Wednesday, January 02, 2002
Cat 235 Infrastructure
Course Study
·
Win’s
·
DNS
·
DHCP
·
Routing
General Info
·
Daily Journal= 1 token
·
Labs=2 tokens
·
Submit a passing Exam or 10
quizzes= 1 token
Topics
·
TCP/IP is 32 bit
·
Are we almost out of addresses?
·
When we run out of addresses we
will go to IPv 6= 128 bit addressing scheme
·
There are four octets in a IP
address
·
Addressing is done in base 2 =
binary or hexadecimal
·
Decimal is base 10 numbering
system
·
We are skipping 8 quads to 128
bit addressing scheme
·
128 will be backward compatible
with 32 bit addressing scheme
·
The computer can only read in 1s
and 0s
Overview: I have given 4 hours of study to this course today.
January 4., 2002 this date runs with January 3rd, as we studied binary and
hexadecimal for 2 days
Class Addresses
·
Class A = 1- 126= first octet
·
Class B = 128-191 = second octet
·
Class C = 192-223 = third octet
The IP Address and Classes
Hosts and networks
IP addressing is based on the
concept of hosts and networks. A host is essentially anything on
the network that is capable of receiving and transmitting IP packets on the
network, such as a workstation or a router. It is not to be confused with a
server: servers and client workstations are all IP hosts.
The hosts are connected
together by one or more networks. The IP address of any host consists of
its network address plus its own host address on the network. IP addressing,
unlike, say, IPX addressing, uses one address containing both network and host
address. How much of the address is used for the network portion and how much
for the host portion varies from network to network.
IP addressing
An IP address is 32 bits wide,
and as discussed, it is composed of two parts: the network number, and
the host number [1, 2, 3]. By convention, it is expressed as four decimal
numbers separated by periods, such as "200.1.2.3" representing the
decimal value of each of the four bytes. Valid addresses thus range from 0.0.0.0
to 255.255.255.255, a total of about 4.3 billion addresses. The first few bits
of the address indicate the Class that the address belongs to:
Class Prefix Network Number Host Number
A 0 Bits 0-7 Bits 8-31
B 10 Bits 1-15 Bits 16-31
C 110 Bits 2-24 Bits 25-31
D 1110 N/A
E 1111 N/A
The bits are labeled in network order, so that the first bit is bit 0 and the last is bit 31, reading from left to right.
Class D addresses are multicast, and Class E are reserved. The range of network numbers and host
numbers may then be derived:
Class Range of Net Numbers Range of Host Numbers
A 0 to 126 0.0.1 to 255.255.254
B 128.0 to 191.255 0.1 to 255.254
C 192.0.0 to 254.255.255 1 to 254
Any address starting with 127 is
a loop back address and should never be used for addressing outside the host. A
host number of all binary 1's indicates a directed broadcast over the specific
network. For example, 200.1.2.255 would indicate a broadcast over the 200.1.2
network. If the host number is 0, it indicates "this host". If the
network number is 0, it indicates "this network" [2]. All the reserved
bits and reserved addresses severely reduce the available IP addresses from the
4.3 billion theoretical maximum. Most users connected to the Internet will be
assigned addresses within Class C, as space is becoming very limited. This is
the primary reason for the development of IPv6, which will have 128 bits of
address space.
Additional internet information
Basic IP Routing
Classed IP Addressing and the Use of
ARP
Consider a small internal TCP/IP
network consisting of one Ethernet segment and three nodes. The IP network
number of this Ethernet segment is 200.1.2. The host numbers for A, B, and C are
1, 2, and 3 respectively. These are Class C addresses, and therefore allow for
up to 254 nodes on this network segment.
Each of these nodes have
corresponding Ethernet addresses, which are six bytes long. They are normally
written in hexadecimal form separated by dashes (02-FE-87-4A-8C-A9 for example).
In the diagram above and
subsequent diagrams, we have emphasized the network number portion of the IP
address by showing it in red.
Suppose that A wanted to send a
packet to C for the first time, and that it knows C's IP address. To send this
packet over Ethernet, A would need to know C's Ethernet address. The Address
Resolution Protocol (ARP) is used for the dynamic discovery of these
addresses [1].
ARP keeps an internal table of IP
address and corresponding Ethernet address. When A attempts to send the IP
packet destined to C, the ARP module does a lookup in its table on C's IP
address and will discover no entry. ARP will then broadcast a special request
packet over the Ethernet segment, which all nodes will receive. If the receiving
node has the specified IP address, which in this case is C, it will return its
Ethernet address in a reply packet back to A. Once A receives this reply packet,
it updates its table and uses the Ethernet address to direct A's packet to C.
ARP table entries may be stored statically in some cases, or it keeps entries in
its table until they are "stale" in which case they are flushed.
Consider now two separate
Ethernet networks that are joined by a PC, C, acting as an IP router (for
instance, if you have two Ethernet segments on your server).
Device C is acting as a router
between these two networks. A router is a device that chooses different paths
for the network packets, based on the addressing of the IP frame it is handling.
Different routes connect to different networks. The router will have more than
one address as each route is part of a different network.
Since there are two separate
Ethernet segments, each network has its own Class C network number. This is
necessary because the router must know which network interface to use to reach a
specific node, and each interface is assigned a network number. If A wants to
send a packet to E, it must first send it to C who can then forward the packet
to E. This is accomplished by having A use C's Ethernet address, but E's IP
address. C will receive a packet destined to E and will then forward it using
E's Ethernet address. These Ethernet addresses are obtained using ARP as
described earlier.
If E was assigned the same
network number as A, 200.1.2, A would then try to reach E in the same way it
reached C in the previous example - by sending an ARP request and hoping for a
reply. However, because E is on a different physical wire, it will never see the
ARP request and so the packet cannot be delivered. By specifying that E is on a
different network, the IP module in A will know that E cannot be reached without
having it forwarded by some node on the same network as A.
Direct vs. Indirect Routing
Direct routing was observed in
the first example when A communicated with C. It is also used in the last
example for A to communicate with B. If the packet does not need to be
forwarded, i.e. both the source and destination addresses have the same network
number, direct routing is used.
Indirect routing is used when
the network numbers of the source and destination do not match. This is the
case where the packet must be forwarded by a node that knows how to reach the
destination (a router).
In the last example, A wanted to
send a packet to E. For A to know how to reach E, it must be given routing
information that tells it who to send the packet to in order to reach E. This
special node is the "gateway" or router between the two networks. A
Unix-style method for adding a routing entry to A is
route add [destination_ip] [gateway] [metric]
Where the metric value is the
number of hops to the destination. In this case,
route add 200.1.3.3 200.1.2.3 1
will tell A to use C as the
gateway to reach E. Similarly, for E to reach A,
route add 200.1.2.1 200.1.3.10 1
will be used to tell E to use C
as the gateway to reach A. It is necessary that C have two IP addresses - one
for each network interface. This way, A knows from C's IP address that it is on
its own network, and similarly for E. Within C, the routing module will know
from the network number of each interface which one to use for forwarding IP
packets.
In most cases it will not be
necessary to manually add this routing entry. It would normally be sufficient to
set up C as the default gateway for all other nodes on both networks. The
default gateway is the IP address of the machine to send all packets to that are
not destined to a node on the directly-connected network. The routing table in
the default gateway will be set up to forward the packets properly, which will
be discussed in detail later.
Static
vs. Dynamic Routing
Static routing is performed using
a preconfigured routing table which remains in effect indefinitely, unless it is
changed manually by the user. This is the most basic form of routing, and it
usually requires that all machines have statically configured addresses, and
definitely requires that all machines remain on their respective networks.
Otherwise, the user must manually alter the routing tables on one or more
machines to reflect the change in network topology or addressing. Usually at
least one static entry exists for the network interface, and is normally created
automatically when the interface is configured.
Dynamic routing uses special
routing information protocols to automatically update the routing table with
routes known by peer routers. These protocols are grouped according to whether
they are Interior Gateway Protocols (IGPs) or Exterior Gateway Protocols.
Interior gateway protocols are used to distribute routing information inside of
an Autonomous System (AS). An AS is a set of routers inside the domain
administered by one authority. Examples of interior gateway protocols are OSPF
and RIP. Exterior gateway protocols are used for inter-AS routing, so that each
AS may be aware of how to reach others throughout the Internet. Examples of
exterior gateway protocols are EGP and BGP. See RFC 1716 [11] for more
information on IP router operations.
Each class has a default subnet Mask
The first octet is sub netted is a 8 bit subnet
mask all the 0s are on
Class C the first 3 octets are sub-netted, by default the address is
255.255.255.0
The first octet is the network ID
·
/8 = 8 bit subnet mask
·
/16 = 16 bit subnet mask
·
/24 = 24 bit subnet mask
Anding
Anding is the process in which a PC finds the
result of binary #s
Anding is the process where it is decided what is
a network address and what is the host address then provides results
·
0+1= 0
·
0+0= 0
·
1+0= 0
·
1+1= 1
The address 134.39.10.180 /16 has 16 bits set at
1= 11111111.11111111= 2555.255.0.0
The numbered are network IDs, and the 0s are the
host IDs
Vocabulary
·
Wins= Windows Internet Naming
Service= The server that runs WINS and is used to resolve NetBios names to IP
addresses
·
DNS= Domain Name System
·
DHCP= Dynamic Host Configuration
Protocol
·
ROUTING= Moves packets between
networks. Routers provide internet-work connectivity.
·
Nat
Overview: 3 hours spent on this class
today
Monday, January 07, 2002
Cat 235 Infrastructure
Formatting
Objectives
·
3 partitions
·
Naming conventions
·
IP addressing scheme
·
Windows Server 2000 boot = 4 gigs
·
Another Windows Server 2000 boot =4 gigs
·
Windows Professional 2000 = 4 gigs
Pick a team mate:
Ginnie is Computer #1
IP addresses:
·
Professional: 192.168.1.65
·
Server: 192.168.1.66
Computer Names are:
Professional: T092kpro1
Server: ( cat 235) T092kdc01
Server ( cat 245)
Cindy Computer # 2
IP addresses:
·
Professional: 192.168.1.68
·
Server: 192.168.1.67
Computer Names
Professional: T0925pro2
Server (cat 235) T092kdc02
Server
(cat245) Addc18
What was accomplished Today:
Server was successfully
installed. I need to put another Server 2000 on the 2nd partition. I
already have Windows Professional 2000 installed. All that needs to be done
tomorrow is to install another Windows Server 2000 on my last partition.
Overview: I have given 4 hours of study to this class today
January 8,
2002
Assignment
Show
steps:
1. Your
computer has to pass packets
2.
FTP:\134.39.10.180
Not going to
work? Why Not?
3. Assign a
static IP address to nic card > additional IP
4>FTP:\\
134.39.10.180
Route Print
11111111.00000000.00000000.00000000
Ginnie’s IP Address= Pro 192.168.1.65 = 11000000.10101000.00000001.10000001
255.255.255.255=
11111111.11111111.11111111.11111111
192.168.1.65
11000000.10101000.00000001.10000001
Anding
244.0.0.0+ 192.168.1.65=
11110100.00000000.00000000.00000000
11000000.00000000.00000000.00000000
Anding=11000000.00000000.00000000.00000000
255.255.255.255 =
11111111.11111111.11111111.11111111
+ 11000000.10101000.00000001.10000001
11000000.10101000.00000001.10000001=
192.168.1.256
255.255.255.255
11111111.11111111.11111111.11111111
11000000.10101000.00000001.10000001
11000000.10101000.00000001.10000001=
192.168.1.256
255.255.255.248.
11111111.11111111.11111111.1111000
11000000.10101000.00000001.10000001
11000000.10101000.00000001.10000000=192.168.1.255
Overview: I got as far as how to figure out how to match the IP numbers for sub
netting and the Anding Process, I will continue this tedious process tomorrow. I
also finished installing Windows Server on my drive. I have one more Server boot
to install.
More calculators at the web sites below
http://www.chattanooga.net/techsupport/ipcalc/IPAddress.htm
http://www.allredroster.com/iptodec.htm
http://jodies.de/ipcalc
Subnetting tutorial
http://www.ralphb.net/IPSubnet/
Overview: I have given 3 1/2 hours to this study today.
January 9,
2001
Cat 235
Terminal
Services: managing a computer from a seperate location, as long as you have the
appropriate credentials.
·
R-click my
computer
·
Properties
·
Users
·
Select User
·
Terminal Services
Create a
Cleint:
Start >
Programs > Create Client for Terminal Services
Advanced
Server
DataCenter
Server
Multiprocess
Cluster
How
computer's and their environments have progressed:
·
mainframe with
terminals connected to it
·
moved to the PC
and processed ourselves
·
moving back to
hierarchial where a higher powered computer runs most of the processing.
what will
slow you down:
·
# of hard-drives
·
amount of memory
·
# of servers
Multi-tasking:
Difference between 16-bit and 32-bit; preemptive vs. cooperative
preemptive;
ability to operate seperate applications without shutting other apps down.
Allows the processors to be shared, so if one app. closes the others stay
up without crashing.
FQDN:
fully qualified domain name
SMMP:
simple managment protocol
System MIB:
Binding:
In TCP/IP
properties:
·
Click Advanced
·
Click Add...
·
Type new address
Name
Resolution:
If you
ping a FQDN, DNS server will assign an IP address
Where do
you get MAC address? sending out a broadcast and asking for it.
Configure hard drive to have:
-
Server
- Server 4gigs
- Professional
Teams:
- 16
teams: 1-8 are morning 9-16 are afternoon
- Each
team has a set of private IP addresses; 192, 168.
Internet recognizes 192 to be a network.
- We
will have very specific naming conventions
- Each
team will be isolated
Objectives:
- to
get three partitions installed
- follow
naming conventions
- follow
the IP addressing conventions
What’s going to happen: there will be a change that each
team will have a hub.
What we did: Cindy and Ginnie are Team #9.
I had to install one more Server, and she installed both of her
Server’s. We have specific naming
conventions and IP addresses;
Ginnie (computer1):
IP addresses:
Professional: 192.168.1.65
Server: 192.168.1.66
Names:
Professional: T092kpro1
Server (cat235): T092kdc01
Server (cat245): Addc17
Cindy (computer 2):
IP addresses:
Professional: 192.168.1.68
Server: 192.168.1.67
Names:
Professional: T0925pro2
Server (235): T092kdc02
Server (245): Addc18
Overview: 3 1/2 hours spent on this
class today
January 14, 2002
Subject
TCP/IP]
Arp-layer 3, internet layer
Leading bit- the leading
bit is the first octect and so on
Broadcast is FFFFFFFF
Dora
D-discovery
O-offer
R -request
A-acknowledgment
Commands
·
ipconfig/all
·
ip registerdns
·
ipconfig
·
traceroute
·
Firewall-ipsec
Rcf792
http://www.faqs.org/rfcs/rfc1925.html
This Request for Comments (RFC) provides information about the
fundamental truths underlying all networking. These truths apply to
networking in general, and are not limited to TCP/IP, the Internet,
or any other subset of the networking community.
