Xarxes

Hw

Top

Each network adapter (network card) has a unique (burned-in) network address. Under W95, use winipcfg to display yours. A network adapter requires a device driver, the software that enables a computer to work with that particular device. Over a driver, we define some protocols, rules and procedures for communicating. If we have a mix of adapters and protocols, the binding order determines the order in which the operating system runs the protocol.

RJ connectors RJ11 - módem, teléfono - 4 cables. RJ11 RJ45 - red Ethernet, ADSL - 8 cables. RJ45 Pinout (568-B) pin 1 : Blanco - Naranja : Transceive data+ pin 2 : Naranja : Transceive data- pin 3 : Blanco - Verde : Receive data+ pin 6 : Verde : Receive data- Details Female Se suelen unir todos los hilos, pero para las comunicaciones Ethernet solo hacen falta los pares "1"-"2" y "3"-"6". El conector RJ-11 encaja dentro del RJ-45, coincidiendo los pines 4 y 5 con los usados para la transmisión de voz en el RJ-11.

IE3

Top

TCP/IP

Top

                                                       Application formats - HTML, XML

 Application layer  Telnet, FTP, API (as Sockets)      layer 5-7 : session, presentation - SSL, HTTP
  |                  |                                 * --- socket interface API
 Transport layer    TCP, UDP                           layer 4 : transport - TCP o UDP
  |                  |
 Network layer      IP, ICMP                           layer 3 : network - IP
  |                  |
 Link layer         ARP, LLC                           layer 2 : data - ethernet
  |                  |
 Physical layer     Ethernet hardware                  layer 1 : physical - twisted pair

 TCP - connection-oriented; splits and re-assembles data using datagrams. Stream protocol.
 UDP - connectionless, unreliable. Datagram protocol.
 IP - no error control, only a header checksum.
 ARP - maps IP addresses to hardware addresses : "who has <IP>; tell <IP>" : output is a MAC
 RARP - "who is <MAC>; tell <MAC>" : output is an IP

TCP/IP utilities Few useful utilities are : ipconfig [win] / netstat -nr [unix] Flags que el poden complementar : /release - release the IP address for the specified adapter. /renew - renew the IP address for the specified adapter. /flushdns - purges the DNS Resolver cache. /registerdns - refreshes all DHCP leases and re-registers DNS names [***] /displaydns - display the contents of the DNS Resolver Cache. /showclassid - displays all the DHCP class IDs allowed for adapter. /setclassid - modifies the DHCP class id. ping Convierte nombre NETBIOS en dirección IP. ICMP based => not session based See ping -r or pingroute or pathping pathping (win32) c:\> pathping Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-P] [-R] [-T] [-4] [-6] target_name Options: -g host-list Loose source route along host-list. -h maximum_hops Maximum number of hops to search for target. -i address Use the specified source address. -n Do not resolve addresses to hostnames (faster !). -p period Wait period milliseconds between pings. -q num_queries Number of queries per hop. -w timeout Wait timeout milliseconds for each reply. -P Test for RSVP PATH connectivity. -R Test if each hop is RSVP aware. -T Test connectivity to each hop with Layer-2 priority tags. -4 Force using IPv4. -6 Force using IPv6. tracert   arp ARP performs IP address-to-Media Access Control (MAC) address resolution for outgoing packets. wiki : given an IP, it will try to find the corresponding MAC address. mr Yuri Volobuev's (1997) ARP and ICMP redirection games, magnific ! 2x codi : send_arp.c & icmp_redir.c. arping Convert MAC to IP Works for machines which answer broadcast pings, i.e. not for windows machines FreshMeat (linux only) : Arping is an ARP level ping utility. It's good for finding out if an IP is taken before you have routing to that subnet. It can also ping MAC addresses directly. manual & package [root@lab2 ~]# arping Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination -f : quit on first reply -q : be quiet -b : keep broadcasting, don't go unicast -D : duplicate address detection mode -U : Unsolicited ARP mode, update your neighbours -A : ARP answer mode, update your neighbours -V : print version and exit -c count : how many packets to send -w timeout : how long to wait for a reply -I device : which ethernet device to use (eth0) -s source : source ip address destination : ask for what ip address rarp wiki : given a MAC address, it tries to find the corresponding IP address. url : Reverse ARP is a predecessor to BOOTP, on which DHCP is based. Generally, the spec. requires an *authoritative* response (hence the questions about a RARP server). It may very well be that there are TCP/IP implementations out there which will respond to RARP packets in the way you describe, but I have yet to find any. Besides, RARP (because of it's associations with BOOTP), is totally the wrong thing to use... what you *really* want is INVARP which was invented for use by ATM switches so that their IP addresses could be queried directly based on MAC address. But, again, nobody outside of the ATM community implements INVARP in their TCP/IP stack. Effectively, what this means is that there is *no way* within the scope of the standard protocols to force a system whose MAC address you know to tell you it's associated IP address. There may be a way to do it outside of the standards (maybe by crafting an ICMP packet with a bogus IP and sending it directly to the system... and then reading the real IP out of the reply..), but that would have unpredictable results... Anyway, sorry to continue the bad news :-( route See route print ! ftp = file transfer protocol ftp [-v] [-d] [-i] [-n] [-g] [-k realm] [-f] [-x] [-u] [-t] [host] "ftp -i <url>" for non-interactive multiple file transfer The prompt feature of the mput command can be disabled by invoking ftp with the -i option. In this instance, all file names that match the pattern in your mput command will be transferred without confirmation. url CD = change remote working dir DIR = list remote directory PWD = display remote directory name LCD = change LOCAL directory ! nbtstat Convierte dirección IP en nombre NETBIOS c:\> nbtstat  -A   192.168.1.33 Conexión de área local 3: Dirección IP: [192.168.1.2] Id. de ámbito : []            NetBIOS Remote Machine Name Table        Nombre               Tipo         Estado     ---------------------------------------------     AIRIS-1234   <00>  Único       Registrado     AIRIS-1234   <20>  Único       Registrado     GRUPO_TRABAJO  <00>  Grupo       Registrado     GRUPO_TRABAJO  <1E>  Grupo       Registrado     GRUPO_TRABAJO  <1D>  único       Registrado     Dirección MAC = 00-10-A7-2C-42-1A netstat   nslookup DNS : nslookup uses /etc/resolv.conf Try to use dig Top ARP games Clear ARP cache (windows) : netsh interface ip delete arpcache Top DNS register, display, flush, etc Purgar DNS en windows: > ipconfig /flushdns Purgar DNS Linux: # /etc/init.d/nscd restart Purgar DNS Ubuntu: $ sudo /etc/init.d/networking restart Registrar DNS windows: > ipconfig /registerdns [***] Registrar Linux con cliente samba en servidor DNS win: $ net ads dns register -P Ver servidores DNS en Windows: > ipconfig /all Ver servidores DNS en Linux / Ubuntu: $ cat /etc/resolv.conf Ver Gateway en Windows: > ipconfig Ver Gateway en Linux / Ubuntu: $ route | grep default (nota: $ route -n => la pasarela de la superruta 0.0.0.0 es el gateway principal) Interesting Linux command : nsupdate, but not an easy one ... Client configuration file : /etc/dhclient.conf has "send host-name 'host.fq.name'" line ! dubtes DNS Com es fa per definir un "alias" ? dubtes resolv.conf When configuring the resolver library to use the BIND name service for host lookups, you also have to tell it which name servers to use. There is a separate file for this, called resolv.conf. If this file does not exist or is empty, the resolver assumes the name server is on your local host. If you run a name server on your local host, you have to set it up separately, as will be explained in the following section. If your are on a local network and have the opportunity to use an existing nameserver, this should always be preferred. The most important option in resolv.conf is nameserver, which gives the IP-address of a name server to use. If you specify several name servers by giving the nameserver option several times, they are tried in the order given. You should therefore put the most reliable server first. Currently, up to three name servers are supported. Two other options, domain and search deal with default domains that are tacked onto a hostname if BIND fails to resolve it with the first query. The search option specifies a list of domain names to be tried. If no search option is given, a default search list is constructed from the local domain name by using the domain name itself, plus all parent domains up to the root. On a normally configured system, this file should not be necessary. The only name server to be queried will be on the local machine (no nameserver in resolv.conf), the domain name is determined from the host name, and the domain search path is constructed from the domain name. url Diferencia entre "search bar.es.ibm.com" i "domain bar.es.ibm.com" dins de resolv.conf ? Si posem "search example.com company.net" dins el fitxer "resolv.conf" i fem servir un nom curt com "test", llavors s'intenta resoldre primer "test.example.com" i despres "test.company.net" Si posem "domain vbrew.com", i volem resoldre el nom vale, primer fem servir el nom "vale", i si falla, "vale.vbrew.com", i finalment "vale.com". Conclusió : 1-o va NAMESERVER 2-o va SEARCH 3-o va DOMAIN

Top FQDN url You can't change the FQDN (as returned by hostname --fqdn) or the DNS domain name (as returned by dnsdomainname) with this command. The FQDN of the system is the name that the resolver(3) returns for the host name. Technically: The FQDN is the name gethostbyname(2) returns for the host name returned by gethostname(2). The DNS domain name is the part after the first dot. Therefore it depends on the configuration (usually in /etc/host.conf) how you can change it. Usually (if the hosts file is parsed before DNS or NIS) you can change it in /etc/hosts. THE FQDN

route print de les meves maquines P4 : ====================================================================== Interface list 0x1 ............................. MS TCP Loopback interface 0x30002 ... 00 10 A7 2C 70 30 ... Ralink RT2500 Wireless LAN card 0x2 ....... 00 02 2A FA 00 04 ... Realtek RTL8139 (A/B/C/8130) PCI Ethernet adapter ====================================================================== T42 : ====================================================================== Interface list 0x1 ............................. MS TCP Loopback interface 0x3 ....... 00 11 25 43 08 1a ... Intel(R) PRO/1000 MT Mobile Connection 0x40002 ... 00 00 00 00 00 01 ... AGN Virtual Network Adapter 0x40005 ... 00 0e 35 9a 07 69 ... Intel(R) PRO/Wireless 2200BG Network Connection ====================================================================== route command Commands route print route add route delete If your need to get to site x.x.x.x you can use the following command. route add x.x.x.x mask 255.255.255.255 y.y.y.y where y.y.y.y is your local gateway. There is a flag that you have to add if you want it to survive a reboot though (-p) url

TCP/IP tools List Good network tools [1,2 MB] License for version 2.50 : url Registration Name + Registration Number ? Forensic, Nessus ... for NT Network Forensic tools (not free). From Neohapsis FoundStone : security toolkit. FTP Explorer FTP passiu & command-line [Alby] see Port Scanners

Conversions i algoritmes

Top

• Host name -> IP address : nslookup
• Nom NetBios -> IP address : nbtstat
• IP address -> MAC address : ping
• MAC address -> IP address : arp : run a ping, then display cache using arp -a.

Name and Address Resolution

Top

From here

Top

socket

Each sockets conversation is identified by a unique combination of source and target ip address and port number, as x.x.x.x(aaaa) y.y.y.y(bbbb)
Only one conversation can exist on a network with a specific signature.

MQFirewalls.pdf [T42:\MQ\BOOKS\Security]

WinSock.h

Top

8/4/2005 : BLAT error : unexpected error 10051 from winsock

winsock.h error list : URL, uSoft, uSoft

The error codes I have got are :

WinSock Programmer’s FAQ, as BSD vs winsock compatibility.

PING

Top

W2K : is this correct ?

 c:\TEMP>ping www.google.es -n 09
 Bad value for option -n, valid range is from 1 to 4294967295.

Del llibre WSNP, chapter 16 :

As we describe in Chapter 14, "Debugging", the ICMP ping facility provides a way to reach out and gently touch another machine. All TCP/IP hosts are required to reply to an ICMP echo request. Sending an echo request, and reading the echo reply is the simplest way to check IP connectivity between two network hosts and by implication it can provide a surprising amount of other information.

The ICMP ping capability is essential for any network management application designed to run over WinSock, but many average applications can benefit also. By embedding ICMP ping an application can perform simple diagnostics automatically. This can help application users, and provide essential information to support personnel.

To create an ICMP ping application a WinSock socket() function must support the "raw ICMP" socket type (af=AF_INET, type=SOCK_RAW, protocol=IPPROTO_ICMP). The following code example shows you how.

Xorrades TCP/IP

Top

Com saber si el traceroute fa servir ICMP ? Use -I on Linux El AIX (as Linux) fa servir UDP, with ICMP responses Windows : uses ICMP only

ping always uses icmp

CIDR notation : the mask length specifies the number of leftmost contiguous significant bits in the corresponding IP address. Thus, an IP prefix with a prefix length of 15 (denoted /15) covers the address space of 128k IP addresses, and a /17 covers the address space of 32k IP addresses.

Com saber qui es 9.12.136.103 ? ping, traceroute, nslookup, dig, host, Use http://www.ip-adress.com/ + IP LookUp.

IBM RedBook : "TCP/IP tutorial and technical overview" - GG243376 !

See the IP seen from outside (ShowMyIP) What is my IP ? Collita pròpia !!!

Diferencies entre un proxy i un socks : un proxy es ... A Proxy Server is a server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself, using its "cache". If not, it forwards the request to the real server. In addition to that, among proxy servers there are so called anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it. un socks es ... A protocol for handling TCP traffic through a proxy server. It can be used with virtually any TCP application, including Web browsers and FTP clients. It provides a simple firewall because it checks incoming and outgoing packets and hides the IP addresses of client applications.

Networking essentials [T42:\Books\TCPIP\Essentials] TCP/IP Fundamentals for Microsoft Windows

Linux IP commands Display Current Config for all NIC's: ifconfig Display Current Config for eth0: ifconfig eth0 Assign IP: ifconfig eth0 192.168.1.2 Assign multiple IP's: ifconfig eth0:0 192.168.1.2 Assign second IP: ifconfig eth0:1 192.168.1.3 Disable network card: ifconfig eth0 down Enable network card: ifconfig eth0 up Assign IP/Subnet: ifconfig eth0 192.168.1.2 netmask 255.255.255.0 Assign Default Gateway: route add default gw 192.168.1.1 View current routing table: route "or" route -n View arp cache: arp "or" arp -n Ping: ping -c 3 192.168.1.1 Trace Route: traceroute www.whatismyip.com Trace Path: tracepath www.whatismyip.com DNS Test: host www.whatismyip.com Advanced DNS Test: dig www.whatismyip.com Reverse Lookup: host 66.11.119.69 Advanced Reverse Lookup: dig -x 66.11.119.69 TCP dump tcpdump eth url Mind "PROMISC" flag : jac@Gazelle[516]$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:10.18.2.35 Bcast:10.18.2.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING PROMISC MTU:1500 Metric:1 RX packets:10723 errors:0 dropped:0 overruns:0 frame:0 TX packets:5439 errors:0 dropped:0 overruns:0 carrier:0 collisions:1 txqueuelen:100 RX bytes:1470520 (1.4 Mb) TX bytes:484154 (472.8 Kb) Interrupt:9 Base address:0x9000

Top

What is the format of a valid MAC address ? And OUIs list

A normal MAC address looks like this: 00:09:5B:EC:EE:F2. It is composed of six octets. The first half (00:09:5B) of each MAC address is known as the Organizationally Unique Identifier (OUI). Simply put, it is the card manufacturer. The second half (EC:EE:F2) is known as the extension identifier and is unique to each network card within the specific OUI. Many access points will ignore MAC addresses with invalid OUIs. So make sure you use a valid OUI code when you make up MAC addresses. Otherwise, your packets may be ignored by the Access Point. The current list of OUIs may be found here.

Make sure that that the last bit of first octet is 0. This corresponds to unicast addresses. If it is set to 1, this indicates a group address, which is normally exclusively used by multicast traffic. MAC addresses with a source set to multicast are invalid and will be dropped.

Examples of valid OUIs: 00:1B:23, 08:14:43, AA:00:04 because 0, 8 and A are even. Examples of invalid OUIs: 01:1B:23, 03:23:32 In particular, it is recommended that the first octet is 00.

url

00-05-69 (hex) VMware, Inc. 00-0C-29 (hex) VMware, Inc. 00-1C-14 (hex) VMware, Inc 00-50-56 (hex) VMware, Inc. 00-21-5E IBM C8-4C-75 Cisco

Buscador de MAC's ...

NET command

Top

NET HELP or NET /? displays

 NET ACCOUNTS             NET HELP              NET SHARE
 NET COMPUTER             NET HELPMSG           NET START
 NET CONFIG               NET LOCALGROUP        NET STATISTICS
 NET CONFIG SERVER        NET NAME              NET STOP
 NET CONFIG WORKSTATION   NET PAUSE             NET TIME
 NET CONTINUE             NET PRINT             NET USE
 NET FILE                 NET SEND              NET USER
 NET GROUP                NET SESSION           NET VIEW

Continue with NET HELP <command> or use/read url

So, first we use nbtstat -A <remote ip> to find out the remote IP and then we use NET VIEW \\<remote ip> to see the shared resources. Finally, we test NET USE with diferent user's and keys.

 NET USER R752196 /DOMAIN

The TCP Three way Handshake

Top

1. The client machine sends out a TCP packet with the SYN bit set (Synchronise).
2. The server responds with a SYN / ACK packet (Synchronise, Acknowledge).
3. The client then replies with a ACK packet (Acknowledge).

Top

BT4 Identify Live Hosts

• 0trace
• 5nmp
• Angry IPScan
• Arping
• Autoscan
• Fping
• Genlist
• Hping2
• Hping3
• Lanmap
• Lanmap2
• Nbtscan
• Netifera
• Nmap
• Nsat
• Onesixtyone
• OutputPBNJ
• ScanPBNJ
• SCTPscan
• SSLscan
• TCPtraceroute
• Unicornscan
• Zenmap

NMAP scans

Top

Global nmap description : The Art of Port Scanning, by Fyodor [1997]. Update. Tutorial [***] tutorial, host discovery : ARP ping "-PR".

See "Xmas ping" ... to all the IP's !

The Connect Scan
If a SYN Packet is sent to an closed port, a SYN, ACK response will not be sent. Instead the target will reply with a RST, ACK (Rest, Acknowledge) indicating the port is closed.
Read more details here

The SYN (half open) scan.
The concept behind the half open scan is to hide the fact a connection is taking place from the remote operating system. This is accomplished by never completing the 3 way handshake. Instead of sending the ending "ACK, a "RST" is sent to notify the target that the connection should be closed before it is fully open.

The Null scan.
The concept behind a Null scan is to send a packet with invalid flags set, in the case of a null scan, setting no flags. When the target receives such a packet, it will either be dropped or responded to with a RST, this will obviously be dependent on what state the destination port is currently in (open or closed).

The Xmas Scan
The Xmas scan is similar to the null scan; it is also based on the idea of sending packets with invalid flags set. Where as the null scan sends a packet with no options, the XMAS Scan uses the URG PSH and FIN (Urgent, Push and Finish) flags. Once again, if the port is closed, a RST will be sent back to the client and if it is open the packet will be dropped.

Download for Windows.

WinPcap is a Windows driver for raw network connection. It is used by nmap (port scanner software) and tcpdump (ethernet sniffer). It is open source and is a driver.

Top

nMap runs

Nmap 4.85BETA8 ( http://nmap.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL <inputfilename>: Input from list of hosts/networks -iR <num hosts>: Choose random targets --exclude <host1[,host2][,host3],...>: Exclude hosts/networks --excludefile <exclude_file>: Exclude list from file HOST DISCOVERY: -sL: List Scan - simply list targets to scan -sP: Ping Scan - go no further than determining if host is online -PN: Treat all hosts as online -- skip host discovery -PS/PA/PU[portlist]: TCP SYN/ACK or UDP discovery to given ports -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes -PO[protocol list]: IP Protocol Ping -n/-R: Never do DNS resolution/Always resolve [default: sometimes] --dns-servers <serv1[,serv2],...>: Specify custom DNS servers --system-dns: Use OS's DNS resolver --traceroute: Trace hop path to each host SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP Scan -sN/sF/sX: TCP Null, FIN, and Xmas scans --scanflags <flags>: Customize TCP scan flags -sI <zombie host[:probeport]>: Idle scan -sO: IP protocol scan -b <FTP relay host>: FTP bounce scan PORT SPECIFICATION AND SCAN ORDER: -p <port ranges>: Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 -F: Fast mode - Scan fewer ports than the default scan -r: Scan ports consecutively - don't randomize --top-ports <number>: Scan <number> most common ports --port-ratio <ratio>: Scan ports more common than <ratio> SERVICE/VERSION DETECTION: -sV: Probe open ports to determine service/version info --version-intensity <level>: Set from 0 (light) to 9 (try all probes) --version-light: Limit to most likely probes (intensity 2) --version-all: Try every single probe (intensity 9) --version-trace: Show detailed version scan activity (for debugging) SCRIPT SCAN: -sC: equivalent to --script=default --script=<Lua scripts>: <Lua scripts> is a comma separated list of directories, script-files or script-categories --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts --script-trace: Show all data sent and received --script-updatedb: Update the script database. OS DETECTION: -O: Enable OS detection --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressively TIMING AND PERFORMANCE: Options which take <time> are in milliseconds, unless you append 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m). -T<0-5>: Set timing template (higher is faster) --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes --min-parallelism/max-parallelism <time>: Probe parallelization --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --max-retries <tries>: Caps number of port scan probe retransmissions. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes --min-rate <number>: Send packets no slower than <number> per second --max-rate <number>: Send packets no faster than <number> per second FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU) -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys -S <IP_Address>: Spoof source address -e <iface>: Use specified interface -g/--source-port <portnum>: Use given port number --data-length <num>: Append random data to sent packets --ip-options <options>: Send packets with specified ip options --ttl <val>: Set IP time-to-live field --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address --badsum: Send packets with a bogus TCP/UDP checksum OUTPUT: -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename. -oA <basename>: Output in the three major formats at once -v: Increase verbosity level (use twice or more for greater effect) -d[level]: Set or increase debugging level (Up to 9 is meaningful) --reason: Display the reason a port is in a particular state --open: Only show open (or possibly open) ports --packet-trace: Show all packets sent and received --iflist: Print host interfaces and routes (for debugging) --log-errors: Log errors/warnings to the normal-format output file --append-output: Append to rather than clobber specified output files --resume <filename>: Resume an aborted scan --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML --webxml: Reference stylesheet from Nmap.Org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/XML output MISC: -6: Enable IPv6 scanning -A: Enables OS detection and Version detection, Script scanning and Traceroute --datadir <dirname>: Specify custom Nmap data file location --send-eth/--send-ip: Send using raw ethernet frames or IP packets --privileged: Assume that the user is fully privileged --unprivileged: Assume the user lacks raw socket privileges -V: Print version number -h: Print this help summary page. EXAMPLES: nmap -v -A scanme.nmap.org nmap -v -sP 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -PN -p 80 SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES

Exemples :

nmap -sP 8.137.164.15 ; nmap -p 1-65535 -T4 -A -v -PE -PA21,23,80,3389 9.137.164.15 ; intense scan, all TCP ports. nmap -T4 -A -v -PN 9.137.164.15 ; intense scan, no ping nmap -p1-65535 ; all ports nmap -sU -p6900-6920 <ip> ; UDP scan of ports 6900 thru 6920 (WYSE)

SuSE SLES 10 SP1 - rpm requires rtld (GNU-HASH) requisite.

TCP header

Top

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             data                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

From here

TCP flags

Top

NetBIOS

Top

 To send the message "Hi there!" to the user on a host name WINHOST,
 the following command line would do the trick :

 /bin/echo "Hi there!" | smbclient -M WINHOST

 net use \\9.136.0.129\ipc$ "" /u:""

General Call

UCHAR Netbios ( PNCB pNcb // address of network control block ) ;

NCB structure

typedef struct _NCB {
    UCHAR   ncb_command ;                        /* command code                */
    UCHAR   ncb_retcode ;                        /* return code                 */
    UCHAR   ncb_lsn ;                            /* local session number        */
    UCHAR   ncb_num ;                            /* number of our network name  */
    PUCHAR  ncb_buffer ;                         /* address of message buffer   */
    WORD    ncb_length ;                         /* size of message buffer      */
    UCHAR   ncb_callname [NCBNAMSZ] ;            /* blank-padded name of remote */
    UCHAR   ncb_name [NCBNAMSZ] ;                /* our blank-padded netname    */
    UCHAR   ncb_rto ;                            /* rcv timeout/retry count     */
    UCHAR   ncb_sto ;                            /* send timeout/sys timeout    */
    void (CALLBACK *ncb_post)( struct _NCB * ) ; /* POST routine address        */
    UCHAR   ncb_lana_num ;                       /* lana (adapter) number       */
    UCHAR   ncb_cmd_cplt ;                       /* 0xff => commmand pending    */
    UCHAR   ncb_reserve [10] ;                   /* reserved, used by BIOS      */
//
//   SPECIFIC TO WIN32
//
    HANDLE  ncb_event ;       // HANDLE to Win32 event which will be set
                              // to the signalled state
                              // when an ASYNCH command completes

} NCB, * PNCB ;

Sample code

----------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Win32 Software Development Kit (SDK) versions 3.1 and 3.5
----------------------------------------------------------------------

SUMMARY
=======

You can get a list of NetBIOS names for a lana by using the Adapter Status
NetBIOS request and using the "*" character as the call name. However, on
Windows NT, this method lists only the names added by the current process.

If you want to list all of the NetBIOS names on the lana, use a unique
local name as the call name. This method causes the Adapter Status to be
treated as a remote call, which will disable the "filtering" of names added
by other processes. The sample code below demonstrates this technique.

SAMPLE CODE
-----------

/* The following makefile may be used to build this sample:

 !include 

 PROJ = test.exe
 DEPS = test.obj
 LIBS_EXT = netapi32.lib

 .c.obj:
   $(cc) /YX $(cdebug) $(cflags) $(cvars) $<

 $(PROJ) : $(DEPS)
   $(link) @<<
 $**
 -out:$@
 $(conlibs)
 $(conlflags)
 $(ldebug)
 $(LIBS_EXT)
 <<

*/

#include <windows.h>
#include <stdio.h>
#include <string.h>

/*
 * LANANUM and LOCALNAME should be set as appropriate for your system
 */
#define LANANUM     0
#define LOCALNAME   "MAKEUNIQUE"

#define NBCheck(x)  if (NRC_GOODRET != x.ncb_retcode) { \
                        printf("Line %d: Got 0x%x from NetBios()\n", \
                               __LINE__, x.ncb_retcode); \
                    }

void MakeNetbiosName (char *achDest, LPCSTR szSrc);
BOOL NBAddName (int nLana, LPCSTR szName);
BOOL NBReset (int nLana, int nSessions, int nNames);
BOOL NBListNames (int nLana, LPCSTR szName);
BOOL NBAdapterStatus (int nLana, PVOID pBuffer, int cbBuffer,
                      LPCSTR szName);

void
main ()
{
    if (!NBReset (LANANUM, 20, 30))
        return;

    if (!NBAddName (LANANUM, LOCALNAME))
        return;

    if (!NBListNames (LANANUM, LOCALNAME))
        return;

    printf ("Succeeded.\n");
}

BOOL
NBReset (int nLana, int nSessions, int nNames)
{
    NCB ncb;

    memset (&ncb, 0, sizeof (ncb));
    ncb.ncb_command = NCBRESET;
    ncb.ncb_lsn = 0;            /* Allocate new lana_num resources */
    ncb.ncb_lana_num = nLana;
    ncb.ncb_callname[0] = nSessions;  /* max sessions */
    ncb.ncb_callname[2] = nNames;  /* max names */

    Netbios (&ncb);
    NBCheck (ncb);

    return (NRC_GOODRET == ncb.ncb_retcode);
}

BOOL
NBAddName (int nLana, LPCSTR szName)
{
    NCB ncb;

    memset (&ncb, 0, sizeof (ncb));
    ncb.ncb_command = NCBADDNAME;
    ncb.ncb_lana_num = nLana;

    MakeNetbiosName (ncb.ncb_name, szName);

    Netbios (&ncb);
    NBCheck (ncb);

    return (NRC_GOODRET == ncb.ncb_retcode);
}

/*
 * MakeNetbiosName - Builds a name padded with spaces up to
 * the length of a NetBIOS name (NCBNAMSZ).
 */
void
MakeNetbiosName (char *achDest, LPCSTR szSrc)
{
    int cchSrc;

    cchSrc = lstrlen (szSrc);
    if (cchSrc > NCBNAMSZ)
        cchSrc = NCBNAMSZ;

    memset (achDest, ' ', NCBNAMSZ);
    memcpy (achDest, szSrc, cchSrc);
}

BOOL
NBListNames (int nLana, LPCSTR szName)
{
    int cbBuffer;
    ADAPTER_STATUS *pStatus;
    NAME_BUFFER *pNames;
    int i;

    // Allocate the largest buffer we might need
    cbBuffer = sizeof (ADAPTER_STATUS) + 255 * sizeof (NAME_BUFFER);
    pStatus = (ADAPTER_STATUS *) HeapAlloc (GetProcessHeap (), 0,
                                            cbBuffer);
    if (NULL == pStatus)
        return FALSE;

    if (!NBAdapterStatus (nLana, (PVOID) pStatus, cbBuffer, szName))
    {
        HeapFree (GetProcessHeap (), 0, pStatus);
        return FALSE;
    }

    // The list of names immediately follows the adapter status
    // structure.
    pNames = (NAME_BUFFER *) (pStatus + 1);

    for (i = 0; i < pStatus->name_count; i++)
        printf ("\t%.*s\n", NCBNAMSZ, pNames[i].name);

    HeapFree (GetProcessHeap (), 0, pStatus);

    return TRUE;
}

BOOL
NBAdapterStatus (int nLana, PVOID pBuffer, int cbBuffer, LPCSTR szName)
{
    NCB ncb;

    memset (&ncb, 0, sizeof (ncb));
    ncb.ncb_command = NCBASTAT;
    ncb.ncb_lana_num = nLana;

    ncb.ncb_buffer = (PUCHAR) pBuffer;
    ncb.ncb_length = cbBuffer;

    MakeNetbiosName (ncb.ncb_callname, szName);

    Netbios (&ncb);
    NBCheck (ncb);

    return (NRC_GOODRET == ncb.ncb_retcode);
}

Que em caldria per escriure aquest codi de Delphi ? On es el "NCB header" per Delphi ?

WINS

Top

From here : WINS stands for Windows Internet Naming Service. It's a name resolution service that uses the NetBIOS method to locate computer resources on a network by name. It's the follow-on from the LMHOSTS file, and it's an automatic system insofar as you don't need to manually update name records. WINS is slightly misnamed because, contrary to what its name implies, it can't be used to resolve names over the Internet. That requires DNS.
Many older applications still require WINS. For example, the Map Network Drive function, the 'My Network Places', (as well as "Network Neighborhood") and the net command with supported options such as net view all require WINS name resolution.
If WINS servers aren't specified on a client, (use IPCONFIG /ALL) that client will, by default, try to resolve NetBIOS names by sending a broadcast to the network. If the required resource is on a different subnet, then these broadcasts can't be routed because broadcasts aren't routed in Microsoft TCP/IP.

