• Best VPN Service

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

Internet Protocol Classes - Network & Host ID

Posted in IP Protocol

This article explains the 'Network-ID' and 'Host-ID' concept found in IP addressing and subnetting. We analyse the structure of IP addresses and network classes and show their Network-IDs and Host-IDs in binary format to make evident how the system works.

To help understand the network class analysis, we show examples of well-known ip address ranges and calculate their valid networks and hosts depending on their class and subnetmask.

The information provided in this article is extremely important for engineers who want to really understand IP addressing and subnetting.

Every protocol suite defines some type of addressing that identifies computers and networks. IP Addresses are no exception to this "rule". There are certain values that an IP Address can take and these have been defined by the IEEE committee (as most things).

A simple IP Address is a lot more than just a number. It tells us the network that the workstation is part of and the node ID. If you don't understand what I am talking about, don't let it worry you too much because we are going to analyse everything here :)

IP Address Classes and Structure

When the IEEE committee sat down to sort out the range of numbers that were going to be used by all computers, they came out with 5 different ranges or, as we call them, "Classes" of IP Addresses and when someone applies for IP Addresses they are given a certain range within a specific "Class" depending on the size of their network.

To keep things as simple as possible, let's first have a look at the 5 different Classes:

ip-classes-1

In the above table, you can see the 5 Classes. Our first Class is A and our last is E. The first 3 classes ( A, B and C) are used to identify workstations, routers, switches and other devices whereas the last 2 Classes ( D and E) are reserved for special use.

As you would already know an IP Address consists of 32 Bits, which means it's 4 bytes long. The first octet (first 8 Bits or first byte) of an IP Address is enough for us to determine the Class to which it belongs. And, depending on the Class to which the IP Address belongs, we can determine which portion of the IP Address is the Network ID and which is the Node ID.

For example, if I told you that the first octet of an IP Address is "168" then, using the above table, you would notice that it falls within the 128-191 range, which makes it a Class B IP Address.

The Internet Protocol (IP) Header

Posted in IP Protocol

This article examines the Internet Protocol (IP) and its position within the OSI Model. We take a look at the IP Header and all fields contained within an Ethernet frame. Further examination of the IP header is covered in the next pages that follow.

Binary & The Internet Protocol

Posted in IP Protocol

To understand the Internet Protocol, we need to learn and understand Binary. It is very important to know and understand Binary because part of the IP protocol is also the "Subnetting" section which can only be explained and understood when an IP Address is converted to Binary!

This article deals with the analysis of IP addresses and covers the conversion of IP address to binary. We explain the conversion process with much detail using our well known diagrams. At the end of the article, readers will be able to understand and explain how IP address to binary conversion is performed and also calculate quickly the 32bit addressing scheme.

Those who are experienced in Binary can skim this section quickly, but do have a look through.

A lot of people are not aware that computers do not understand words, pictures and sounds, when we interact with them by playing a game, reading or drawing something on the screen. The truth is that all computers can understand is zeros (0) and ones (1) !

What we see on the screen is just an interpretation of what the computer understands, so the information displayed is useful and meaningful to us. 

Binary: Bits and Bytes

Everyone who uses the Internet would have, at one stage or another, come across the "Byte" or "Bit" term, usually when you're downloading, you get the speed indication in bytes or KBytes per second. We are going to see exactly what a Bit, Byte and KByte is, so you understand the terms.

To put it as simply as possible, a Bit is the smallest unit/value of Binary notation. The same way we say 1 cent is the smallest amount of money you can have , a Bit is the same thing but not in cents or dollars, but in Binary.

A Bit can have only one value, either a one (1) or a zero (0). So If I gave you a value of zero: 0, then you would say that is one Bit. If I gave you two of them: 00, you would say that's two Bits.

Now, if you had 8 zeros or ones together: 0110 1010 (I put a space in between to make it easier for the eyes) you would say that's 8 Bits or, one Byte ! Yes that is correct, 8 Bits are equal to one Byte.

The picture below gives you some examples:

ip-binary-1

It's like saying, if you have 100 cents, that is equal to one Dollar. In the same way, 8 Bits (doesn't matter if they are all 1s or 0s or a mixture of the two) would equal one Byte.

And to sum this all up, 1024 Bytes equal 1 KByte (Kilobyte). Why 1024 and not 1000 ? Well it's because of the way Binary works. If you did the maths, you would find the above correct.

DNS Response Message Format

Posted in Domain Name System (DNS)

The previous article covered the DNS Query message formats. In the article we analysed them in great detail and showed how various options are selected by the host using the Flags/Parameters field.  This article moves one more step ahead by covering the DNS response received from the previously generated DNS queries. DNS responses, in the case of a recursive DNS query, come directly from the DNS server that received our initial DNS query, while in the case of a non-recursive DNS query, the response arrives from the last DNS server the client (PC) queries in order to get the required DNS information.

DNS Analysis - Server Response

Here is the response (highlighted section in the screenshot below) to the previous DNS query sent to DNS server with IP address 139.130.4.4:

dns-response-format-1

Something worth paying attention to is the time it took to receive and answer to our DNS query, which was only 0.991 seconds!

There are a lot of factors that contribute to this fairly fast reponse: The UDP transport protocol , which does not require any 3-way handshake, the load of the initial DNS server queried, the load of the other DNS servers that had to be ask, the connection speeds of everyone (our workstation, DNS servers, etc), and the traffic load between all paths our packets have taken during this DNS query/response!

