Archive for the ‘Internet Protocol’ Category

Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses and routing Internet Protocol packets. It is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been greatly increased. CIDR is now the routing system used by virtually all gateway hosts on the Internet’s backbone network.

IP addresses are described as consisting of two groups of bits in the address: the more significant part is the network address, which identifies a whole network or subnet, and the less significant portion is the host identifier, which specifies a particular interface of a host on that network. This division is used as the basis of traffic routing between IP networks and for address allocation policies. Classful network design for IPv4 sized the network address as one or more 8-bit groups, resulting in the blocks of Class A, B, or C addresses. Classless Inter-Domain Routing allocates address space to Internet service providers and end users on any address bit boundary, instead of on 8-bit segments. In IPv6, however, the interface identifier has a fixed size of 64 bits by convention, and smaller subnets are never allocated to end users.

CIDR notation is a syntax of specifying IP addresses and their associated routing prefix. It appends to the address a slash character and the decimal number of leading bits of the routing prefix, e.g., 192.0.2.0/24 for IPv4, and 2001:db8::/32 for IPv6.

Advertisements

The core function of DHCP is to assign addresses. DHCP functions at the Application Layer of the Open System Interconnection (OSI) reference model, as defined by the International Organization for Standardization (ISO) and the Telecommunication Standards Section of the International Telecommunications Union (ITU-T).

The OSI model is used for reference and teaching purposes; it divides computer networking functions into seven layers. From top to bottom, the seven layers are application, presentation,

session, transport, network, data-link, and physical

 

In brief, DHCP provides four key benefits to those managing and maintaining a TCP/IP network:

 

  • Centralized administration of IP configuration—DHCP IP configuration information can be stored in a single location and enables the administrator to centrally manage all IP configuration information. A DHCP server tracks all leased and reserved IP addresses and lists them in the DHCP console. You can use the DHCP console to determine the IP addresses of all DHCP-enabled devices on your network. Without DHCP, not only would you need to manually assign addresses, you would also need to devise a method of tracking and updating them.
  • Dynamic host configuration—DHCP automates the host configuration process for key configuration parameters. This eliminates the need to manually configure individual hosts when TCP/IP is first deployed or when IP infrastructure changes are required.
  • Seamless IP host configuration—the use of DHCP ensures that DHCP clients get accurate and timely IP configuration parameters, such as the IP address, subnet mask, default gateway, IP address of the DNS server, and so on, without user intervention. Because the configuration is automatic, troubleshooting of misconfigurations, such as mistyped numbers, is largely eliminated.
  • Flexibility and scalability—Using DHCP gives the administrator increased flexibility, allowing the administrator to more easily change IP configurations when the infrastructure changes. DHCP also scales from small to large networks. DHCP can service networks with ten clients as well as networks with thousands of clients. For very small, isolated networks, Automatic Private IP Addressing (APIPA) can be used.

Before delving into VoIP configurations, a brief introduction with terminology is necessary:

 

  • Public Switched Telephone Network (PSTN) —PSTN is the world’s collection of interconnected public voice telephone networks. It is also known as the Plain Old Telephone Service (POTS). It is set up and managed by the government and commercial organizations. It has evolved from the early days of Alexander Graham Bell to mostly digital, circuit-switched telephone network.
  • Private branch exchange (PBX) —This is a device located within an organization that routes telephone calls to internal extensions or to the PSTN. It provides additional features such as voicemail and call-forwarding. A PBX is less expensive than connecting an external line to every telephone. Numbers within the PBX (internal numbers) can be dialed using the last few numbers of the entire phone number and without going through the PSTN. A PBX usually has more than 125 ports.
  • Key telephone system —This is used like a PBX in small offices where far fewer phones are required. Each key telephone system supports up to a hundred ports.
  • Software IP phones —These consist of a headset that plugs into the USB or serial interface of a PC. The PC needs client software that supports IP telephony.
  • Hardware IP phones —These look like regular telephone sets, but they are plugged into a LAN switch. Most IP phones get power from the switch (power over Ethernet or PoE) and encapsulate voice data into IP frames for transmission over the LAN.
  • H.323—This was approved by the International Telecommunications Union (ITU) in 1996 as a standard for multimedia and audiovisual transmission across disparate networks. In 1998, it was followed by version 2. It also includes several functions such as bandwidth management, call control, multimedia management, and interoperability between different network types. H.323 has come to be the most popular protocol for VoIP.
  • Session initiation protocol (SIP)—SIP is IETF’s standard for multimedia communication over IP networks. It is an application-layer control protocol that initiates, manages, and terminates calls between two or more terminals. It is picking up as an alternative to H.323.

