Tuesday, 3 March 2020

Things You Need To Know About IPv6

This article covers things you need to know about IPv6 from its introduction to how it's addressing is done. How link-local are made from MAC and its tunneling is done on how to shift to IPv6.

Introduction to IPv6

We all know the world of IP addresses has fundamentally changed. Here are an IPv4 address 184.124.18.22 four values separated by three dots. This IP address has served us great for many decades. Now the problem with IPv4 is this address space has a limit of 4 billion addresses.

So we can go from 0000.0000.0000.0000 to 255.255.255.255 but we know a lot of them are reserves for certain purposes because of that number of available IP address reduces. Now the problem with IPv4 is we can run out of IP addresses because of this reason IPv6 was made.


Now, IPv6 is now pretty much adopted to almost everybody. In IPv4 DHCP do this job for us which automatically setup IPv4 address for us and we don't have to take care of it. That's what is happening with IPv6 and the internet has already moved to IPv6. Because of DNS we just type www.google.com and it is automatically going to IPv6 address.

IPv6 goes up to 128 bits which is a huge amount. eg a0f0:0001:0000:0001:0000:0001:0000:1234 you must have noticed you have hexadecimal values in it a-f and these letters represents 4 ones or zeros. We have got them separated into 8 groups with 7 colons. There are so many IPv6 addresses that we can give every air molecule and IP address six times.

IPv6 doesn't give us only more IP addresses it also gives us aggregation because of which speed increases as you will not have to remember all those routes. Another thing IPv6 has is self-configuration with IPv6 NAT is of no use ARP is dead and even DHCP is not used that's all replaced with NDP ( Neighbor Discovery Protocol ). 

In NDP all of the machines start to talk to each other and configure each other. 

IPv6 Addressing

Let's say we have this IPv6 address fe80:0001:0243:0000:0000:0000:2a3b:44ff So are you have noticed this is divided into 8 total groups of 4 hexadecimal values separated by 7 colons. Now, this address is too long to enter so there are some shortcuts for writing IPv6 addresses.

The first shortcut we can apply is fe80:1:243:0:0:0:2a3b:4ff we just replaced four zeros with one and if there are one or more zeros at starting of a group we removed that.

Here is another IPv6 address fe80:0000:0000:1234:0000:0000:0000:1234 first thing we do is replace all zeros with one so it would become fe80:0:0:1234:0:0:0:1234 Now one more thing we can do is replace zeros group with the colons :: so our update address will become fe80::1234:0:0:0:1234

Note this you can only do this at one place on the address you can not do this fe80::1234:0::1234 this is wrong. You can also replace the other part with colons eg fe80:0:0:1234::1234

Now from where these IPv6 addresses come from one thing to remember you cannot have one IPv6 address, you will have a minimum of two IPv6 addresses. One address is called the link-local address which is automatically generated by IPv6 capable host the moment the device starts up. 

The other address is called your internet address. This is given to you by your gateway router in parts.


Now the first one is the IPv6 address you can ignore the Temporary Address for now and below you can see your link-local address. This will start from fe80:0000:0000:0000 and the next part is made through your MAC address. %14 at the end is by Microsoft which you can ignore right now.


We know the first part of link-local is fe80:: which always remains the same and the next part is converted from your MAC address using standard EUI-64. What is do is split the MAC address in half and add ff-fe in the middle.


Next things we do have at the starting we have 2a we take the starting two numbers which are the first 8 bits of our IP and flip the 7th bit. So 1 is converted to 0 and a will become 9.


 Now we will make it simply link-local by removing the - and joining with colons.


The important thing is if a computer can make a link-local address automatically they can also talk to each other automatically. That's where NDP comes into play.

Now we have 128 bit IP addresses but it doesn't mean we don't have subnet mask or gateway address. We have all that but longer. The smallest subnet mask you can have wack/64  everything is CIDR now.

IPv6 in Action

With IPv6 you are going to have 2^64 IP addresses. Now almost all OS support Dual Stack which means you are running both at the same time IPv4 and IPv6.

One thing you should know there are no private addresses in IPv6 are addresses are public addresses. If you will check you IPv6 you will find that the last 4 digits are not the same as your MAC and there is a reason for that. Because of Public IPv6 address, anyone can ping you IP if he knows you MAC.

So the avoid that you should have a firewall correctly configured and there is a randomizer in every computer that generates IPv6 which randomly sets the last part of your IPv6.

Let's say we have 4 computers connected to Router and all of PC's have generated their link-local eg A, B, C, D Now they can do neighbor advertisement. It will be sent to the router and the router will Multicast it. This process uses ICMP v6.

So in this multicast PC 4 is saying here is my link-local address is there anyone out there. Now all of the other devices will begin sending neighbor advertisements which say this is my MAC address and a link-local address. Now all the other PC resolves IPv-6 address to MAC address to send ethernet frames.

Now if PC''s want to get to internet address they need to send out an RS ( Router Solicitation ). This RS does a lot of work and reply back with RA ( Router Advertisement ).  This RA provides everything To PC which it needs to talk to the internet through stateless autoconfiguration (There is no DHCP). 

So Now These systems will get their IPv6 address, Default gateway, and DNS information.

One more thing you must have noticed there are a lot of IPv6 addresses when we did ipconfig written as temporary addresses. Will those were because of security reasons and its a thing in windows that randomly changes the IPv6 address after some time because of security purposes.

Now to determine our network ID ISP also does router advertisements through DHCP v6 and generates router prefixes that tell network ID. The good thing about IPv6 is you don't have to do anything for making it work all of those things are automatically done by the routers. The only thing we have to do manually is when you have to use a local DNS instead of ISP DNS.

