Although degrees and IT certifications can be great eye candy for a resume, experience is king. As you may have encountered, a lack of experience can be a major roadblock to getting interest from employers in your early years.
Though you might have the Network+ or CCNA cert, for instance, have you actually configured or played around with a network? Even if you already have held a network technician or administrator position, you might not have experience with all aspects of networking yet. Fortunately there are ways to get hands-on network administration experience, even at home -- and most don't cost anything.
In this story we discuss nine self-taught labs on various networking topics, where I explain the basics and how to get started. I begin with easier, newbie-level projects and progress to more complex ones requiring more thought and time. Some of the tasks take just a few minutes, while others are suitable for a weekend project. You may want to invest in some networking gear to teach yourself the basics, but there are ways around this.
Beginner
Project 1: Configure TCP/IP Settings
One of the most basic network admin tasks is configuring the TCP/IP settings. If a network isn't using the Dynamic Host Configuration Protocol (DHCP) that automatically hands out IP addresses after clients connect, you'll have to manually set static IP and DNS addresses for each client. You may also be required to temporarily set static IP information when doing the initial setup and configuration of routers or other network components.
To set static IP details you must know the IP address of the router and the IP address range in which you can configure the client. You can figure this out from the settings of a computer already successfully connected to the network.
You'll need the IP address as well as the Subnet Mask, the router's IP address (a.k.a. the Default Gateway) and the Domain Name System (DNS) Server addresses.
- In Windows: Open the Network Connections via the Control Panel or Network and Sharing Center. Next, open the connection that is already on the network and click the Details button.
- In Mac OS X: In System Preferences, click the Network icon, then select the connection that is already on the network, such as AirPort (wireless) or Ethernet (wired). With a wired connection you'll likely see the info you need on the first screen; for a wireless connection, additionally click the Advanced button and look under the TCP/IP and DNS tabs.
Write the numbers down or copy and paste them into a text file, and then close the window.
To see the acceptable IP address range for the network, you can input the IP address and Subnet Mask into a subnet calculator. For example, inputting the IP of 192.168.1.1 and Subnet Mask of 255.255.255.0 shows the range of 192.168.1.1 to 192.168.1.254.
Even though you now know the IP address range, remember that each device must have a unique IP. It's best to check which IP addresses are taken by logging into the router, but you could also take an educated guess or simply choose a random address within the range. If the address is already taken by another device, Windows or OS X will likely alert you of an IP conflict and you can choose another. Once the IP address is set, write it down or save it in a document; a best practice is to keep a log of all the static IPs along with the serial numbers of the computers that use them.
Now, to set a static IP address:
- In Windows: Open the Network Connection Status window, click the Properties button and open the Internet Protocol Version 4 (TCP/IPv4) settings. Choose "Use the following IP address" and enter the settings: an IP address that's in the acceptable range, plus the Subnet Mask, Default Gateway and DNS Server from the Network Connection Details window.
- In Mac OS X: Open the Network window and click the Advanced button. On the TCP/IP tab, click the drop-down next to Configure IPv4, choose Manually and enter an IP address that's in the acceptable range, plus the Subnet Mask and router address you copied earlier. Go to the DNS tab and enter the DNS Server address you copied before.
Click OK to apply the settings.
Project 2: Work with a Wi-Fi stumbler
As a network admin, you'll likely help set up, troubleshoot and maintain the wireless portion of the network. One of the most basic tools you should have is a Wi-Fi stumbler. These tools scan the airwaves and list the basic details about nearby wireless routers and access points (APs), including the service set identifier (SSID), also known as the network name; the MAC address of the router/AP; the channel; the signal level; and the security status.
You can use a Wi-Fi stumbler to check out the airwaves at home or at work. For instance, you can check which channels are being used by any neighboring wireless networks so you can set yours to a clear channel. You can also double-check to ensure all the routers or access points are secured using at least WPA or WPA2 security.