Subnetting is a technique of dividing a full Class A, B, or C network into smaller networks. It defines how 1 or more bits are taken from the host portion and added to the network portion. Following are the advantages of this technique:

 

  •  Saves IP addresses —Avoids the need to assign an entire IP range within a network to one location.
  •  Simplifies network management—Smaller, independent subnets can be created by routers. Internal networks can be restructured without impacting DMZ or external networks.
  •  Reduces network traffic —Links with high network traffic can be isolated to a subnet. Examples are NFS and backup subnets. NFS client (such as a filer) interfaces can be on a one subnet and backup server and dedicated client NICs on another.
  •  Improves security —It is easy to keep DMZ and front-facing networks separated from internal networks.

 

Subnetting requires taking a bit from the host portion and giving it to the network portion. The more bits we steal from host portion, the more the number of subnets. But more subnets come at the expense of IPs that would otherwise be used for hosts. Each new subnet requires two IP addresses: one for the network ID and the other for its broadcast ID.

Automatic Private IP Addressing

 

Automatic Private IP Addressing (APIPA) is a feature introduced with Windows 2000; it is also included in Windows XP and Windows Server 2003.

 

APIPA allows a computer that is configured to obtain an automatic IP address to assign itself an address from a private range should no DHCP server be available. APIPA assigns addresses in the range 169.254.0.1 through 169.254.255.255—a range reserved by Microsoft for just this purpose.

 

APIPA is really designed for small networks that don’t use a DHCP server. APIPA allows computers running Windows 2000, Windows Server 2003, or Windows XP to plug into a network and recognize one another with little configuration necessary. If your network uses a DHCP server and you see that a client has been assigned an address in the APIPA range, it means the client could not locate a DHCP server.

 

Routing is the process of moving information along a path from a source to a destination.

On a TCP/IP network, the source and destination are called hosts and the information is broken apart into small packets that are transmitted between these hosts. The IP handles the routing of all these packets for the network.

 

Remember that a protocol such as TCP or UDP hands down a packet of data to the IP protocol for transmission to a remote host. IP must determine where the packet goes.

First, it compares the network ID of the local host with the network ID of the destination host identified in the packet. If the two network IDs match, the two hosts are on the same network segment and the packet can be sent directly to the destination host.

 

If IP determines that the network IDs of the local host and the remote host do not match, that means that the two hosts are on different network segments and the packet cannot be sent directly. Instead, IP must send the packet to a gateway, which is a router connecting one network segment to another. When this gateway receives the packet, its IP protocol goes through the process of comparing network IDs to determine the best place to send the packet. If the destination host is on one of the network segments to which the gateway is directly connected, the gateway can forward the packet straight to the destination host. Otherwise, the gateway forwards the packet on to another gateway, and then perhaps another, until the packet finally reaches its destination. Each time a packet crosses a gateway that is referred to as a hop. For example, if a packet must cross three routers to reach its destination that is considered three hops.

 

Usually, the source host is configured with the IP address of a default gateway, a router to which all packets are sent if the destination host is not found on the same network segment. Routers (and all devices with IP installed, for that matter) are able to consult routing tables that are stored in the router’s memory. A routing table holds information on preferred routes for various network IDs. This way, the router can determine the best gateway to which to send a packet based on the network ID of the packet’s destination host. There are two ways in which a router can build its routing table:

 

Static A static router has a routing table that is constructed and updated manually.

In other words, someone must actually access the routing table to create

routes the router can use.

 

Dynamic A dynamic router builds and updates its own routing table as it finds

appropriate routes. When it finds shorter routes, it favors those over longer routes.

Most important, dynamic routers can also share their information with other

routers on the network. Almost all the routers in use today are dynamic routers—

manual routers are just too much work. Dynamic routers use one of two common

routing protocols: Routing Information Protocol (RIP) and Open Shortest Path First

(OSPF).

 

An anonymous proxy server (from time to time called a trap factor) mainly attempts to anonymize trap surfing. There are discrete varieties of anonymizers. One of the more routine variations is the bare proxy. Because they are typically difficult to track, introduce proxies are principally profitable to those seeking online anonymity, from governmental dissidents to computer criminals. Some users are essentially interested in anonymity for added security, hiding their identities from potentially malicious websites appropriate for illustration, or on grounds, to further constitutional charitable rights of naturalness of philippic, instead of instance. The server receives requests from the anonymizing representative server, and thus does not profit information forth the intent purchaser’s address. Though, the requests are not anonymous to the anonymizing proxy server, and so a rank of conviction is today between the proxy server and the user. Many of them are funded through a continued advertising link to the user.

Access hold sway over: Some proxy servers implement a logon requirement. In large organizations, authorized users obligated to log on to attain access to the web. The organization can thereby track usage to individuals.

Some anonymizing surrogate servers may forward figures packets with header lines such as HTTP_VIA, HTTP_X_FORWARDED_ALSO IN BEHALF OF, or HTTP_FORWARDED, which may reveal the IP address of the client. Other anonymizing delegate servers, known as elite or ear-splitting anonymity proxies, but number the SLIGHT_ADDR header with the IP address of the agent server, making it show that the delegate server is the client. A website could quiescent be suspicious of a proxy is being toughened if the client sends packets which encompass a cookie from a antecedent to by that did not put to use the high anonymity surrogate server. Clearing cookies, and by any chance the cache, would solve this problem.

 

A surrogate that focuses on Life Major Web traffic is called a “web proxy”. The most general use of a web surrogate is to perform as a web cache. Most delegate programs specify a means to forbid access to URLs specified in a blacklist, thus providing text filtering. This is over again adapted to in a corporate, pedagogical, or library circumstances, and anywhere else where content filtering is desired. Some trap proxies reformat web pages for a specific deliberateness or audience, such as to go to chamber phones and PDAs.Web Server is an medial server between patient petition and server resource
Content-filtering net surrogate
A content-filtering web substitute server provides administrative direction over the please that may be relayed sometimes non-standard due to the proxy. It is commonly employed in both commercial and non-commercial organizations  to secure that Internet form conforms to tolerable make use of policy. In some cases users can circumvent the delegate, since there are services designed to representative message from a filtered website through a non filtered locality to sanction it through the user’s proxy.

Some proverbial methods acclimated to inasmuch as essence filtering list: URL or DNS blacklists, URL regex filtering, MIME filtering, or peacefulness keyword filtering. Some products comprise been known to employ content dissection techniques to look in the direction of traits commonly old by standard types of content providers.

A content filtering substitute leave often bolstering user authentication, to supervision web access. It also usually produces logs, either to recite full information in all directions the URLs accessed past unequivocal users, or to prefect bandwidth usage statistics. It may also communicate to daemon-based and/or ICAP-based antivirus software to care for insurance against virus and other malware by scanning arriving purport in real hour in advance it enters the network.
Anonymizing proxy server

 

Ip Address is a unique address assigned to each computer on a network in order to identify and communicate with each other utilizing the Internet Protocol standard (IP)

Basic Format

A IP address consists of 4 parts (known as Octet), each having three digit ranging from 0 -255 separated by a decimal point.

Example of Valid IP:

10.31.11.25

10.31.11.* (* means all numbers ranging from 0-255 in last octet)

10.31.*.* (* means all numbers ranging from 0-255 in 3rd and 4th octet)

10.31.11.25-155 (25-155 means all number ranging from 25 to 155).

IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here’s how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.

When IP spoofing is used to hijack a browser, a visitor who types in the URL(Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL http://www.loc.gov would see spoofed content created by the hijacker.

If a user interacts with dynamic content on a spoofed page, the highjacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware . The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam.

Web site administrators can minimize the danger that their IP addresses will be spoofed by implementing hierarchical or one-time passwords and dataencryption/decryption techniques. Users and administrators can protect themselves and their networks by installating and implementating firewalls that block outgoing packets with source addresses that differ from the IP address of the user’s computer or internal network.