultaneously.
fully quali ed domain name (FQDN) A complete DNS name that consists of a host and a domain path all the way up the tree structure to the root.
global unicast address The IPv6 equivalent of a regis- tered IPv4 address, routable worldwide and unique on the Internet.
half-duplex A communication mode in which data can only travel in one direction at a time.
hierarchical star topology An arrangement of net- work components consisting of two or more switches or hubs connected together and populated by network nodes.
high availability A design principle that calls for a system to achieve a previously determined level of performance and reliability.
high-bit-rate Digital subscriber Line (hDsL) A point-to-point, digital WAN technology used by telephone companies and other large corporations to transmit data at T-1 speeds.
honeypot A security tool in the form of a system de- signed to function as a lure for Internet attackers.
hop A unit of measurement used to quantify the length of a route between two computers on an internetwork, as indicated by the number of routers that packets must pass through to reach the destination system.
horizontal cross connect In structured cabling, a term referring to a switch or other device that connects horizontal cable runs together into a network.

host table An early name resolution mechanism for TCP/IP networks that consists of a simple text le con- taining a list of IP addresses and their equivalent host names.
hub A physical layer device—also known as a multiport repeater—that connects network nodes together by using a star topology.
hybrid topology An arrangement of network compo- nents that uses multiple network media with different cabling requirements.
hypertext transfer protocol (http) The application layer protocol largely responsible for web client/server communications.
hypertext transfer protocol secure (https) A variant of HTTP that uses the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) security protocols to provide data encryption and server identi cation services.
hypervisor Sometimes called a virtual machine moni- tor (VMM), the component in a virtualization product that creates and maintains the virtual machines running on a computer.
ieee 802.11 The base standard de ning the physical layer and media access control sublayer speci cations for a wireless LAN protocol.
ieee 802.11a An amendment to the original 802.11 standard that increases the maximum network trans- mission rate to 54 Mbps using the 5-GHz band.
ieee 802.11b An amendment to the original 802.11 standard that increases the maximum network trans- mission rate to 11 Mbps using the 2.4-GHz band.
ieee 802.11g An amendment to the original 802.11 standard that increases the maximum network trans- mission rate to 54 Mbps using the 2.4-GHz band.
ieee 802.11n An amendment to the original 802.11 standard that de nes several new technologies that can theoretically increase the maximum network transmis- sion rate to 600 Mbps using either the 2.4-GHz band or the 5-GHz band.

ifcon g An interface con guration program on UNIX and Linux systems.
impedance mismatch A type of signal distortion caused when signal echoes con ict with the original signals.
independent computing architecture (ica) A protocol developed by Cyrix Systems that provides communication between thin clients and network serv- ers. Thin clients are terminals that exchange keystrokes, mouse actions, and display data with servers that run the user operating system and applications.
indirect route A routing table entry for a destination on a network at least one hop away.
infrastructure topology A type of wireless network- ing topology in which there is at least one wireless ac- cess point that functions as a base station and provides access to wired network resources.
initial sequence number (isN) A number selected by each computer during the TCP connection establish- ment process that determines the values the system will use in the Sequence Number eld of the TCP header.
integrated services Digital Network (isDN) A dial-up communications service that uses standard telephone lines to provide high-speed digital com- munications. Originally conceived as a replacement for the existing analog telephone service, it never achieved its anticipated popularity. Today, ISDN is used in the United States primarily as an Internet access technol- ogy, although it is more commonly used for WAN con- nections in Europe and Japan. The two most common ISDN services are the Basic Rate Interface (BRI), which provides two 64-Kbps B channels and one 16-Kbps D (control) channel, and the Primary Rate Interface (PRI), which provides 23 64-Kbps B channels and one 64- Kbps D channel.
interframe gap shrinkage A measurement of the delay between packet transmissions.
interior gateway protocol (iGp) A type of routing protocol that updates the routers within a particular autonomous system.

intermediate distribution frame (iDF) In structured cabling, a telecommunications room that functions as a cabling nexus for a horizontal network.
intermediate system On a TCP/IP network, a router that relays traf c generated by an end system from one network to another.
intermediate system to intermediate system (is-is)
A link state routing protocol, developed at approxi- mately the same time as and very similar to OSPF.
internet assigned Numbers authority (iaNa) The organization responsible for assigning unique pa- rameter values for the TCP/IP protocols, including IP address assignments for networks and protocol number assignments.
internet control message protocol (icmp) A net- work layer TCP/IP protocol that carries administrative messages, particularly error messages and informa- tional queries.
internet engineering task Force (ietF) The primary standards-rati cation body for the TCP/IP protocol
suite and the Internet. The IETF publishes Requests for Comments (RFCs), which are the working documents for what eventually become Internet standards.
internet Group management protocol (iGmp) A protocol used by IP hosts to report their host group memberships to any immediately neighboring multicast routers.
internet key exchange (ike) A security protocol that provides a method for computers to exchange encryp- tion keys.
internet message access protocol (imap) An application layer protocol for a mailbox service that improves upon POP3’s capabilities by providing addi- tional email management capabilities.
internet protocol (ip) The primary network layer protocol in the TCP/IP suite. IP is the protocol that is ultimately responsible for end-to-end communications on a TCP/IP internetwork and includes functions such as addressing, routing, and fragmentation.

internet protocol control protocol (ipcp) A network control protocol designed to support the IP protocol.
internet security association and key management protocol (isakmp) A security protocol that provides the means for two systems to create and manage secu- rity associations.
intrusion detection system (iDs) A network protec- tion product that inspects incoming packets or system processes and examines them for evidence of malicious activity. When the IDS nds such evidence, it logs the activity, gathers information about the circumstances, and usually noti es an administrator.
intrusion prevention system (ips) A network protec- tion product, similar to an IDS, except that it is also designed to take speci c actions to prevent an attack when it detects one.
ip address A 32-bit address assigned to TCP/IP client computers and other network equipment that uniquely identi es that device on the network.
Ipcon g.exe A Windows command-line program that displays the computer’s TCP/IP con guration and provides DHCP control.
ipsec A series of standards that de ne a methodology for securing data as it is transmitted over a network.
ipv6 A new version of the Internet Protocol (IP) that expands the IP address space from 32 to 128 bits.
kerberos protocol An authentication protocol that uses tickets to coordinate the authentication of network clients and servers.
keystone connector A type of modular connector that snaps into a keystone wall plate.
late collision A collision that occurs after the last bit of data has left the transmitting system.
latency The delays that occur when a network contains so much traf c that nodes trying to send data experi- ence delays in gaining access to the network medium.
Layer 2 tunneling protocol (L2tp) A protocol used to establish virtual private network (VPN) connections across the Internet. See also virtual private network (VPN).

layer 3 switching A switching technique that uses virtual routers to connect VLANs together.
leased line A permanent telephone connection between two points that provides a predetermined amount of bandwidth at all times. See also T-1, T-3.
link aggregation A technique—also called bonding— that enables multiple network interface adapters in a single computer to combine their bandwidth.
link code word (Lcw) The elds within an FLP trans- mission that identify the capabilities of the transmitting device.
Link control protocol (Lcp) A protocol used by PPP to negotiate communication parameters that two ma- chines have in common.
link-local unicast address The IPv6 equivalent of an Automatic Private IP Addressing (APIPA) address in IPv4. All link-local addresses have the same network identi- er: a 10-bit FP of 11111110 10 followed by 54 zeroes.
link state routing A type of routing protocol that works by ooding the network with link state advertise- ments that contain sequence numbers that indicate the distance from the router to the source.
load balancing A technique that distributes incoming traf c equally among the multiple servers in a cluster.
local area network (LaN) A group of computers or other devices that share a common location and a com- mon medium, such as a particular type of cable.
Long term evolution (Lte) A cellular communications standard that is the next iteration of the Groupe Spécial Mobile (GSM) technology that rst appeared in the second generation (2G) and that became High Speed Packet Access (HSPA) in the third (3G). Although not yet compliant with the International Telecommunications Union (ITU) standard, 3GPP Long Term Evolution (LTE) is generally considered a 4G technology and supports downstream transmission rates of up to 300 Mbps.
loopback plug A cable testing device that plugs into the end of a cable and re ects all signals that reach it back to the source.

main distribution frame (mDF) In structured cabling, a telecommunications room that functions as a cabling nexus for a backbone network.
malware A generic term referring to any software that has a malicious intent, whether obvious or obscure.
man in the middle (mitm) A type of security attack in which the attacker interposes him or herself between two individuals who think they are communicating directly with each other.
maximum transmission unit (mtU) The largest physical packet size that a system can transmit over a network.
media access control (mac) A method by which computers determine when they can transmit data over a shared network medium.
media converter A physical layer device that connects two networks of the same type but that are using dif- ferent media, such as two Ethernet LANs using UTP and ber optic cables.
medium dependent interface (mDi) The connection between a network device, such as a network interface adapter or a switch, and the network medium.
medium dependent interface crossover (mDiX) An uplink port in a hub or switch.
mesh topology An arrangement of network compo- nents in which each node is connected to every other node.
mixing segment A length of Ethernet cable with more than two devices connected to it.
modem Short for modulator/demodulator, a hardware device that converts the digital signals generated by computers into analog signals suitable for transmis- sion over a telephone line, and back again. A dial-up connection between two computers requires a modem at each end, both of which support the same commu- nication protocols. Modems take the form of internal devices that plug into one of a computer’s expansion slots or external devices that connect to one of a com- puter’s serial ports.

modulation and coding schemes (mcses) A series of indexed combinations of factors used by the 802.11n standard to calculate theoretical data transfer rates.
mtU black hole A condition on a TCP/IP network in which router-based rewalls interfere with the Path MTU Discovery process.
mtU mismatch A condition on a TCP/IP network in which datagrams must be fragmented because they encounter networks with smaller MTUs than that of the network where the datagrams were created.
multicast A network transmission with a destination address that represents a group of computers on the network.
multifactor authentication A combination of two or more authentication methods that reduces the likeli- hood that an intruder will be able to successfully imper- sonate a user during the authentication process.
multifunction device A common term for a WAN router with other capabilities, such as switch ports, a wireless access point, and a DHCP server.
multilevel device A network connection device that spans levels 2 and 3 of the OSI model.
multiple channel architecture A technique for deploying multiple wireless access points in the same service set by using non-overlapping channels.
multiple-input multiple-Output (mimO) A physical layer enhancement that enables wireless devices to multiplex signals over a single channel, by using a tech- nique called Spatial Division Multiplexing (SDM).
multiplexing Any one of several techniques used to transmit multiple signals over a single cable or other network medium simultaneously.
multiport repeater Another term for a hub.
multipurpose internet mail extension (mime) A method for encoding various types of data for inclusion in email messages.

multisource agreement (msa) A type of standard created by manufacturers of networking products, de ning a socket used to build interchangeable Gigabit Ethernet physical layer modules.
name resolution A process by which the name of a network device is converted to an IP address.
Nbtstat.exe A Windows command-line program that displays information about the NetBIOS Over TCP/IP (NetBT) connections that Windows uses when commu- nicating with other computers running Windows on a TCP/IP network.
Netstat A command-line program that displays status information about the current network connections of a computer running TCP/IP and about the traf c gener- ated by the TCP/IP protocols.
Network address translation (Nat) A rewall technique that enables TCP/IP client computers using unregistered IP addresses to access the Internet.
Network control protocols (Ncps) Protocols used by PPP to negotiate connections for each of the network layer protocols they will use during a session.
network interface adapter The hardware imple- mentation of a data-link layer LAN protocol. Usually integrated into computer motherboards, network interface adapters are also available as expansion cards and external USB devices.
network interface card (Nic) Strictly, a network interface adapter provided on an expansion card, but in practice, the term may be used to refer to any network adapter, even if it is built into a motherboard.
Network terminator 1 (Nt-1) The hardware device on the client side of an ISDN installation that pro-
vides the straight tip (S/T) interface used to connect equipment to the service, such as ISDN telephones, fax machines, and the terminal adapter that connects to a computer. In some cases, the NT-1 is a separate piece of equipment, but it can also be integrated into a single unit along with a terminal adapter for installations in which only a single computer is to be connected to the service.

Network time protocol (Ntp) An application layer protocol designed to synchronize the clocks of comput- ers on packet-switching networks with varying degrees of latency.
node A device connected to a LAN.
nominal velocity of propagation (Nvp) A mea- surement of the speed at which signals travel over a network medium.
normal link pulse (NLp) Signals used to verify the integrity of a link between two devices.
Nslookup A command-line utility that generates DNS request messages and transmits them to speci c DNS servers on the network.
open circuit A type of wiring error in which one of the wires inside a cable is not connected to the pin at one end.
Open shortest path First (OspF) An interior gateway protocol that provides a link state protocol alternative to RIP.
Open systems interconnection (Osi) reference model A theoretical model used for reference and teaching purposes that divides the computer network- ing functions into seven layers: application, presenta- tion, session, transport, network, data-link, and physical (from top to bottom).
optical time domain re ectometer (OTDR) A ber optic cable tester that measures a cable’s length by transmitting a signal and measuring how long it takes to travel to the other end and back.
organizationally unique identi er (OUI) The rst three bytes of a network adapter’s hardware address, assigned to the device’s manufacturer by the IEEE.
Orthogonal Frequency Division multiplexing (OFDm) A type of radio frequency modulation used on 802.11 networks that uses multiple carriers run- ning in parallel at low signal rates to provide a data transmission rate that is similar to those of single carrier modulation types.

packet A unit of data that can be transmitted over a data network.
packet lter A basic type of rewall, in which the sys- tem implementing the lter examines each packet as it arrives and decides if it meets the criteria for admission to the network.
packet sniffer An application that intercepts and cap- tures packets as they are transmitted over a network.
packet switching A type of network communications in which messages are broken up into discrete units called packets and transmitted to the destination.
parallel detection The method by which an Ethernet system capable of autonegotiation reconciles its speed with a system that cannot negotiate.
passive mode An FTP operational mode in which the client sends a PASV command to the server, and the server sends its IP address and port number to the cli- ent, so that the client can initiate the connection.
passive optic network (pON) An arrangement in which data from an optical line terminal (OLT) runs through a single ber optic cable to a series of optical splitters near the subscribers’ premises.
password authentication protocol (pap) An authen- tication protocol that is seldom used because it uses unencrypted passwords.
peer-to-peer networking A networking system in which each computer can function both as a client and as a server.
peripheral network The outermost layer of a network with concentric layers of security, where the servers that must be accessible from the Internet, such as web, FTP, and SMTP servers, are placed.
phishing A type of security attack that consists of sending out an of cial-looking email message or letter to users that points them to a bogus website containing a form asking for personal information.
physical layer (phY) module A 10 Gigabit Ethernet hardware device that contains a transceiver and sup- ports a speci c cable and connector.

ping A command-line tool that speci es whether the TCP/IP stack of another system on the network is func- tioning normally.
plain Old telephone service (pOts) A common phrase referring to the Public Switched Telephone Network (PSTN), the standard copper-cable telephone network used for analog voice communications around the world.
plenum An air-handling space in a building where network cables are often located, typically the space between a dropped ceiling and the structural ceiling.
point-to-multipoint topology An arrangement of network components in which a single node transmits and multiple nodes receive the data.
point-to-point protocol (ppp) A data-link layer pro- tocol designed for use by WAN connections that consist of only two systems. Because there are only two devices involved, there is no need for the protocol to support complex procedures such as node addressing or media access control.
point-to-point protocol over ethernet (pppoe) A TCP/IP standard that provides a way to create individual PPP connections between computers on an Ethernet LAN and external services connected to the LAN by us- ing a broadband device such as a cable or DSL modem.
point-to-point topology An arrangement of network components consisting of two (and only two) nodes connected together.
point-to-point tunneling protocol (pptp) A data- link layer protocol used to provide secured communi- cations for virtual private network (VPN) connections. VPNs are private network connections that use the Internet as a network medium. To secure the data as it is transmitted across the Internet, the computers use
a process called tunneling, in which the entire data- link layer frame generated by an application process
is encapsulated within an IP datagram. This arrange- ment violates the rules of the OSI reference model, but it enables the entire PPP frame generated by the user application to be encrypted inside an IP datagram.

port address translation (pat) Also known as mas- querading, this network address method translates all the unregistered IP addresses on a network by using a single registered IP address.
port forwarding A technique in which a NAT router creates a mapping between a speci c registered IP ad- dress and port number and a speci c unregistered address on the private network. This mapping enables traf c that the NAT router would ordinarily block to pass through to its destination.
port mirroring A feature in some switches that takes the form of a port that runs in promiscuous mode, meaning that the switch copies all incoming traf c to that port, as well as to the dedicated destination ports.
port scanner A software product that displays all of the open ports on a computer or on a network’s computers.
positive acknowledgment with retransmission A description of the packet acknowledgment system that TCP uses, indicating that the destination system acknowledges only the messages that it received correctly.
Post Of ce Protocol version 3 (POP3) An application layer protocol designed to provide mailbox services
for client computers that are themselves not capable
of performing transactions with SMTP servers, such as clients that are only intermittently connected.
primary rate interface (pri) An ISDN service that consists of 23 64-Kbps B channels plus one 64-Kbps
D channel, providing an aggregate bandwidth equal
to that of a T-1 line. The B channels can be combined into a single data pipe, used individually, or used in any combination. The PRI service is rarely used in the United States but is a popular business service in Europe and Japan. See also Integrated Services Digital Network (ISDN).
private branch exchange (pbX) A telephone ex- change or switchboard that is wholly owned and oper- ated by a business or other private entity, rather than by a telephone company.

protocol data unit (pDU) A generic term for the data constructions created by the protocols operating at the various layers of the OSI reference model.
protocol stack The multilayered arrangement of com- munications protocols that provides a data path rang- ing from the user application to the network medium.
proxy server An application layer rewall technique that enables TCP/IP client systems to access Internet resources without being susceptible to intrusion from outside the network, and with centralized control and management.
pseudo-header A term used to describe a combina- tion of IP header elds that the TCP and UDP protocols include in their checksum calculations.
public key infrastructure (pki) A system in which every user has two keys, a public key and a private
key. Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the private key can only be decrypted by using the public key.
public switched telephone Network (pstN) The standard copper-cable telephone network used for analog voice communications around the world. Also known as Plain Old Telephone Service (POTS).
punchdown tool A device that cable installers use to connect the wires in a cable to the individual pins of a jack.
quality of service (Qos) A method for assigning pri- orities to various types of network traf c.
relative domain name A DNS name that speci es only the subdomain relative to a speci c domain context.
remote access server (ras) A host program that can respond to connection requests from remote comput- ers and provide access to a network.
remote authentication Dial in User service (raDiUs) A client/server protocol that provides auth- entication, authorization, and accounting services usu- ally for remote access servers.

remote Desktop protocol (rDp) A protocol created by Microsoft that enables their Remote Desktop Con- nection client and their Remote Desktop Services server to communicate.
request for comments (rFc) A document published by the Internet Engineering Task Force (IETF) that con- tains information about a topic related to the Internet or to the TCP/IP suite.
resolver The component in a DNS client that generates query messages.
resource record (rr) A type of informational unit in the DNS where host names, IP addresses, and other types of information are stored.
reverse address resolution protocol (rarp) A protocol in the TCP/IP suite that enables a client to broadcast a system’s hardware address and receive an IP address in return from a RARP server.
rG-58 A type of 50-ohm coaxial cable used in early thin Ethernet networks.
rG-59 A type of 75-ohm coaxial cable used for cable television networks.
rG-6 A type of 75-ohm coaxial cable used for cable television networks.
ring topology An arrangement of network compo- nents in which signals travel from node to node, even- tually ending up back at the source. A ring topology can be physical or logical.
rj11 A modular four-pin cable connector, typically used for telephone connections.
rj45 A modular eight-pin cable connector, used for telephone or LAN connections. The term is often used incorrectly when referring to an 8P8C connector.
root name server A DNS server that possesses infor- mation about all of the top-level domains in the DNS name space.
router A network layer device that connects two networks together. A router has two network interfaces that selectively relay traf c back and forth between the two networks.

routing information protocol (rip) A distance vec- tor routing protocol that is one of the most commonly used interior gateway protocols in the TCP/IP suite and on networks around the world.
routing table An internal table maintained by IP routers that contains information about the local and adjacent networks. Routers use their routing tables to determine where to send each packet they receive.
runt A type of packet on an Ethernet network that is shorter than the minimum allowable length, thus inter- fering with the collision detection mechanism.
scope In DHCP, a range of IP addresses on a particular subnet that a DHCP server uses as a pool for its lease assignments.
secret key encryption A system in which one charac- ter is substituted for another, based on a key specifying the letter replacements.
secure sockets Layer (ssL) A special-purpose security protocol that protects the data transmitted by servers and clients at the application layer.
security association (sa) A collection of security settings that speci es the keys and algorithms that two systems will use for protected communications.
service-dependent ltering A type of packet ltering that uses port numbers to determine whether packets should be admitted to the network.
service set identi er (SSID) A 32-bit name that iden- ti es a service set and all its members.
shielded twisted pair (stp) A type of network cable containing multiple pairs of wires that are twisted together and shielded and/or screened to minimize crosstalk.
short circuit A type of wiring error in which a pin at one end of the cable is connected to two or more pins at the other end.
silent rip A situation in which a RIP router processes incoming advertisement messages without advertising its own routing table.

simple mail transfer protocol (smtp) An application layer protocol that transfers email messages between servers and from clients to servers.
simple Network management protocol (sNmp) A TCP/IP application layer protocol and query language that specially equipped networking devices use to com- municate with a central management console.
single sign-on An environment in which users can ac- cess all of their allotted network resources with a single set of credentials.
sliding window A technique used to implement ow control in the TCP transport layer protocol. By acknowl- edging the number of bytes that have been successfully transmitted and specifying the number of bytes that it is capable of receiving, a computer on the receiving end of a data connection creates a “window” that consists of the bytes the sender is authorized to transmit.
smartjacks A feature of most network interface units. Smartjacks enable the network interface units to perform additional functions such as signal translation, signal regeneration, and remote diagnostics.
smurf attack A type of denial of service attack that involves ooding a network with Ping messages sent
to the network’s broadcast address. These messages also contain the IP address of the computer that is the intended victim. All of the computers receiving the broadcast, therefore, send their responses to the victim, ooding its in-buffers.
socket On a TCP/IP network, the combination of an Internet Protocol (IP) address and a port number, which together identify a speci c application process running on a speci c computer.
social engineering A practice in which an attacker with a friendly manner contacts a user by telephone, mail, or email; pretends to be an of cial of some sort; and gives some excuse for needing the user’s password or other con dential information.
spanning tree protocol (stp) A data-link layer proto- col that solves the problem of bridge loops by selecting a non-redundant subset of switches and deactivating the others until a fault occurs.

split pair A type of wiring fault in which both ends of a cable are miswired in exactly the same way, scrambling the wire pairs.
spyware A hidden program that gathers information about a user’s computer activities and sends it to some- one on the Internet.
ssiD mismatch A condition on wireless networks where devices are miscon gured to connect to an access point that is not broadcasting its SSID.
stackable hubs Hubs that can be linked together to expand their port density without Ethernet recognizing them as separate devices.
star topology An arrangement of network compo- nents in which each node is connected to a central cabling nexus, such as a switch or a hub.
stateful packet inspection (spi) A generic term for a process in which a router examines incoming packets more carefully than usual.
stateless address autocon guration An IPv6 process that automatically assigns a link-local unicast address to each interface in a computer.
static Nat (sNat) A network address translation tech- nique that translates multiple unregistered IP addresses to an equal number of registered addresses.
static routing A method for updating routing tables in which a network administrator manually creates the table entries.
store-and-forward switch A type of switch that waits until an entire incoming packet arrives before it begins forwarding any data out to the destination.
subnet A group of computers on a TCP/IP network that share a common network identi er.
subnet mask A TCP/IP con guration parameter that speci es which bits of the Internet Protocol (IP) address identify the host and which bits identify the network on which the host resides.

supernet A combination of contiguous networks that all contain a common CIDR pre x. When an organiza- tion possesses multiple contiguous networks that can be expressed as a supernet, it becomes possible to list those networks in a routing table using only one entry, instead of many.
switch A data-link layer device that lters packets based on their destination hardware addresses, for- warding incoming packets only to their destinations (if known).
switching loop A condition on a switched network where there are redundant switches providing multiple paths between destinations, and the switches forward packets back and forth to each other in endless loops.
synchronous Digital hierarchy (sDh) A physical layer standard that de nes a method for building a syn- chronous telecommunications network based on ber optic cables. Known as SONET in North America.
synchronous Optical Network (sONet) A physi- cal layer standard that de nes a method for building a synchronous telecommunications network based on ber optic cables. SONET provides connections at various optical carrier (OC) levels running at different speeds, ranging from 51.84 Mbps (OC-1) to 9,953.280 Mbps (OC-192).
t-1 A dedicated telephone connection, also called a leased line, running at 1.544 Mbps. A T-1 line consists of 24 64-Kbps channels, which can be used separately, in combinations, or as a single data pipe. Large companies use T-1 lines for both voice and data traf c; smaller companies can lease part of a T-1, which is called a fractional T-1 service. Although it uses the telephone network, a T-1 used for data networking does not use
a dial-up connection; it is permanently connected to a speci c location. See also leased line.
t-3 A dedicated telephone connection, also called a leased line, running at 44.736 Mbps. See also leased line.
telepole A telescoping tool used by cable installers to extend cables through closed spaces, such as dropped ceilings.

telnet A terminal emulation program that provides users with access to a text-based interface on a remote system.
temperature monitor A device designed to track the environmental conditions in a telecommunications room.
terminal access controller access-control system (tacacs) A centralized logon solution that enables users who successfully authenticate to one system to access other systems as well.
terminal adapter A hardware component used to connect a TE2 device to an ISDN connection. The ter- minal adapter plugs into the straight tip (S/T) interface provided by the NT-1. In some cases, a terminal adapter and an NT-1 are integrated into a single unit, which is speci cally designed for installations in which a com- puter will be the only device using the ISDN connection. See also Integrated Services Digital Network (ISDN), Network Terminator 1 (NT-1).
three-way handshake The process that TCP uses to establish a connection between two computers.
time domain re ectometry (TDR) A cable testing technology that measures a cable’s length by transmit- ting a signal and measuring how long it takes to travel to the other end and back.
tone generator and locator A cable testing tool that consists of a device that transmits a signal over a wire or cable and another device that detects the signal.
top-level domain (tLD) A domain located one level below the root domain, which functions as a registrar for domains at the second level.
traceroute A command-line tool that displays the path that packets take through an internetwork to their destination.
traf c analysis A technique for deriving information based on the pattern and frequency of messages trans- mitted over a network, rather than their contents.

traf c shaping A means of prioritizing packets with- out prior negotiation between applications and routers and without tagging packets.
transfer syntax A format used to encode application information for transmission over a network.
transmission control protocol (tcp) A transport layer protocol used to transmit data generated by applications, such as entire les. TCP is a connection- oriented protocol that provides guaranteed delivery service, packet acknowledgment, ow control, and error detection.
transparent bridging The technique by which bridges compile their own address tables from the information in the packets they read.
transport Layer security (tLs) A method for encrypting tunneled traf c to protect the privacy of communications.
trivial File transfer protocol (tFtp) A minimized, low-overhead version of FTP that can transfer les across a network without authentication.
trojan horse A non-replicating program that appears to perform an innocent function, but which in reality has another, more malicious, purpose.
truncated binary exponential backoff In the CSMA/ CD MAC mechanism, an algorithm that Ethernet sys- tems use in response to a collision to calculate how long they will wait before retransmitting.
trunking A method for connecting switches that enables the members of a VLAN on one switch to communicate with members of the same VLAN on another switch.
tunneling A technique for transmitting data over a network by encapsulating it within another protocol. For example, Novell NetWare networks at one time supported TCP/IP only by encapsulating IP datagrams within NetWare’s native Internetwork Packet Exchange (IPX) protocol. The Point-to-Point Tunneling Protocol (PPTP) also uses tunneling to carry Point-to-Point Pro- tocol (PPP) frames inside IP datagrams.

unbounded media A type of network medium that has no natural restrictions to signal access. Also known as wireless media.
unique local unicast addresses The IPv6 equivalent of the 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 private network addresses in IPv4.
unshielded twisted pair (Utp) A type of network cable containing multiple pairs of wires that are twisted together to minimize crosstalk.
User Datagram protocol (UDp) A connectionless transport layer protocol used for short transactions, usually consisting of a single request and reply. UDP keeps overhead low by supplying almost none of the services provided by its connection-oriented transport layer counterpart, TCP.
vertical cross connect In structured cabling, a term referring to a switch or other device that connects hori- zontal cable runs to a backbone network.
virtual LaN (vLaN) A network layer technology built into some switches that enables administrators to create logical subnets that exist only in the switches themselves.
virtual private network (vpN) A technique for con- necting to a network at a remote location using the Internet as a network medium. A user can dial into a lo- cal Internet service provider (ISP) and connect through the Internet to a private network at a distant location, using a protocol such as the Point-to-Point Tunneling Protocol (PPTP) to secure the private traf c.
virtualization A process that adds a layer of abstrac- tion between actual, physical hardware and the system making use of it. The intervening component, called a hypervisor, creates a virtual machine environment, and an operating system runs in that environment.
virus A type of program that replicates by attaching itself to an executable le or a computer’s boot sector and performs a speci ed action—usually some form of damage—at a prearranged time.

voltage event recorder A monitoring device that tracks the quality of the power supply in a telecommu- nications room.
vulnerability scanner A software program that attempts to discover weaknesses in the security of a network and its computers.
war driving The process of cruising around a neigh- borhood with a scanner, looking for unprotected wire- less networks to which to connect.
well-known port TCP/IP port numbers that have been permanently assigned to speci c applications and services by the Internet Assigned Numbers Authority (IANA).
wide area network (waN) A network that spans a large geographical area using long-distance point-to- point connections, rather than shared network media, as with a local area network (LAN). WANs can use a va- riety of communication technologies for their connec- tions, such as leased telephone lines, dial-up telephone lines, and ISDN or DSL connections. The Internet is the ultimate example of a WAN. See also local area network (LAN).
wi-Fi protected access (wpa) A method for encrypt- ing wireless communications that improves upon the privacy provided by WEP.
wired equivalent privacy (wep) A method for encrypting wireless communications that is standard- ized and widely deployed, but that suffers from serious well-exploited vulnerabilities.

wireless access point (wap) A stand-alone wireless device or a wireless-equipped computer that is also connected to a bounded network via a cable, and that provides other wireless devices with access to the wired network resources.
wiremap tester A simple type of cable tester that con- nects to each of the wires in a cable and detects faults such as opens and shorts.
worldwide interoperability for microwave access (wimaX) A metropolitan area network (MAN) stan- dard offering transfer rates up to 75 Mbps for mobile devices and ranges up to 50 kilometers.
worm A program that replicates itself across a network by taking advantage of weaknesses in computer oper- ating systems.
worst case path The route between the two most distant systems on the network, in terms of cable length and number of hubs.
zone An administrative unit used to subdivide DNS domains.
zone transfer A process by which DNS servers rep- licate their data for fault tolerance and performance purposes.

The System Administrator's Guide to the Galaxy

Thursday, April 13, 2017

Switch between Full Server and Server Core with Windows Server 2012 R2

Monday, January 9, 2017

Intro to DevOps Webinar by The Linux Foundation

Saturday, April 2, 2016

Network+ Study Guide

Blog Archive

About Me