The Network Aficionado: July 2015

Friday, July 31, 2015

common connectors wiring schematic

Computer Com Port (RS-232/V.24 pin out on a DB-9)

Fig.1 RS232/V.24 DB9

Pin	Name	Description
1	CD	Carrier Detect
2	RXD	Receive Data
3	TXD	Transmit Data
4	DTR	Data Terminal Ready
5	GND	System Ground
6	DSR	Data Set Ready
7	RTS	Request to Send
8	CTS	Clear to Send
9	RI	Ring Indicator

X.21 interface on a DB 15 connector

Fig. 2. X.12 DB15 connector

RJ-45 RS232 connector

EIA-561 defined RS232 on RJ 45 (modular) connector. It can be used only for nonsynchronous applications onlym because it does not have synchronous clocking signals. Note: The RI pin (#1) sometimes can be used as DSR.
RJ45 RS232 connector

Fig.3. RJ-45 RS232 connector

RJ45 RS232D connectors (same as telephone connectors)

RS232D uses RJ45 type connectors (similar to telephone connectors)

Pin No.	Signal Description	Abbr.	DTE	DCE
1	DCE Ready, Ring Indicator	DSR/RI	«--	--»
2	Received Line Signal Detector	DCD	«--	--»
3	DTE Ready	DTR	--»	«--
4	Signal Ground	SG
5	Received Data	RxD	«--	--»
6	Transmitted Data	TxD	--»	«--
7	Clear To Send	CTS	«--	--»
8	Request To Send	RTS	--»	«--

DB25 V.24 pinout and signals

Fig.4. RS232 V.24 connector

DB25 V.24 pinout and signals (ALT A connector)

Fig.5. RS232 V.24 (ALT A) connector

RS232 DB25 all pins (some applications require more pins)

Fig.6. RS232 DB25 connector

Debian Commands

A

alias: Create an alias

awk: Find and Replace text within file(s)

B

basename: Return just the file name alone

bzip2/bunzip2: Compress or decompress named file(s)

C

cat: Display the contents of a file

cat -n: simple way to add line-numbers to the output of a command

cd: Change Directory

chgrp: Change group ownership

chmod: Change access permissions

chown: Change file owner and group

chroot: Run a command with a different root directory

clear: Clear terminal screen

cmp: Compare two files

comm: Compare two sorted files line by line

cp Copy one or more files to another location

crontab: Schedule a command to run at a later time

D

date: Display or change the date & time

dc: Desk Calculator

dd: Data Dump - Convert and copy a file

df: Display free disk space

diff: Display the differences between two files

dir: Briefly list directory contents

dircolors: Colour setup for ls

dirname: Convert a full pathname to just a path

dmesg: Output is from the kernel booting, showing the devices it has found and if it has been able to configure them at all (aside from userland configuration).

du: Estimate file space usage

E

echo: Display message on screen

egrep: Print lines matching a pattern (same as grep -E)

eject: Eject CD-ROM

env: Display, set, or remove environment variables

exit: Exit the shell (or press Ctrl-D)

export: Set an environment variable

F

fdisk: Partition table manipulator for Linux

fgrep: Print lines matching a pattern (same as grep -F)

file: Tells what kind of files are those listed on command line

find: Search for files that meet a desired criteria

for: Expand words, and execute commands

format: Format disks or tapes

free: Display memory usage

fsck: Filesystem consistency check and repair.

ftp: Transfer/receive files from/to a remote host

G

grep: Print lines matching a pattern

groups: Print group names a user is in

gzip/gunzip: Compress or decompress named file(s)

H

head: Output the first part of file(s)

history: Command History

hostname: Print or set system name

I

id: Print user and group id's

if/then/else/elif/fi Conditionally perform a command

info: Help info

J

join: Joins lines on a common field

K

kill: Stops a process from running

killall: Stops matching process from running

L

less: Display output one screen at a time

ln: Make links between files

locate: Find files using an indexed list.

logname: Print current login name

logout: Exit a login shell

lpc: Line printer control program

lpr: Off line print

lprint: Print a file

lprintq: List the print queue

ls: List information about file(s)

M

man: Help manual

mkdir: Create new folder(s)

more: Display output one screen at a time

mount: Mount a file system

mv: Move or rename files or directories

N

nice: Set the priority of a command or job

P

passwd: Modify a user password

printf: Format and print data

ps: Process Status. Lists running process

pwd: Print Working Directory

Q

R

rgrep: Recursive grep

rm: Remove file(s)

rmdir: Remove folder(s)

rsync: Remote file copy (Synchronize file trees) using its own protocol. It may be used over an ssh or rsh connection.

S

scp: Copy files between two machines over an ssh connection

sdiff: Merge two files interactively

sed: Stream Editor

select: Accept keyboard input

sftp: Secure file transfer (FTP over SSH)

shutdown: Shutdown or restart Linux

sleep: Delay for a specified time

sort: Sort text files

ssh: Secure Shell

su: Substitute user identity

sudo: Execute a command as another user

sync: Synchronize data on disk with memory

T

tail: Output the last part of files

tar: Tape Archiver

time: Measure Program Resource Use

touch: Change file timestamps or create an empty file

top: List processes running on the system

traceroute: Trace Route to Host

tr: Translate, squeeze, and/or delete characters

true: Do nothing, successfully

U

umask: Users file creation mask

umount: Unmount a device

uname: Print system information

uniq: Uniquify files

until: Execute commands (until error)

useradd: Create new user account

usermod: Modify user account

users: List users currently logged in

V

vdir: Verbosely list directory contents (ls -l -b)

W

watch: Execute/display a program periodically

wc: Print byte, word and line counts

which: Locate a program file in the user's path.

who: Print all usernames currently logged in

whoami: Print the current user id and name (`id -un')

X

xargs: Execute utility, passing constructed argument list(s)

Y

Z

https://wiki.debian.org/ShellCommands

Nmap GUI Zenmap

Try zenmap the official network mapper front end:

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can install zenmap using the following apt-get command:

$ sudo apt-get install zenmap

Sample outputs:[sudo] password for vivek: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: zenmap 0 upgraded, 1 newly installed, 0 to remove and 11 not upgraded. Need to get 616 kB of archives. After this operation, 1,827 kB of additional disk space will be used. Get:1 http://debian.osuosl.org/debian/ squeeze/main zenmap amd64 5.00-3 [616 kB] Fetched 616 kB in 3s (199 kB/s) Selecting previously deselected package zenmap. (Reading database ... 281105 files and directories currently installed.) Unpacking zenmap (from .../zenmap_5.00-3_amd64.deb) ... Processing triggers for desktop-file-utils ... Processing triggers for gnome-menus ... Processing triggers for man-db ... Setting up zenmap (5.00-3) ... Processing triggers for python-central ...