2. The Fundamental Truths
(1) It Has To Work.
(2) No matter how hard you push and no matter what the priority,
you can't increase the speed of light.
(2a) (corollary). No matter how hard you try, you can't make a
baby in much less than 9 months. Trying to speed this up
*might* make it slower, but it won't make it happen any
quicker.
(3) With sufficient thrust, pigs fly just fine. However, this is
not necessarily a good idea. It is hard to be sure where they
are going to land, and it could be dangerous sitting under them
as they fly overhead.
(4) Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network.
(5) It is always possible to aglutenate multiple separate problems
into a single complex interdependent solution. In most cases
this is a bad idea.
(6) It is easier to move a problem around (for example, by moving
the problem to a different part of the overall network
architecture) than it is to solve it.
(6a) (corollary). It is always possible to add another level of
indirection.
(7) It is always something
(7a) (corollary). Good, Fast, Cheap: Pick any two (you can't
have all three).
(8) It is more complicated than you think.
(9) For all resources, whatever it is, you need more.
(9a) (corollary) Every networking problem always takes longer to
solve than it seems like it should.
(10) One size never fits all.
(11) Every old idea will be proposed again with a different name and
a different presentation, regardless of whether it works.
(11a) (corollary). See rule 6a.
(12) In protocol design, perfection has been reached not when there
is nothing left to add, but when there is nothing left to take
away.
Security Considerations
This RFC raises no security issues. However, security protocols are
subject to the fundamental networking truths.
IPX-SPX-8 bit address
Host files live in Winnt\system32\drivers\ect
Overview: I have given 4 hours to this study today
January 15, 2002
Labs today: create a domain controller in our teams; using
DCPromo.
How to install a DHCP service on our computers:
Go to:
- Control
Panel > Add/Remove Programs
- Add/Remove
Windows Components
- Scroll
to Networking Services
- Click
Details…
- Select
Dynamic Host Configuration Protocol
- OK
Exercise:
IP config /release
IP config /all to verify address was released
IP config /renew; after Steve removed the router, so this
didn’t really work.
Route Print to view the changes to the route table.
IP config /release
IP config /renew-works now because Steve put the router back
DHCP: Address Pool on Steve’s computer: 10.15-10.170
Route add + IP: to bypass the router that was removed.
NetBios name resolved natively: through a broadcast
*Imagine: 254 nodes on the network, and we need to know a
NetBios name; this would slow the network down, because the broadcast would be
sent to everybody until the name was resolved.
WINS: windows internet name service; the new service to
resolve NetBios names without broadcasting.
Example: Coffee cup, marker and pen are tied together with a
string, and are “nodes”. For
these objects to talk they must have a common language; which would be TCP/IP
and they would also need a unique IP address.
If another comes up without the same subnet, they will not be able to
talk, even though they are physically connected. To get them all to talk to each
other: put them on the same subnet, use a router, or use IPX/SPX.
Five Operations master roles
a domain controller takes on:
1.
PDC emulator:
2.
Infastructure master
3.
Directory services restore mode
4.
Domain naming master
5.
Schema Master
Could
also add: DHCP service, WINS server, FTP, terminal services, WWW,
IP address;134.39.10.210
MSCenter.msnetwork.local
Domain Controllers
MSCenter2
Steve’s; 134.39.10.180
AMServer
Domain Controllers
MSTech
Cindy’s;134.39.10.182
PMServer
Pm.fall.msnetwork.local
Domain
Iceburg.pm.fall.msnetwork.local
(child)
We can all see each other, because we’re “one big happy subnet”
Forest/Trees
in the Domain
Taking a look at the teams: Physical/Logical connectivity
|
Team
#9
|
IP
address
|
Host
ID
|
|
Cindy
& Ginnie
|
192.168.1.65
|
255.255.255.248
|
11111000 (248)
01000001 (65)
01000000 = 64, which makes network ID 192.168.1.64 (after
anding the both IP’s). This
team, like all the other teams, is on its own network.
*Network number is just one less then the first IP’s
“Stealing Bits”: 255.255.255, there are 8 bits available
for hosts that you would “steal”/use.
28 – 2 = 254
23 – 2 = 6
In each domain that you create, you will be getting
your IP addresses authorized by the domain controller, as long as those IP’s
are within the domain controllers grasp to dish out.
Overview: 3 hours spent on
this class today
Janurary 17, 2002
Today:
Looking
at the history of LAN; ?started of with about 4 PC's.
Take
a look at the handout.
Activities:
Open up Network
Neighborhood; check things out.
Disable netBios over
TCP/IP: TCP/IP advanced..properties, WINS, disable.
nbtstat
check
out network
IPconfig/all > Node
type: to find out which node type you are.
To
change: edit registry.
DNS:
Active Directory used this to perform all of its communication and directory
services.
Windows 2000:
relies on directory services
Directory:
Is dyanamic, has a hierarchy, it has an organized method to keep track of the
obects (printers, O.S., users, comptuers, etc..)
Browser:
Can keep track of computers, printers, shares, etc..
Service services:
reports changes to server.
QNX:
16th character: in O.S. is
used for identifying services, domains, workgroups.
Two Most common services
in an NT environment: server,
workstation
Messenger Service:
net send
When servers talk to
servers, they used replication.
To jump from one segment
to the other, you must have WINS installed.
Before
WINS; LM hosts files did the resolving.
Can use One of these:
B-node
0x2: Broadcast node; it means that a computer that wants to talk to another
computer broadcasts the machines name to request the IP address.
Once that compouter respondes, you can send something.
If it doesn't respond, you cannot send anything.
P-node Ox4:
Peer-to-Peer; you look to the WINS server to request the computer's address you
want to send to, and the WINS server figures it out.
This way you are not broadcasting, just talking between yourself, WINS,
and responding computer.
M-node Ox6:
Mixed; You broadcast first, check WINS server 2nd.
H-node Ox8:
hybrid; checks the WINS server first, then broadcasts (if Wins doesn't come
through).
Overview: 3 hours spent
on this class today
January 22, 2002
The Primary purpose of DHCP:
Is to obtain
IP addresses. DHCP assigns so many addresses to the DNS server in blocks. The
DNS makes a request to the DHCP server for IP addresses. The request is answered
by issuing so many addresses. The addresses must be unique. Why is this
done, so the networks can access outside their network to the Internet by
assigning dynamic addresses. This reduces the administrative load.
How is this done, by determining what class the IP address is. Dora
means to discover –send info, the offer is made, the request is met, this is
acknowledged and registered. This is configured by
- 1.Manually
configure options on client
- 2.TCIP
properties
- 3.skip
to
- 4
and 5, scope and server options, in the DHCP snap in.
Scope Options:
·
Can give them a router
·
Name servers
·
DNS servers/IP address
·
Host name
·
Winns /NBT
·
Routers
·
Node type
Scope Options/Server Options
The Client Options:
Wins the
options over scope options. If you don’t set anything at the scope, everyone
inherits server level options, which is at the bottom of the list.
Client Options is to give them something special, must know
the clients Mac address, do an ARP –a to obtain the information. Mark the Mac
address in dos and copy it to a new reservation for the client. The range of
addresses must be in the scope that you have. Paste in the Mac address then add
it, click O.K. It reservation automatically inherits the router, DNS server and,
name server. Server options are last on the list. If there are no scope options,
then server options rule.
Gave the wrong node type:
- 0x1
is broadcast type
- 0x2
is p-node
- 0x3
is h- node
The icons show where lease was configured what kind of
server it is.
Leases. Where you would find out if the lease has run out
or not. Under scope options under properties is where you would set the
length of time. Reservations hold your unique ID number, which is your Mac
address. Vendor /user class
options.
Ipconfig /setclassid
“local area connection” engineer
Vender class or you have set up your own server class.
Certain clients under the vender class have options, which are Microsoft
options/vender options for windows for 2000 and Microsoft options for windows
98. One of the questions you would be asked on the MCSE questions. Should know
how to configure scope options.
Overview: Quiz on chapter #3 on DHCP. I have entered
7 hours to this course study today.
3 1/2 hours spent on class today
1/28/2002
Purpose of
Journal: Is to see where you were a year ago. To look back at the progress you
have made.
Sties and
Services: In reality one would not
see very many domain controllers.
Administrative
Tools: Users and computers, the domain you are logged on to is the domain you
are the member of. You may log onto another domain if you go to users and
computers in active directory and browse the domains.
A
enterprise administrator is able a access any domain, he is all powerful.
Overview:
I spent 4 hours today on this class
01/30/02
Joining a Domain
Success in joining Todds Domain!
C:\>
nslookup
Default Server: t102kdco1.t012kclass02.org
Address: 192.168.1.78
This is the result we wanted
C:\>nslookup
*** Can't find server name for address 192.168.1.78: No
response from server
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.78
Connected Enabled again to Todds domain
C:\>nslookup
Default Server: t102kd
Address: 192.168.1.78
Overview:
Today I gave 4 hrs to this class
03/11/2003
General Topics:
Labs
- Quiz
- Study Quiz Questions
- Work within the objective
Overview: I had to get a new hard drive today, I installed one server
partition and will install another tomorrow. I also install Nortons and video
drivers.
3 1/2 hours spent on class today
Wednesday,
January 30, 2002
Cat
235
Steve
Snyder
Once
upon a time:
In
the early days of pcs there wre a couple of geeks that got together. They
wondered how to make units talk to each other? They came up with Ethernet.
Nic was needed. Each nic needed a mac address (media access control)
which is a broadcast. Ethernet is a broadcast based network. We relied on net
bios names. We needed a protocol which we call netbios (BetBeui) (extended user
interface), which means we have extended the us of the pc to the outside of the
pc. All messages are broadcast, if it is not addressed to you, it passes it on,
unless it’s destined for you. Each group has it’s own unique mac address.
The networking of pcs became so popular that they became over crowded.
The network became slow, so what did we do? We segmented the network.
This kept everyone happy J.
There’s a problem, we are using a netbeui protocol. We needed a bridge, it
lets you get from point a to point b. I lets you keep track of the mac
addresses. Now we are pretty happyJ.
Local area lans. Hark, what do we hear of the call of, it’s the internet. We
hear the call of the cloud. Email, shopping, recourses, there is everything you
want on the internet.L
Wrong protocal, you can’t go to the internet with netbeui. We need a layer 3
device a network layer. Data is where mr. Bridge lives. Mr. Bridge can take mac
addresses and move things from one segment to another. We need a layer 3 device
for the internet is level 3 in the osi model, where mr. Router lives, mr cisco,
mr. Nortell. Mr routers job is to take an ip address and route it where it is
suppose to go, if it has to go outside, send it there. We still need netbios!
Our intire operating system, the nos is based on netbios. We need to get from
segment to segment using netbios. Netbios /tcp is what we use now. We have an
operating system based on all kinds of services we register. We register our own
server service. We need to register our workstation service. We have to register
our own browser service. The programmers has made a proprietary codes for our
pcs. Programmers have coded all these services. They write programs on a modular
basis, they write to a common architecture.
Sooo, we have a broadcast based network that’s been jerry rigged to
work. Run= Nbtstat –n (netbios/tcp stastics) a report of the services that are
running on your machine. The names of the services that you have registered on
your network. We are happy campers we can get out to the internet J.
We can communicate with everyone as long as we know the ip addresses, but what
if we don’t know the addressesL.
Hope you can find it, heheee L.
We’ll create a file called the lmhost file (netbios name and ip address,
domain name). We’ll put a current valid lmhost file of each pc. So our
networks continued to grow, the responsible people for the lmhost files stated
going nuts. Sooo, they build a service that dynamically updates netbios services
and ip addresses, cool! Lets name in wins (
windows
internet name service). Now we have a perfected wan, right? Point win server
from segment to segment based on ip address, and so on. The perfect local area
network that can go outside J.
One problem, we can get out, but people from the internet can’t find us, why
because of netbios names. We need to be found by our dns names (map host names
to ip addresses). DNs is not a dynamic deal, it was static, not a pretty sight!
Microsoft took a look and said, we have problems, a real problem!, If we are
going ot live in a world that has to deal with all these name, we must redo the
operating system. Let’s build the whole thing and base it on dns, one minor
little problem, put out a whole new operating system, what about those using
older operating systems. So, a new operation system was build, which had
backward compatibility. We not only moved on with the new, but made the old work
with the new, into a new wayJ.
WE now have a gooey interface which makes it pretty and easier to use J.
We want to turn our networks into native mode, (turn of netbios/tcp. Now
we need everyone to upgrade to administer this rollover, old fashion to new
resolutions. So the moral of the story is, we’ve come along way baby J.
Netbios
is a flat naming scheme. Dns is hierarchy rather than a flat naming system,
which is based on a structure.
We
need dns, to communicate with the outside world.
- Resolves
names:
- Host
files
- Dns
server
- Wins
server
- Broadcast
- Lmhostfiles
Wins
server setup: wins allows resolution to take place on a non broadcast.
- Networking
services
- Windows
internet services
- o.k.
- Programs
- administrative
tools
- wins
- Windows
internet naming service
- netbios
names or ip address
134.39.10.180
to configure your wins in TCP/IP settings.
Network
Monitor:
Overview:
I spent 4 hours today on this subject.
Monday, February 04, 2002
Cat 235
Troubleshooting
DNS
Lback = go to run command and enter LDP
LDP: Examines the lback connection. =
run command a console comes up, which is a gooey interface. Gives
information about a particular server.
Replmon: = run command. Diagnostics that center around
replication
http://134.39.10.180./troubleshooting.htm
DSA: =
directory systems agent
Diagnosing and trouble shooting active directory
problems. The first thing to check is cabling, then event viewer
Net helpmsg = to look up error codes> run net
helpmsg code.
Netdiag = gives all the test options.
Specifically, the Netdiag tool tests the following:
·
·
Ndis -
Netcard queries test
·
·
IpConfig -
IP config test
·
·
Member -
Domain membership test
·
·
NetBT
Transports - NetBT transports test
·
·
Autonet -
Automatic Private IP Addressing (APIPA) address test
·
·
IpLoopBk -
IP loopback ping test
·
·
DefGw -
Default gateway test
·
·
NbtNm -
NetBT name test
·
·
WINS - WINS
service test
·
·
Winsock -
Winsock test
·
·
DNS - DNS
test
·
·
Browser -
Redir and Browser test
·
·
DsGetDc -
DC discovery test
·
·
DcList - DC
list test
·
·
Trust -
Trust relationship test
·
·
Kerberos -
Kerberos test
·
·
Ldap - LDAP
test
·
·
Route -
Routing table test
·
·
Netstat -
Netstat information test
·
·
Bindings -
Bindings test
·
·
WAN - WAN
configuration test
·
·
Modem -
Modem diagnostics test
·
·
NetWare -
NetWare test
·
·
IPX - IPX
test
Run netdiag.exe at the command prompt and scan through the
output, looking for words like "FATAL."
For more information about the Netdiag tool, see Windows
2000 Support Tools. You may choose a specific test if you know what you need to
apply fixes to. Look for words like fatal. Run some of the baselines for your
troubleshooting.
Can
troubleshoot Network monitor in which you need the full version that sells
through Microsoft as a separate package.
Run Ipconfig displaydns
D:\DOCUME~1\CBENNETT>ipconfig
displaydns
Windows
2000 IP Configuration
Error:
Unrecognized command line argument "displaydns"
USAGE:
ipconfig [/? | /all | /release [adapter] | /renew [adapter]
| /flushdns | /registerdns
| /showclassid adapter
| /setclassid adapter [classidtoset] ]
adapter Full
name or pattern with '*' and '?' to 'match',
* matches any character, ? matches one character.
Options
/? Display
this help message.
/all
Display full configuration information.
/release
Release the IP address for the specified adapter.
/renew
Renew the IP address for the specified adapter.
/flushdns
Purges the DNS Resolver cache.
/registerdns
Refreshes all DHCP leases and re-registers DNS names
/displaydns
Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies
the dhcp class id.
The
default is to display only the IP address, subnet mask and
default
gateway for each adapter bound to TCP/IP.
For
Release and Renew, if no adapter name is specified, then the IP address
leases
for all adapters bound to TCP/IP will be released or renewed.
For
SetClassID, if no class id is specified, then the classid is removed.
Examples:
> ipconfig ...
Show information.
> ipconfig /all
... Show detailed information
> ipconfig /renew
... renew all adapaters
> ipconfig /renew EL*
... renew adapters named EL....
> ipconfig /release *ELINK?21*
... release all matching adapters,
eg. ELINK-21, myELELINKi21adapter.
Run Netlogin
gives you all the information you need to configure and all about your system,
use this as a baseline
Rpc
sever in unavailable? What does this mean?
There is no replication.
Nslookup: Another
trouble shooting method
Test Tomorrow!
3 1/2 hours spent on class today
Thursday, January 31,
2002
Wins
:
how we
used to resolve names is in the lmhost files ( winnt\system32\drivers\ect
We do not
have to use dns unless we want to use active directory. We can get by with a
wins server.
TCP/IP
protocals: Wins tab,
add or remove wins servers, can enable lmhost files there. Lmhost files are
static, wins is not static.
Broadcast
don't pass from segment to segment.
Name
resolutions could be in the form of a lmhost file.nbtstat-R-R release in wins,
Purges the remote cache name.
ping
win2000as: Looks for
local host name, then local host files, then to dns server, then wins server,
then braodcast on this segment, then lmhost file. This is called mixed mode and
backward compatibility. The most efficient way to do this is with a wins
service.
We would
not have to have name resolution if we could just store ip addresses, but the
computer doesn't work like that.
TCP/IP
properties to congigure wins
134.39.10.2000
no lmhost file
nbtstat -n
is a report of names and services of wins database.
Can point
all clients to ip address on all segments. or wins servers on different segment,
which is a push or pull replication, push is pushing to another segment, pull is
pulling from another segment.
Have to
set up a replication partner, then schedule how it's going to take place.
When there
is connection you should be able to ping win2000as.
run,
ipconfig/all, shows you if you are registered in the database, who is your
primary wins server is. what mode you are in as in hybrid , broadcast or peer to
peer and mixed mode.
Wins
settings
Replication
partner, new replication, thne win2000as, properies, push or pull, then
advanced, by default replication is usually every 30 minutes.
Can
resolve IPs with
wins server, lmhost files, broadcast.
If you are
using terminal services it does the last thing your did, dont' restart the
comuter.
Test on
chapter #4 questions are up on 134.39.10.180/dns.htm
I donated 3 hours to class today
Tuesday,
February 05, 2002
Steve
Snyder cat 135
LDP:
Port 389 is the port that LDP
uses.
The
account your is Iuser_name of the account.
Netdiag
is a utility the can troubleshoot many test on your computer, such as Indus
test network device specification. Wind
sock test, domain controller discovery, ldaptest,
modem test, ip security, plus this utility does many more test. This
does not do a port test, so one would want to add this to your
trouble-shooting list of things to do. Netdiag should be one of the first
things your do if you are having network problems.
The
results you want to see is: Active Directory has replicated.
If
all these test pass, this is a good time to back up your system.
Netdaig
/?
Netdiag
dns shows
you’re your dns settings and what might be wrong
Netdiag
/test:dns tells
you if your dns has passed or not. Gives valid test you may run.
Always
check your event viewer for warnings, information and errors to troubleshoot
your network.
Run
replmon: shows your who your are replicating with and when
the last replication took place.
You
may force replication in sites and services in Active Directory. The tool
replmon shows the replication topology. Active Directory Replicate Monitor or
sites and service click on any one of the domain controllers.
Nslookup
139.34.10.180 Gives network that Steve is on amserver.fall.msnetwork.local
The
good side of dns integrated is a double edge sword, it effects both sides. You
may change your integrated to standard primary.
Protocols
The Ethernet protocol is by far the most widely used.
Ethernet uses an access method called CSMA/CD (Carrier Sense Multiple
Access/Collision Detection). This is a system where each computer listens to
the cable before sending anything through the network. If the network is
clear, the computer will transmit. If some other node is already transmitting
on the cable, the computer will wait and try again when the line is clear.
Sometimes, two computers attempt to transmit at the same instant. When this
happens a collision occurs. Each computer then backs off and waits a random
amount of time before attempting to retransmit. With this access method, it is
normal to have collisions. However, the delay caused by collisions and
retransmitting is very small and does not normally effect the speed of
transmission on the network.
The Ethernet protocol allows for linear bus, star, or
tree topologies. Data can be transmitted over twisted pair, coaxial, or fiber
optic cable at a speed of 10 Mbps.
To allow for an increased speed of transmission, the
Ethernet protocol has developed a new standard that supports 100 Mbps. This is
commonly called Fast Ethernet. Fast Ethernet requires the use of different,
more expensive network concentrators/hubs and network interface cards. In
addition, category 5 twisted pair or fiber optic cable is necessary.
LocalTalk is a network protocol that was developed by
Apple Computer, Inc. for Macintosh computers. The method used by LocalTalk is
called CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). It is
similar to CSMA/CD except that a computer signals its intent to transmit
before it actually does so. LocalTalk adapters and special twisted pair cable
can be used to connect a series of computers through the serial port. The
Macintosh operating system allows the establishment of a peer-to-peer network
without the need for additional software. With the addition of the server
version of AppleShare software, a client/server network can be established.
The LocalTalk protocol allows for linear bus, star, or
tree topologies using twisted pair cable. A primary disadvantage of LocalTalk
is speed. Its speed of transmission is only 230 Kbps.
The Token Ring protocol was developed by IBM in the
mid-1980s. The access method used involves token-passing. In Token Ring, the
computers are connected so that the signal travels around the network from one
computer to another in a logical ring. A single electronic token moves around
the ring from one computer to the next. If a computer does not have
information to transmit, it simply passes the token on to the next
workstation. If a computer wishes to transmit and receives an empty token, it
attaches data to the token. The token then proceeds around the ring until it
comes to the computer for which the data is meant. At this point, the data is
captured by the receiving computer. The Token Ring protocol requires a
star-wired ring using twisted pair or fiber optic cable. It can operate at
transmission speeds of 4 Mbps or 16 Mbps. Due to the increasing popularity of
Ethernet, the use of Token Ring in school environments has decreased.
Fiber Distributed Data Interface (FDDI) is a network
protocol that is used primarily to interconnect two or more local area
networks, often over large distances. The access method used by FDDI involves
token-passing. FDDI uses a dual ring physical topology. Transmission normally
occurs on one of the rings; however, if a break occurs, the system keeps
information moving by automatically using portions of the second ring to
create a new complete ring. A major advantage of FDDI is speed. It operates
over fiber optic cable at 100 Mbps.
Overview: 3 hours spent on this class today
Thursday, February 07, 2002
Cat 235
Steve Snyder
We are known as the isolated group at Peninsula College.
When our students would create domains you would have a lot of domain
controllers popping up, so they thought it would be best to isolate the cisco
block. The address is 134.39.10.1-254. Some of these addresses are reserved
for printers, routers, dhcp scope, and domain controllers. There is no way to
send packets to the other side of the college, unless by magic J.
Will, yesterday one of these packets flew through air and landed on our
segment. Was s magic? No, some of our ip addresses were being dished out to
the other segment. Long story
short, a physical connection was being made to the other side. One port was
connected to their port. They didn’t realize they were connecting two
segments togetherJ.
Oops.
Remote
Access:
- DHCP
addresses and leases
- Address
Pool
- Reservations
- Scope
Options
- Server
Options
nslookup lwixpinstructor.wetc.ctc.edu
134.39.10.21
Remote access requires additional addresses or you can
plug them in manually or get them from your dhcp server. When you run remote access you initially get a block of ten
addresses, you may request additional addresses if you need them.
You can give yourself more than one address.
Remote access is like your personal html site with
restrictions on it, you may add or exclude certain ip numbers.
We just left the 10.180 network, poof! Bye bye uncle
albert.
Can not ping this address anymore.
Make a new connection, to someone who cares J.
One of the easiest away access resources is to enter the
ip address in the run command. Point to point protocol techniques. Connect
using terminal services.
Terminal Services Client is how to connect to any
other machine.
Run enter ip address
Setting, network dial up, make new connection, accept
incoming connections, next, enter ip address. These are the steps on the
clients machine you must configure to have access to another maching.
Go to users and computers find the account, go to
properties, to remote access, and enable dial in access, apply. Go to run
command enter Ip address got connect to the clients computer.
Do tracert of ip address , it’s takes you straight to
the clients computer.
Go to entire network, windows network, open it, this is
what you access to on the clients computer.
Overview:
I spent 3 hours class time
Lab
Time 2 hrs. lab time
Study
Time 2 hrs.
Monday,
February 11, 2002
Ras:
Ras:
allows a clients to come onto your network in secure fashion. Modem DSL
Internet, are some of the ways users can get to your network through ras
Create
a user called afternoon ras, give password, then create 15 other users. Create
a new group, which is a global group, we’ll call it ras group. O.k.. Go to
ras group, then we populate it. We may put in multiple users into this ras
group. The group is a global group. Then launch your remote access. By default
you get 5 possible ppt connections and 5 level two tunnel protocols, we will
change this number to 2 prots. Go
to your ports, click on properties, change the maximum ports to 2.
Go
to routing and remote access policy, right click it, open new policy.
Name this policy, put conditions on it, such as windows group, click
add, search for group called ras group, o.k.. Now everyone in this ras group
gets this policy. Allow remote access, by default there is no dial in
restraints, such as idle for a minute what would you like to do with them,
this is where you set the restrictions. Restrict to Ethernet only is you wish.
Where do they get their ip addresses? This is where one would edit dial-in
properties such as what kind of connection you would have and what kind of
encryption. Am server policies,
configure these properties.
Switch
to Native Mode to Mixed Mode: connect to domain controller
msnetwork.local look at the properties and change mode in general. This cannot
be reversed.
Overview: 3
1/2 hours spent on this class today
Tuesday,
February 12, 2002
Cat
235 Snyder
Scanning
the network: Do not scan 10.1 in the future.
SNMP:
Simple Management Protocol
Community
string: scan is set on public it is possible to get information on a
pertaining to network IP addresses and machines they are assigned to when a
network scan is done.
How
to change administrative tools, services, SNMP services, traps, by default
public is set. If you are a network admin, you should use a trap you know
about. Use any word you would like, this would be your own private word.
This is how you turn off the public trap.
The same goes for a router. IF you take away the trap, it takes out
the public string. When you have you bios enabled you may look at all the
services running on the machine, and who has accounts. This is how one would
get information to get into a computer.
You may access a network with network sniffer.
www.cert.org
this is where you would go to get info on latest alerts, updates,
security, buffer overflows and other information..
Rras:
Disconnect
from the internet first:
Rras:
Configure server to dish out ip addresses, then client needs to set up a
rras server, points it to the sp.
Wednesday,
February 13, 2002
Cat
235 S. Snyder
Overview:
We spent 2 ½ hours on going over the test for Thursday. L
I mean J
Thursday, February 21, 2002
Remote access Protocols:
Point to Point Protocol ( PPP): an industry standard
set of robust and flexible protocols, by far the most common remote access
protocol used today. Most dial-in servers, including RRAS, support PPP,
and it is generally considered the best choice for emote access
situations. Windows 2000 RRAS supports PPP both for dial-out and dial-in
connections.
Serial Line Interface Portocol (SLIP): an older
protocol developed in UNIX and still widely used. Windows 2000 RRAS
supports SLIP in dial-out configurations, but can not use a SLIP client to
dial in to a RRAS server.
RAS Protocol: a proprietary protocol, used only
between microsoft-based networks, that supports the netbios naming
convention. It is required to support netbios naming and is installed by
default when you install the RRAS server.
NetBios Gateway: provided compatibility with older
versions of RAS server that do support networking protocols such as TCP?IP
and NWLink. The NetBios gateway translates data from NetBEUI protocol to
these other protocols
http://www.cert.org/
snmp
is vulnerable and make affect many systems. http://www.cert.org/advisories/
Lab
book for network infrastructure from last year. Thumb through the
objectives to see if you are meeting some of the objectives.
Overview: 3
1/2 hours spent on this class today
Cat
235
Wednesday,
February 20, 2002
Routing:
Direct routing occurs when both the source and destination host are on the
same network segment. Consider a small IP subnet with only three host (A.
B, and C), all wired directly together.
Group
A
Group
B
Group
C
Group
B=Us IPs
Cindy
1.2
Todd
1.4
Ginnie
1.3
Brook
1.6
Default
gateway todd 2nd gateway 1.4
second
gateway
Tuesday, March 11, 2003
Quiz Study
Overview: I donated 2 hours today to this subject.
Wednesday,
February 27, 2002
Cat
235
Sonet
is the acronym for Synchronous Optical Network and is a set of standards
establishing optical interface specifications, signal rates, format
specifications, and operations specifications for synchronous optical
network. Sonet specifies standard multiplexing functions, as well as,
electrical and optical line rates for telecommunications equipment. It will
eventually specify operations, administration, maintenance and provisioning
(OAM&P) communications between telecommunications equipment, providing
end-to-end (OAM&P) functionality through the network even when the
equipment has been built by different equipment manufacturers.
Fiber
optics Uses:
Internet
Cell
phone
Banks
Internet
Fiber
Optics,
branch of optics dealing with the transmission of light through fibers or
thin rods of glass or some other transparent material of high refractive
index. If light is admitted at one end of a fiber, it can travel through the
fiber with very low loss, even if the fiber is curved.
The
principle on which this transmission of light depends is that of total
internal reflection: Light traveling inside the fiber center, or core,
strikes the outside surface at an angle of incidence greater than the
critical angle so that all the light is reflected toward the inside of the
fiber without loss. Thus light can be transmitted over long distances by
being reflected inward thousands of times. In order to avoid losses through
the scattering of light by impurities on the surface of the fiber, the
optical fiber core is clad with a glass layer of much lower refractive
index; the reflections occur at the interface of the glass fiber and the
cladding.
The
simplest application of optical fibers is the transmission of light to
locations otherwise hard to reach, for example, the bore of a dentist's
drill. Also, bundles of several thousand very thin fibers assembled
precisely side by side and optically polished at their ends, can be used to
transmit images. Each point of the image projected on one face of the bundle
is reproduced at the other end of the bundle, reconstituting the image,
which can be observed through a magnifier. Image transmission by optical
fibers is widely used in medical instruments for viewing inside the human
body and for laser surgery, in facsimile systems, in phototypesetting, in
computer graphics, and in many other applications.
Optical
fibers are also being used in a wide variety of sensing devices, ranging
from thermometers to gyroscopes. The potential of their applications in this
field is nearly unlimited, because the light sent through them is sensitive
to many environmental changes, including pressure, sound waves, and strain,
as well as heat and motion. The fibers can be especially useful where
electrical effects could make ordinary wiring useless, less accurate, or
even hazardous. Fibers have also been developed to carry high-power laser
beams for cutting and drilling.
Sonet:
Synchronous sonnet network. It is a Set of standards that allows other
protocols to travel inside it. It also allows different protocols to be on
at the same time.
OC
= Optical Carrier
STS
= Synchronous Transport signal
STM
= Synchronous Transport Mode
VT
= Virtual Tributary
TU
= Tributary Unit
Sonet
Topologies
Sonet
defines equipment generically as network elements (Nes). Sonet Nes include
terminals, regenerators, add/drop multiplexers and digital cross connect
switches.
The
terminal NE is capable of multiplexing a variety of digital or optical
tributaries into a Sonet based optical signal for transmission into the
network. Signal inputs include, but are not limited to DS_N, STS-N, ATM,
B-ISDN, and OC-N optical tributaries. The terminal must maintain all
signals within specified limits, process alarms, and communicate with the
network management systems as well as the NEs it is connected to.
Protection
Switching Definitions:
Line
Switching:
Unidirectional:
Bi-directional:
Revertive:
Non-Revertive
:
Sonet
Rings
Several
different types of sonnet rings exist:
2-fiber
unidirectional path
w\switched rings (UPSR). These rings are switched at DS_3 or STS-1 level.
4-fiber
bi-directional line switched rings )BLSR). These rings
are switched at the high speed or line overhead (LOH) level.
2-fiber
bi-directional line switched rings (BLSR).
Overview: 4
hours spent on this class today
Cat 235 S. Snyder
Thursday, February 28, 2002
http://134.39.17.14/certsrv/
Certificates
1.Get hotmail account
2.Go to verisign to get certificate
3.Install certificate
Have a friend to the exact same thing to get their key
4. Exchange public keys
Whala, now
you can send encrypted messages with you public key so you can decrypt it
with you private key.
Study Guide for this weekend:
http://134.39.10.216/ipsec.htm
Monday, 4th, 2000
We did labs today
ipsec chapter 8
hours donated 3 1/2 hours
Monday, 5th, 2000
ipsec
We caught up on labs today all day ( teacher
absent).
hours spent 4 hours
Thursday March, 8th
We resolved ip addresses and did the anding process
on them :)
Anding: Are we ready to And L
no, I mean yeahh
Do anding for packet addressed to 134.39.10.1
10000110.000100111.00001010.00000001=134.39.10.1
11111111.111111111.11111111.11111111= 255.255.255.255
10000110.000100111.00001010.00000001= 134.39.10.1
10000110.000100111.00001010.00000001=134.39.10.1
11100000.000000000.00000000.00000000 =244.0.0.0
10000000.000000000.00000000.00000000=128.0.0.0
10000110.00010011.00001010.00000001=134.39.10.1
11111111.11111111.11111111.11111111=
255.255.255.255
10000110.00010011.00001010.00000001=134.39.10.1
10000110.00010011.00001010.00000001=134.39.10.1
11111111.11111111.11111111.11111111=
255.255.255.255
10000110.00010011.00001010.00000001=134.39.10.1
10000110.00100111.00001010.00000001=134.39.10.1
11111111.11111111.11111111.00000000=255.255.255.0
10000110.00100111.00001010.00000000=134.39.10.0=Gateway134.39.10.66
Anding for packet address to 192.168.0.2
11000000.10101000.00000000.00000010 =192.168.0.2
11111111.11111111.11111111.11111111=255.255.255.255
11000000.10101000.00000000.00000010=192.168.0.2
11000000.10101000.00000000.00000010 =192.168.0.2
11110100.00000000.00000000.00000000= 124.0.0.0
11000000.00000000.00000000.00000000=224.0.0.0
11000000.10101000.00000000.00000010 =192.168.0.2
11111111.11111111.11111111.11111111 =255.255.255.255
11000000.00000000.00000000.00000000=192.0.0.0
11000000.10101000.00000000.00000010 =192.168.0.2
11111111.11111111.11111111.11111111 =255.255.255.255
11000000.00000000.00000000.00000000=192.0.0.0
11000000.10101000.00000000.00000010 =192.168.0.2
11111111.11111111.11111111.00000000 =255.255.255.0
11000000.00000000.00000000.00000000=192.0.0.0
11000000.10101000.00000000.00000010 =192.168.0.2
11111111.00000000.00000000.00000000 =255.0.0.0
11000000.00000000.00000000.00000000 =192.0.0.0
11000000.10101000.00000000.00000010 =192.168.0.2
00000000.00000000.00000000.00000000 =0.0.0.0
00000000.00000000.00000000.00000000 =0.0.0.0= Default
Gateway 134.39.10.1
Anding for a packet addressed to 134.39.2.118
10000110.000100111.00000010.01110110=134.39.2.118
11111111.111111111.11111111.11111111=255.255.255
10000110.000100111.00001010.00000001=134.39.10.1
10000110.000100111.00001010.00000001=134.39.2.118
11111111.111111111.11111111.11111111=255.255.255
10000110.000100111.00001010.00000001=134.39.10.1
10000110.000100111.00001010.00000001=134.39.2.118
11111111.111111111.11111111.00000000=255.255.255.0
10000110.000100111.00000010.00000000=134.39.2.0
10000110.000100111.00001010.0000001=134.39.2.118
11111111.00000000.00000000.00000000=255.0.0.0
10000110.00000000.00000000.00000000= 134.0.0.0
10000110.000100111.00001010.00000001=134.39.2.118
00000000.00000000.000000000.00000000=0.0.0.0
00000000.00000000.000000000.00000000 =0.0.0.0.
Gateway
134.39.10.1
Anding for a packet addressed to 134.39.2.118
10000110.000100111.00001010.00000001
That was hard! whew!
Overview, 4 hours donated WHEW! .
Monday,
March 11, 2002
Cat
235
How
to configure Nat service in 2000
www.support.micosoft.com
Q310357
300851
ipsec1.htm
nat.htm
cert.htm216
Nat:
network address translation protocol
Nat:
who ever is the server is how good your connection is. If you have a modem
it would be slower than T connection.
Nat
is not an actual protocol. Nat does not use ip, but it is it’s own
routable protocol.
The
only configuration you do with nat is transferred tcp and ip headers.
Additional
Information from internet resources
NAT
Editor API
A
device that runs NAT is a gateway between the Internet and a home network.
In order for the gateway to provide devices on the home network with full
access to the resources of the public network, packets need to move fluidly
across the gateway that runs NAT. A gateway that runs NAT translates
information in packets that move across the gateway, converting an IP
address and port for a device on the home network to an IP address and port
for the public side of the gateway machine. These port mappings allow
devices on the home network to share one public-side IP address.
The
NAT driver is responsible for translating address and port information for
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
traffic. Certain kinds of protocol traffic, however, cannot be translated by
the NAT without further information. Protocols of this type include:
·
Protocols
that involve unsolicited connection requests, or UDP data channels, from the
public network.
·
Protocols
that embed network address or port information in the data stream.
Examples
of protocols that have these characteristics include File Transfer Protocol
(FTP) and Point-to-Point Tunneling Protocol (PPTP). The NAT driver included
in the , Microsoft® Windows® CE operating system handles these two
protocols internally. To handle other protocols that have such
characteristics, Windows CE provides a module that allows OEMs to create a
specialized NAT editor that examines network packets to obtain the
information needed to translate the protocol traffic.
Overview
2 hours to labs today
Cat 235
PKI
Public key infrastructure: PKI:
Proof of who you are and is much better than the shared key. Is also
better than a shared key.
Identity theft:
Public key and private key is a matched set. Send
public keys and keep the private key.
Decrypt with public and decrypt with private.
Certificate of authority: People who hold public and
private keys.
Log rhythm is a way to solve particular problems.
Digitally sign: You use your private key to
digitally sign.
X.509 certificates:
EFS Key: Public and Private Key
2 mmc’s
Certificates management tools: you may
import and export certificates.
Certificates can be acquired in a number of ways.
PKI is a leader in the field by verisign.
Mmc is used at the client level to
manage certificates.
You may also add a certificate of authority.
Once installed you may select the kind of ca you
would like to be. You don not have to be in the active directory to be a
stand alone.
When you set you CA up:
- Name
- Organization
- Organizational
Unit-not ad version
- Email
- CA
description
- Valid
for 2 years
You may use web enrollment
to deliver certificate.
Overview:
3 hours spent on this class today
Thursday, March 14, 2002
Cert of Authority
 1.Host
A
Host B request cert
Cert
Cert
Authority
Authority
2. Host A installs cert, which creates public and private key. Host B
installs Cert creates key
3. Host A: Emails to B,
digital sign contains A’s Public Key. Host B emails A digitally signed,
contains B’s public key
4. Host A email address book
host B + B’s Public key. Host B emails to Host a, digitally signs and
encrypts
Today we’ll:
- Install
certificate services
- Let
instructor know you ip address
- Manage
Cert
- Snap
in
- Client
snap in
Get
comfortable with MMC’s
Overview:
I donated 3 1/2 hours today to this class.
Total Time this quarter is 82 hours
Steve Snyder: A
Job will done, Keep up the good work!
|
Sonet:
Synchronous sonnet network. It is a Set of standards that allows other
protocols to travel inside it. It also allows different protocols to be on at
the same time.
OC
= Optical Carrier
STS
= Synchronous Transport signal
STM
= Synchronous Transport Mode
VT
= Virtual Tributary
TU
= Tributary Unit
Sonet
Topologies
Sonet
defines equipment generically as network elements (Nes). Sonet Nes include
terminals, regenerators, add/drop multiplexers and digital cross connect
switches.
The
terminal NE is capable of multiplexing a variety of digital or optical
tributaries into a Sonet based optical signal for transmission into the
network. Signal inputs include, but are not limited to DS_N, STS-N, ATM,
B-ISDN, and OC-N optical tributaries. The terminal must maintain all signals
within specified limits, process alarms, and communicate with the network
management systems as well as the NEs it is connected to.
Protection
Switching Definitions:
Line
Switching:
Unidirectional:
Bi-directional:
Revertive:
Non-Revertive
:
Sonet
Rings
Several
different types of sonnet rings exist:
2-fiber
unidirectional path w\switched
rings (UPSR). These rings are switched at DS_3 or STS-1 level.
4-fiber
bi-directional line switched rings )BLSR). These rings are
switched at the high speed or line overhead (LOH) level.
2-fiber
bi-directional line switched rings (BLSR).
Cat 235 S. Snyder
Thursday, February 28, 2002
http://134.39.17.14/certsrv/
Certificates
1.Get hotmail account
2.Go to verisign to get certificate
3.Install certificate
Have a friend to the exact same thing to get their key
4. Exchange public keys
Whala, now you
can send encrypted messages with you public key so you can decrypt it with you
private key.
Study Guide for this weekend:
http://134.39.10.216/ipsec.htm
Monday, 4th, 2000
We did labs today
ipsec chapter 8
hours donated 3 1/2 hours
Monday, 5th, 2000
ipsec
We caught up on labs today all day ( teacher absent).
hours spent 4 hours
Sonet:
Synchronous sonnet network. It is a Set of standards that allows other
protocols to travel inside it. It also allows different protocols to be on at
the same time.
OC
= Optical Carrier
STS
= Synchronous Transport signal
STM
= Synchronous Transport Mode
VT
= Virtual Tributary
TU
= Tributary Unit
Sonet
Topologies
Sonet
defines equipment generically as network elements (Nes). Sonet Nes include
terminals, regenerators, add/drop multiplexers and digital cross connect
switches.
The
terminal NE is capable of multiplexing a variety of digital or optical
tributaries into a Sonet based optical signal for transmission into the
network. Signal inputs include, but are not limited to DS_N, STS-N, ATM,
B-ISDN, and OC-N optical tributaries. The terminal must maintain all signals
within specified limits, process alarms, and communicate with the network
management systems as well as the NEs it is connected to.
Protection
Switching Definitions:
Line
Switching:
Unidirectional:
Bi-directional:
Revertive:
Non-Revertive
:
Sonet
Rings
Several
different types of sonnet rings exist:
2-fiber
unidirectional path w\switched
rings (UPSR). These rings are switched at DS_3 or STS-1 level.
4-fiber
bi-directional line switched rings )BLSR). These rings are
switched at the high speed or line overhead (LOH) level.
2-fiber
bi-directional line switched rings (BLSR).
Cat 235 S. Snyder
Thursday, February 28, 2002
http://134.39.17.14/certsrv/
Certificates
1.Get hotmail account
2.Go to verisign to get certificate
3.Install certificate
Have a friend to the exact same thing to get their key
4. Exchange public keys
Whala, now you
can send encrypted messages with you public key so you can decrypt it with you
private key.
Study Guide for this weekend:
http://134.39.10.216/ipsec.htm
Monday, 4th, 2000
We did labs today
ipsec chapter 8
hours donated 3 1/2 hours
Monday, 5th, 2000
ipsec
We caught up on labs today all day ( teacher absent).
![[PNG: 256x192 colored-balls logo]](http://www.libpng.org/pub/png/img_png/pnglogo-blk.jpg)