Well Known Ports [WKP]

Top

Use netstat -an to display ! url.

20 - ftp (data channel) 21/tcp - ftp (control channel) 22/tcp - ssh 23/tcp - telnet 25/tcp - smtp, outgoing mail 42 - wins 53{2} - dns bootps 67/udp - dhcps # Servidor del protocolo de inicio del sistema bootpc 68/udp - dhcpc # Servidor del protocolo de inicio del sistema 69/{2} - tftp 80/tcp - http 110/tcp - pop3, incoming mail 119/tcp - nntp, network news transfer 135 - DCE endpoint resolution (W2K sends SYNC to a span of IPs) 137/udp i udp - nbname : NETBIOS name queries service (nbns) 138/udp - nbdatagram : NETBIOS datagram service. 139/tcp - nbsession : NETBIOS session service (nbss) 161 - snmp 389 - LDAP 443/tcp - HTTPS, secure web server 517-518/udp - TALK 636 - LDAPS 1352/tcp - Lotus Domino server, NRPC connections 1434/udp - SQL server 2000/tcp udp - Net2Phone 2300:2400/tcp udp - Age of Empires II 3278 - GigaTribe 3389 - Terminal Server 4000/tcp - Star Craft 4070 - Spotify 4662/tcp, 4672/udp - Emule = eD2K network + Kad network (TCP=28.853, UDP=40.996) 5000+ - Unreal Tournament 5631-5632/udp tcp - PCAnyWhere 5800-5809/tcp - VNC - remote display system 5900-5909/tcp - VNC - remote display system 6112 - CDE subprocess control service (dtspcd) 6667 - public IRC servers 7777/udp - Unreal Tournament 8000 - SHOUTcast streaming 14147 - Filezilla FTP server 27015/tcp udp - Half Life Team Fortress 27950/udp - Quake II 52409 - Vuze (ex Azureus) & more Wiki about WKP. A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port 389. url. Lotus Domino uses these default ports for Internet services: Service Default TCP port Default SSL port POP3 110 995 IMAP 143 993 LDAP 389 636 SMTP inbound 25 465 SMTP outbound 25 465 HTTP 80 443 IIOP 63148 63149 Server Controller n/a 2050

WKP are assigned by IANA See /etc/services and /etc/inetd.conf !!! Start a inetd service using /etc/inetd.conf Win : C:\WINDOWS\system32\drivers\etc\SERVICES FTP Active/Passive mode description. This guy has a port table.

MQ - 1414 Oracle - 1521 Derby - 1521 DB2 : To find out the port used, issue this command from the CLP: get dbm cfg Then, look for the parameter SVCENAME. If the value of SVCENAME is not the port number but a string, then look in your system for the file 'services' (c:\win\system32\drivers\) and grep for this string.

See P2P soft and ports here

NetStat at W2K (T30)

Top

El filtre a Guindous es així :

NetStat at WXP (P4)

Veure qui ha obert un port

Seguit de :

NetStat32 code

Network Neighborhood

Top

Top

DHCP

uSoft : Dynamic Host Configuration Protocol (DHCP) is a standard protocol defined by RFC 1541 (which is superseded by RFC 2131) that allows a server to dynamically distribute IP addressing and configuration information to clients. Normally the DHCP server provides the client with at least this basic information:

• IP Address
• Subnet Mask
• Default Gateway

Other information can be provided as well, such as Domain Name Service (DNS) server addresses and Windows Internet Name Service (WINS) server addresses.

Managing MS DHCP Servers - com fer que el DHCP propagui el DNS !

Wiki DHCP

Format of a DHCP message

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | op (1) | htype (1) | hlen (1) | hops (1) | +---------------+---------------+---------------+---------------+ | xid (4) | +-------------------------------+-------------------------------+ | secs (2) | flags (2) | +-------------------------------+-------------------------------+ | ciaddr (4) | +---------------------------------------------------------------+ | yiaddr (4) | +---------------------------------------------------------------+ | siaddr (4) | +---------------------------------------------------------------+ | giaddr (4) | +---------------------------------------------------------------+ | chaddr (16) | +---------------------------------------------------------------+ | sname (64) | +---------------------------------------------------------------+ | file (128) | +---------------------------------------------------------------+ | options (variable) | +---------------------------------------------------------------+ FIELD OCTETS DESCRIPTION ----- ------ ----------- op 1 Message op code / message type. 1 = BOOTREQUEST, 2 = BOOTREPLY htype 1 Hardware address type, e.g., '1' = 10mb ethernet. hlen 1 Hardware address length (e.g. '6' for 10mb ethernet). hops 1 Client sets to zero, optionally used by relay agents when booting via a relay agent. xid 4 Transaction ID, a random number chosen by the client, used by the client and server to associate messages and responses between a client and a server. secs 2 Filled in by client, seconds elapsed since client began address acquisition or renewal process. flags 2 Flags (see figure 2). ciaddr 4 Client IP address; only filled in if client is in BOUND, RENEW or REBINDING state and can respond to ARP requests. yiaddr 4 'your' (client) IP address. siaddr 4 IP address of next server to use in bootstrap; returned in DHCPOFFER, DHCPACK by server. giaddr 4 Relay agent IP address, used in booting via a relay agent. chaddr 16 Client hardware address. sname 64 Optional server host name, null terminated string. file 128 Boot file name, null terminated string; "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. options var Optional parameters field.

RFC 2131

• DHCP_discover
• DHCP_offer
• DHCP_request
• DHCP_ack

Managing dynamic IP networks, page 22 and 72.

DHCP Message Types

DHCPDISCOVER This DHCP message type is used by the DHCP client to discover DHCP servers. DHCPOFFER This DHCP message type is used by the DHCP server to respond to a received DHCPDISCOVER message and also offers configuration details at that time. DHCPREQUEST This message comes from a client and to the DHCP server to convey three various messages. The first is to request configuration details from one specific DHCP server and specifically rejecting offers from any other potential DHCP servers. Secondly it can be used for verification of previously used IP address after a system has undergone a reboot. Lastly, it can be used to extend the lease of a specific IP address.

DHCP tutorial.

DHCP Explorer

1, 2, Web Admin tools.

Linux: if you want to get a new IP address assigned from your DHCP server, use the pump command or dhclient

DHCP tools :

ipconfig /showclassid "Conexiones de red inalámbricas 2"

Netsh commands for DHCP.

DHCP @ uSoft TechNet.

DHCP & DNS & fixed IPs

For the DHCP server to provide a fixed IP, we must declare its MAC explicitly :

network:/etc # vi dhcpd.conf . . . cat /etc/dhcpd.conf . . . host earth { hardware ethernet 00:00:45:12:EE:F4; fixed-address 192.168.1.21; } network:/etc # rcdhcpd check-syntax Checking syntax of /etc/dhcpd.conf: Config is okay. Hope you also specified existent network devices ;) Lease file is okay network:/etc # rcdhcpd stop network:/etc # rcdhcpd start network:/etc # /etc/init.d/dhcpd restart network:/etc # /sbin/service dhcpd stop / start / restart

url.

DNS configuration : traces

We configure the destination file in named.conf :

logging { category queries { log_syslog; }; category xfer-in { log_syslog; }; category xfer-out { log_syslog; }; category default { log_syslog; }; channel log_syslog { severity dynamic; # syslog; file "/var/log/named_query.log" versions 3 size 100M; // => /var/lib/named/log/named_query.log ? print-time yes; // timestamp log entries print-severity yes; print-category yes; };

We administer the trace level using rndc, nameserver control utility :

(root)network:~ # rndc trace 4 # tail -f /var/log/named_query.log 08-Sep-2011 13:07:41.849 general: info: received control channel command 'trace 4' 08-Sep-2011 13:07:41.849 general: info: debug level is now 4

DNS record types

wiki

DNS and BIND tools

Llibre administració SuSE.

L'eina principal és el nslookup i el dig i el host :

c:\> nslookup Default Server: deibp9eh1--31ndcr.wan.com Address: 99.64.163.21 > ? Commands: (identifiers are shown in uppercase, [] means optional) NAME - print info about the host/domain NAME using default server NAME1 NAME2 - as above, but use NAME2 as server help or ? - print info on common commands set OPTION - set an option all - print options, current server and host [no]debug - print debugging information [no]d2 - print exhaustive debugging information [no]defname - append domain name to each query [no]recurse - ask for recursive answer to query [no]search - use domain search list [no]vc - always use a virtual circuit domain=NAME - set default domain name to NAME srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc. root=NAME - set root server to NAME retry=X - set number of retries to X timeout=X - set initial time-out interval to X seconds type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV) querytype=X - same as type class=X - set query class (ex. IN (Internet), ANY) [no]msxfr - use MS fast zone transfer ixfrver=X - current version to use in IXFR transfer request server NAME - set default server to NAME, using current default server lserver NAME - set default server to NAME, using initial server finger [USER] - finger the optional NAME at the current default host root - set current default server to the root ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE) -a - list canonical names and aliases -d - list all records -t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.) view FILE - sort an 'ls' output file and view it with pg exit - exit the program >

Per veure a quin domini som fem servir la comanda:

> set all Default Server: network.visc.es Address: 11.22.78.7 Set options: nodebug defname search recurse nod2 novc noignoretc port=53 type=A class=IN timeout=2 retry=1 root=A.ROOT-SERVERS.NET. domain=visc.es MSxfr IXFRversion=1 srchlist=visc.es >

Per veure quins host veu un DNS fem servir la comanda:

> ls -d visc.es [network.visc.es] visc.es. SOA network.visc.es hostmaster.visc.es. (201109091 28800 14400 2419200 86400) visc.es. NS network.visc.es bcnlab022 A 192.168.78.95 localhost A 127.0.0.1 network A 192.168.78.7 visc.es. SOA network.visc.es hostmaster.visc.es. (201109091 28800 14400 2419200 86400) >

---

Top

BIND and DNS files

Los archivos de configuración que tendremos que modificar en el servidor DNS son :

• /etc/bind/named.conf
• /etc/bind/named.conf.options
• /etc/bind/named.conf.local
• /etc/bind/db.aulaESI.com
• /etc/bind/db.192.168.1

url

DNS/BIND/DHCP/WINS Issues Forum (tek tips) [u/p].

El fitxer de configuració principal és named.conf:

root@network:/etc> cat named.conf . . . zone "visc.es" in { type master; file "master/zone.visc.es"; }; zone "78.22.11.in-addr.arpa" in { file "master/78.22.11.in-addr.arpaXXXX"; type master; allow-transfer { any; }; };

I el detall de cada zona:

network:/var/lib/named/master # cat zone.visc.es ; ; dns zone for visc.es ; $ORIGIN visc.es. $TTL 1D @ IN SOA network hostmaster ( 201109091 ; serial (YYYYMMDDI) 8H ; refresh (8 hours) 4H ; retry (4 hours) 4W ; expire (4 weeks) 1D ) ; minimum ; network.visc.es server this domain as the name server (NS) NS network ; just in case someone asks for network.visc.es localhost A 127.0.0.1 ; our hosts, in nlphabetical order network A 11.22.78.7 lab022 A 11.22.78.95

url

DNS Troubleshooting

Com verificar el funcionament ? url.

# netstat -tulpn | grep :53 - verify DNS is listening # netstat -atve # ps -ef | grep named # ps -ef | grep bind - verify service is running # iptables -L -n - make sure iptables firewall is not blocking request on server # /etc/init.d/named status - make sure service is running # chkconfig named on - if not, # service named start - ... start named # tail –f /var/log/messages - use log files to verify it started ok # named-checkconf /etc/named.conf - check zone file syntax # named-checkzone localhost /var/named/localhost.zone # host nixcraft.org - List IP address associated with host names # host -l nixcraft.org - Perform a zone transfer for zone name using -l option # dig mail.nixcraft.org - ... or use DIG tool # dig 192.168.0.5

DNS tools. Interrogating DNS.

c:\> hostname RS6000-512 c:\> nslookup RS6000-512.bar.es.hal.com Server: deibp9eh1--31ndcr.wan.hal.com Address: 99.64.163.21 Name: RS6000-512.bar.es.hal.com Address: 99.137.165.51

Non-existent domain

Per arreglar-ho, cal crear una zona de reverse lookup :

*** Can't find server name for address w.x.y.z: Non-existent domain This error occurs when there is no PTR record for the name server's IP address. When nslookup.exe starts, it does a reverse lookup to get the name of the default server. If no PTR data exists, this error message is returned. To correct make sure that a reverse lookup zone exists and contains PTR records for the name servers. For additional information, please see the following article(s) in the Microsoft Knowledge Base: Q172953 How to Install and Configure Microsoft DNS Server - url.

Internet root servers

Read DNS root zone : The root servers have the official names a.root-servers.net to m.root-servers.net. The root name servers are hosted in multiple secure sites with high-bandwidth access to accommodate the traffic load. Usually each DNS server installation at a given site is physically a cluster of machines with load-balancing routers. A comprehensive list of servers, their locations, and properties is available at http://root-servers.org.

Llista actualitzada : ftp://ftp.rs.internic.net/domain/named.root

[sebas@lab2 perl]$ dig ; <<>> DiG 9.2.4 <<>> ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57056 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 89503 IN NS e.root-servers.net. . 89503 IN NS c.root-servers.net. . 89503 IN NS a.root-servers.net. . 89503 IN NS b.root-servers.net. . 89503 IN NS i.root-servers.net. . 89503 IN NS m.root-servers.net. . 89503 IN NS k.root-servers.net. . 89503 IN NS f.root-servers.net. . 89503 IN NS g.root-servers.net. . 89503 IN NS d.root-servers.net. . 89503 IN NS j.root-servers.net. . 89503 IN NS h.root-servers.net. . 89503 IN NS l.root-servers.net. ;; Query time: 52 msec ;; SERVER: 99.64.163.21#53(99.64.163.21) ;; WHEN: Tue Mar 13 17:21:34 2012 ;; MSG SIZE rcvd: 228 [sebas@lab2 perl]$

FTP

Top

PC Connectivity and protocols

Top

Mínims :

• 2 tarjes de xarxa
• cable creuat
• ficar IP's manuals ( as 192.169.1.30 ), Mask 255.255.255.0, sense GW ni DNS.
• propietats de la tarja de xarxa - ha de tenir "File and Printer Sharing for uSoft Networks"
  *** NO seleccionar "Show icon in notification area when connected" ***
• W98 : Primary Logon := "uS Network Client"
• ambdós a "System" + "WorkGroup" := WORKGROUP ;

Un ordinador pot aconseguir conectivitat mitjançant :

• una tarja Ethernet
• un enllaç d'infrarrojos
• un enllaç Bluetooth
• un enllaç Wifi
• una tarja PCMCIA
• una conexió USB
• una conexió Firewire

HOSTNAME under W2K

Top

In Windows 2000, the Host name (Directory Naming Service, DNS) and Computer name (NetBIOS) must be the same.
In some previous operating systems, you could have two or more aliases that point to the same computer, by having multiple host names.
To view/change the computer name, use Start / Settings / Control Panel / System / Network Identification / Properties.
NOTE: In Windows 2000, the host name is the actual point of reference. The computer name was provided for backwards compatibility.

How do you set, under W95 :

• (*) Computer name - NetBIOS ; broadcasts or WINS ; 16 chars ; no domain ;
  Control Panel + Network + Identification : set Computer Name and Workgroup.
  Displayed using nbtstat -A <hostip>
  W2000 : Control Panel + System + Network Identification. Displayed using hostname

• (*) Host name - TCP/IP based ; HOSTS file or DNS ; 255 chars ; usualy as part of a domain ;
  TCP/IP Properties + DNS configuration : set Host and Domain.
  Displayed using winipcfg. W2000 : nslookup <hostip>

Kinds of Network Error messages

Top

Few network error messages :

• Windows is unable to gain access to the network
  You are not logging in when Windows starts. Also, remove HKLM\Software\Microsoft\Windows\CurrentVersion\Network\Real Mode Net\AutoLogon

• Network is not present or not started
  Client for MS Networks not installed. Go NetBEUI -> NIC + Properties + Bindings and make sure both "Client for MS Networks" and "File and Printer Sharing" are enabled.

• Network path not found
  No PATH to destination - try PING it.

   C:\temp>NET USE R: \\10.134.64.130\netinst
   System error 53 has occurred.
   The network path was not found.
  

  Other numeric error values ?

Consells

Top

Troubleshooting

Top

Depuració de problemes de la xarxa
ipconfig /all	Hem de apuntar : IP address default gateway DNS server(s)
ping 127.0.0.1	Veure si tenim el stack IP
ping <adreça IP pròpia> [adreça numérica]	Veure si el IP està ben configurat
ping <adreça IP veí> [adreça numérica]	Veure si el cable està bé
ping <adreça IP Gateway> [adreça numérica]	Verificar l'accés al Gateway
ping <adreça IP DNS> [adreça numérica]	Comprobar l'accés al DNS
A partir d'aquest moment podem fer servir NOMS en lloc de adreces numèriques
ping www.google.es	Comprobar l'accés a la xarxa [64.233.161.99]
tracert <adreça IP DNS>	Veure si les rutes son correctes
nbtstat -A <IP veí>	El "flag" ha de ser "a" majúscula, val ? Veure que la NetBios arriba a l'altre màquina. P4:c:> nbtstat -A 192.168.1.7 Failed to access NetBT driver -- NetBT may not be loaded User does not have sufficient permissions to run nbtstat. url
ipconfig /flushdns or ipconfig /displaydns	Veure com es comporta la cache de DNS

Problemes :

• ping rc = 65 : firewall or router did disable ICMP Echo and Echo Reply packets.

Mira que tenen a USR com a Troubleshooting Ping Procedure :

Cómo cambiar el puerto en el que escucha Terminal Server

Using Telnet to Test Port 3389 Functionality

   Telnet tserv 3389

Top

Using Telnet to test SMTP

test your smtp server with telnet utility , sample :

user@hostname:~$ telnet 192.168.66.137 25 Trying 192.168.66.137... Connected to 192.168.66.137. Escape character is '^]'. 220 testob.domain.com ESMTP Postfix (Ubuntu) helo pccicla.blogspot.com 250 testob.domain.com helo pccicla.blogspot.com 250 testob.domain.com mail from: pier[at]pccicla.it 250 Ok rcpt to: piergiovanni[at]gmail.com 250 Ok data 354 End data with . Test . 250 Ok: queued as 4010719220 quit 221 Bye Connection closed by foreign host.

url

Some interesting ports :

Get PortDetective !

Listado de puertos versus juegos !

Exemple de trassa des Tele2 fins Google.es :

Problem to solve

I have a strange problem :

 PC "Server" is a W2000, WorkGroup("FRANCESC"), IP(9.136.0.226).
 PC "Client" is a W95, WorkGroup("KOMPARTIT"), IP(9.136.0.183).

 All commands issued at "Client" PC (logged as a user accepted by W2K) :

 c:\> ping FRANCESC
 Pinging FRANCESC [9.136.0.226] with 32 bytes of data:
 Reply from 9.136.0.226: bytes=32 time<10ms TTL=128

 c:\> tracert -d 9.136.0.226
 Tracing route to 9.136.0.226 over a maximum of 30 hops
   1 <10 ms  <10 ms  <10 ms  9.136.0.226
 Trace complete.

 Strange return code :

 c:\> net use r: \\9.136.0.226\tempt30
 Error 53: the computer name specified in the network path cannot be located.

 Because this command works :

 c:\> net use r: \\francesc\tempt30
 The command was completed successfully.

Top

SSHD

Open SSH 4 Windows - minimal OpenSSH server and client utilities. URL

OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp.

AIX scp para copiar un fichero remoto : $ scp remote_user@remote_ip:remote_file_name local_file_name

Copies between two remote hosts are permitted.

El scp es el client i ve instal.lat amb el ssh. Al servidor hi ha d'haver el ssh-server corrent i escolant (normalment per la porta 22) i res mes.

exemple 1: vull enviar l'arxiu albert.tgz que tinc al meu homedir del meu pc, al meu homedir del server "kaka.com".

$ scp ~/albert.tgz albert@kaka.com:

(no et deixis els dos punts finals)

exemple 2: vull baixar-me l'arxiu dades.tgz del subdirectori "merdetes" que es al servidor kaka.com al homedir del pep:

$ scp pep@kaka.com:merdetes/dades.tgz .

(no et deixis el punt final amb espai)

Aixo et demanarà la password cada vegada ...

OpenSSH cfg

c:\OpenSSH\bin\> mkgroup -l >> ..\etc\group c:\OpenSSH\bin\> mkpasswd -l >> ..\etc\passwd

The OpenSSH server listens for traffic on TCP port 22 by default.