IPv4 and IPv6 Tunneling

Now we know that IPv6 is already here but the problem is ISP does not provide IPv6 to their customers so we can't to native IPv6 but we can do its tunneling. What we can do is an ethernet packet we can encapsulate the IPv6 data in IPv4.

Now when it will read it's the destination it will strip the IPv4 part and left with IPv6 only. For this purpose, we can use two tools that windows provide Teredo which is free and a bit slow and the second one is 6TO4 which is fast.

We can also use third party clients eg GoGo6 which is completely free. Just install it and run the client and you will shift from IPv4 to IPv6.

Sunday, 1 March 2020

Advanced Networking Devices (VPN, Proxy Servers and more)

This article covers what is VPN and VLAN. Type of switches how can we perform switch port protection differences between IDS, IPS and firewall type of proxy servers and how can we do load balancing.

VPN ( Virtual Private Network )

When you are within a network you can talk to all deceive connected in that network. What if you are far far away from your home or office and still want to talk to that network with an IP address who is part of that network. That's where a VPN comes into play.

What we are going to do is let's say our laptop is somewhere out there in an airport. So we are going to make that laptop part of that LAN. One challenge we have is our network has a private IP address that we can not use over the internet.



But we have a public IP address provided by the airport. So we need to find a way that will help us have two IP addresses Public to read the router of our private network and Private to talk to the computer inside the network.

So in our packet, we will have two IP address sources and destination of public IP and source and destination of the private network. Now when our request will reach the router of private network it will strip the public IPs and send the private IPs to the network.

When a request comes back we need to have something smart enough to put all the information back on to that packet. That's what VPN does it create a tunnel between the client and some endpoint which is usually a router. We can easily create a client VPN connection on all of the OS we have out there.

On the other end, you have to set a router that has a VPN concentrator or any device made for this purpose only and do all the settings. This will act as other VPN endpoints. We can also set VPN concentrators on two networks and join doesn't matter how much far away they are. This is called site to site VPN.

VLANs

A Vlan splits one broadcast domain into two or more broadcast domains. It's like creating a switch inside a switch. eg we have a switch which contains 24 ports what we can do using VLAN is divide the 24 ports we can set 10 ports as one switch and other 14 as another switch. Now we have two switch one has 14 ports and the other has 10 ports.

To do this setting we assign an IP to switch normally switches have nothing to do with IP but we assign IP to switch so that we can use that IP to open up configuration settings link we do in routers.

Remember managed switches can supports Vlans Unmanaged switches don't support VLANs. There is another option in switches called Trunking which automatically sets the switch to talk to the ports which are set as trunking. For example, we have two switches connected A and B and we set 4.5.6.7 as separate and if we will separate any other port eg 9,10,11 of switch B. it will be automatically set for talking to B.

Now if you want there two sperate networks to talk to each other in old ways we use a router to interconnect two separate VLANs.The problem is if you increase no. of VLANs you have to add more and more routers. So we add InterVlan routing What we do is in configuration to allow inter-VLAN routing by turning the option on.

Interfacing with Managed Switches

The router uses the IP address to filer traffic and switch use MAC addresses which is the main difference. For configuring both we need to know the IP address from where we can access them. But one thing which is common in both is console ports which can be used to configure routers and switches. 

You just plug a rollover cable in one site and connect with the laptop but a downside is these cables are very slow. So it's alternative is to connect the laptop with router/switch and connect using Telnet.

Switch Port Protection

There are two ports one that is available in a switch where you plug the wire and the second one is the one you use with IP address. Here we are going to talk about Switch ports on how to protect them and what problem you can get into while using a switch.

Switch ports do not use IP or work on layer 3. Now let's talk about switch port protection. When you are connecting switches together make sure you avoid the bridging look. Look at the image below to see how a bridging loop looks like.


Now if someone has accidentally done this there is an (STP) Spanning Tree Protocol which is used to automatically detect this happening and turn off on of the port so that this loop breaks.

Now when you connect three switches one of there is going to become the root bridge or you can say root switch where both other switches are connected. Now some evil person can plugin a switch below and claim to be root switch. This can compromise the network because his switch will be considered to be the root switch.

Now it's solution is root guard what it does memorize the MAC of root switch and if someone comes and claims to be the root switch his connection is turned off automatically.

One more problem is most of the ports on the switch are designed to connect computers few ports connect to switches. someone can put the switch in other ports that only support computers. So to avoid this BPDU ( Bridge Protocol Data Unit ) is made which automatically turns off that port if someone connects switch in place of the computer to that port.

DHCP snooping is another issue which is we should have only one DHCP server in one broadcast domain. However, is easy to plugin another DHCP server in other port. In this process where we configure the switches to say that you are directly connected to the DHCP server.

So if someone will try to do this system will automatically detect that there is a rogue DHCP server and start to turn off DHCP ports.

Port Bonding

port bonding is joining two different ports of two switches which are linked together so that they can act as one fast port. For doing this you have to go into the configuration and do some settings. What we do is take the ports and make them into one group and assign those individual ports to those groups.

Remember port bonding links switch ports to increase bandwidth. Always use LACP for the trunking protocol in your switch and set ports to active.

Port Mirroring

You can set different ports to send a copy of traffic coming on that port to a system so that you can monitor that. This option is available on Managed switches. You can enable these options from the configurations menu in switches. The process of sniffing the traffic is called port mirroring. This process gives us the ability to remotely monitor that data that is going in and out from a particular source.