Vistumbler and NetSurveyor (for Windows), KisMAC (for OS X) and and Kismet (for both plus Linux) are a few free options that give both text-based readouts and visual charts of the channel usage and signals. Check out my previous review of these and others.
If you have an Android phone or tablet, consider installing a Wi-Fi stumbler app on it for a quick, less detailed look at the Wi-Fi signals. Wifi Analyzer and Meraki WiFi Stumbler are two free options. See my previous review of these and others.
Project 3: Play with a wireless router or AP
To get some experience with setting up and configuring wireless networks, play around with your wireless router at home. Or better yet, get your hands on a business-class AP: See if you can borrow one from your IT department, check eBay for used gear or consider buying new equipment from lower-cost vendors such as Ubiquiti Networks, where APs start at around $70.
To access a wireless router's configuration interface, enter its IP address into a web browser. As you'll remember from Project 1, the router's address is the same as the Default Gateway address that Windows lists in the Details window for your wireless network connection.
Accessing an AP's configuration interface varies. If there's a wireless controller, it's the one interface you'll need to configure all the APs; with controller-less systems you'd have to access each AP individually via its IP address.
Once you've accessed the configuration interface of your router or AP, take a look at all the settings and try to understand each one. Consider enabling wireless (or layer 2) isolation if supported and see how it blocks user-to-user traffic. Perhaps change the IP address of the router/AP in the LAN settings and/or for routers, disable DHCP and statically assign each computer/device an IP address. Also consider setting a static DNS address (like from OpenDNS) in the WAN settings. You might also look into the Quality of Service (QoS) settings to prioritize the traffic. When you're done experimenting, make sure it's set to the strongest security -- WPA2.
If you can't get your hands on a business-class AP, consider playing around with interface emulators or demos offered by some vendors, as Cisco does with its small business line.
Intermediate
Project 4: Install DD-WRT on a wireless router
For more experimentation with wireless networking, check out the open-source DD-WRT firmware for wireless routers. For compatible routers, DD-WRT provides many advanced features and customization seen only in business- or enterprise-class routers and APs.
For instance, it supports virtual LANs and multiple SSIDs so you can segment a network into multiple virtual networks. It offers a VPN client and server for remote access or even site-to-site connections. Plus it provides customizable firewall, startup and shutdown scripts and supports a few different hotspot solutions.
For more on DD-WRT and help on installing it on your router, see "Teach your router new tricks with DD-WRT."
Project 5: Analyze your network and Internet traffic
As a network admin or engineer you'll likely have to troubleshoot issues that require looking at the actual packets passing through the network. Though network protocol analyzers can cost up to thousands of dollars, Wireshark is a free open-source option that works on pretty much any OS. It's feature-rich, with support for live and offline analysis of hundreds of network protocols, decryption for many encryption types, powerful display filters, and the ability to read/write via many different capture file formats.
Once you get Wireshark installed, start capturing packets and see what you get. In other words, browse around the Web or navigate network shares to see the traffic fly. Keep in mind you can stop the live capturing to take a closer look. Although Wireshark can capture all the visible traffic passing through the network, you may see only the traffic to and from the client whose packets you're capturing packets if the "promiscuous" mode isn't supported by your OS and/or the network adapter. (For more information, see the Wireshark website.)
Note: Even though packet capturing is usually only a passive activity that doesn't probe or disturb the network, some consider monitoring other people's traffic a privacy or policy violation. So you don't get into trouble, you ought to perform packet capturing only on your personal network at home -- or request permission from management or the CTO before doing it on your work network. In fact, you should clear it with management before doing any monitoring or analysis of a company or school network.
There are other free network analyzers you might want to experiment with. For instance, the EffeTech HTTP Sniffer can reassemble captured HTTP packets and display a Web page, which can visually show you or others what's captured rather than looking at the raw data packets. Password Sniffer "listens" just for passwords on your network and lists them, which shows just how insecure clear-text passwords are. And for mobile analysis via a rooted Android phone or tablet, there are free network analyzers like Shark for Root.