Interessant : $ ssh usuari@nom_maquina "<comanda> <parametres>"

c:\> ssh sag@lab.com "uname -a" sag@lab.com's password: Linux lab.com 2.6.18-128.ESX #1 Thu Oct 15 16:11:16 PDT 2009 x86_64 x86_64 x86_64 GNU/Linux C:\> ssh sag@9.137.165.177 "df -h" sag@9.137.165.177's password: Filesystem Size Used Avail Use% Mounted on /dev/sdd8 4.9G 650M 4.0G 14% / /dev/sdc1 1.1G 75M 952M 8% /boot /dev/sdd5 510M 17M 467M 4% /home /dev/sdd6 1004M 18M 936M 2% /tmp /dev/sdd7 5.0G 1.1G 3.6G 23% /usr /dev/sdd2 2.0G 92M 1.8G 5% /var/log C:\> ssh sag@9.137.165.177 "uname -a" sag@9.137.165.177's password: Linux BCNXLOG07.bar.es.com 2.6.18-128.ESX #1 Fri Apr 10 00:08:17 PDT 2009 x86_64 x86_64 x86_64 GNU/Linux

Brutal el SSH !

OpenSSH at XP details

Under Windows, the format of passwd file is a bit tricky :

c:\Program Files\OpenSSH\etc> type passwd joan:unused_by_nt/2000/xp:1005:513:pere,U-T400P8-2KX\joan,S-1-5-1005:/home/pere:/bin/switch sp10304:unused_by_nt/2000/xp:500:513:U-T400P8-2KX\sp10304,S-1-5-500:/cygdrive/c/sag/sshd:/bin/switch

Now ssh-keygen write into proper directory c:\sag\sshd\.ssh :

c:\> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/cygdrive/c/sag/sshd/.ssh/id_rsa):

OpenSSH server best practices

{bestp}

url

SSH/SCP without pwd [***]

1. [u1@lab1 ~]$ ssh-keygen -t rsa
2. [u1@lab1 ~]$ ssh u2@lab2 mkdir -p .ssh
3. [u1@lab1 ~]$ cat .ssh/id_rsa.pub | ssh u2@lab2 'cat >> .ssh/authorized_keys'
4. [u1@lab1 ~]$ ssh u2@lab2 hostname

Sample session:

[u1@lab1 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/u1/.ssh/id_rsa): Created directory '/home/u1/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/u1/.ssh/id_rsa. Your public key has been saved in /home/u1/.ssh/id_rsa.pub. The key fingerprint is: b8:0c:33:d4:93:b7:9f:e5:0f:ae:ba:08:96:7a:6d:41 u1@lab1 [u1@lab1 ~]$ ssh u2@lab2 mkdir -p .ssh The authenticity of host 'lab2 (9.137.164.158)' can't be established. RSA key fingerprint is bc:84:9c:c1:da:63:dc:2b:f8:31:a9:f0:34:1b:61:73. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'lab2,9.137.164.158' (RSA) to the list of known hosts. u2@lab2's password: [u1@lab1 ~]$ cat .ssh/id_rsa.pub | ssh u2@lab2 'cat >> .ssh/authorized_keys' u2@lab2's password: [u1@lab1 ~]$ ssh u2@lab2 hostname lab2 [u1@lab1 ~]$

url

How to provide pwd to SCP

1.- decide which user on the local machine will be using scp later : "sebas". 2.- log as "sebas" 3.- generate a public/private key pair : ssh-keygen -t rsa (empty passphrase) It is saved by default in ~/.ssh/id_rsa.pub Your identification has been saved in /home/sebas/.ssh/id_rsa. Your public key has been saved in /home/sebas/.ssh/id_rsa.pub. Do not ever share the private key with anyone! 4.- copy the public key to destination host using ftp or scp, lets say to /tmp/ 5.- on host_dest, login as the remote user which you plan to use when you run scp, lets say "user_dest" at "host_dest". 6.- add the contents of id_rsa.pub to ~/.ssh/authorized_keys file on destination machine $ cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys $ chmod 700 ~/.ssh $ chmod 600 ~/.ssh/authorized_keys 7.- [sebas@local] $ ssh user_dest@host_dest hostname

url, url.

M.A. (gracias!) :

user1 en servidorFuente user2 en servidorDestino user1@servidorFuente # ssh-keygen -t rsa {destino "/home/user1/.ssh/id_rsa.pub"} user1@servidorFuente # scp /home/user1/.ssh/id_rsa.pub user2@servidorDestino:/tmp/. user2@servidorDestino # mkdir /home/user2/.ssh user2@servidorDestino # chmod 700 .ssh user2@servidorDestino # touch /home/user2/.ssh/authorized_keys user2@servidorDestino # chmod 600 /home/user2/.ssh/authorized_keys user2@servidorDestino # cat /tmp/id_rsa.pub >> /home/user2/.ssh/authorized_keys user1@servidorFuente # scp fichero.tar.gz user2@servidorDestino:/ruta/.

SCP sense PWD

1. [lab001] fer logon com "sebas", usuari que es fa servir pel SCP
2. [lab001] crear clau pública / clau privada :
   ssh-keygen -t rsa

3. [lab001] copiar la clau pública a destinació :
   scp id_rsa.pub sebas@bcnlab0s8:.

4. [lab008] add 001’s public key at /home/sebas/.ssh/ & change permissions :
   cat id_rsa.pub >> authorized_keys chmod 600 authorized_keys

5. [lab001] verificar funciona sense password :
   ssh sebas@lab008 scp src_file sebas@lab008:.

How to know SSH version

[root@lab1 log]# telnet <hostname/ip> 22 Trying 99.137.164.158... Connected to lab2.com (99.137.164.158). Escape character is '^]'. SSH-1.99-OpenSSH_3.9p1 Protocol mismatch. Connection closed by foreign host.

Auth problems

• "If any of the files (or directories leading up to the files) have permissions set too loose, the connection will fail"
  ~/.ssh or ~/.ssh/authorized_keys
  server$ chmod go-w ~/ server$ chmod 700 ~/.ssh server$ chmod 600 ~/.ssh/authorized_keys
• read /var/log/secure

Good page.

Per saber si hi es :

netstat -antp | grep sshd ps -ef | grep sshd

documentar PSCP.EXE - FTP via SSH (Putty Secure Copy Client)

Coger : pscp sebas@bigrisk.bar.es.hal.com:~/LinEx-3r01g22.iso . pscp sebas@bigrisk.bar.es.hal.com:~/vmware/VMware-workstation-3.2.0-2230.exe . Poner : pscp gnUAMix_1.0.iso sebas@bigrisk.bar.es.hal.com:~/vmware/SEBASgnUAMix_1.0.iso pscp cs61.zip sebas@bigrisk.bar.es.hal.com:~/vmware/cs61.zip

Similar al WinSCP ...

Pending

• analitzar conversa Sametime at "telnet 9.17.136.20 1533"

• tcpdump when I send a mail from Suse_8.2_T30 to W2K

• nmap from Suse_8.2_T30 to BigRisk

• what is the use of localhost 127.0.0.1 ???

  TCPview displays Firefox connections from 127.0.0.1:3232 to 127.0.0.1:3233 (1118 vs 1124)
  MindStormsNSX connects from 127.0.0.1:1741 to 127.0.0.1:1742

  • to verify TCP/IP is installed on your machine : ping 127.0.0.1
  • localhost is used whenever a system wants to talk to itself using a network protocol. Quite a few applications use it for communications between modules; this design makes it easy to extend to support network communications.

  I wrote to "comp.protocols.dns.bind" (campdefabes/05042005).

• documentar netcat - url : NetCat - requires TCP/IP only. Download. zip
  maquina A: nc -l -p 1234 > arxiu.dat maquina B: nc ip-de-la-maquina-A 1234 < arxiu.dat [C:] nc -vv 80.94.109.112 4000 < dreamweaver.exe F: >nc -help [v1.10 NT] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [options] [hostname] [port] options: -d detach from console, stealth mode -e prog inbound program to exec [dangerous!!] -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -L listen harder, re-listen on socket close -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -s addr local source address -t answer TELNET negotiation -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning] port numbers can be individual or ranges: m-n [inclusive]

• Try to TELNET to port 80 on a web server and see what happens !!!

Network Tuning

Top

From Performance Tuning for Linux Servers

Top

Tunneling

Wiki.

ProxyTunnel homepage.

ProxyTunnel is a small C program that is parameterised with the proxy to connect through, a proxy userid/password and the name and port of a server to connect to.

ProxyTunnel builds a network connection to the proxy and executes the CONNECT command (authenticating to the proxy as specified). Once it has done so it then acts as a bridge between its caller and the proxy/target server (it does this through inherited file descriptors 0 and 1)

Investigar tunneling thru squid !

Interesting Servers

Top

• Echo server
• Time server
• X-windows server
• Chess server
• own : url

Top

Copying Data Over the Network

Knoppix includes the capability to transfer your important files over a network if that is the method you prefer. By far the easiest way to accomplish this is to have your Knoppix system run an SSH server for you. SSH provides the capability to interactively log into your Knoppix system as well as transfer files, all over an encrypted transmission, meaning that should anyone intercept your communication, he'd have a very difficult time deciphering the actual data. If the system to which you are transferring the files resides on a Linux or Knoppix system, the capability to SFTP files is already built into the system. If you are transferring your files to a Windows system, you need to download an SFTP client (one recommend free version is WinSCP, available at WinSCP)

To allow a remote Linux or Windows system to connect to the Knoppix system you want to back up, start the SSH server on the Knoppix system by selecting Knoppix>Services>Start SSH Server. A key used for encryption is generated in the window that opens. Enter a strong password, and then enter it the second time the same way. The password you enter here is used when logging into the system via SFTP, and it is case sensitive, so make sure that you remember your exact password.

You need to know your system's IP address (use the command ipconfig eth0 to determine your IP address; it is four sets of numbers separated by dots, such as 192.168.1.1). Using WinSCP or another SFTP/SCP client, connect to your Knoppix machine with the IP address. Enter knoppix as the username, and then enter the password you created earlier. Now you can navigate the file system to find the files you want to copy to the remote system using SFTP commands if you are connecting via the command line, or by dragging and dropping if you are using a graphical application such as WinSCP.

url

WinSCP cfg

You can save (bookmark) any directory you need to access regularly. url.

Also, you can set Default directories also : url. WinSCP Login -> Environment -> Directories -> {set} -> Save.

Top

Copy a whole site

Have you ever gone on a trip with a laptop and wanted access that web page with all the information about where you are going? Well, here is a complete open source solution and completely free.

1. Install cygwin GNU utilities from www.cygwin.com - Cygwin is a Linux-like environment for Windows.
2. Install HTTrack, a web mirroring application. For Windows it's called WinHTTTrack - http://www.httrack.com/

You are now ready to copy a web site. A final piece de resistance is to add the Spiderzilla extension to Firefox. Before you do that you have to copy and paste the URL into the WinHTTTrack application. After you do that, there is an option in the "tools" menu of Firefox "download this site with SpiderZilla...".

The result is that complete sites can be downloaded. Since I also run a local Apache/PHP/MySQL, I simply save the site in my www folder. I can then access it on http://localhost/egb/webs

It's all quite simple and innovative. I think this is what ought to be meant by "integration".

WGET

Pre-requisits:

cd /usr/local chown -R sebas:sebas include chown -R sebas:sebas lib chown -R sebas:sebas share chown -R sebas:sebas bin chown -R sebas:sebas libexec chown -R sebas:sebas etc

Baixem el paquet:

sebas@p9111-520:~/soft/wget/> wget ftp://ftp.gnu.org/gnu/wget/wget-1.13.4.tar.gz sebas@p9111-520:~/soft/wget/> tar -xvzf wget-1.13.4.tar.gz sebas@p9111-520:~/soft/wget/wget-1.13.4> ./configure configure: error: --with-ssl was given, but GNUTLS is not available. [sebas@labss2 wget-1.13.4]$ ./configure {OK} [sebas@labss2 wget-1.13.4]$ make {OK} [sebas@labss2 wget-1.13.4]$ make install {OK} sebas@p9111-520:~/soft/wget/wget-1.13.4> ./configure sebas@p9111-520:~/soft/wget/wget-1.13.4> make uninstall

wget requires GnuTLS, 3.0.4 ; GnuTLS depends on Libnettle, and you will need to install it before installing GnuTLS.

sebas@p9111-520:~/soft/nettle/> wget ftp://ftp.lysator.liu.se/pub/security/lsh/nettle-2.4.tar.gz tar -xvzf nettle-2.4.tar.gz sebas@p9111-520:~/soft/nettle/nettle-2.4> ./configure sebas@p9111-520:~/soft/nettle/nettle-2.4> make sebas@p9111-520:~/soft/nettle/nettle-2.4> make check p9111-520:/home/sebas/soft/nettle/nettle-2.4 # make install // chown -R sebas:users /usr/local

TAR requires "xz-utils" http://tukaani.org/xz/xz-5.0.3.tar.gz">url.

p9111-520:/home/sebas/soft/xz-utils # wget http://tukaani.org/xz/xz-5.0.3.tar.gz p9111-520:/home/sebas/soft/xz-utils # tar -xvzf xz-5.0.3.tar.gz p9111-520:/home/sebas/soft/xz-utils/xz-5.0.3 # ./configure p9111-520:/home/sebas/soft/xz-utils/xz-5.0.3 # make p9111-520:/home/sebas/soft/xz-utils/xz-5.0.3 # make check p9111-520:/home/sebas/soft/xz-utils/xz-5.0.3 # make install p9111-520:/home/sebas/soft/xz-utils/xz-5.0.3 # make installcheck

Or get "tar v 1.22" - support for xz compression (--xz option) :

p9111-520:/home/sebas/soft/tar # wget http://ftp.gnu.org/gnu/tar/tar-1.26.tar.gz p9111-520:/home/sebas/soft/tar # tar -xvzf tar-1.26.tar.gz p9111-520:/home/sebas/soft/tar/tar-1.26 # ./configure configure: error: you should not run configure as root sebas@p9111-520:~/soft/tar/tar-1.26> ./configure sebas@p9111-520:~/soft/tar/tar-1.26> make sebas@p9111-520:~/soft/tar/tar-1.26> make install sebas@p9111-520:~/soft/tar/tar-1.26> make installcheck ln -s /usr/local/bin/tar /bin/tar

Lets get gnutls :

p9111-520:/home/sebas/soft/gnutls # wget ftp://ftp.gnupg.org/gcrypt/gnutls/gnutls-3.0.4.tar.xz p9111-520:/home/sebas/soft/gnutls # /usr/local/bin/tar -Jxvf gnutls-3.0.4.tar.xz [sebas@labss2 gnutls-3.0.4]$ tar -Jxvf gnutls-3.0.4.tar.xz sebas@p9111-520:~/soft/gnutls/gnutls-3.0.4> scp -r sebas@labss2:/home/sebas/soft/gnutls/gnutls-3.0.4/* . sebas@p9111-520:~/soft/gnutls/gnutls-3.0.4> ./configure configure: error: *** *** Libnettle 2.4 was not found.

Lets modify WGET (@labss2):

1. vi main.c
2. make
3. make install
4. ln -s /usr/local/bin/wget /usr/bin/wget // create link to mycode
5. wget --help

p9111-520:/home/sebas/soft/wget/src # ./wget --version GNU Wget 1.13.4 built on linux-gnu. +digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls Wgetrc: /usr/local/etc/wgetrc (system) Locale: /usr/local/share/locale Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc" -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -O2 -Wall Link: gcc -O2 -Wall /usr/local/lib/libgnutls.so /usr/local/lib/libnettle.a /usr/local/lib/libhogweed.a -lgmp -lrt -lz -lpthread -Wl,-rpath -Wl,/usr/local/lib -lz -lidn -lrt ftp-opie.o gnutls.o ../lib/libgnu.a

VPN

Top

1. start ADSL
2. start IE and set Firewall User and Password.
3. start AT&T Network Client
4. you have a VPN over ADSL

AT&T : 195.75.101.199

Top

ADSLs

• ADSL Spain - ver "Proveedores"
• BandaAncha

Windows XP trae por defecto un límite al ancho de banda del 20%.
La explicación que nos dá es la siguiente:

Limitar ancho de banda reservado.
Determina el porcentaje de ancho de banda de la conexión que el sistema puede reservar. Este valor limita las reservas de ancho de banda combinadas de todos los programas que se ejecutan en el sistema.
De forma predeterminada, el Programador de paquetes limita el sistema al 20 por ciento del ancho de banda de una conexión. Pero puede usar esta configuración para sobrescribir la predeterminada. Si habilita esta configuración, puede usar el cuadro "Límite de ancho de banda" para ajustar la cantidad de ancho de banda que el sistema puede reservar. Si deshabilita esta configuración o no la establece, el sistema usa el valor predeterminado de 20 por ciento de la conexión.
Importante: si se establece un límite de ancho de banda para un adaptador de red en el Registro, esta configuración se omite cuando se configura el adaptador de red.

Para recuperarlo hacemos lo siguiente.

• - Pulsamos el botón Inicio y seleccionamos Ejecutar.
• - Tecleamos gpedit.msc y pulsamos Enter.

Con esto se nos arranca el programa de "Directiva de grupo".

• - Vamos a la carpeta "Configuración del equipo"
• - Click en "Plantillas administrativas"
• - Click en "Red"
• - Click en "Programador de paquetes QoS"
• - En la ventana de la derecha hacemos doble-click sobre "Limitar ancho de banda reservado"
• - En la nueva ventana que nos aparece seleccionamos la opción "Habilitada" y en el cuadro de abajo donde pone "Límite de ancho de banda (%)" ponemos el valor "0" (cero).
• - Click en "Aplicar" y en "Aceptar".

Ya está; no hace falta reiniciar el sistema.

Gracias, David !

Top

Extensió FTP

Una empresa te moltes màquines i permet accés de clients externs. Un client extern vol accedir per fer FTP a

• una determinada màquina ...
• un determinat disc ...
• un determinat directori ...
• determinats fitxers ...

Una generalització fora que tingués accés a diversos directoris ubicats a diferents màquines.

Top

Spanning Tree protocol

url

Top

Putty & complements

putty at wiki ; http://extraputty.free.fr/.

Get plink (a command-line interface to the PuTTY back ends) from the putty's download page. Then, you can use it like this

plink.exe -ssh -pw pass -noagent -m commands.txt user@10.0.0.2

Another way is

plink.exe -raw -P 23 192.168.1.2 < commands.txt

where commands.txt contents is:

login admin password port list quit

Maybe it's more general to use ssh ... {sebas}

Using plink in batch files and scripts

Once you have set up plink to be able to log in to a remote server without any interactive prompting, you can use it for lots of scripting and batch purposes. For example, to start a backup on a remote machine, you might use a command like:

plink root@myserver /etc/backups/do-backup.sh

Or perhaps you want to fetch all system log lines relating to a particular web area:

plink mysession grep /~fred/ /var/log/httpd/access.log > fredlog

Any non-interactive command you could usefully run on the server command line, you can run in a batch file using Plink in this way.

url

c:\eines\cisco> plink -v 9.10.11.12 -l cisco -pw cisco Looking up host "9.10.11.12" Connecting to 9.10.11.12 port 22 Server version: SSH-2.0-Cisco-1.25 We believe remote version has SSH-1 ignore bug We believe remote version needs a plain SSH-1 password We believe remote version can't handle SSH-1 RSA authentication We claim version: SSH-2.0-PuTTY_Release_0.60 Using SSH protocol version 2 Using Diffie-Hellman with standard group "group1" Doing Diffie-Hellman key exchange with hash SHA-1 Host key fingerprint is: ssh-rsa 2048 63:79:da:d7:a0:54:2f:5c:c4:49:f0:6f:aa:a0:90:97 Initialised AES-256 CBC client->server encryption Initialised HMAC-SHA1 client->server MAC algorithm Initialised AES-256 CBC server->client encryption Initialised HMAC-SHA1 server->client MAC algorithm Using username "cisco". Access denied Access denied Disconnected: Unable to authenticate c:\eines\cisco>

Top

Ingeniero Senior en Redes

AL1 Consulting Group - Barcelona y alrededores, España (Barcelona Area, Spain)
Job Description - Empresa líder en internet, requiere Ingeniero Senior en Redes para:

• Llevar a cabo el diseño tecnológico y la implementación de arquitecturas de red en entornos complejos.
• Implementar la configuración de los equipos y servicios asociados, documentando la configuración realizada.
• Proporcionar soporte técnico en la implementación de sistemas y mantenimiento de los mismos.
• Atender las necesidades y consultas de los usuarios.

Desired Skills & Experience

• Formación en Ingeniero Técnico deseable.
• Más de 5 años de experiencia en:
  • Administración de Redes.
  • Trabajando en entornos de redes en producción de alta criticidad
  • Ser experto en Firewalls, Routing, Switching, Balanceadores de Carga, Sistemas de Autenticación, VPN’s, BGP, wireless, alta disponibilidad y seguridad de red.
  • Experiencia destacable en sistemas de monitorización.
  • Clara orientación de servicio y a cliente, empatía, capacidad de resolución y actitud proactiva.