Type the following command to start zenmap:

$ sudo zenmap

Sample outputs

Fig.02: zenmap in action

How do I detect and block port scanning?

Try the following resources:
How to use psad tool to detect and block port scan attacks in real time.
Debian / Ubuntu Linux: Install and Configure Shoreline Firewall (Shorewall).
CentOS / Redhat Iptables Firewall Configuration Tutorial.
Linux: 20 Iptables Examples For New SysAdmins.
20 Linux Server Hardening Security Tips.
References:
The official Nmap project guide to network discovery and security Scanning.
The official Nmap project home page.

http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/

Nmap commands

Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users.

The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.

nmap in action
More about nmap

From the man page:

Nmap ("Network Mapper") is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

It was originally written by Gordon Lyon and it can answer the following questions easily:
What computers did you find running on the local network?
What IP addresses did you find running on the local network?
What is the operating system of your target machine?
Find out what ports are open on the machine that you just scanned?
Find out if the system is infected with malware or virus.
Search for unauthorized servers or network service on your network.
Find and remove computers which don't meet the organization's minimum level of security.
Sample setup (LAB)

Port scanning may be illegal in some jurisdictions. So setup a lab as follows: +---------+ +---------+ | Network | +--------+ | server1 |-----------+ swtich +---------|server2 | +---------+ | (sw0) | +--------+ +----+----+ | | +---------+----------+ | wks01 Linux/OSX | +--------------------+

Where,
wks01 is your computer either running Linux/OS X or Unix like operating system. It is used for scanning your local network. The nmap command must be installed on this computer.
server1 can be powered by Linux / Unix / MS-Windows operating systems. This is an unpatched server. Feel free to install a few services such as a web-server, file server and so on.
server2 can be powered by Linux / Unix / MS-Windows operating systems. This is a fully patched server with firewall. Again, feel free to install few services such as a web-server, file server and so on.
All three systems are connected via switch.
How do I install nmap?

See:
Debian / Ubuntu Linux: Install nmap Software For Scanning Network
CentOS / RHEL: Install nmap Network Security Scanner
OpenBSD: Install nmap Network Security Scanner
#1: Scan a single host or an IP address (IPv4)### Scan a single ip address ### nmap 192.168.1.1 ## Scan a host name ### nmap server1.cyberciti.biz ## Scan a host name with more info### nmap -v server1.cyberciti.biz

Sample outputs:

Fig.01: nmap output

#2: Scan multiple IP address or subnet (IPv4)nmap 192.168.1.1 192.168.1.2 192.168.1.3 ## works with same subnet i.e. 192.168.1.0/24 nmap 192.168.1.1,2,3

You can scan a range of IP address too:nmap 192.168.1.1-20

You can scan a range of IP address using a wildcard:nmap 192.168.1.*

Finally, you scan an entire subnet:nmap 192.168.1.0/24

#3: Read list of hosts/networks from a file (IPv4)

The -iL option allows you to read the list of target systems using a text file. This is useful to scan a large number of hosts/networks. Create a text file as follows:

cat > /tmp/test.txt

Sample outputs:server1.cyberciti.biz 192.168.1.0/24 192.168.1.1/24 10.1.2.3 localhost

The syntax is:nmap -iL /tmp/test.txt

#4: Excluding hosts/networks (IPv4)

When scanning a large number of hosts/networks you can exclude hosts from a scan:nmap 192.168.1.0/24 --exclude 192.168.1.5 nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254

OR exclude list from a file called /tmp/exclude.txtnmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

#5: Turn on OS and version detection scanning script (IPv4)nmap -A 192.168.1.254 nmap -v -A 192.168.1.1 nmap -A -iL /tmp/scanlist.txt

#6: Find out if a host/network is protected by a firewallnmap -sA 192.168.1.254 nmap -sA server1.cyberciti.biz

#7: Scan a host when protected by the firewallnmap -PN 192.168.1.1 nmap -PN server1.cyberciti.biz

#8: Scan an IPv6 host/address

The -6 option enable IPv6 scanning. The syntax is:nmap -6 IPv6-Address-Here nmap -6 server1.cyberciti.biz nmap -6 2607:f0d0:1002:51::4 nmap -v A -6 2607:f0d0:1002:51::4

#9: Scan a network and find out which servers and devices are up and running

This is known as host discovery or ping scan:nmap -sP 192.168.1.0/24

Sample outputs:Host 192.168.1.1 is up (0.00035s latency). MAC Address: BC:AE:C5:C3:16:93 (Unknown) Host 192.168.1.2 is up (0.0038s latency). MAC Address: 74:44:01:40:57:FB (Unknown) Host 192.168.1.5 is up. Host nas03 (192.168.1.12) is up (0.0091s latency). MAC Address: 00:11:32:11:15:FC (Synology Incorporated) Nmap done: 256 IP addresses (4 hosts up) scanned in 2.80 second

#10: How do I perform a fast scan?nmap -F 192.168.1.1

#11: Display the reason a port is in a particular statenmap --reason 192.168.1.1 nmap --reason server1.cyberciti.biz

#12: Only show open (or possibly open) portsnmap --open 192.168.1.1 nmap --open server1.cyberciti.biz

#13: Show all packets sent and receivednmap --packet-trace 192.168.1.1 nmap --packet-trace server1.cyberciti.biz

14#: Show host interfaces and routes

This is useful for debugging (ip command or route command or netstat command like output using nmap)nmap --iflist

Sample outputs:Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 02:01 IST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 192.168.1.5/24 ethernet up B8:AC:6F:65:31:E5 vmnet1 (vmnet1) 192.168.121.1/24 ethernet up 00:50:56:C0:00:01 vmnet8 (vmnet8) 192.168.179.1/24 ethernet up 00:50:56:C0:00:08 ppp0 (ppp0) 10.1.19.69/32 point2point up **************************ROUTES************************** DST/MASK DEV GATEWAY 10.0.31.178/32 ppp0 209.133.67.35/32 eth0 192.168.1.2 192.168.1.0/0 eth0 192.168.121.0/0 vmnet1 192.168.179.0/0 vmnet8 169.254.0.0/0 eth0 10.0.0.0/0 ppp0 0.0.0.0/0 eth0 192.168.1.2

#15: How do I scan specific ports?map -p [port] hostName ## Scan port 80 nmap -p 80 192.168.1.1 ## Scan TCP port 80 nmap -p T:80 192.168.1.1 ## Scan UDP port 53 nmap -p U:53 192.168.1.1 ## Scan two ports ## nmap -p 80,443 192.168.1.1 ## Scan port ranges ## nmap -p 80-200 192.168.1.1 ## Combine all options ## nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1 nmap -p U:53,111,137,T:21-25,80,139,8080 server1.cyberciti.biz nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254 ## Scan all ports with * wildcard ## nmap -p "*" 192.168.1.1 ## Scan top ports i.e. scan $number most common ports ## nmap --top-ports 5 192.168.1.1 nmap --top-ports 10 192.168.1.1

Sample outputs:Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 01:23 IST Interesting ports on 192.168.1.1: PORT STATE SERVICE 21/tcp closed ftp 22/tcp open ssh 23/tcp closed telnet 25/tcp closed smtp 80/tcp open http 110/tcp closed pop3 139/tcp closed netbios-ssn 443/tcp closed https 445/tcp closed microsoft-ds 3389/tcp closed ms-term-serv MAC Address: BC:AE:C5:C3:16:93 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds

#16: The fastest way to scan all your devices/computers for open ports evernmap -T5 192.168.1.0/24

#17: How do I detect remote operating system?

You can identify a remote host apps and OS using the -O option: nmap -O 192.168.1.1 nmap -O --osscan-guess 192.168.1.1 nmap -v -O --osscan-guess 192.168.1.1

Sample outputs:Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 01:29 IST NSE: Loaded 0 scripts for scanning. Initiating ARP Ping Scan at 01:29 Scanning 192.168.1.1 [1 port] Completed ARP Ping Scan at 01:29, 0.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 01:29 Completed Parallel DNS resolution of 1 host. at 01:29, 0.22s elapsed Initiating SYN Stealth Scan at 01:29 Scanning 192.168.1.1 [1000 ports] Discovered open port 80/tcp on 192.168.1.1 Discovered open port 22/tcp on 192.168.1.1 Completed SYN Stealth Scan at 01:29, 0.16s elapsed (1000 total ports) Initiating OS detection (try #1) against 192.168.1.1 Retrying OS detection (try #2) against 192.168.1.1 Retrying OS detection (try #3) against 192.168.1.1 Retrying OS detection (try #4) against 192.168.1.1 Retrying OS detection (try #5) against 192.168.1.1 Host 192.168.1.1 is up (0.00049s latency). Interesting ports on 192.168.1.1: Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: BC:AE:C5:C3:16:93 (Unknown) Device type: WAP|general purpose|router|printer|broadband router Running (JUST GUESSING) : Linksys Linux 2.4.X (95%), Linux 2.4.X|2.6.X (94%), MikroTik RouterOS 3.X (92%), Lexmark embedded (90%), Enterasys embedded (89%), D-Link Linux 2.4.X (89%), Netgear Linux 2.4.X (89%) Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (95%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (94%), Linux 2.4.21 - 2.4.31 (likely embedded) (92%), Linux 2.6.15 - 2.6.23 (embedded) (92%), Linux 2.6.15 - 2.6.24 (92%), MikroTik RouterOS 3.0beta5 (92%), MikroTik RouterOS 3.17 (92%), Linux 2.6.24 (91%), Linux 2.6.22 (90%) No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=5.00%D=11/27%OT=22%CT=1%CU=30609%PV=Y%DS=1%G=Y%M=BCAEC5%TM=50B3CA OS:4B%P=x86_64-unknown-linux-gnu)SEQ(SP=C8%GCD=1%ISR=CB%TI=Z%CI=Z%II=I%TS=7 OS:)OPS(O1=M2300ST11NW2%O2=M2300ST11NW2%O3=M2300NNT11NW2%O4=M2300ST11NW2%O5 OS:=M2300ST11NW2%O6=M2300ST11)WIN(W1=45E8%W2=45E8%W3=45E8%W4=45E8%W5=45E8%W OS:6=45E8)ECN(R=Y%DF=Y%T=40%W=4600%O=M2300NNSNW2%CC=N%Q=)T1(R=Y%DF=Y%T=40%S OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W= OS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID OS:=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Uptime guess: 12.990 days (since Wed Nov 14 01:44:40 2012) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=200 (Good luck!) IP ID Sequence Generation: All zeros Read data files from: /usr/share/nmap OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.38 seconds Raw packets sent: 1126 (53.832KB) | Rcvd: 1066 (46.100KB)

See also: Fingerprinting a web-server and a dns server command line tools for more information.
#18: How do I detect remote services (server / daemon) version numbers?nmap -sV 192.168.1.1

Sample outputs:Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 01:34 IST Interesting ports on 192.168.1.1: Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.52 (protocol 2.0) 80/tcp open http? 1 service unrecognized despite returning data.

#19: Scan a host using TCP ACK (PA) and TCP Syn (PS) ping

If firewall is blocking standard ICMP pings, try the following host discovery methods:nmap -PS 192.168.1.1 nmap -PS 80,21,443 192.168.1.1 nmap -PA 192.168.1.1 nmap -PA 80,21,200-512 192.168.1.1

#20: Scan a host using IP protocol pingnmap -PO 192.168.1.1

#21: Scan a host using UDP ping

This scan bypasses firewalls and filters that only screen TCP:nmap -PU 192.168.1.1 nmap -PU 2000.2001 192.168.1.1

#22: Find out the most commonly used TCP ports using TCP SYN Scan ### Stealthy scan ### nmap -sS 192.168.1.1 ### Find out the most commonly used TCP ports using TCP connect scan (warning: no stealth scan) ### OS Fingerprinting ### nmap -sT 192.168.1.1 ### Find out the most commonly used TCP ports using TCP ACK scan nmap -sA 192.168.1.1 ### Find out the most commonly used TCP ports using TCP Window scan nmap -sW 192.168.1.1 ### Find out the most commonly used TCP ports using TCP Maimon scan nmap -sM 192.168.1.1

#23: Scan a host for UDP services (UDP scan)

Most popular services on the Internet run over the TCP protocol. DNS, SNMP, and DHCP are three of the most common UDP services. Use the following syntax to find out UDP services:nmap -sU nas03 nmap -sU 192.168.1.1

Sample outputs: Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 00:52 IST Stats: 0:05:29 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan UDP Scan Timing: About 32.49% done; ETC: 01:09 (0:11:26 remaining) Interesting ports on nas03 (192.168.1.12): Not shown: 995 closed ports PORT STATE SERVICE 111/udp open|filtered rpcbind 123/udp open|filtered ntp 161/udp open|filtered snmp 2049/udp open|filtered nfs 5353/udp open|filtered zeroconf MAC Address: 00:11:32:11:15:FC (Synology Incorporated) Nmap done: 1 IP address (1 host up) scanned in 1099.55 seconds

#24: Scan for IP protocol

This type of scan allows you to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines:nmap -sO 192.168.1.1

#25: Scan a firewall for security weakness

The following scan types exploit a subtle loophole in the TCP and good for testing security of common attacks: ## TCP Null Scan to fool a firewall to generate a response ## ## Does not set any bits (TCP flag header is 0) ## nmap -sN 192.168.1.254 ## TCP Fin scan to check firewall ## ## Sets just the TCP FIN bit ## nmap -sF 192.168.1.254 ## TCP Xmas scan to check firewall ## ## Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree ## nmap -sX 192.168.1.254

See how to block Xmas packkets, syn-floods and other conman attacks with iptables.
#26: Scan a firewall for packets fragments

The -f option causes the requested scan (including ping scans) to use tiny fragmented IP packets. The idea is to split up the TCP header over

several packets to make it harder for packet filters, intrusion detection systems, and other annoyances to detect what you are doing.nmap -f 192.168.1.1 nmap -f fw2.nixcraft.net.in nmap -f 15 fw2.nixcraft.net.in ## Set your own offset size with the --mtu option ## nmap --mtu 32 192.168.1.1

#27: Cloak a scan with decoys

The -D option it appear to the remote host that the host(s) you specify as decoys are scanning the target network too. Thus their IDS might report 5-10 port scans from unique IP addresses, but they won't know which IP was scanning them and which were innocent decoys:nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip nmap -n -D192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1 192.168.1.5

#28: Scan a firewall for MAC address spoofing ### Spoof your MAC address ## nmap --spoof-mac MAC-ADDRESS-HERE 192.168.1.1 ### Add other options ### nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE 192.168.1.1 ### Use a random MAC address ### ### The number 0, means nmap chooses a completely random MAC address ### nmap -v -sT -PN --spoof-mac 0 192.168.1.1

#29: How do I save output to a text file?

The syntax is:nmap 192.168.1.1 > output.txt nmap -oN /path/to/filename 192.168.1.1 nmap -oN output.txt 192.168.1.1
http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/

Wireshark

Wireshark is a free and open-source packet analyzer. It is used for networktroubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.[4]

Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version, to implement its user interface, and usingpcap to capture packets; it runs on Linux, OS X, BSD, Solaris, some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.
Functionality[edit]

Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

Wireshark lets the user put network interface controllers that support promiscuous mode into that mode, so they can see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast traffic. However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all traffic through the switch is necessarily sent to the port where the capture is done, so capturing in promiscuous mode is not necessarily sufficient to see all network traffic. Port mirroring or various network taps extend capture to any point on the network. Simple passive taps are extremely resistant to tampering[citation needed].

On Linux, BSD, and OS X, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also put wireless network interface controllers intomonitor mode.

If a remote machine captures packets and sends the captured packets to a machine running Wireshark using the TZSP protocol or the protocol used by OmniPeek, Wireshark dissects those packets, so it can analyze packets captured on a remote machine at the time that they are captured.
Features[edit]

Wireshark is software that "understands" the structure (encapsulation) of different networking protocols. It can parse and display the fields, along with their meanings as specified by different networking protocols. Wireshark uses pcap to capture packets, so it can only capture packets on the types of networks that pcap supports.
Data can be captured "from the wire" from a live network connection or read from a file of already-captured packets.
Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, TShark.
Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
Data display can be refined using a display filter.
Plug-ins can be created for dissecting new protocols.[20]
VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.
Raw USB traffic can be captured.[21]
Wireless connections can also be filtered as long as they transverse the monitored Ethernet.[clarification needed]
Various settings, timers, and filters can be set that ensure only triggered traffic appear.[clarification needed]

Wireshark's native network trace file format is the libpcap format supported by libpcap and WinPcap, so it can exchange captured network traces with other applications that use the same format, including tcpdump and CA NetMaster. It can also read captures from other network analyzers, such as snoop, Network General's Sniffer, and Microsoft Network Monitor.
Security[edit]

Capturing raw network traffic from an interface requires elevated privileges on some platforms. For this reason, older versions of Ethereal/Wireshark and tethereal/TShark often ran with superuser privileges. Taking into account the huge number of protocol dissectors that are called when traffic is captured, this can pose a serious security risk given the possibility of a bug in a dissector. Due to the rather large number of vulnerabilities in the past (of which many have allowed remote code execution) and developers' doubts for better future development, OpenBSD removed Ethereal from its ports tree prior to OpenBSD 3.6.[22]

Elevated privileges are not needed for all operations. For example, an alternative is to run tcpdump or the dumpcap utility that comes with Wireshark with superuser privileges to capture packets into a file, and later analyze the packets by running Wireshark with restricted privileges. To emulate near realtime analysis, each captured file may be merged by mergecap into growing file processed by Wireshark. On wireless networks, it is possible to use the Aircrack wireless security tools to capture IEEE 802.11 frames and read the resulting dump files with Wireshark.

As of Wireshark 0.99.7, Wireshark and TShark run dumpcap to perform traffic capture. Platforms that require special privileges to capture traffic need only dumpcap run with those privileges. Neither Wireshark nor TShark need to or should be run with special privileges.

https://en.wikipedia.org/wiki/Wireshark

Nmap

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)[1] used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.

The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection,[2] vulnerability detection,[2] and other features. Nmap is also capable of adapting to network conditions including latency and congestion during a scan. Nmap is under development and refinement by its user community.

Nmap was originally a Linux-only utility,[3] but it was ported to Microsoft Windows,Solaris, HP-UX, BSD variants (including Mac OS X), AmigaOS, and SGI IRIX.[4] Linux is the most popular platform, followed closely by Windows.[5]
Features[edit]

Nmap features include:
Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
Port scanning – Enumerating the open ports on target hosts.
Version detection – Interrogating network services on remote devices to determine application name and version number.[6]
OS detection – Determining the operating system and hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua programming language.

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.[7]

Typical uses of Nmap:
Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.[8]
Identifying open ports on a target host in preparation for auditing.[9]
Network inventory, network mapping, maintenance and asset management.
Auditing the security of a network by identifying new servers.[10]
Generating traffic to hosts on a network.[11]
Find and exploit vulnerabilities in a network.[12]

https://en.wikipedia.org/wiki/Nmap

Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics andpenetration testing. It is maintained and funded by Offensive Security Ltd.

Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (aport scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker),Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite andOWASP ZAP (both web application security scanners).[2][3] Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.[2]

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu.

https://en.wikipedia.org/wiki/Kali_Linux

LTE

LTE, an abbreviation for Long-Term Evolution, commonly marketed as 4G LTE, is a standard for wireless communication of high-speed data for mobile phones and data terminals. It is based on the GSM/EDGE and UMTS/HSPAnetwork technologies, increasing the capacity and speed using a different radio interface together with core network improvements.[1][2] The standard is developed by the 3GPP (3rd Generation Partnership Project) and is specified in its Release 8 document series, with minor enhancements described in Release 9.

LTE is the natural upgrade path for carriers with both GSM/UMTS networks andCDMA2000 networks. The different LTE frequencies and bands used in different countries will mean that only multi-band phones will be able to use LTE in all countries where it is supported.

Although marketed as a 4G wireless service, LTE (as specified in the 3GPP Release 8 and 9 document series) does not satisfy the technical requirements the 3GPP consortium has adopted for its new LTE-Advanced standard. The requirements were originally set forth by the ITU-R organization in its IMT-Advanced specification. However, due to marketing pressures and the significant advancements that WiMAX, HSPA+ and LTE bring to the original 3G technologies, ITU later decided that LTE together with the aforementioned technologies can be called 4G technologies.[3] The LTE Advanced standard formally satisfies the ITU-R requirements to be considered IMT-Advanced.[4] To differentiate LTE Advanced and WiMAX-Advanced from current 4G technologies, ITU has defined them as "True 4G".[5][6]

https://en.wikipedia.org/wiki/LTE_(telecommunication)

HSPA

High Speed Packet Access (HSPA)[1] is an amalgamation of two mobile telephony protocols, High Speed Downlink Packet Access (HSDPA) and High Speed Uplink Packet Access (HSUPA), that extends and improves the performance of existing 3G mobile telecommunication networks utilizing the WCDMA protocols. A further improved 3GPP standard, Evolved HSPA (also known as HSPA+), was released late in 2008 with subsequent worldwide adoption beginning in 2010. The newer standard allows bit-rates to reach as high as 337 Mbit/s in the downlink and 34 Mbit/s in the uplink. However, these speeds are rarely achieved in practice.[2]

https://en.wikipedia.org/wiki/High_Speed_Packet_Access

UMTS

The Universal Mobile Telecommunications System (UMTS) is a third generation mobile cellular system for networks based on theGSM standard. Developed and maintained by the 3GPP (3rd Generation Partnership Project), UMTS is a component of theInternational Telecommunications Union IMT-2000 standard set and compares with the CDMA2000 standard set for networks based on the competing cdmaOne technology. UMTS uses wideband code division multiple access (W-CDMA) radio access technology to offer greater spectral efficiency and bandwidth to mobile network operators.

UMTS specifies a complete network system, which includes the radio access network (UMTS Terrestrial Radio Access Network, or UTRAN), the core network (Mobile Application Part, or MAP) and the authentication of users via SIM (subscriber identity module) cards.

The technology described in UMTS is sometimes also referred to as Freedom of Mobile Multimedia Access (FOMA)[1] or 3GSM.

Unlike EDGE (IMT Single-Carrier, based on GSM) and CDMA2000 (IMT Multi-Carrier), UMTS requires new base stations and new frequency allocations.

https://en.wikipedia.org/wiki/Universal_Mobile_Telecommunications_System

GPRS

General packet radio service (GPRS) is a packet oriented mobile data service on the 2G and 3G cellular communication system'sglobal system for mobile communications (GSM). GPRS was originally standardized by European Telecommunications Standards Institute (ETSI) in response to the earlier CDPD and i-mode packet-switched cellular technologies. It is now maintained by the 3rd Generation Partnership Project (3GPP).[1][2]

GPRS usage is typically charged based on volume of data transferred, contrasting with circuit switched data, which is usually billed per minute of connection time. Usage above the bundle cap is either charged per megabyte, speed limited, or disallowed.

GPRS is a best-effort service, implying variable throughput and latency that depend on the number of other users sharing the service concurrently, as opposed to circuit switching, where a certain quality of service (QoS) is guaranteed during the connection. In 2G systems, GPRS provides data rates of 56–114 kbit/second.[3] 2G cellular technology combined with GPRS is sometimes described as 2.5G, that is, a technology between the second (2G) and third (3G) generations of mobile telephony.[4] It provides moderate-speed data transfer, by using unused time division multiple access (TDMA) channels in, for example, the GSM system. GPRS is integrated into GSM Release 97 and newer releases.

https://en.wikipedia.org/wiki/General_Packet_Radio_Service

GSM

GSM (Global System for Mobile Communications, originally Groupe Spécial Mobile), is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe protocols for second-generation (2G) digital cellular networks used by mobile phones, first deployed in Finland in July 1991.[2] As of 2014 it has become the default global standard for mobile communications - with over 90% market share, operating in over 219 countries and territories.[3]

2G networks developed as a replacement for first generation (1G) analog cellular networks, and the GSM standard originally described a digital, circuit-switched network optimized forfull duplex voice telephony. This expanded over time to include data communications, first by circuit-switched transport, then by packet data transport via GPRS (General Packet Radio Services) and EDGE (Enhanced Data rates for GSM Evolution or EGPRS).

Subsequently, the 3GPP developed third-generation (3G) UMTS standards followed by fourth-generation (4G) LTE Advanced standards, which do not form part of the ETSI GSM standard.

"GSM" is a trademark owned by the GSM Association. It may also refer to the (initially) most common voice codec used, Full Rate.

https://en.wikipedia.org/wiki/GSM_(disambiguation)

BGP

Border Gateway Protocol (BGP) is a standardized exterior gateway protocoldesigned to exchange routing and reachability information between autonomous systems (AS) on the Internet.[1] The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. The Border Gateway Protocol makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator and is involved in making core routingdecisions.

BGP may be used for routing within an AS. In this application it is referred to as Interior Border Gateway Protocol, Internal BGP, or iBGP. In contrast, the Internet application of the protocol may be referred to as Exterior Border Gateway Protocol, External BGP, or EBGP.

https://en.wikipedia.org/wiki/Border_Gateway_Protocol

MPLS

Multiprotocol Label Switching (MPLS) is a mechanism in high-performance telecommunications networks that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. The labels identify virtual links (paths) between distant nodes rather than endpoints. MPLS can encapsulate packets of variousnetwork protocols. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.

https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching

Thursday, July 30, 2015

Office 365 Group Calendar HooHaa

I met with a Consultant today to get some clarification on moving to Office 365. It was nice to have a consultant that actually understood the technological challenges that can come up and didnt just throw a packaged solution at us.
Through our discussion, I was able to fill in some of the blanks of what I couldnt find using my google-fu. Dang Microsoft-fu.
First of all in order to create a basic but working shared calendar quickly, without using public folders in Office 365, you have to license it as a normal user as opposed to a shared mailbox. Shared mailbox calendars can be shared but is not a viable solution for allowing others to create and edit events. I'm guessing this is Microsoft's way of pushing the use of any and all collaboration features into Sharepoint. You have a shared calendar now but apparently no shared folders.
He described it as each licensed office 365 user having a personal onedrive. If you want to use the file sharing collaboration features of onedrive you have to go to sharepoint for business collaboration and pooled resources. I did see a way to share folders using groups but it was not end user compatible : ) and I still have questions about managing permissions for shared calendars under this . I have set up a group and I navigated to it through the portal and was able to synch it to a Sharepoint\groupFolder under my local user account.
It seems like with Microsoft every time you turn a corner you are finding another upgrade. Effective business model I guess especially when you've cornered the market. To be fair he did speak to the quality of the Office 365 solution for hosting email and licensing Office.

IPsec

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol(IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authenticationbetween agents at the beginning of the session and negotiation of cryptographic keysto be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1]

Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.

IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such asTransport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers at the Application layer. Hence, only IPsec protects all application traffic over an IP network. Applications can be automatically secured by IPsec at the IP layer.

https://en.wikipedia.org/wiki/IPsec

Wednesday, July 29, 2015

IP Subnetting Conclusion

Conclusion

Whew! We have covered a lot of ground. Let's recap what we've learned:

For components to communicate on a network, each needs a unique address. Forcomputer networks using the Internet Protocol, these addresses are numeric and are commonly referred to as IPs .
To make efficient use of IP addresses we also need logical groupings of devices. Asubnet then, is a logical organization of connected network devices.
Binary numbers look very confusing but it's really just because we use the base10 numbering system day to day. The concept of binary numbering is the same.
Think of the Internet Protocol as simply the rules of communication.
IP addresses are written in the form of XXX.XXX.XXX.XXX, where each IP address belongs to a certain class depending on the first octet.
Subnetting involves dividing the network into smaller portions called subnets. In a sense, the IP address then has three components - the network part, the subnet part and, finally, the host part.
All a subnet mask does is indicate how many bits are being "borrowed" from the host component of an IP address.
Some IP addresses are used for special purposes.
Public versus private IPs are similar in theory to public telephone numbers versus private extensions.
CIDR is used to adapt the concept of subnetting to the entire Internet. It's sometimes referred to as supernetting.
Variable length subnet masking (VLSM) is another concept that essentially refers to subnetting a subnet.
IPv6 is the future. It not only adds to the number of available IP addresses but also eliminates the need for CIDR and network masks in IPv6.
There are three ways to write an IPv6 address: Preferred, compressed and mixed.

Hopefully that helps shed some light on the subject of subnetting.

8 - IPv6

Step 8 - IPv6 to the Rescue

Obviously, the 32-bit IP address has a limited number of addresses and the explosion of interconnectivity has proved that there are just not enough IPv4 addresses to go around. The answer to future growth lies in the IPv6 addressing scheme. This is more than just the big brother to IPv4 in that it not only adds a significant number of addresses to the IP addressing scheme but eliminates the need for CIDR and the network mask as used in IPv4.

IPv6 increases the IP address size from 32 bits to 128 bits. A 128-bit number supports 2128values, or 340,282,366,920,938,463,463,374,607,431,768,211,456 possible IP addresses. This number is so big there is not even a name for it.

Even the text representation of IPv6 is different from that of IPv4, although it does have a similar-looking dotted decimal look. You will see an IPv6 address written one of three ways:
Preferred
Compressed
Mixed
Preferred IPv6 Addressing Notation

The preferred form is written using hexadecimal values to refer to the 128-bit numbers in each address segment separated by a colon. It would be written like X:X:X:X:X:X:X:X, where each X consists of four 16-bit values. An example would be:

2001:0db8:85a3:0000:0000:8a2e:0370:7D34

Each of the eight sections of an IPv6 number separated by the colons is written as a hexadecimal number which, when translated to decimal value, would range between 0 and 65,535. So where IPv4 text representations of addresses use decimal numbers, IPv6 uses hexadecimal. It really does not matter though - both boil down to binary numbers, which we covered in detail in Section 2.

The following illustration shows how the text representation of an IPv6 address written in hexadecimal is translated into decimal and binary values.

Compressed IPv6 Addressing Notation

The compressed form simply substitutes zero strings with double colons to indicate the zeros are "compressed". For example, the above address in compressed notation would become:

2001:0db8:85a3::8a2e:0370:7D34

There are some rules to follow when doing this zero substitution. First, a substitution can only be done on one "section," or a full 16-bit group; second, the double colon can only be used one time in any given address. There is one other slightly confusing consideration: a double colon automatically suppresses neighboring leading or trailing zeros in an address. Therefore, the above address only indicates one set of double colons as a compressed IPv6 address even though there are two sets of zeros.
Mixed IPv6 Addressing

The mixed addressing notation is useful in environments using both IPv4 and IPv6 addresses. A mixed address would look like X:X:X:X:X:X:X:X:D:D:D:D, where "X" represents the hexadecimal values of the six highest-order 16-bit components of an IPv6 address, and"D" represents an IPv4 value that would plug into the four lower-order values of an IPv6 address.
IPv6 Routing and Prefix Notation

IPv6 does not use subnet masks but does have a means of indicating subnets that is similar to CIDR. IPv6 routing is based on a prefix length as well where the prefix length represents the bits that have fixed values or are the bits of the network identifier. For example, 2001:0db8:85a3::8a2e:0370:7D34/64 indicates the first 64 bits of the address are the network prefix. Prefix notation can also be used to indicate a subnet identifier or a larger network.

7 - VLSM

Step 7 - Variable Length Subnet Masking

When an IP network is assigned more than one subnet mask, it is said to a have a variable length subnet mask (VLSM). This is what is required when you are subnetting a subnet. The concept is very straightforward: Any one subnet can be broken down into further subnets by indicating the proper VLSM.

What must be appreciated about VLSM is how RIP 1 routers work. Originally, the IP addressing scheme and RIP 1 routing protocol did not take into consideration the ability to have different subnet masks on the same network. When a RIP 1 router receives a packet destined for a subnet, it has no idea of the VLSM that has been used to generate the packet address. It just has an address to work with without any knowledge of what CIDR prefix was originally applied - and therefore no knowledge of how many bits are used for the networkaddress and how many are for the host address.

A RIP 1 router would handle this by making some assumptions. If the router has a subnet of the same network number assigned as the local interface, then it assumes the incoming packet has the same subnet mask as the local interface, otherwise it assumes there is no subnet involved and applies a classful mask.

The relevance of this is that RIP1 only allows a single subnet mask, making it impossible to get the full benefit of VLSM. You must use a newer routing protocol like Open Shortest Path First(OSPF) or RIP2, where the network prefix length or mask value is sent along with route advertisements from router to router. With these in use, it is possible to use VLSM to its full potential and have more than one subnet or sub-subnets.

6 - CIDR

Step 6 - CIDR IP Addressing

Having spent a whole bunch of time learning about IP addresses and classes, you might be surprised that in reality they are not used anymore other than to understand the basic concepts of IP addressing.

Instead, network administrators use Classless Internet Domain Routing (CIDR), pronounced "cider", to represent IP addresses. The idea behind CIDR is to adapt the concept of subnetting to the entire Internet. In short, classless addressing means that instead of breaking a particular network into subnets, we can aggregate networks into larger supernets.

CIDR is therefore often referred to as supernetting, where the principles of subnetting are applied to larger networks. CIDR is written out in a network/mask format, where the mask is tacked onto the network address in the form of the number of bits used in the mask. An example would be 205.112.45.60/25. What is most important to understand about the CIDR method of subnetting is the use the network prefix (the /25 of 205.112.45.60/25), rather than the classful way of using the first three bits of the IP address to determine the dividing point between the network number and the host number.

The process for understanding what this means is:

The “205” in the first octet means this IP address would normally contain 24 bits to represent the network portion of the address. With eight bits to an octet, the arithmetic is 3 x 8 = 24, or looking at it the other way around, “/24” means no bits are being borrowed from the last octet.
But this is “/25,” which indicates it is “borrowing” one bit from the host portion of the address.
With only one bit, there can only be two unique subnets.
So this is the equivalent of a net mask of 255.255.255.128, where there is a maximum of 126 host addresses addressable on each of the two subnets.

So why did CIDR become so popular? Because it’s a much more efficient allocator of the IP address space. Using CIDR, a network admin can carve out a number of host addresses that’s closer to what is required than with the class approach.

For example, say a network admin has an IP address of 207.0.64.0/18 to work with. This block consists of 16,384 IP addresses. But if only 900 host addresses are required, this wastes scarce resources, leaving 15,484 (16,384 – 900) addresses unused. By using a subnet CIDR of 207.0.68.0/22 though, the network would address 1,024 nodes, which is much closer to the 900 host addresses required.

5 - Public VS Private

Step 5 - Public Vs. Private IP Addresses

Technically, if all the possible combinations of IP addresses were available, there would be about 4,228,250,625IP addresses for use. This would have to include all public uses andprivate uses - which would then mean, by definition, there would be nothing but public IP addresses.

However, not all addresses are available. Some are used for special purposes. For example, any IP address ending in 255 is a special broadcast address.

Other addresses are used for special signaling, including:
Loopback (127.0.0.1) when a host is referring to itself
Multicast routing mechanisms
Limited broadcasts sent to every host, but limited to the local subnet
Directed broadcasts first routed to a specific subnet, and then broadcast to all hosts on that subnet

The concept of a private address is similar to that of a private extension in an office phone system. Someone who wants to call an individual in a company would dial the company’s public phone number, through which all employees can be reached. Once connected, the caller would enter in the extension number of the person to whom they wished to speak.Private IP addresses are to IP addresses what extension numbers are to phone systems.

Private IP addresses allow network administrators to extend the size of their networks. A network could have one public IP address that all traffic on the Internet sees, and hundreds - or even thousands - of hosts with private IP addresses on the company subnet.

Anyone can use a private IP address on the understanding that all traffic using these addresses must remain local. It would not be possible, for example, to have an email message associated with a private IP address to move across the Internet, but it is quite reasonable to have the same private IP address work well in the company network.

The private IP addresses that you can assign for a private network can be from the following three blocks of the IP address space:
10.0.0.1 to 10.255.255.255: Provides a single Class A network of addresses
172.16.0.1 to 172.31.255.254: Provides 16 contiguous Class B network addresses
192.168.0.1 to 192.168.255.254: Provides up to 216 Class C network addresses

A typical network setup using public and private IP addresses with a subnet mask would look like:

4 - Subnetting

Step 4 - Subnetting and the Subnet Mask

To subnet a network is to create logical divisions of the network. Subnetting, therefore, involves dividing the network into smaller portions called subnets. Subnetting applies to IPaddresses because this is done by borrowing bits from the host portion of the IP address. In a sense, the IP address then has three components - the network part, the subnet part and, finally, the host part.

We create a subnet by logically grabbing the last bit from the network component of the address and using it to determine the number of subnets required. In the following example, a Class C address normally has 24 bits for the network address and eight for the host, but we are going to borrow the left-most bit of the host address and declare it as identifying the subnet.

If the bit is a 0, then that will be one subnet; if the bit is a 1, that would be the second subnet. Of course, with only one borrowed bit we can only have two possible subnets. By the same token, that also reduces the number of hosts we can have on the network to 127 (but actually 125 useable addresses given all zeros and all ones are not recommended addresses), down from 255.

So how can you tell how many bits should be borrowed, or, in other words, how many subnets we want to have on our network?

The answer is with a subnet mask.

Subnet masks sound a lot scarier than they really are. All that a subnet mask does is indicate how many bits are being “borrowed” from the host component of an IP address. If you can’t remember anything about subnetting, remember this concept. It is the foundation of all subnetting.

The reason a subnet mask has this name is that it literally masks out the host bits being borrowed from the host address portion of the IP address.

In the following diagram, there is a subnet mask for a Class C address. The subnet mask is 255.255.255.128 which, when translated into bits, indicates which bits of the host part of the address will be used to determine the subnet number.

Of course, more bits borrowed means fewer individually addressable hosts that can be on the network. Sometimes, all the combinations and permutations can be confusing, so here are some tables of subnet possibilities.

Note that this combination of IP addresses and subnet masks in the charts are written as two separate values, such as Network Address = 205.112.45.60, Mask = 255.255.255.128, or as an IP address with the number of bits indicated as being used for the mask, like 205.112.45.60/25.

Subnet masks work because of the magic of Boolean logic. To best understand how a subnet mask actually does its thing, you must remember that a subnet mask is only relevant when getting to a subnet. In other words, determining what subnet an IP address lives on is the only reason for a subnet mask. It’s devices like routers and switches that make use of subnet masks.

3 - IP Addresses

Step 3 - IP Addresses

The "IP" in IP addresses refers to the Internet Protocol, where protocol is loosely defined as "rules of communication". Imagine using a two-way radio in a police car. Your conversations would probably end with "over" to indicate you are finishing a particular part of the conversation. You might also say "over and out" when you are finished the conversation itself. These are nothing more than the rules of talking over a two-way radio - or the protocol.

So, IP addressing must be understood as part of the rules for conversations over the Internet. But it has grown so popular that it is also used on most any network connected to the Internet, making it safe to say IP addressing is relevant for most networks as well as the Internet.

So what is an IP address? Technically, it is the means whereby an entity on a network can be addressed. It is made up solely of numbers, and these numbers are conventionally written in the particular form of XXX.XXX.XXX.XXX, which is referred to as dotted decimal format.

Any one of the numbers between the dots can be between 0 and 255, so example IP addresses include:
205.112.45.60
34.243.44.155

These numbers can also be written in binary form by taking each of the decimal values separated by dots and converting to binary. So a number like 205.112.45.60 could be written as:

11001101.01110000.00101101.00111100

Each of these binary components is referred to as an octet, but this term is not often used in subnetting practice. It does seem to come up in classrooms and books, so know what it is (and then forget about it).

Why is each number limited to 0 to 255? Well, IP addresses are limited to 32 bits in length and the maximum number of combinations of binary numbers you could have in an octet is 256 (mathematically calculated as 28). Hence, the largest IP address you could have would be 255.255.255.255, given that any one octet could be from 0 to 255.

There is one more aspect of an IP address that is important to understand - the concept of a class.

Each IP address belongs to a class of IP addresses depending on the number in the first octet. These classes are:

Notice that the number 127 is not included. That’s because it is used in a special, self reflecting number called a loopback address. Think of this as an address that says, “this is myaddress.” Note that only the first three classes - A, B and C - are used by networkadministrators. These are the commonly used classes. The other two, D and E, are reserved.

You define the class of an IP address by looking at its first octet value, but the structure of an IP address for any one class is different. Each IP address has a network address and a host address. The network part of the address is the common address for any one network, while the host address part is for each individual device on that network. So, if your phone number is 711-612-1234, the area code (711) would be the common, or network, component of the telephone system, while your individual phone number of (612-1234) would be your host address.

The network and host components of class IP addresses are: