CompTIA Network+ N10-008 Study Guide

Course: TCP/IP, Routing, and Wireless Networking Source basis: Coursera course videos and readings reviewed on 2026-06-19 Purpose: Exam-focused study notes for TCP/IP, routing, network services, DNS, security, VLANs, and switch features.

Course Map

Module 1: TCP/IP Basics
Module 2: Routing
Module 3: TCP/IP Applications
Module 4: Network Naming
Module 5: Securing TCP/IP
Module 6: Switch Features

High-Yield Memory Anchors

IPv4 is 32-bit; IPv6 is 128-bit.
ARP maps IPv4 addresses to MAC addresses on a local network.
A subnet mask separates network bits from host bits.
CIDR slash notation tells how many network bits are in the mask.
Default gateway is the router a host uses to reach remote networks.
NAT lets private IP hosts communicate through public IP addresses.
TCP is connection-oriented; UDP is connectionless.
DNS maps names to IP addresses and other service records.
SSH replaces Telnet for secure remote CLI access.
NTP synchronizes time and is security-relevant.
VLANs create separate Layer 2 broadcast domains.
Trunks carry multiple VLANs between switches.
InterVLAN routing is required for hosts in different VLANs to communicate.

Module 1: TCP/IP Basics

IP Addressing And Binary

IPv4 addresses are 32-bit numbers written as four decimal octets. Each octet represents 8 bits and ranges from 0 to 255.

Example:

192.168.1.10 equals four octets.
Each octet can be translated into binary.
Binary place values in an octet are 128, 64, 32, 16, 8, 4, 2, 1.

Exam skill:

Convert simple binary octets to decimal.
Recognize valid and invalid IPv4 addresses.
Understand that an IP address alone is incomplete without a subnet mask or prefix length.

ARP

ARP, Address Resolution Protocol, resolves an IPv4 address to a MAC address on the local network.

Process:

Host needs to send to a local IPv4 destination.
Host checks ARP cache.
If no entry exists, host broadcasts an ARP request.
The owner of the IPv4 address replies with its MAC address.
Sender uses that MAC address in the Ethernet frame.

Important exam distinctions:

ARP is local to the broadcast domain.
Routers do not forward ARP broadcasts between networks.
If the target is remote, the host ARPs for the default gateway MAC address, not the remote host MAC.

Subnet Masks

A subnet mask identifies which bits are network bits and which bits are host bits.

Common masks:

/8 = 255.0.0.0
/16 = 255.255.0.0
/24 = 255.255.255.0
/25 = 255.255.255.128
/26 = 255.255.255.192
/27 = 255.255.255.224
/28 = 255.255.255.240
/29 = 255.255.255.248
/30 = 255.255.255.252

Host formula for IPv4:

Usable hosts per subnet = 2 host bits minus 2.
The all-zero host address is the network address.
The all-one host address is the broadcast address.

Classful Addressing

Classful addressing is older but still exam-relevant.

Class A: 1.0.0.0 through 126.0.0.0, default /8.
Class B: 128.0.0.0 through 191.255.0.0, default /16.
Class C: 192.0.0.0 through 223.255.255.0, default /24.
Class D: 224.0.0.0 through 239.255.255.255, multicast.
Class E: 240.0.0.0 through 255.255.255.255, experimental/reserved.

127.0.0.0/8 is loopback, not a normal Class A host network.

CIDR Subnetting

CIDR, Classless Inter-Domain Routing, uses slash notation instead of rigid classful boundaries.

Important tasks:

Determine network address.
Determine broadcast address.
Determine usable host range.
Determine number of subnets or hosts.
Identify whether two hosts are in the same subnet.

Quick block sizes in the interesting octet:

/25 block size 128
/26 block size 64
/27 block size 32
/28 block size 16
/29 block size 8
/30 block size 4

Example:

192.168.10.77/26
/26 mask is 255.255.255.192.
Block size is 64.
Subnets begin at .0, .64, .128, .192.
77 is in the .64 subnet.
Network: 192.168.10.64
Broadcast: 192.168.10.127
Usable range: 192.168.10.65 through 192.168.10.126

Static And Dynamic Addressing

Static addressing is manually configured. It is useful for routers, servers, printers, infrastructure, and anything that must be predictable.

Dynamic addressing usually uses DHCP. DHCP leases IP configuration to clients.

DHCP commonly provides:

IP address
Subnet mask
Default gateway
DNS servers
Lease duration

DHCP process memory aid: DORA.

Discover
Offer
Request
Acknowledge

Special IP Addresses

Know these:

127.0.0.1: IPv4 loopback.
169.254.0.0/16: APIPA/link-local self-assigned IPv4.
0.0.0.0: Unspecified address or default route representation.
255.255.255.255: Limited broadcast.
Private IPv4 ranges:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
IPv6 loopback: ::1
IPv6 link-local: fe80::/10
IPv6 unique local: fc00::/7, commonly fd00::/8 in practice.

Module 1 Troubleshooting Cues

169.254.x.x address: DHCP failed.
Can ping loopback but not gateway: local stack works; check NIC, cable, VLAN, IP/mask.
Can ping gateway but not internet: check routing, DNS, NAT, firewall.
Can reach IP but not hostname: suspect DNS.
Wrong mask: hosts may think remote networks are local or local hosts are remote.

Module 2: Routing

Router Purpose

Routers connect IP networks. A router receives packets, checks the destination IP address, consults its routing table, and forwards traffic toward the next hop.

Key concepts:

Routers separate broadcast domains.
Routers operate primarily at Layer 3.
Hosts use a default gateway to reach nonlocal networks.
Routing tables contain connected, static, dynamic, and default routes.

Understanding Ports

In this course context, "ports" can mean physical interfaces or Layer 4 application ports.

Physical/router ports:

WAN interface
LAN interface
Console port
Ethernet interfaces
SFP/SFP+ interfaces

Layer 4 ports:

TCP/UDP numbers that identify services.
Used by firewalls, NAT, and port forwarding rules.

Network Address Translation

NAT translates IP addresses, often private internal addresses to a public external address.

Types:

Static NAT: One-to-one mapping.
Dynamic NAT: Pool-based mapping.
PAT/NAT overload: Many internal hosts share one public IP using port numbers.

PAT is what most homes and small offices use.

Why NAT matters:

Conserves IPv4 public addresses.
Hides internal private address structure.
Allows outbound internet access from private networks.

NAT is not a complete security control by itself. It is often paired with firewall behavior.

Port Forwarding

Port forwarding allows inbound traffic from the internet to reach an internal host.

Example:

Public IP TCP 443 forwards to internal web server 192.168.1.50 TCP 443.

Security note:

Forward only necessary ports.
Prefer VPN or secure reverse proxy designs for sensitive services.
Keep internal systems patched.

SOHO vs Enterprise Routing

SOHO routers often combine:

Router
Switch
Wireless AP
Firewall
DHCP server
NAT/PAT

Enterprise networks usually separate these functions across dedicated devices or managed platforms.

Enterprise routers support more advanced:

Routing protocols
Redundancy
ACLs
Interface types
Monitoring
Logging
High availability

Static Routes

Static routes are manually configured.

Use cases:

Small networks.
Default route to ISP.
Stub networks.
Backup routes.
Predictable paths.

Pros:

Simple.
Low overhead.
Predictable.

Cons:

Does not automatically adapt to failures.
Administrative burden in larger networks.

Dynamic Routing

Dynamic routing protocols let routers exchange route information.

Benefits:

Adapts to topology changes.
Scales better than manual static routes.
Helps redundant networks converge after failures.

Costs:

More complexity.
Uses CPU, memory, and bandwidth.
Misconfiguration can cause routing problems.

RIP

RIP is an older distance-vector routing protocol.

Know:

Uses hop count as metric.
Maximum 15 hops; 16 is unreachable.
Slow convergence compared with modern protocols.
Mostly legacy but exam-relevant.

OSPF

OSPF is a link-state interior gateway protocol.

Know:

Uses cost as metric.
Builds a topology database.
Supports areas.
Area 0 is backbone area.
Faster convergence than RIP.
Common in enterprise networks.

BGP

BGP is the major exterior gateway protocol of the internet.

Know:

Path-vector protocol.
Routes between autonomous systems.
Uses AS path and policy decisions.
Runs over TCP 179.
Used by ISPs, large enterprises, and internet edge routing.

Module 2 Troubleshooting Cues

Local subnet works, remote subnet fails: check default gateway and routes.
Outbound internet works, inbound server fails: check port forwarding, firewall, and NAT.
Route exists but wrong next hop: check static route.
Dynamic routing unstable: check neighbor relationships, protocol settings, timers, authentication, and advertised networks.

Module 3: TCP/IP Applications

TCP vs UDP

TCP:

Connection-oriented.
Uses three-way handshake.
Provides sequencing, acknowledgments, retransmission, and flow control.
Used where reliability matters.

UDP:

Connectionless.
Lower overhead.
No built-in retransmission or ordering.
Used for speed, broadcasts, or applications that handle reliability themselves.

Examples:

TCP: HTTP, HTTPS, SSH, SMTP, IMAP.
UDP: DNS queries, DHCP, VoIP/RTP, NTP, SNMP traps.

ICMP And IGMP

ICMP supports diagnostic and control messages.

Common uses:

ping uses ICMP echo request/reply.
traceroute uses TTL expiration behavior.
Destination unreachable messages.

IGMP manages IPv4 multicast group membership.

Handy Tools

Know these tools:

ping: Basic reachability and latency.
ipconfig/ifconfig/ip: View and configure IP settings.
tracert/traceroute: View path to destination.
nslookup/dig: DNS queries.
netstat/ss: Connections and listening ports.
arp: ARP cache.
route: Routing table.
Wireshark/tcpdump: Packet capture.

Wireshark

Wireshark captures and decodes network traffic.

Use it to:

Inspect frames, packets, and protocol fields.
Verify ARP, DNS, TCP handshakes, TLS negotiation, and errors.
Troubleshoot application conversations.

Exam caution:

Packet captures can expose sensitive data.
Use filters to narrow traffic.

Netstat

Netstat shows network connections and listening ports.

Use cases:

Identify open ports.
See established connections.
Match ports to processes on some systems.
Confirm whether a service is listening.

Web Servers

Common web ports:

HTTP: TCP 80
HTTPS: TCP 443

Web troubleshooting:

Can resolve name?
Can connect to port?
Is TLS certificate valid?
Is server service running?
Is firewall/NAT allowing traffic?

FTP

FTP uses TCP 21 for control. Traditional active/passive FTP can involve additional data connections.

Security point:

FTP is not encrypted.
Use SFTP or FTPS when confidentiality is required.

Email Servers And Clients

Common email protocols:

SMTP: Sends mail between servers and from clients to servers.
POP3: Downloads mailbox content to client.
IMAP: Synchronizes mailbox state with server.

Common ports:

SMTP: TCP 25
SMTP submission: TCP 587
SMTPS: TCP 465
POP3: TCP 110
POP3S: TCP 995
IMAP: TCP 143
IMAPS: TCP 993

Securing Email

Email security concerns:

Encryption in transit.
Authentication.
Spam/phishing controls.
Certificate validation.

Common records/tools:

SPF: Identifies permitted sending servers.
DKIM: Signs messages.
DMARC: Policy and reporting based on SPF/DKIM alignment.

Telnet And SSH

Telnet:

TCP 23.
Unencrypted.
Legacy and insecure.

SSH:

TCP 22.
Encrypted remote shell.
Preferred for secure administration.

NTP

NTP synchronizes clocks.

Port:

UDP 123.

Why it matters:

Kerberos depends on time accuracy.
Logs need accurate timestamps.
Certificates rely on validity periods.
Troubleshooting requires consistent time.

Module 4: Network Naming

DNS Fundamentals

DNS resolves names to records, most commonly hostnames to IP addresses.

Common record types:

A: Hostname to IPv4.
AAAA: Hostname to IPv6.
CNAME: Alias to canonical name.
MX: Mail exchanger.
NS: Authoritative name server.
PTR: Reverse lookup.
TXT: Text records, often verification/SPF.
SRV: Service locator.

DNS uses UDP 53 for most queries and TCP 53 for zone transfers and large responses.

Applying DNS

DNS hierarchy:

Root.
Top-level domain.
Domain.
Subdomain/host.

Recursive resolver:

Does lookup work on behalf of client.

Authoritative server:

Holds authoritative records for a zone.

Caching:

Improves performance.
Controlled by TTL.
Can cause old records to persist until TTL expires.

Windows Name Resolution

Windows environments may use several name mechanisms:

DNS.
Local hosts file.
NetBIOS/legacy methods.
LLMNR in some environments.

Exam focus:

Modern networks should rely primarily on DNS.
Legacy name resolution can create security and troubleshooting issues.

Dynamic DNS

Dynamic DNS updates DNS records automatically when IP addresses change.

Use cases:

Home/SOHO dynamic public IP.
Internal DHCP clients updating DNS.
Remote access to changing IP endpoints.

DNS Troubleshooting

Process:

Check IP connectivity first.
Query known DNS server.
Compare name vs direct IP access.
Check correct DNS server settings.
Check record type.
Check TTL/caching.
Check authoritative records.

Tools:

nslookup.
dig.
ipconfig /flushdns on Windows.
resolvectl/systemd-resolve on Linux systems using systemd-resolved.

Module 5: Securing TCP/IP

Making TCP/IP Secure

TCP/IP was not originally designed around modern hostile networks. Security layers add confidentiality, integrity, authentication, authorization, and accountability.

Important security goals:

Confidentiality: Keep data private.
Integrity: Detect or prevent unauthorized changes.
Availability: Keep services usable.

Symmetric Encryption

Symmetric encryption uses the same key for encryption and decryption.

Pros:

Fast.
Good for bulk data encryption.

Cons:

Key distribution problem.

Examples:

AES.
ChaCha20.

Asymmetric Encryption

Asymmetric encryption uses a public/private key pair.

Uses:

Key exchange.
Digital signatures.
Certificate-based trust.

Pros:

Solves key exchange and identity problems.

Cons:

Slower than symmetric encryption.

Cryptographic Hashes

A hash produces a fixed-length digest from input data.

Properties:

One-way.
Sensitive to input changes.
Used for integrity verification.

Examples:

SHA-256.
SHA-3.

Avoid weak/deprecated hashes such as MD5 and SHA-1 for security-sensitive uses.

Identification, Authentication, Authorization, Accounting

Identification:

Claiming an identity, such as username.

Authentication:

Proving identity, such as password, token, certificate, biometric.

Authorization:

Determining what authenticated identity can access.

Accounting:

Logging and tracking actions.

AAA means Authentication, Authorization, and Accounting.

Access Control

Access control limits who or what can access resources.

Models:

Least privilege.
Role-based access control.
Mandatory access control.
Discretionary access control.

Network examples:

ACLs.
Firewall rules.
Switch port security.
802.1X.

Kerberos And EAP

Kerberos:

Ticket-based authentication.
Common in Windows Active Directory.
Requires time synchronization.

EAP:

Extensible Authentication Protocol.
Framework used by 802.1X and wireless authentication methods.

Single Sign-On

SSO lets users authenticate once and access multiple systems.

Benefits:

Better user experience.
Centralized authentication.
Easier policy enforcement.

Risks:

Identity provider becomes highly critical.
Compromised SSO account can have broad impact.

Certificates And Trust

Certificates bind public keys to identities. A certificate authority signs certificates so clients can validate trust.

Important certificate concepts:

CA.
Root CA.
Intermediate CA.
Subject/SAN.
Expiration.
Revocation.
Chain of trust.

Certificate error scenarios:

Expired certificate.
Name mismatch.
Untrusted CA.
Revoked certificate.
Wrong date/time on client.
Missing intermediate certificate.

Module 6: Switch Features

Switch Management

Managed switches support configuration and monitoring.

Common management features:

VLANs.
Trunking.
STP.
SNMP.
SSH.
Logging.
Port security.
QoS.
Link aggregation.

Secure management:

Use SSH instead of Telnet.
Use strong credentials.
Restrict management VLAN/access.
Keep firmware updated.
Disable unused services.

VLANs

VLANs divide a switch into separate Layer 2 broadcast domains.

Benefits:

Segmentation.
Smaller broadcast domains.
Better security boundaries.
Organizational flexibility.

Important:

Hosts in different VLANs need routing to communicate.
Access ports carry one VLAN.
Trunk ports carry multiple VLANs.

InterVLAN Routing

InterVLAN routing allows communication between VLANs.

Methods:

Router-on-a-stick using trunked router interface/subinterfaces.
Layer 3 switch with switched virtual interfaces.

Troubleshooting:

Correct VLAN on access port?
Trunk allowed VLANs?
SVI up/up?
Default gateway points to correct SVI/router?
ACL blocking traffic?

Trunking

Trunk links carry multiple VLANs between switches or between switch and router.

Common trunk tag:

IEEE 802.1Q.

Trunk concerns:

Native VLAN mismatch.
Allowed VLAN list.
VLAN pruning.
Trunk negotiation settings.

Cisco Command Concepts

Network+ does not require deep vendor certification, but you should recognize basic ideas:

Configure terminal mode.
Interface configuration.
VLAN creation.
Assigning access VLAN.
Setting trunk mode.
Viewing running configuration.
Checking interface status.

Switch Port Protection

Port protection features include:

Disable unused ports.
Port security/MAC limiting.
802.1X authentication.
BPDU Guard.
Root Guard.
Storm control.
DHCP snooping.
Dynamic ARP inspection.

Exam idea:

If an unauthorized device is plugged into a port, think port security or 802.1X.
If rogue DHCP appears, think DHCP snooping.
If ARP spoofing appears, think dynamic ARP inspection.

Port Bonding

Port bonding/link aggregation combines multiple physical links into one logical link.

Benefits:

More aggregate bandwidth.
Redundancy.

Common standard:

LACP, IEEE 802.3ad.

Port Mirroring

Port mirroring copies traffic from one or more ports/VLANs to a monitoring port.

Uses:

Packet capture.
IDS sensor feed.
Troubleshooting.

Vendor term:

SPAN on Cisco switches.

Quality of Service

QoS prioritizes traffic.

Use cases:

Voice over IP.
Video conferencing.
Latency-sensitive applications.

QoS can classify, mark, queue, prioritize, shape, or police traffic.

IDS vs IPS

IDS:

Detects and alerts.
Usually passive.

IPS:

Detects and blocks/prevents.
Usually inline.

Placement matters:

IDS often receives mirrored traffic.
IPS must sit in the traffic path to block.

Proxy Servers

A proxy acts on behalf of clients.

Uses:

Web filtering.
Caching.
Logging.
Privacy or address hiding.
Policy enforcement.

Forward proxy serves clients. Reverse proxy protects or fronts servers.

Load Balancing

Load balancers distribute traffic across multiple servers.

Benefits:

Scalability.
Availability.
Maintenance flexibility.

Common concepts:

Virtual IP.
Backend pool.
Health checks.
Persistence/sticky sessions.
Layer 4 vs Layer 7 load balancing.

Final Exam Checklist

I can subnet /24 through /30 networks quickly.
I can explain ARP and when a host ARPs for the gateway.
I can recognize APIPA and loopback addresses.
I can compare static routes, RIP, OSPF, and BGP.
I can explain NAT, PAT, and port forwarding.
I can compare TCP and UDP.
I know common ports for DNS, DHCP, HTTP, HTTPS, SSH, Telnet, FTP, SMTP, POP3, IMAP, and NTP.
I can use ping, traceroute, netstat, nslookup/dig, arp, route, and Wireshark appropriately.
I can troubleshoot DNS records and caching.
I can explain symmetric encryption, asymmetric encryption, hashes, certificates, and trust chains.
I can explain AAA, Kerberos, EAP, SSO, and access control.
I can configure conceptually explain VLANs, trunks, and interVLAN routing.
I can match switch features to scenarios: port security, mirroring, bonding, QoS, IDS/IPS, proxy, and load balancer.