Quality of Service

There is a term call traffic shaping which means controlling the traffic so that we can use it in the best possible way. eg you limit download speed on a certain computer or even selecting a service eg messenger etc. Quality of Service (QoS) me a mechanism by which we perform traffic shaping.

You can do all the settings in your router admin panel. eg giving Call of Duty more priority on all other games etc. QoS basically helps you manage available bandwidth.

IDS vs. IPS

Normally in a network, you have a router which is the main source from where outside traffic is coming into that network and that router has a firewall into it so avoid malicious data to come in. Sometimes that firewall is separate form router and that device is only working as a firewall behind that router.

In that case, we need an IDS ( intrusion detection system ) to tell the firewall that something bad is happening in the network. IDS can be a device or a computer with IDS software in your network.

IPS does the same thing as IDS but it does something to stop it instead of telling someone. We can have routers or firewalls which have IPS build into them or a separate device.

In short a firewall filers, IDS notifies , IPS acts to stop.

Proxy Servers

There are two types of proxy servers forward proxy server and reverse proxy server. Now, forward proxy servers are old. In the Forward proxy server, the clients know about the proxy and send the request to the proxy server and that server acts on the request.

It's a dedicated box or software running on a server. It provides caching. It helps content filtering and it acts as a firewall. These are mostly used in schools, universities for blocking the websites, etc.

One thing you need to know that proxy is application-specific eg web proxy, FTP proxy or VoIP proxy every application has a proxy server for it. In the case of the web proxy, every system has to go through a configuration on their system to use the internet. You have to add that manually.

It's alternative is a transparent proxy where you don't have to do any settings. But that has to be in the line between you and the internet so that anyone using it has to do through it.

another type of Forward, proxy we ran into have proxy away from us we first to the internet and then go to the proxy server which will do all work for us. So we create a VPN connection that is encrypted to the proxy from our computer.

One more secure way to use a proxy is using tor proxy. In tor what happens is tor connect us to a node where hundred of PC are connected and randomly select a patch to access our target which makes it more untrackable.

Reverse Proxy Server is inverse of forwarding, proxy server. We have web servers where the proxy server represents the webserver not the client. In simple words, servers have set proxy to hide.
It helps protect from attacks like DOS. They have high security. It also helps to do load balancing or do cache. It can also handle encryption acceleration. They take a lot of work off of web servers.

Load Balancing

If a lot of people are visiting your server and you want to provide the same to in an easy way to everyone you have to do load balancing. So what we do is add more servers and all of them are a copy of each other.

One way to manage the load is by using a DNS server and add a turn for each server using the round robbin technique.  Or we can do deligations for the load balancing which mostly helps if server are far away from each other.

For servers that are one the same place, we can do server-side load balancing by using a smart device called load balancer which can talk to all the servers individually. Nowadays all of this is virtualized. 

Thursday, 27 February 2020

Things You Need To Know For Securing TCPIP

This article covers Symmetric and Asymmetric Encryption, Hashes, radius, and Single Sign-On. You We also learned about certificate and trust and in the end, IP tunneling was covered.

Let's start discussing how to make TCP IP secure. One thing that must be kept in mind while doing security that is CIA ( Confidentiality Integrity Availability ). Now the first part Confidentiality means I want to keep things confidential. So the best way to do that is the concept of Encryption. we need to make sure that data flying over the internet should be encrypted so that nobody can see it.

Integrity is making sure does it really came from the source that it is claiming to be. In simple work, if someone is handing me something I have to make sure its the same person who it should be. This part includes certificates, hashed and a lot of stuff like that.

Last part availability is the balance eg you are locking a door you have to make sure not to lock it so hard that it would become a lot difficult for you to unlock and you avoid doing that. availability is if the thing we need is ready to go when we need that thing.

Two more important things are authorization and authentication. Authentication is giving someone writes to access something eg username and password. Authorization is what you can do eg access certain files etc.

Encryptions

We need encryption all over the places from encrypting hard drives, emails. video and a lot of other stuff. So let's understand what encryption is and start with a very basic example we had a word network and we are going to encrypt this text using a very old technique called caesar cipher.


So what we will do is increment each letter of the alphabet by 3 eg A will become D and B will become E and C will become F and so on. Now if we apply it to our text it will become qhwzrun.

Symmetric Encryption

But now the problem is its very week encryption and anyone can easily crack this. But because of a computer, we can make very complex Algorithms that are difficult to break. One thing that all these algorithms have in common is key.

So let's say we have our own key=395 and we will repeat it until all letters are completed so for the word network it will be 3953953 and we will use the value of the key for giving the increment.

So in order to decrypt the other person must have to know the key. So remember in this process you have a clear text a key and an algorithm you will apply the algorithm using that key and you will have the encrypted text called ciphertext and you can decrypt it using the same key.

Asymmetric Encryption

Now the problem in symmetric encryption key is needed to decrypt and if you are using it you have to pass the key online which is not safe. Now the big difference between asymmetric encryption and symmetric encryption if we have two keys in asymmetric encryption.

A public key and a private key. You put the public key and put it into an algorithm and it can only encrypt the data. But if you put the private key in algorithms it can only do is decrypt.

For example, I want someone to send me some data and I want to reply back with something. Now what we will do is exchange the keys I will send my public key to him and he will send his public key to me.

I will send him data encrypted using his public key and he has his private key saved on his hard drive. He will send me data using my public key and I have my own private key save in my hard drive.

Cryptographic Hashes

A lot of times when we send data to someone we have to make sure that data is correct and it's not changed. that's where hashes come in to play. We happen is we have data it can be text, video or anything we pass it through a hash algorithm and in return get a string of let's say 128-bit characters. Now any time you will pass this data from that algorithm you will get the same result.


If you change even a bit or letter from the data hash will totally change. So this is a good way to verify if data is changed or not. The biggest example is when you download the software they give you a hash while downloading so after download you can run the same hash algorithm against that file and if you get the same hash you will know it's downloaded correctly else there is a problem while downloading.

Identification: It is the process of finding out if that person is claiming to be someone is the same person or not it's an example would be username password, captcha, security question, pin code, etc.

Authentication: What it takes for you to get into a network, system or computer. eg username passwords, certificates, RSA tokens scanners, etc

Authorization: Now once you are in what you can do in there is what authorization is.

Access Control List: It is a very generic term when it comes to identification and authorization. It has a set of rules which define what you could and could not do etc. It includes MAC (Mandatory access control), DAC (Discretionary access control) and RBAC (Role-based access control) We can create groups that give that group permissions of something and add people in that group.

Radius [ AAA (Authentication Authorization and Accounting) ]

To understand how radius work lets say we have three points A B and C each represent three different devices. Let's can C is radius server which is nothing but has a radius software in it eg Microsoft IAS, Open radius. B is a radius client his job is to handle authentication requests coming from Radius supplicants which is A.Now A makes requests and B is the middle man who makes the request to the server running a C.

A is a mobile phone which sends radius request to the radius client B which then forwards it to radius server C. Radius is gonna be using certificates, username password something that is coming from A. Now all of that information doesn't have to be on radius server C that can b on a database server called D and C can access data from D.

One thing you need to know about radius is it runs on UDP port 1812-1813 or 1645-1646. Radius provides us Authentication Authorization and Accounting (keep track of who does what).

CISCO has its own alternate called TACACS+ which work's the same juts term and different and it runs on TCP port 49. It has a TACACS+ user which is A, TACACS+ client which is B and TACACS+ server which is C.

KerberosEAP

Kerberos is designed to do authentication for the local area network. Let's say we have a client and a server. Now when you set up a window server as a domain controller it becomes a Key Distribution Center (KDC). KDC has two important things AS ( authentication service ) and TGS ( Ticket Granting Service ).

When the client login it sends a hash value of username and password towards the server AS ( authentication server ) verify it and send back a TGT (Ticket-Granting-Ticket) token which says its authenticated. Client timestamps the TGT and send it back to the server.

The server again timestamps the TGT which is then change into the token and sent to the client. Now, this token is valid for 8 hours normally and if any other computer over the network wants to access any resource they use this token to access that.

For using Kerberos you have to buy a copy of the windows server. Because of timestamps, you have very less amount of time to do this as it's trying to prevent man in the middle attack. You have to send all of your computers set at the same time. You can use NTP ( Network Time Protocol ) to do this job.

EAP ( Extensible Authentication Protocol )

EAP enables flexible authentications. It allows transitional base authentication mechanisms to be able to talk to each other saying I can do this type of authentication what can you do. In easy words, you can say it's an envelope telling what you can do.

Another version of it is PEAP ( Protected Extensible Authentication Protocol ) which users username and password. Another one is EAP-MD5 which uses hash. We can also use EAP-TLS which is a single certificate that comes from the server-side of the system.

Single Sign-On

Let's say on a local area network we have few computers sharing stuff eg printer, data, etc. Now to access any computer I have to know its username and password for accessing which is very bad. Now one thing that I can do to solve this issue is to use the same password for all of them but this is a bad idea.


So it's alternative is single sign-on Its idea is I login to something and I am automatically logged in to all the required devices. For applying this process in LAN you have to use windows active directory. We establish a domain and we then join all the computers to this domain one by one manually. Once it's done now we don't have to log in to any of those and everything is done automatically for us.

So now every computer on the domain trust us and will not ask for username and password.

SAML ( Security Assertion Markup Language )

SAML is used when you want to access something online instead of LAN.SAML is designed for web applications it allows us as a single person at a single place to log in to the whole bunch of devices. What we do is log in through an identity provider and that will give us a token to access all service providers eg cameras, PC, etc.

For the local area, network use windows active directory for single sign-on. SAML is used to manage multiple apps using a single account.

Certificates and Trust

Normally in asymmetric encryption, we have a public key and private key.when you open a website your public key is automatically sent but the problem is you as a client do you really know is the key is from the requested website. Now there are two problems one where this key comes from and the second one is that is it the person that you think it is.



Previously we said you encrypt with the public key and then you decrypt with the private key. But in reality, there is no difference in both of them well both have different binary values but you can encrypt with the public key and decrypt with a private key or you can also encrypt with a private key and decrypt with public key both will work the same this is what I mean by both are the same.

Both can be used for both purposes is but we never do that. Now let's say I am opening a webpage what I will do is send your public key but with my public key, I will send you hash of that webpage found through my private key. Now what you can do is with your public key get the hash of that webpage and make sure both hashes are the same. we call this digital signature. It's just a hash that's all that it is.

But still, there is a problem we still don't know who sends us this certificate well it says that I have sent it but I am not still sure so what we do is we both agree on a third party and that third party website will also send a digital signature. 

So now when we join public key my signature and third party digital signature we call this a certificate. A digital certificate is just a document that is filled with information on the public key and both digital signatures. Now I can put this certificate on the website and pass it to anyone.

Now, Who Do You Trust? Well, there are three ways to trust.

Unsigned Certificate: Generate a certificate on your own forget the third party and just make your own. This work when you are working in a private network eg employes working for a company.

Web of Trust: It works as a web eg I get two people to sign my certificate and others will sigh for them and this process will go on. Actually, the web of trust uses a web of mutually trusting peers.

PKI (Public Key Infrastructure): This is the right way and how the internet is working nowadays what you do is start from the root server from above then there are intermediate servers in the middle to do the load balancing and then users at the end.

At the top, we have a certificate authority that just issues certificates eg Verisign, Thawte, etc. Now in middle, we have intermediate certificate authority which is only there to help manage the load.

Some of the errors you can get related to certificates is a self-signed certificate can throw you a 443 error as the certificate is not issued by the authorities. what you can do is open the site if you think it is secure.

An expired certificate can also be viewed then fixed either by getting a new certificate from its the issuer or accepting the certificate at its current state.

Understanding IP Tunneling

Normally if you want to access your computer from home it is trough using software like VNC and it will help you access from home PC. You have installed a Server on your PC you want to access and the client on the other one. One problem with this method is it is not encrypted.

In tunneling, we simply run the program through a secure program eg SSH. eg we type something on the keyboard it will first go to the ssh server and after that, it will go to the VNC server.

Tuesday, 25 February 2020

DNS and Network Naming How it Works

In this article, you will find what is DNS and how it works. You will also learn about host files. how to use the net, command Windows Naming Resolution, Dynamic DNS and some troubleshooting of DNS.

Smartphones have made our life a lot easier. If I want to talk to anyone I just simply dial their number and call them. Nowadays you don't even have to dial a number just open up the name of the person from the contact list and dial your phone will automatically call that person to whom you want to talk. The contact list is so important nowadays that if you lost that you will not able to contact anyone.

We have the same case in the computer world. Let's say we have to computers one is a web server and the other one is a web browser who wants to talk to the webserver. The only thing associated with the webserver is an IP address. One thing that can happen is a simple type IP address in the URL and the webserver will respond.

But you know it's difficult to remember IP address every time. So we come up with a contact list system. So this contact list is called DNS ( Domain Name System ). So the purpose of DNS is to resolve the IP address based on the fully qualified domain name (FQDN). 

In simple words it's purpose is to find the IP address of a domain name eg www.google.com. One more thing you need to understand is TLD and hostname. In www.google.com the last part .com is TLD its other examples would be .org, .gov .net, etc and the starting part www is the hostname. It can be anything but we use www because people are used to typing www.

For FTP it would be ftp.google.com because people will expect FTP for FTP servers. For the Mail server, it would be Mail.google.com.

Now google in the middle is called secondary domain name now it can by more than google eg images.google.com Now in this images.google is our secondary domain name.

Now the question is how the IP is given to the client well it includes a process. And all of it is base on DNS servers which reply back with the required information.


First the client as his own local DNS server to give an IP of a domain if that local DNS server has that it will reply back with that IP else it will ask ISP to find it. Now ISP has its own DNS cache server where they have cached all IP based on usage.

Now if still there is no required IP request will go to Root DNS server and root DNS will see it's a .com domain it will say go to .com TLD DNS Server where we have all the information stored related to a certain TLD eg .com or .org or .net etc.

Now TLD will reply back here is the place you can get the IP now request will go to Auth Name Server and get the IP. Now we can talk to our required server and we will save that IP in our local DNS Server.

You can also use an interior DNS server for your own private network. Now if you are setting up a DNS server you have to add Records eg A record, CNAME, AAAA Records, etc. All of these have a certain meaning and tell DNS servers about some information eg A record tells the IP address. You can see the image below to know for what purpose they are used.


All of these records have their own purpose and have a certain meaning to the DNS server. If someone wants to send mail he will use the MX record for starting the process. But for avoiding the Mail Spoofing we need Reverse Lookup Zone which simply verifies the Domain Name by providing the IP address. It's inverse of a regular lookup zone.

There are a lot of records which can not be covered here you can simply check them all over the internet. For summing up, CNAME record creation makes an alias name or "known name" often created for user interfacing.

A reserve lookup zone will resolve an IP address to an FQDN and are used by mail servers.

TXT records,  DKM1 and SPF are used to identify email users and reduce spam.

HOST FILES

At the start, internet doesn't have DNS because there were a few thousand computers on the internet. So instead of DNS, there was a thing called host file. It was nothing but a bunch of names and lists of their IP address.DNS totally overtook host files but they still exist.

So every computer that runs TCP/IP has a host file either it's windows or Linux or Mac. The important thing is HOST file takes precedence over the DNS. You can find it on windows in C-->Windows-->System32-->Drivers-->etc you can test the precedence by going to the host file and type the IP address of your favorite website eg yahoo.com and after a space type google.com now reboot your system. Now anyone who will open google.com will be goto to yahoo.com.

NET COMMAND

net command is one of the oldest commands in the networking world and if you are a network person you must have to know about it.

If you type net in cmd you will find a guide telling what you can type with that.


If you want to see the systems within your workgroup simply type net view in cmd and you will be shown a list of those systems.


If you want to find out how many users have created on the system and what privileges they have you can simply run the net user command.


Let's say you are not a network and there are several systems sharing folders. If you want to find out which system is sharing what folders you can find this by command net view system-name.

one more thing you can do is share files and folders on your network with other computers with command net share Donte=C:\link_to_file it will share that file with name Donte with all other computers. That file will shart to show in your shared folder also.


Some other important commands include net accounts which show the setting of all accounts which you have set up eg password expiry date etc. net start will show all network-based services running on your system. You can turn them off by net stop "service name". 

Windows Naming Resolution

A windows system do a name resolution in a very specific order. If its a member of the domain it will go to its domain controller which is the DNS server and everything is done through DNS.

If you are not in a domain you are at your home you will use NetBIOS and you will be using post 137,138,139 to handle your name resolution. After vista, a new protocol came out called LLMNR ( Link-Local Multicast Name Resolution ) It runs on UDP port 53,55 and it is improved Name Resolution service than NETBIOS.

So Nows a day if you are not on a domain it depends on your windows how Name Resolution will be done. So if you are on windows 10 professional you use both NetBIOS and LLMNR.In windows home, NetBIOS is completely gone.

So because of all the options, there can be a lot of problems and there is a tool to finding the problem it's called nbtstat the bad things is it doesn't work with LLMNR.

nbtstat -n command will help you to find a list of PCs and tell what system can do which is connected. eg part of a group or can share files etc and nbtstat -c is used to see the cashed systems.
ntbstat job is to help you find there is a problem. You have to find and fix the problem yourself.

Dynamic DNS:

Let's say you want to access a Camera so you have to know the IP of that device. So the problem is you obtain that IP address via DHCP which changes from time to time. So to get around this we use dynamic DNS.

So there are online companies who give Dynamic DNS and they add a domain name to our IP.eg TZO.com they will give you a domain and you will add to your IP. and access your camera using that domain name. You will download their client to start working. It will know you IP address one thing you will have to do is port forwarding on a port that will go to that IP.

DNS Troubleshooting

First thing you should do while troubleshooting is typing the IP instead of the domain name. A lot of times when there is a DNS problem your domain doesn't work and you have to type the only IP for verifying this. To solve make sure your DNS is set to fetch automatically.

Sometimes your copies of the website are cached so try to run ipconfig/flushdns to clear the DNS resolver cache a lot of time this helps to solve the issue.

Always run nslookup or dig to check the status of a DNS server if its in good condition.

Saturday, 22 February 2020

Applications Based On TCP IP

If you look at an Ethernet frame you have lots of information in there. When you pass that information to a switch it will only need a certain part of that frame as it only deals with MAC addresses. If we are passing it to the router it will deal with IP addresses part.

So we have this term called PDU ( Protocol Data Units ). At the start, we have an ethernet frame so its a PDU when we are talking about this.
Now when we are talking about the IP portion we have an IP packet that has all the information related to IP addresses. This only gets the stuff to the computer.
After this, we have a TCP/UDP packet. TCP is the connection-based protocol while UDP is connectionless based protocol.
Now, if its TCP we will call it TCP segment and if it's UDP packet we will call it UDP datagram. Now computers a lot of times have to have a communication that is connection-oriented. For example, you are sending a document so every piece has to be right and it has to be completely transferred. So we have a lot of stuff that is connection-oriented and sometimes you don't care much when you send something so at that time we use UDP.

TCP & UDP


UCP is very simple you simply send the request to the server without any other thoughts. It will be received by the server and yes it can get lost on the way there is no verification that data has reached.

TCP is used is 98% of communication on the www. In TCP you have to go through a handshake process called TCP 3 way handshake. An SYN packet is sent to the server. The server will send back a response called SYN/ACK ( ok I am ready to go ). After that client sends an ACK to the server. Once this process is done you have a TCP connection established. 

ICMP & IGMP

Other than TCP and UDP we have ICMP ( Internet Control Message Protocol ) & IGMP ( Internet Group Management Protocol ). Sometimes we don't want to send a lot of data to the network just want to verify something that's where we use these.

ICMP packet consists of just a checksum and message it has nothing to do with ports that is why it is put into the IP layer. So we are sending a small amount of data eg are you there and the reply comes back yes biggest example would be ping, ARP. 

IGMP packet consists of checksum, message, group address, and source address. It works using Multicast. For example, 3 people want to watch a movie stream now in multicast they will not get a connection for every person instead they will download the client to see the movie and that client will give the 2nd IP starting from 224 ( reserves for multicast ). Only one video stream will come to their network and all machines will be passed that are having that multicast address.

The group address is here is the group address that we all are going to be using and the source address is simply IP address of video server from where the video is coming from.

Some Handy Tools

Traceroute: it is a command that allows you to check all the hops from your router to the destination.for windows its tracert.Now we can not do anything about someone's routers but we use traceroute to make sure that our routers are ok.


Pathping: traceroute is good but it doesn't work on some routers so we can use an alternative called pathping. This command uses a variant of the ping command to make this route.

Bandwidth speed tester: This is a very handy tool it helps you find if you are getting the same speed for what you are paying to your ISP. eg Xfinity speed test.

WireShark

There are a lot of tools that define whether you are a network person or not. One of them is Wireshark. It is a protocol analyzer and it is completely free. So what we do is select a network card and capture frames and save to capture file after that we use Wireshark to analyze that file.


This tool is a must to learn so make sure you go to youtube and see a whole playlist about how to use it. Learn how to capture packets and analyze them. How to use follow TCP stream etc. There is no other tool good than Wireshark it can work with wireless, Bluetooth VOIP, etc. You can also use alternative capturing tools like tcpdump to create a capture file and analyze it using Wireshark.

Introduction To Netstat

Now let's say my computer is on a network and I have lot of connections going on and I wanna know who's my computer is connecting to at any given moment. Now, what netstat does it list all open ports and connection established between your computer and other computers at any given moment.


So you can see we have a protocol which we are using our local address and in foreign address, we have different letters so to avoid that you can do netstat -n to get only numbers.


Now you can its showing only numbers and port numbers. port 443 is used for https connections you can simply google it for finding more information about 443. Now in-state option you can see either its time_wait or established. Now if I will close my chrome browser all 443 will to time_wait.

Now if you will open cmd as admin and type netstat -b you will be shown all the executable connections. and if you will add -bo you will also get process id.


you can verify this by opening task manager and match process ids. netstat -a will show you all active ports even with which you don't have any active connections at that time. netstat -r will show you your routing table which works same as route print command.

Long story short netstat help us find all the processes we have and which ports we are listening to. Always remember to use -n option it will show you port numbers and you can look it up on google and find more about it.

Web Servers

The most used protocol on the internet is HTTP ( Hypertext transfer protocol ). It is the base of www. HTTP listens on port 80. So where this protocol run? well, it runs on a web server. Now a web server is nothing but just a normal computer but with a lot of power ( specifications ) and it has software on it which makes it a web server.

There are two competing versions of web servers Microsoft IIS ( Internet Information Service ) and the other one is Apache ( Open Source ) which is extremely popular. For creating these servers you just have to install the required software in them and let them run.

if you want to find if your computer is a web server or not simply run netstat -a and see if port 80 is listening. If it's listening then it's a web server.

Now we have two options either run HTTP (port 80) or HTTPS (port 443) ( S is for secure version ) so What is the difference between both well first on HTTP server open up Wireshark and intercept traffic follow TCP stream and look at the request.


Now you can see the request is in simple text and can be read easily. Which is bad you can not do transactions. Now let's see HTTPs and you will feel the difference.


Now you can see the ugliness of letters the are not readable all the communication is encrypted in https. HTTPs use either SSL or TLS to do this encryption SSL is old and TLS is new method.

FTP

When you want to transfer files to the server you use FTP for this purpose. We mostly use third party tools to use FTP. Filezilla is one of the best example.FTP uses two ports 21,20. We First have to set username and password to login once we login you will be at home directory of your server from where you can navigate files.


you can add permission to files read, write or delete files, etc. For file download, you have to add an anonymous account that enables public access to FTP servers.

Now accessing FTP you need an FTP client and there are a lot of them including cmd, Ipswitch WS_FTP LE. FTP clients send a request on post 21 and FTP servers respond back on port 20.


You can also use a web browser but you will have to type FTP://IP. before the IP for windows simply type FTP in cmd and it will enter in FTP mode next type open IP and it will ask for password to log in.



Now the bad thing is FTP has no security and everything is in plain text if you will capture through Wireshark or tcpdump. For security, you have to use SFTP which uses SSL or TLS.

E-mail Servers and Clients

When we are sending an email we use a protocol called SMTP ( Simple Mail Transfer Protocol ) which uses port 25. When you have to receive an email you have two options POP3 ( Post Office Protocol v3 (old)) which runs on port 110. The other one is IMAP ( Internet Message Access Protocol v4 (new) ) which runs on port 143.

So you send email using SMTP and receive it with IMAP or POP3 you need to know which of them you are using when doing to configurations. When you are setting up an email server you have to make sure that you have one piece of Software which acts as both SMTP and POP3 or IMAP.

Securing Email: SMTP, POP3 or IMAP are not secure by default so people asked for encrypted emails. So for this process, Start TLS was used in which all three services were used to one port 587. You must be thinking why not TLS well they first implemented it on TLS on ports 465,995,993 but it was a very complex port assignment when sending messages, therefore, they end up using START-TLS on one single port 587.

TELNET & SSH

Telnet is a remort command prompt to a faraway computer. When it comes to telnet server there is nothing by default in windows you have to set up programs like free SSHd. Telnet runs on port 23. For accessing the server you setup or if somebody else has set you can use a client program example puTTy.


here you will provide your IP, username, and password of server you will be logged into your server.


Now you have access to cmd of server and you can run all the command. But the problem with telnet is it's not secure and if you will intercept traffic using Wireshark you will be able to see everything in plain text. So we use SSH (Secure Shell) instead of telnet which is the secure version.

when you will connect to server with SSH a key will be generated which will be used to encrypt all the traffic.

Network Time Protocol 

NTP servers are very important but they get the least attention. If you have ever gone into windows time setting there you will find a line saying this computer will automatically sync time. Computer sync time from NTP servers. NTP is a protocol for clock synchronization and it uses 123 port.There are hundreds of NTP servers worldwide.

Network Service Scenarios

Here I am going to discuss some service issues that come into play. The first issue that I am going to discuss is the concept of reservations in DHCP. The first thing is you should never ever put gateway into scop of DHCP because it will assign that gateway to any host and no one can use the internet.

The second thing is let's say you have a file server and 90% of requests go to that server what you will do is reserve an IP address only for that file server so that you can always access it. You should always leave a number of IP addresses for things like this.

Another thing that you should know is  MAC reservations let's say you have a camera and you want that camera working all the time. So we will give MAC address to the DHCP server and say anytime you see this MAC even if you have to disconnect someone and give and IP to the camera do that.

One more thing you should never to is putting big leases i.e 8 days which is the default. If you are at a busy place never put them so long make them from 3-4 hours because users come and get an IP address and leave the place but that IP is reserved to because of that you get exhausted DHCP scope. So always add small leases.

The end line would be DHCP servers are not the solution to all the problems. So what we do is we turn to IPAM ( IP Address Management ) they are designed to do one thing is keep track of all the IPs and take care of the need of addressing for your system.IPAM tools are very powerful they can set DHCP scops, set reservations, generate new blocks of the addresses and whatnot.


Friday, 21 February 2020

Role of Routers in Networking

If you want to send some data within your network you can simply broadcast it to your whole network and find the MAC address of the required host to whom you need to send data. But what if the required host is not within your network? well, that's where routers come into play.

In simple words router in a box that is designed to connect network ids.Routers filter and forward requests on the base of the IP address. In order to have a router function, it has to have at least two connections.
Now suppose a packet comes from 232.25.201.190 and wants to go to 192.168.15.27. Now how does it knows how to get there. Well, it's done because of the routing table it has all the information needed and knows where to send the packet because it always updates itself.
Gateway all zero tells you are directly connected to that network. and Address tells where to send the packet. The good thing is this migration is done automatically. The problem is there are not only two network id's there are a lot of them and we need a mechanism to manage all.

So we have a building thing in every router a default route So we an upstream router provided by our ISP and that IP assigns an IP address to every router connected.

So in our routing table, we had a default route that has the IP address of the upstream router. If we didn't any IP simply goes to the upstream router. So now if you will look at the updated table it will look like this.
Now in industrial cases, your router can have three connections two connections from ISP and a third one where it's going towards your network. So, in this case, your routing table will mange three IPs.



So, in this case, you will have two default routes because you have two ISP and you can access the internet using both. So what we do is set one ISP as default every request to go towards that one and if that Internet Service Provider will go down we will send it to others one. So a new option is added in a routing table called metric will tell that it has more options.

The lower the metric value the more preferable options that will be for the router. Always remember routers don't care from where the packet is coming from it only cares where it's going.

There are two routes methods that are used to create route tables one is a static route where you manually write the IPs that would not change and this is most suitable for small networks. The other one is a dynamic route in this process every router is putting some smarts inside them so that they can write their own routing tables. In the Rip method, Every router shares his routing table with its neighbor and they fix their routes wrt which is faster.

Then we have a link-state  in which every router sends the hello advertisement to every router and if they detect any difference it will tell every other router that I have this change if you want to do that too.

RIP:  is a distance-vector protocol that uses hop count to determine routes.RIP 1 can be only used with classful addressing while RIP 2 supports CIDR.RIP maximum hop count is 15.

OSPF: Then we have OSPF which is basically link-state they upgraded and added a new method in which every router who got any changes with sending it to its Neighbor. Which makes its coverage faster.

BGP ( Border Gateway Protocol ):  is advanced then OSPF. It is primary protocol of the internet. It breaks down the internet into 20000 autonomous systems (AS is groups of router networks under the control of a single entity. eg Big University ). Now BGP is good at routing data between AS systems by knowing the AS Number eg AS 23. 

Understanding Ports

Every TCP packet has two port numbers one is the source who is sending and the other is a destination where it's going. Ports number also tell to which application the packet has to go. eg from 80 port number is used for web browsers and 21 is for FTP etc. All well know port numbers are reserved for certain applications and their range is 0-1023.

On the other hand, the client generates ephemeral port numbers range from 1024-65535 and they have generated automatically. every time when a client needs a source port number its generated and given to that client.

NAT ( Network Address Translation )

Every router has a NAT in it by default turned on and ready to work. Now on our network, we use the private IP address which we can not send it to the internet. So the purpose of NAT is to change private IP to our public IP that is assigned to us so that we can access the internet. And when the request comes back it reverses the whole process.

So this thing works for normal PCs but what if we had web servers well then for that scenario we have different versions of NAT eg static NAT where we forward all specific incoming traffic to one fixed static IP address which is one server in our case eg server A. Another way to do this is with dynamic NAT in this case we have to IPs in our router so if from our four servers one of them wants to send something we give one IP to that and if others want to go we give it to other. The problem with this method is we have fixed number IPs only.

Port Forwarding

Normally when you talk to someone outside of your network. Let's say your browser sents a request to a server and when that request comes back your router sees that you initiated that request it allows that connection.

But when every someone from outside tries to talk to you without your permission your browser will block that request. So to allow such connections we do port forwarding and we have thee things which help us do this task. Port Forwarding, Port Range Triggering, DMZ.


For example, you have a security camera and you want to access it from anywhere in the world now what you will do is go to your router and do port forwarding on a random port eg 8181 with the IP address of your camera. Now once you have done this now you will be able to access that camera from anywhere in the world by typing IP and post.

In Range Forwarding, you simply give a range of ports eg from 8181 to 8189 this is mostly done when you are setting up a gaming server.

Port Triggering

This process is a type of port forwarding but its done for a certain reason. For example, you have an FTP server and we want to download some files Now the unique things about FTP is it has two port 20,21.

21 is used for sending data to the server and 20 for receiving. when we send a request to FTP using post 21 it will respond back on port 20 our router will say that the client has sent a request on port 21 which router will allow only and will block port 20 as its coming from outward.

So to solve this issue we simply enable port triggering on our router and it will allow traffic from both 20 and 20.

DMZ ( Demilitarized Zone )

this option enables all kinds of traffic from the internet to your network. you simply enable it in your router and your allowed IP will be open to the whole internet which is a very bad practice as security purpose. You should do only for testing purposed of a temp host. Make sure when you enable DMZ you are following all the security practices.

Router Settings:

Almost every router has basic settings which are almost the same with some differences. The first thing you should do when you buy a router is to change the default username and password. You will get a manual with your rother which will help you learn all the settings about the router eg MAC filter, firmware update, etc.

Normal Router (SOHO) vs Enterprise Router Difference

The normal router you use at home is a SoHo router and It has a builtin router in it. It also acts as a switch and it has its own DHCP setup in it. Moreover, you can access it using a web interface without any issue.


But in case of Enterprise Router, they only work for one single purpose and if you need to add a switch with it you have to add another hardware for that purpose and you just can not use them on web interfaces you have cmd interface where you do all the settings.


Labels

Network (10)

Connect On Facebook

Follow Us For Updates