A diploma and certifications are great to have, but hands-on experience can take you even further than your educational accomplishments. Playing around with the technology might help you retain information better, too. So don\u2019t just read how to do something, but actually do it.\nYou probably don\u2019t have a rack full of enterprise routers and switches to play around with, but there are some free and budget-friendly ways to get experience. You just need some time and eagerness to learn.\nHere are eight ideas to get you some of that hands-on experience with networking, starting with simpler projects and progressing to more complex ones. Some of the earlier tasks may just take just a few minutes, while others are more for a weekend project.\nBeginner Level\nProject 1: Configure third-party DNS\nOne of the basic components involving networks and the internet is the domain name system (DNS). Every time we type a website into a browser, DNS is queried for the IP address corresponding to that particular domain, so the browser can contact the web server to get the content.\nThe default DNS servers provided by an ISP typically offer only basic domain-name resolution. However, since DNS is a middleman between your browser and the website content, there are many third-party DNS services that offer additional functionality. This can include content filtering, ad blocking, malware or phishing site detection, botnet protection, and website traffic monitoring.\nHere are some third-party DNS services you can check out:\n\nOpenDNS provides enterprise solutions, but also free consumer-based services, including free adult content blocking and other filtering.\nComodo Secure DNS provides enterprise solutions with a month trial and also an always-free limited edition, both of which are designed for filtering and security.\nGoogle Public DNS is a simple service for faster DNS, but also should help with security.\nInternet Guide is also a simple service designed to give you faster DNS resolution and web surfing.\n\nGive one of these services a try, maybe just to learn and experiment with for a few days or use them long term. You can specify the default DNS server used by an entire network by changing the IP address of the DNS server in the router, or you can specify a DNS server individually on devices. The exact steps of setting up a router with a third-party DNS varies, but you usually look for the DNS address in the main WAN (internet) or LAN (network) settings.\nTo specify the DNS individually on a Windows computer involves steps similar to setting up a static IP address:\n\nNavigate to the Network Connections window via the Control Panel or Network and Sharing Center.\nDouble-click the desired connection and click the Properties button on the bottom.\nDouble-click Internet Protocol Version 4 (TCP\/IPv4) and select Use the following DNS server addresses.\nEnter the DNS server\u2019s two server IP addresses, and click OK.\n\nProject 2: Setup file sharing\nOne of the basic functions of a computer network is sharing files among users. Files can be hosted from a computer, network attached storage (NAS) device, or another server. All the main operating systems support at least simple file sharing, allowing them to be the host and also giving them the ability to access shared files.\nMost operating systems support a version of the Server Message Block (SMB) file-sharing protocol. One big difference to consider on the machine hosting the files is the authentication methods supported to regulate access to the shared files. For instance, on a Windows Server machine, file access can be based on user credentials already in its Active Directory. By contrast, a simple Windows home computer can only authenticate users using the Windows account and passwords setup on that computer.\nWhen you setup file sharing, you are sharing a folder or even sometimes a full drive on the network, and then anything inside that shared folder (or drive) is shared. Access is based on the authentication methods provided by the host. You can create multiple different shares for different reasons\/users (like one share for all employees and another share for supervisors) or you can modify the sharing access of sub-folders inside the main share to select users.\nIn addition to the share\u2019s access settings, file permissions can also regulate access. For instance, a network user might have full access to a share so they can see a listing of all the files, but the file permissions set on the files themselves might restrict them from opening or modifying the files. This is one place to start looking when troubleshooting issues in accessing shared files.\nIn Windows, it is easy to start sharing a folder on the network:\n\nRight-click a folder, select Properties, and then click on\u00a0Sharing.\nFor greater access controls, click the Advanced Sharing\nSelect the Share this folder checkbox and enter the Share Name.\nClick the Permissions button to specify which users should have access and the type of access, and click OK when done. Keep in mind, you can only specify access based upon the Windows accounts and passwords setup on that computer.\n\nThen go to another computer on the network and try to access the share via Network on the File Explorer.\nRemember, although you create a network share and specify the users who have access, you may have to separately edit the file permissions of the folders or files inside the share: right-click the desired folder or file in the share, select Properties, and then click on the Security tab.\nProject 3: Create a network diagram\nAlthough you might have a mental map of an entire network stored in your brain, having an up-to-date map or diagram can help others get an idea of the network layout and what components they\u2019re dealing with. It could also be useful for you to glance at when troubleshooting or when referencing component details.\nYou can create a diagram depicting the network topology. This can be a simple graphic showing the interconnection of the main network infrastructure components, like the modem, router, firewall, switches, servers, and wireless access points (APs).\nA network diagram should give an IT professional a quick visual picture of the network along with basic details, such as the component name, IP address, and MAC address. And if you\u2019d like to add more details, consider depicting static clients like IP printers\/copiers and hard-wired PCs.\nThere are many software programs to help build diagrams; the most popular being Microsoft Visio. But there are also free options, including Network Notepad, Dia, and Diagram Designer.\nBefore you start manually building your network diagram, check out what topology views or maps your router might give you. Some routers will detect components and give you automated maps. These can help you start your own diagram. Creating your own illustration lets you double-check accuracy, add components your router can\u2019t detect, and add the details you want. Plus, you\u2019ll learn along the way.\nIntermediate Level\nProject 4: Put together full network documentation\nA network diagram is a good start, but there is much more you should put down on paper to have complete network documentation. You want as many details as you can get on all the network components, including the login credentials and configuration details. This can be handy for you and especially others that might be trying to get acquainted with the network. If you\u2019re an IT contractor that provides support to multiple organizations and networks, you certainly know just how much proper documentation can save time and frustration.\nHere's a list of content to get you started:\n\nISP details, including speeds, the modem models and serial numbers, and any static IP configuration.\nMain network components details, such as the model numbers, MAC addresses, static IP addresses, and login credentials.\nSpecify designated IP ranges and also detail any VLAN and QoS IDs along with their designated use, like VoIP traffic or guest access.\nFor the Wi-Fi network, be sure to note the access point (APs) details. If you have more than a few APs, you should have floor plan images with AP locations marked.\n\nWhen you\u2019re connecting to these components to check the details it would be a great time to save a backup of the configuration if you haven\u2019t already, and then specify the location of the backup file in the documentation.\nProject 5: Play with network monitoring tools\nThere are many IT monitoring solutions, and many different acronyms you might find when searching: remote monitoring and management (RMM) tools are designed usually for managed service providers (MSPs) that look after multiple networks, and mobile device management (MDM) tools are for keeping tabs on tablets, phones, and laptops.\nSome monitoring tools are built just to be a simple up\/down monitor, while some keep an eye on many other performance and security aspects. Some are designed to monitor network infrastructure components and servers, some are designed for PC workstations, and some are for web apps. Plus, you\u2019ll have some tools that can monitor all these types of devices and services.\nTake a look at a couple of monitoring tools and pick one or two to play with. Setup some monitoring at work, home, or even family devices. Try to understand how it\u2019s monitoring and what it\u2019s actually testing or measuring. Maybe it will help alert you of real problems that arise, but at least you\u2019ll learn along the way.\nHere are a few tools to consider:\n\nSpiceWorks is well-known for its free help desk and network inventory service, but they also have a free monitoring feature. It\u2019s a cloud-based service with a web GUI that lets you monitor websites and web apps via HTTP or ICMP.\nITarian also offers a free ticketing and remote-control platform, but only provides a 30-day trial of their RMM, MDM & Endpoint Security modules.\nManageEngine offers many free and inexpensive tools, including OpManager for keeping tabs on network infrastructure components and servers, Desktop Central for workstations, and also a simple free Windows Server monitoring tool.\n\nProject 6: Run network vulnerability scans\nVulnerability scanners can help automate security auditing and can play a crucial part in IT security. They can scan networks and websites for up to thousands of different security risks, producing a prioritized list of those that need patches, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.\nSome of these tools can cost a fortune, but there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned, but there are also those that offer broad IT security scanning. Whatever the case, it can be a great learning experience to setup and to educate yourself on any vulnerabilities found. You might even be able to get more hands-on experience fixing the issues.\nHere are two scanner platforms you can try:\n\nThe ManageEngine Vulnerability Manager provides a Free Edition that\u2019s fully functional for scanning up to 25 Windows or macOS computers. This one is designed mostly for computer scanning and monitoring, although there is some scanning offered for web servers.\nThe Nessus Essentials (formerly Nessus Home) allows you to scan up to 16 IP addresses at a time. They offer a 7-day free trial of their Profession edition, which offers unlimited IP scanning and also adds compliance checks or content audits, live results, and the ability to use the Nessus virtual appliance.\n\nAdvanced Level\nProject 7: Setup a VPN server\nIf you haven\u2019t yet played with a virtual private network (VPN) server, give it a try. Since so many things have been pushed to the cloud, even some network management tools, VPNs aren\u2019t as crucial as in the past. However, it\u2019s still something you should get hands-on experience with.\nVPN connections can serve as an encrypted link into a network for securely accessing an office\u2019s file shares when away from the office, for example. Or VPN connections can link networks from multiple locations. Even if you don\u2019t need remote access to a network, a VPN connection can be used just so your Internet traffic is encrypted and hidden when on untrusted networks, like Wi-Fi hotspots.\nMost operating systems include VPN server and client functionality, but for more control and features, such as certificate-based authentication, use third-party VPN server software instead. There are a couple of good open source options, such as OpenVPN.\nRegardless of what VPN server software you use, you need to make sure the PC\u2019s firewall is configured to allow incoming and outgoing VPN access. Plus, you\u2019ll probably have to setup your router with a port forward so it knows what PC has the VPN server running when you go to VPN into the network via the internet.\nYou can also see what VPN functionality your router, NAS, and other network appliances offer. They might allow both remote VPN users and the ability to be a VPN client so you can link different locations. Utilizing the VPN server of a network appliance means you wouldn\u2019t have to leave a PC powered on just to serve VPN user connections. If you don\u2019t have a router or other appliance to play with, maybe load a third-party firmware (like DD-WRT) onto a home router.\nWhatever VPN method you utilize, consider IP-address conflicts if you are serving VPN connections to users on remote networks. For the network with the VPN server, consider using an uncommon IP subnet such as 192.168.50.1 so if they are at home with a typical IP subnet of 192.168.1.1 or 192.168.0.1 it won\u2019t conflict with the VPN\u2019s subnet.\nYour IP address is another consideration, whether utilizing software or a network appliance for the VPN server. VPN clients connect to the server with your public internet IP address. If you don\u2019t have a static IP, then your IP might change, and that will complicate the connection process. In that case, you can sign up for a free service, such as from No-IP, that will give you a domain or hostname that will always point to your current IP.\nProject 8: Create Wi-Fi heatmaps\nWi-Fi can be tricky. Ethernet makes for a much more stable and reliable network, but wireless access has become a must-have. A Wi-Fi stumbler or analyzer app is a great tool when setting up or troubleshooting Wi-Fi. They can scan the airwaves and list the basic details about nearby wireless routers and access points (APs), including: the service set identifier (SSID), also known as the network name; the MAC address of the router\/AP; the wireless channel; the signal (and sometimes noise) level; and the security status.\nSome Wi-Fi apps also give you a visualization of the 2.4GHz\u00a0 and 5GHz bands and even location-detection tools. These tools are great for spot checking coverage and interference issues. However, sometimes you need more than a simple Wi-Fi app to get a good idea of the Wi-Fi coverage or performance, especially for surveying larger networks. In these cases, there are applications that can help you generate a complete visual heatmap of the coverage and performance.\nSince Wi-Fi heatmapping is much more sophisticated than a stumbler, there aren\u2019t as many free or low-cost options. However, Acrylic Wi-Fi Heatmaps offers a 15-day free trial and NetSpot sells for as low as $49. \u00a0\nWhatever Wi-Fi heatmapping software you utilize, you should be able to add and calibrate a floor plan or map. Then you can start the Wi-Fi capturing and click your location on the map (or utilize GPS for outdoor survey) as you move, so the software knows where the data is being captured. Since it\u2019s not possible to walk or drive every square foot, the software uses simulation to estimate the signal and noise in areas where an actual measurement wasn\u2019t taken, filling in the gaps to give you a complete heatmap view.\nAll Wi-Fi survey tools should generate signal heatmaps of the APs, but the other types of data that the heatmap shows depends upon the software, Wi-Fi adapter, and survey mode you use during the capturing. Some will also let you visualize the noise as well as the signal-to-noise ratio (SNR). Some analyze the signals and generate an interference visualization. Plus, some will give you throughput or data rate numbers.\nOnce you generate the Wi-Fi heatmap, take a look at what data is provided. Try to understand all the data and visualizations. Maybe you\u2019ll find lacking coverage or some other issue that you can try to solve and then perform another survey to check the differences.\nEric Geier\u00a0is a freelance tech writer. He\u2019s also the founder of\u00a0NoWiresSecurity\u00a0providing a cloud-based Wi-Fi security service, Wi-Fi Surveyors\u00a0providing RF site surveying, and On Spot Techs providing general IT services.