Deseable

• Certificación Cisco CCNP
• Conocimientos en protocolo 802.1X
• Conocimientos en IDP/IPS
• Conocimientos en ipv6
• Valorable aportar otras certificaciones

Top

Dubtes

• com llistar els usuaris (hostname) als que he donat una IP dinamica ?
  cat /var/lib/dhcp/db/dhcpd.leases
  
  Com es que nslookup no troba .78.200 ?

• Com mostrar els valors assignats per un DHCP en Linux ? (DNS's & default gateway)

• SSH/SCP without PWD - cant make it work

• how to trace a problem in /var/log/secure ?

• com saber les caraterístiques del nostre stack IP ?
  Jo veig que vnetsniffer està aturat i el ATT dialer l'engega i vull saber-ne la raó ...
  Tambe veig que ipconfig em treu informació "nova" ...

• que nassos és "Conexión de area local 2", de nom "Conexión de TV/Video de Microsoft" ? [T42]

• que nassos vol dir Guindows amb el missatge
  The current setting of search method requires at least one DNS suffix.

• com saber si hi ha un programa escoltant a un port ?
  Solució : netstat -aon = display all connections, display owning process, numerical form

• com reiniciar el stack TCP ?
  The reset command is available in the IP context of the NetShell utility. Follow these steps to use the reset command to reset TCP/IP manually:
  netsh int ip reset resetlog.txt
  
  Reboot the computer. url.

  When you run the reset command, it rewrites two registry keys that are used by TCP/IP. This has the same result as removing and reinstalling the protocol. The reset command rewrites the following two registry keys:

  SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ SYSTEM\CurrentControlSet\Services\DHCP\Parameters\

  url, url.

  Em sembla millor aquesta eina : WinSock XP fix

• com modificar un parametre de TCP/IP des "Startup" ?
  C:\WINDOWS\system32\reg.exe add HKLM\System\CurrentControlSet\Services\TCPIP\Parameters /v SearchList /t REG_SZ /d spss.com /f
• com probar que arribem fins a un port ?
  • NO arribem
    C:\> telnet 192.168.21.1 1415 Connecting To 192.168.21.1... Could not open a connection to host on port 1415 : Connect failed
  • SI arribem
    Connect REJECTED

• que fer si la carpeta Network Connections es buida ? {empty My Network properties}
  • netsh winsock reset - remove all the third-party LSPs and restore Winsock to factory default setting.
  • get WinsockxpFix.exe
  • I unistalled the drivers for the network adapters and rebooted. They got reinstalled, and everything worked fine. (Win XP pro, sp2)
  • make sure that the Network Connections service is enabled and running. ("conexiones de red" - [es])
  • KB313242
  • regsvr32 netshell.dll regsvr32 netcfgx.dll regsvr32 netman.dll
  • KB825826,
    url
  • KB953979

• que fem si un SCP s'atura dient "STALLED" ? Use the "-C" flag on SCP command to "compress". Alsu, use "-vv" flag to see more details.

• si tenim un servidor amb un servei al port 5678 amb moltes IP's de clients conectats ... com podem tallar la conexió d'una determinada IP ?
  [sag@lab cmds]$ netstat -ano | grep 5678 tcp 0 0 0.0.0.0:5678 0.0.0.0:* LISTEN off (0.00/0/0) tcp 0 0 99.137.164.154:5678 99.172.140.82:2111 ESTABLISHED keepalive (6514.07/0/0) tcp 0 0 99.137.164.154:5678 99.172.140.48:1614 ESTABLISHED keepalive (1769.82/0/0) tcp 0 0 99.137.164.154:5678 99.145.87.157:52364 ESTABLISHED keepalive (6178.23/0/0) tcp 0 0 99.137.164.154:5678 99.145.31.215:4481 ESTABLISHED keepalive (2704.30/0/0)

  cutter (via IPTABLES, as Fco), tcpkill,
  tcpkill is part of the dsniff package. Use "config" to verify pre-requisites, as "libnet not found" at labss.

Links

Top

• Enable / disable adapter from command line : url.

• How to connect Ubuntu to Internet

• Linux Home Networking - bon texte, complert.

• Scanners, for NT and NetBIOs, and Tools.

• Eines :
  • Snort
  • Ethereal Network Protocol Analyzer (W95) => WireShark, wiki. W2K
  • nmap
  • p0f

• Molts articles .... en rus : UINC.RU, as ARP i ICMP by Igor, and non-standard use of ARP

• Beginner scan analysis [pro, with solutions]  
  There's one every month !!!

• tcp/ip reference [good]

• tcp/ip commad line utilities : arp, ipconfig, nbtstat, netstat, ping, tracert, getmac, netsh, tasklist (xp pro), taskkill, set, recover, regsvr32.

• ping :
  
  • intro and links
  • details [Internet Encyclopedia]
  • RFC 792
  • per llençar un ping des de 13 llocs diferents del món a la vegada.

• DNS : RFC 882 & 883 (old, 1983), RFC 1034 & 1035 (1987).

• Cesca : serveis, as DNS.

• CATNIX : serveis, as servidor arrel de noms F.

• FTP servers : Cerberus, FileZilla, ...

• FTP clients (passive ?)
  • CuteFTP
  • CoreFTP
  • Fire FTP (FireFox)
  • SmartFTP
  • WS_FTP

• Telnet Server(s) ?
  • W2000 Pro Telnet Service is set to start "Manually". Ep ! Hi ha un "Telnet Server Administration" dins la carpeta "Administrative Tools"
    XP Pro el porta incorporat : url. Use tlntadmn !
  • Kpt M - free, open source telnet/ssh server for Guindous 2000/XP.

  Client : Putty ! Homepage (0.58). Documentacio. + PSCP + PSFTP !

• Web Server : Abyss Web Server X1

• SMTP Server (outgoing mail, to be used by BLAT) ??? PostCast ???

• Linux NETBIOS client (Samba) configuration

• Delphi Networking

• NetBios & SMB protocols description
  • http://www.first.org/events/progconf/2002/d2-01-chaboya-paper.pdf
  • ftp://ftp.rfc-editor.org/in-notes/rfc1002.txt
  • http://www.samba.org/cifs/docs/what-is-smb.html
  • http://www.ubiqx.org/cifs
  • http://www.codefx.com/CIFS_Explained.htm
  • http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf
  • http://www.richardsharpe.com/

• (1) page 116, Robert Orfali and Dan Harkey, "Client/Server programming with OS/2 2.1"

• que fa
  
  echo 'GET / HTTP/1.0\n' | nc hotbot.com 80 | egrep '^Server:'
  Que es nc ? NetCat - see rpmfind
  From here

• MAC @ to vendor

• read uS TCP/IP ! [good]

  Descripció MOLT complerta !

• Analyze a site : NetCraft : What's that site running ?

• from "The Book of VMWARE", page 139 :

  To learn more about IP networking, read Andrew Tanenbaum's Computer Networks (Prentice-Hall, 1996); for the ultimate programming reference, look at W. Richard Stevens' Unix Network Programming, Volume 1 (Prentice-Hall, 1998). In addition, your author's Linux Problem Solver (No Starch Press, 2000) provides hands-on systems administration information for Linux kernel version 2.2.

• Google or All The Web

• Llibre : Computer Networks and Internets with Internet Applications. See "Code Examples" button
  Douglas E. Comer

• Eines de xarxa

• Display IP in your tray : TYGI

• NetTool : Web & Network debugger

• Disassemble and reassemble TCPIP in Guindous [not for the faint of heart, egb]

• SJ 34/3 : Network Technologies and Systems

• Firewall Builder.

• Here is the Microsoft's IPv6 Guide for Windows Sockets Applications: url. Appendix B has an IP-version agnostic source code sample.

• Peli New Stack - On es guarda ? Llegir amb Opera !

• mr Stefan Savage - interessant ... San Diego. Inside Slammer worm (with code) Network Security

• Windows Server Support Tools alphabetical list :
  • browstat

• List of Security Tools available in Ubuntu :
  • wireshark - ex-Ethereal ! (portable) network protocol analyzer
  • nessus
  • nmap
  • etherape
  • kismet
  • chkrootkit
  • rkhunter
  • tiger
  • gnuPG
  • seahorse
  • nemesis
  • tcpdump
  • openSSH
  • denyHosts
  • snort
  • firestarter
  • clamav
  • ettercap
  • netcat
  • MTR
  • Hping3
  • ngrep
  • john
  • tcptrace
  • netdude
  • tcpreplay
  • dsniff
  • scapy
  • ntop
  • NBTscan
  • tripwire

• (large) Network Monitoring Tools list & {lots of} URLs
  Wiki comparison.
  • Cacti [Alli.nz]

• 10 free server network monitoring tools :
  • Monit
  • Ganglia
  • Munin
  • Cacti
  • Nagios (+++)
  • Zabbix
  • Observium
  • Zenoss org
  • Collectd
  • Argus
  • OpenNMS
  • Hobbit -> xymon
  • Pandora FMS
  • The Dude
  • Nino (in PERL)
  • Splunk
  • GroundWork
  • Zyrion
  • Paessler
  • Reinvigorate
  • Osmius
  • SpiceWorks
  • MetaPing
  • Mahapahit
  • Mikoomi - agents for DB2, WebSphere and Java JVM
  • Live Check .. your web
  • Bobup scanner - shows NetBIOS names, MAC and IP addresses on a local network within a few seconds
  • OpsView

• Top 100 Network Security Tools : 51 is IPScan (Angry IP scanner)

• TCP tuning (nice) article.

• SSH Port Forwarding : see "Remote Forward example".

• Fix TCP stack or WinSock library corrupted (10038 = no socket)

• Improving windows networking defaults
  • http://www.broadbandreports.com/

• Gigabyte Ethernet finder

• Linux Home Networking

• Guide to IP Layer Network Administration with Linux, version 0.4.5, Martin A. Brown : url

• CTDP Linux User's Guide (2000) - functions and files, as DNS.

• Port Forwarding

• Solar Wind - TFTP server. Good intro (to use it at PIX).

  BISC [ip]

• Cisco 2641 XM - what is it ?

• T42 MfyReg T42:\Rexx\Registry\MfyReg\fer.bat tool

• IP Address Blocks

• SS7

• TOR : anonymizer proxy

• Google ( hardping freeware )

• Tinet

• Previous page

• Back to main page

• Site map

• MACs [u]

• Escriu-me !

Site under construction.

Updated 22/5/2012 (a).