Analyzing a DNS Packet

Following is the Ethernet II packet that runs on the local network. The structure is the same as our previous DNS query packet, but varies in size:

dns-response-format-2

Now, to make the analysis of the DNS Section easier we have also included the DNS Query (left) and DNS Response (right). This allows us to easily compare both DNS query and response packets:

 dns-response-format-3       dns-response-format-4

By comparing the two packets, we can see that there are fields in the DNS Response packet (marked with green arrows) that didn't exist in the Query. Let's see again what each field means and anaylse them again as we did in the previous page.

The DNS Section in a response packet is considerably larger and complex than that of a query packet. For this reason we are going to analyse it in parts rather than all together. The query had only one section that required in-depth analysis whereas the response has three since the first one is the original query sent:

Here is the section of a DNS response:

dns-response-format-5

You can clearly see that everything after the  block labeled "DNS Query Section" is new. We are going to focus on these 3 new blocks, which are part of the DNS Response Section, as the rest has been covered in the previous article.

 
DNS Response Section

The diagram below shows you the contents of the 3 new blocks (sections) we are looking at and they are:

  • Answers
  • Authoritative Nameservers
  • Additional Records

 dns-response-format-6 dns-response-format-7

What we need to need understand is that each of these three sections have identical fields. Even though the information they contain might seem a bit different, the fields are exactly the same and we will see this shortly.

In the picture above, we have only expanded the first part of the Answer section which is underlined in green so you can compare the fields with the ones contained in the left hand picture.

This picture below shows the expanded version from the first part of both Answers & Authoritative sections. We have already marked and labeled the fields to prove to you that they are all identical and vary only in the information they contain:

dns-response-format-8

 

Looking carefully at both Answers & Authoritative sections, we notice that the Resource Data field is first, where according to the analysis of the sections in the picture above (left side), you would expect it last.

The actual position of the field is last, but it's presented first by the packet analyser to make the presented data more user friendly.

This is also the reason the first line of each part in each section is used to provide a quick summary of the information captured.

For example, looking at line 1 in the Answers Section (underlined in green), we get a summary of the data that will follow: www.firewall.cx, type INET, cname firewall.cx.

This proves that the fields in all of these 3 sections contained in the DNS Response Section are identical, but contain different values/data.

 

 

 

 

 

Looking at each section (coloured area), one can notice that there are actually two answers which appear as a hierachical tree with the boxed '+' symbol next to them.

A question often asked is why are there two answers for each section and could there be more or less answers?

The answer is simple and logical, there are as many answers as needed, depending on the way the domain has been setup. For example, Firewall.cx currently has two nameservers configured domain, which explains the two answers for each section. If we had three nameservers configured, then we would get three answers per section.

To help make this clear, we also captured a DNS Response packet from a DNS query for the domain ibm.com:

dns-response-format-9

As it is evident, our query for IBM.COM gave us a response which has 4 answers per section!

Again, each answer in every section has identical fields, but different data/values.

You might have noticed a pattern here as well. In every DNS Response you will find the same number of answers per section.

For example, the screenshot on the left shows us 4 answers for the Answers, Authoritative and Additional records sections and this is no coincidence.

The Type field will help us understand why. Let's take a look at it.

 

 

 

 

 

The Type Field

The Type field determines the type of information we require about a domain.

The table below contains the most frequently requested Type of DNS information:

Type
Meaning
Contents
A
Host Address
32-Bit IP Address of host or domain
CNAME
Canonical Name (Alias)
Canonical domain name for and alias e.g www
HINFO
CPU & OS
Name of CPU and Operating System
MINFO
Mailbox
Info about a mailbox or mail list
MX
Mail Exchange
16-bit preference and name of the host that acts as a mail exchange server for a domain e.g mail.firewall.cx
NS
Name Server
Authoritative name server for the domain
PTR
Pointer
Symbolic link for a domain. e.g net.firewall.cx points to www.firewall.cx
SOA
Start Of Authority
Multiple fields that specify which parts of the naming hiererchy a server implements
TXT
Arbitrary Text
Uninterpreted string of ASCII text

To give a simple example, when we have a Type=A , we are given the IP Address of the domain or host (look at Answers section below), whereas a Type=NS means we are given the Authoritative Name Servers that are responsible for the domain (look at Authoritative Name Servers section below).

The screenshot below, was taken from our first example (query for firewall.cx) and we can see why the Type field is responsible for the data we receive about the domain:

dns-response-format-10

As we can see, the Type field (red circle) in the first answer of the Authoritative Name Servers section is set to NS, which means this part contains information about the Authoritative name servers of the queried domain.

Going to the first answer of the Additional records, we can see that the Type field here is set to A, which means the data contained in this part is an IP address for the particular host.

When requesting the name servers for a domain, it also also essential their IP address is also provided, so that the client can construct a DNS query and send it to the name servers for that domain.

In this article we analysed the DNS response message format by looking into the details of a DNS response packet. We also covered the different DNS type field messages and explained the contents of the DNS Response message.

Back to the DNS Protocol Section

   or                         

Back to the Network Protocols Section

Type
Meaning
Contents
A
Host Address
32-Bit IP Address of host or domain
CNAME
Canonical Name (Alias)
Canonical domain name for and alias e.g www
HINFO
CPU & OS
Name of CPU and Operating System
MINFO
Mailbox
Info about a mailbox or mail list
MX
Mail Exchange
16-bit preference and name of the host that acts as a mail exchange server for a domain e.g mail.firewall.cx
NS
Name Server
Authoritative name server for the domain
PTR
Pointer
Symbolic link for a domain. e.g net.firewall.cx points to www.firewall.cx
SOA
Start Of Authority
Multiple fields that specify which parts of the naming hiererchy a server implements
TXT
Arbitrary Text
Uninterpreted string of ASCII text

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup