SCANNING

 

A number of utilities freely available on the Internet for performing scans. Some of the more common Once you have used VisualRoute or perhaps simply used the traceroute utility and manually looked up information on www.internic.net, you are now ready to move to the next phase in gathering information about a target system. This phase is completed by scanning.

The process of scanning can involve many tools and a variety of techniques. The basic goal of scanning is to identify security host or network. Scanning is best in science, but considered an art by many because a skilled attacker is patient and has a knack for knowing (usually based on experience) precisely where and how to scan target devices.

There are tools are as under:

1.      Nmap (Powerful tool available for Unix or Windows that finds ports and services available via IP)

2.      Hping2 (Powerful Unix-based tool used to gain important information about a network.)

3.      Netcat (Others have quat4ed this application as the “Swiss Army knife” of network utilities)

4.      Ping (available for testing IP connectivity on at most every platform and operating system)

5.      Traceroute (Map out the hops of the network to the target device or system)

Of these, Nmap (“Network Mapper”) is probably the best known and most flexible scanning tool available today. It uses IP packets in a new way to determine which hosts are available on the network. What operating systems are running, and what firewalls are in use. It also provides options for fragmentation; use to decoy IP addresses, spoofing stealth scans and a number of other features. Nmap is the most widely used tool by both cracker and security professionals for the purpose of port scanning and operating system identification. Formerly, this was only a Unix-based utility; however, it has recently been extended for use with Windows systems. If you have access to or will be working on a UNIX system or care to obtain the newer Windows-based Nmap, this is a utility with which you should certainly become familiar.

Network mapping is a process in which you discover information about the topology of the network. This can include gateways, routers and servers. The first step is to sweep for a live system. To find live hosts, hackers ping them by sending ICMP packets. If a system is live, it will send an ICMP echo reply. ICMP messages can be blocked, so an alternative is to send a TCP or UDP packet to a p[rot, such as 80 (http), that is frequently open, and live machines will send a SYN-ACK (acknowledgment) packet in response. Once the live system is known, utilities such traceroute or the others already discussed can pro0vide additional information about network by discovering the paths taken by packets to each host. This provides information about the routers and gateways in the network and general layout of the network.

In following sections, we will examine some methods for performing port scans. Fortunately, there are a number of utilities freely available on the Internet for doing port scanning. We will also discuss network mapping and vulnerability scanning.

FYI: Scanning Utilities
You can find a list of additional URLs for port scanning software in Appendix B of this book. You can also search the Internet using the keywords “port scanning.”

 

Port Scanning

Once the IP address of a target system is known, the next step is port scanning & network scanning, such scanning is the process of sending packets to each port on a target system to see what ports it has open (in the LISTEN state). A system has 65,535 port numbers, with one TCP port and one UDP port for each number. Each port has an affiliate service that may be exploited or vulnerable. Thus, viewing the ports tells you what sort of software is running. If someone has port 80 open , then he or she is probably running a Web server. If you see that all the default ports are open, the discovery probably indicates a network administrator who is not particular security conscious and may have left all default setting on all of his or her systems. Th9is deduction gives you valuable clues as to the kind of target you are examining. In the following section, we will experiment with a few port scanning utilities.

Now that you have a tool to find out which ports are open on the target machine, what can you do with this information? As we already mentioned, an open port can tell you a great deal about a system. We briefly reviewed a number of well-known ports. This lidt was not exhaustive, but the list should give you an idea. The following list well-known ports.

·         www.networkssorcery.com/protocol/ip/ports00000.html

·         www.iana.org/assignments/port-numbers

·         www.techadvice.com/tech/T/TCP_well_known_ports.htm

Using this information about well-known ports, you should be able to tell whether a system is using NetBIOS because such a system will have ports 137, 138 & 139 open. If a system is running an SQL server, then it may have port 118 open. This information can then be used by a hacker to begin to explore possible flaws or vulnerabilities in the service running on a given port number. Therefore, this information is quit important from a security perspective. If you are scanning your own machine and see ports that are open (once that you do not use), then close them. All firewalls give you the option of blocking ports. That function is necessary purpose of any firewall. A basic rule of thumb in security is that any port that you are not actively using should be blocked.

FYI: SQL Server
Generically, an SQL server is any database management system (DBMS) that can respond to queries from client machines formatted in the SQL language

 NetBrute

Some port scanners do more than just scan open ports; some even give you extra information. One such product is NetBrue form RawLogic. Located at www.rawlogic.com/netbrute/. This one is quite proper with both the security and hacker community. No computer security professionals should be without this item in their tool chest. This utility will give open ports, as well as other vital information in future. Once you install and launch NetBrue, you will see a screen such as the one depicted.

We will concentrate on the NetBrute lab first. You can elect to scan a range of IP address (per feet for network administrators assessing the vulnerability of their own systems), or you can choose to target an individual IP. When you are done, it will show you all the shared drives on the computer.

With the PortScan tab, you can find ports. It works exactly like the first tab except that, instead of giving you a list of shared folder/drives, it gives you a list of open ports. That way, with NetBrute, you get a port scanner and a shared folder scanner. The WebBrute tab gives the permission to you to scan your required targeted Web site and obtain information similar to what you would get from Netcraft. This scan gives you information such as the target system’s operating system and Webserver software. Shared folders and drives are important for security because they provide a possible way for hackers to gain access to the system. If a hacker can gain access to this shared folder, it can use this area to upload Trojan horses, viruses, key loggers, or other devices.

Cerberus Internet Scanner

Perhaps one of the most popular scanning utilities is the Cerberus Internet Scanner (a number of download locations are listed in Appendix B). this tool is very simple in use as well as informative for us.

From this screen, you can click the button on the far left that has an icon of a house or you can go to “File” and select “Host”. Then key the URL or IP address of the machine you want to scan. Click the "S" button or go to "File" and select "Start Scan". Cerberus will then scan that machine and give you back wealth of information. You can see all the various categories of information that you r4eceive.

For review the report click on the third button. A Hypertext Markup Language (html) will launch by the reprot (thus the document is easy to save for future reference) with links to each category.

One of the most interesting parts to review, especially for the security administrator, is the NT Registry Report. This report will examine the Window Registry and information you of any security flaws found there and how to correct them.

This list shows specific Windows registry settings, why those settings aren't particularly secure, and what you can do to keep them safe. For obvious reasons, this tool very popular with hackers. Cerberus can provide a comprehensive map of all potential vulnerabilities of the system, including, but not limited to, shared drives, insecure registry settings, running services, and known bugs in the operating system.

All of those tools (and others we have not examined) have one thing in common: They provide information to anyone who wants it. Information is a powerful weapon, but it is also a double-edged sword. Any information is network administrator can use to secure his network; a cracker can also use to break into the network. It is imperative that all network administrators be comfort with the virus scanning tools that are available. It is a good idea to make a routine habit of scanning your own system to search for vulnerabilities – and then close these vulnerabilities.

Port Scanner for UNIX: SATAN

UNIX administrator for years (as well as hackers) is SATAN. This tool is not some evil supernatural being, but an acronym for Security Administrator tool for analyzing networks.  It can be downloading for free from any number of Web sites. Many of those sites are listed at www.fish.com/satan/mirrors.html. This tool is strictly for Unix and will not work in Windows. For that reason, we will not be discussing it here, but it is important that you be aware of it. If you inte3nd to work with Unix or Linux, you should definitely get this utility.

Vulnerability Scanning

In addition to the utilities and scanners we have already discussed, another essential type of tool for any attacker or defender is vulnerability scanner. A vulnerability scanner, or security scanner, will remotely audit a network and determine whether someone (“or something, such as worm) may break into it or misuse it in some way. These tools allow the attacker to connect to a target system and check for such vulnerabilities as configuration errors, default configuration setting that allow attackers access, and the most recently reported system vulnerabilities. As with port scanners, there3 are both commercial as well as free open-source versions of vulnerability scanners. We will discuss two vulnerability scanners here, but there are many others available.

SAINT

SAINT is a network vulnerability assessment scanner that takes a preventatives approach to securing computer networks. It scans is system and finds security weaknesses. It prioritizes critical vulnerabilities in the network and recommends safeguards for your data. SAINT gives you benefits in several ways:

·         Prioritized vulnerabilities let you focus your resources on the most critical security issues.

·         Fast assessment results help you identify problems quickly.

·         Highly configurable scans increase the efficiency of your network security program.

NetBrute

Some port scanners do more than just scan open ports; some even give you extra information. One such product is NetBrue form RawLogic. Located at www.rawlogic.com/netbrute/. This one is quite proper with both the security and hacker community. No computer security professionals should be without this item in their tool chest. This utility will give open ports, as well as other vital information in future. Once you install and launch NetBrue, you will see a screen such as the one depicted.

We will concentrate on the NetBrute lab first. You can elect to scan a range of IP address (per feet for network administrators assessing the vulnerability of their own systems), or you can choose to target an individual IP. When you are done, it will show you all the shared drives on the computer.

With the PortScan tab, you can find ports. It works exactly like the first tab except that, instead of giving you a list of shared folder/drives, it gives you a list of open ports. That way, with NetBrute, you get a port scanner and a shared folder scanner. The WebBrute tab gives the permission to you to scan your required targeted Web site and obtain information similar to what you would get from Netcraft. This scan gives you information such as the target system’s operating system and Webserver software. Shared folders and drives are important for security because they provide a possible way for hackers to gain access to the system. If a hacker can gain access to this shared folder, it can use this area to upload Trojan horses, viruses, key loggers, or other devices.

Cerberus Internet Scanner

Perhaps one of the most popular scanning utilities is the Cerberus Internet Scanner (a number of download locations are listed in Appendix B). this tool is very simple in use as well as informative for us.

From this screen, you can click the button on the far left that has an icon of a house or you can go to “File” and select “Host”. Then key the URL or IP address of the machine you want to scan. Click the "S" button or go to "File" and select "Start Scan". Cerberus will then scan that machine and give you back wealth of information. You can see all the various categories of information that you r4eceive.

For review the report click on the third button. A Hypertext Markup Language (html) will launch by the reprot (thus the document is easy to save for future reference) with links to each category.

One of the most interesting parts to review, especially for the security administrator, is the NT Registry Report. This report will examine the Window Registry and information you of any security flaws found there and how to correct them.

This list shows specific Windows registry settings, why those settings aren't particularly secure, and what you can do to keep them safe. For obvious reasons, this tool very popular with hackers. Cerberus can provide a comprehensive map of all potential vulnerabilities of the system, including, but not limited to, shared drives, insecure registry settings, running services, and known bugs in the operating system.

All of those tools (and others we have not examined) have one thing in common: They provide information to anyone who wants it. Information is a powerful weapon, but it is also a double-edged sword. Any information is network administrator can use to secure his network; a cracker can also use to break into the network. It is imperative that all network administrators be comfort with the virus scanning tools that are available. It is a good idea to make a routine habit of scanning your own system to search for vulnerabilities – and then close these vulnerabilities.

Port Scanner for UNIX: SATAN

UNIX administrator for years (as well as hackers) is SATAN. This tool is not some evil supernatural being, but an acronym for Security Administrator tool for analyzing networks.  It can be downloading for free from any number of Web sites. Many of those sites are listed at www.fish.com/satan/mirrors.html. This tool is strictly for Unix and will not work in Windows. For that reason, we will not be discussing it here, but it is important that you be aware of it. If you inte3nd to work with Unix or Linux, you should definitely get this utility.

Vulnerability Scanning

In addition to the utilities and scanners we have already discussed, another essential type of tool for any attacker or defender is vulnerability scanner. A vulnerability scanner, or security scanner, will remotely audit a network and determine whether someone (“or something, such as worm) may break into it or misuse it in some way. These tools allow the attacker to connect to a target system and check for such vulnerabilities as configuration errors, default configuration setting that allow attackers access, and the most recently reported system vulnerabilities. As with port scanners, there3 are both commercial as well as free open-source versions of vulnerability scanners. We will discuss two vulnerability scanners here, but there are many others available.

SAINT

SAINT is a network vulnerability assessment scanner that takes a preventatives approach to securing computer networks. It scans is system and finds security weaknesses. It prioritizes critical vulnerabilities in the network and recommends safeguards for your data. SAINT gives you benefits in several ways:

·         Prioritized vulnerabilities let you focus your resources on the most critical security issues.

·         Fast assessment results help you identify problems quickly.

·         Highly configurable scans increase the efficiency of your network security program.

    Nessus

Nessus, or the “Nessus Project” as it is also known, is another extremely powerful network scanner. It is one of the most up-to-date and easy-to-use remote security scanners currently available. It has fast, reliable and modular architecture that allows you to customize it to your needs. Works on systems such as Ness Unix (Mac OS X, Free BSD, Linux, Solaris and more) also has a Windows version called NeWT.

Additionally, Nessus includes a variety of plug-ins that can be enabled depending on the type of security checks you want to perform. These plugins work cooperatively with each test specifying what is needed to proceed with the test. For example, if a specific test requires a remote FTP server and a previous test shows that none exists, it will not be tested. Not performing futile test speeds up the scanning process. This plug-ins is updated daily and is available from the Nessus Web site.

The output from Nessus scan of a system is incredibly detailed & there are multiple formats available for the reports. These reports give information about security holes, warnings & notes. Nessus does not attempt to fix any security holes that it finds. It simply reports them and gives suggestions on how to make the vulnerable system more secure.

ASSESSING A TARGET SYSTEM

Introduction

Ultimately, every hacker wishes to compromise a target system and gain access to that system, this goal is the same for any hacker, regardless of the hacker’s “hat” (his or her ideology or motivation). Before a hacker can attempt to compromise a target system, he must know a great deal about the target system. There are a number of network utilities, Web site & programs that a hacker can use to find out about a target system. Learning these methods will help us for two reasons. First you should know exactly what tools crackers have at their disposal to assess your system’s vulnerabilities. Second, many security-savvy network administrators will frequently use these tools to assess their own systems. Another term for assessing your own systems. Another term for assessing your own system (or a client’s) is auditing. When hacker or cracker is examining a potential target system, this assessment is called footprinting. If you can find vulnerabilities. You have the chance to fix them before someone else exploits.

Recall the discussion of the rather tedious process hackers have to use in order to enter a target system. The first stage of this process is learning about the system. It is important to know about the operating system, any software running on it, what security measures are in effect and as much about the network as possible. This legwork is like a bank "template" before attempting a hooligan crime. The thief needs to know all about alarm systems, work schedules and guards. It is necessary for the hacker, who enters into the system. The hacker’s first step is to gather information about that system. To assess you own system, therefore, needs to be your first step also.

Basic Reconnaissance

On any system, you must first start finding out some general information. This task – commonly referred to as reconnaissance – is particularly easy with Web server. A Web server, by definition, must communicates with Web clients. That activity means that a certain amount of information is easily accessible in the public domain. In the past, security managers had to use some rather arcane – looking commands from either a command prompt or a Linux / Unix shell to gather this information. But today, you can get the information in just a few simple steps by using some readily available utilities. These tools are used by both security managers as well as crackers.

The ways in which information is obtained by a cracker can vary greatly. Although there are many tools available, the ways listed below are the most likely initial reconnaissance methods used for Windows platforms:

v  Nslookup

v  Whois

v  ARIN (This is available via any Internet browser client.)

v  Web-based tools (Hundreds if not thousands of sites offer various reconnaissance tools.)

v  Target Web site (The client’s Web site often reveals too much information.)

v  Social engineering (People are an organization’s greatest asset as well as their greatest risk.)

In the following section, we will explore a few of the many Web based tool available for obtaining basic information on a target system.

 

Netcraft

The first step on our journey is the Netcraft Web site. This Web site gathers information about Web servers – information that you can use in assessing a target system. It provides an online utility that will tell you what Web server software it is running, what operating system it is using and other important and interesting information.

1.      Open your browser and key www.netcraft.com

2.      Click the link titled “What’s that site running,” which is found on the left side of the page.

3.      Key www.chuckeasttom.com into the “What’s that site running?”

4.      Press Enter. You will find a great deal of important information.

You can see that server is running the FreeBSD operating system a Unix variant. You can also look the machine’s IP address. This step is your first in learning about the target system. In many cases, with other addresses, you would also find out what Web server the target system is running. You can then scan the Internet looking for any known flaws with either the operating system or the Web server software. This step gives you a starting place to find out about the system and what weaknesses you might be able to exploit. In this case, you would simply go to your favorite search engine (Google, Yahoo, Lycos and so forth) and key in something such as “FreeBSd security flaws.” You will surprise that how many Web sites will provide you the drawback of the system. Some sites even have step-by-step instruction on how to exploit these weaknesses.

The fact that this information is so readily available should be enough to alarm any system administrator. As software developers are known from drawbacks of their software, they usually correct their code, known as patches or updates. If you are not regularly updating your system’s then you are leaving your system for external virus attacks.

Besides strengths and weaknesses of that software, sometimes just knowing the operating system and the Web server software is enough information in and of itself. i.e. if a target system is running Windows NT 4.0, what would this fact tell a hacker? Because Microsoft has long ago released Windows 2000, Windows XP and Window 2003 Server, the hacker can deduce that this target system does not frequently update its software. This could denote a company that is on a very tight budget or one that simply is not particularly computer – savvy. In either case, this lack of updating software means that this system probably doesn’t employ the latest security devices and techniques.

 

Tracing the IP Address

The nest piece of information you will want concerns the various connections between you and the target system. When you visit a Web site, the packets bouncing back and forth between you and the target site do not take a direct route from you to there. They usually bounce around the Internet, going through various Internet service providers and routers. The obvious way to obtain this information is to use the traceroute or tracert utility. You can then write down the IP address of each step in the journey. Howeve, this task can be very tedious. An easier process is offered through the Visualware Inc. Web site. Visualware offers some very interesting products, along with free online Web demos. These products automate network utilities, such as tracert and who is, in a rich graphical interface. I find Visualware’s product, VisualRoute, to be particularly useful and remarkably easy to employ.

Using IP Registration Information

The information gained with these utilities can be used in a variety of ways i.e. you can take the e-mail address of the administrator and do a Google “groups” search for that address. Google now provides a gateway, via its “groups” tab, to Usenet newsgroups. These groups are basically global bulletin boards where people can engage in discussion on a wide range of topics. Network administrators sometime post questions in specific newsgroups hoping to get advice from the colleagues. If the network administrator of the target system has posted, he or she may have given away more information about her network than is wise. In one case, a network administrator usually posted a link to a diagram showing his entire network, the server, IP addresses, type of firewall and so on. This information could have been easily exploited.

That is not to say that administrators must avoid using the Internet as an information source. That is certainly not the case. But when administrators do use newsgroups, they should not use their real name, their company’s name, or any information that might facilitate tracking them back to their company. In this way, information that they discuss about their forms network can not readily to apply.

Social Engineering

One of the most common applications for using the information gained from reconnaissance work is social engineering. Social engineering is a non-technical way of intruding on a system.  This can range from dumpster diving to trying to get employee to unwittingly compromise the system.

When dumpster diving, some typing to obtain information will go through trash cans or dumpsters looking for garbage that contains information such as a IP address, password or even a map of the network. This technique can be very messy, but also quite effective.

The most common tactic is to try to get an authorized user of a system to give you her password. This task may sound impossible, but it is actually quite easy. For example, if a hacker has discovered the name of the system administrator and knows that the company is rather large with a big Information Technology (IT) department, she can use this name to her advantage. Assume a scenario in which a hacker finds out that the network administrator for a certain firm is named Jan Smith. She can get Jan’s office location, e-mail address and phone number from Internic or from using VisualRoute software. She can now call a remote office and speak to a secretary. The pan could work extremely well if that secretary (let’s call him Eric) is new to the company. The hacker tells Eric that she is a new intern working for John Smith and that John has instructed her to check all the PCs to ensure that they have proper virus – scanning software. The hacker name and password, so could Eric please give these to her? It is amazing how often the person will indeed give a username and password to a caller. With this information, the hacker does not need to use any technical skills at all. She can simply use Eric’s legitimate username and password and log on to the target system.

Note that such as all the employees of an organization must be knew about computer security same in that scheme. No matter how secure your system is or how much time and money you invest in security, it is all for naught if your empolyees are easily duped into compromising security.

There are entire volumes written on social engineering. As with all topics, the goal is acquaint you with the basics, not to make you master of any of the topics. The following links may be interest.

Ø  www.securityfocus.com/egi-bin/sfonline/infocus.pl?id=1527

Ø  www.cybercrime.net/Property/Hacking/social%20Engineering/SocialEngineering.html

Ø  www.sans.org/rr/catindex.php?cat_id=51

UTILITIES

 

Basic Network Utilities

You will use information and technique that are base in part, on certain techniques anyone can perform on his machine. There are network utilities that you can execute from a command prompt (windows) or from a shell (Unix/Linux). Many readers are already familiar with Windows, so the text’s discussion will execute the commands and discuss them from the Windows command-prompt perspective. We must stress that all the operating systems have these utilities. In this section, you will read about IPConfig, ping & tracert utilities.

IPConfig

When beginning to su7dy networks, the first thing, you will want to do is to get information about your own system. To accomplish this fact-finding mission, you will need to get t a command prompt. In Windows XP or Windows 2000, you can open the command prompt by performing the following steps:

1.      Open the Start menu.

2.      Select Run.

3.      In the dialog box that open, type cmd and click OK

4.      Type ipconfig. (you could input the same command in Unix or Linux by typing in ifconfig once inside the shell.)

5.      Press the Enter key. You should see something that command prompt will be open on your system screen.

This command gives you information about your connection. Important thing is that you have received your own IP address. The IP address has default gate way, which creates your connection with other world. IPConfig command is a first step to configure your network system. Most of the commands that this text will mention, including IPConfig, have several parameters, or flags, that can be assigned to commands to treat the computer in a certain way. You can find out what these commands are by typing in the command, followed by space and then typing in hyphen question marks.

There are number of options you might use to find out different details about your system configuration. The moist commonly used method would probably be the IPConfig/all.

Ping

Another commonly used command is ping. We can use Ping to a test packet, or echo packet, that we can know the performance of packet. Ping is used in earlier hacking technique.

You that a 32 byte echo packet was send to the destination and returned. The ttl item means “time to live”. That time unit is how many intermediate measures, or hops, the packet should take to the destination before giving up. Reminder that the Internet is a vast conglomerate of interconnected networks. You packet probably will not go straight to its destination, but will have to take several hops to get there. Can you type in ping As with IPConfig - ? You can refine your ping to find out various ways.

Tracert

The final command we will examine is tracert. This command is basically a “ping deluxe”. Tracert not only tells you whether the packet got to its destination and how long it took, but also tells you all the intermediate hops it took to get there. This utility will very useful to you in future. Illustrates a tracert to www.yahoo.com. This same command can be executed in Linus or Unix, but there it is called “traceroute” rather than “tracert”.

With tracert, you can see the IP address of each intermediate step listed and how long it took to get to that step. Knowing the steps required to reach a destination can be very important, as you will find.

Certainly, there are other utilities that can be of use to you when working with network communication. However, these are three basic utilities which are examined by us. IPConfig, ping, tracert are absolutely essential for a  network administrator and you should commit them to memory.

 

Other Network Devices

There are other devices involved in networking that work to protect your computer from the outside world. Some of these devise I was briefly mention in previous articles. We will now review a  few of them in more detail. The two most common devices in this category are the firewall and the proxy server. Basically firewall is a main barrier between your network and the rest of the Internet. A personal computer (PC) can be used as a firewall or in many cases; a special router can function as a firewall. Firewalls, which can be hardware, software or a combination of both, use different techniques to protect your network, but the most common strategy is packet filtering. In a packet-filtering firewall, each incoming packet is examined. Only those packets which are match with your criteria. (Generally, only those packets are allowed, which are used special protocol). Many operating systems, such as Windows XP and many Linus distributions, include basic packet-filtering software with the operating system.

The second common type defensive in proxy server, a proxy server will almost always be another computer. We can use a computer as proxy server as well as firewall. Proxy server is a way through which you can connect with other world. A proxy server hides your entire network from the outside world. Those people who trying hack your system they can see a proxy server cannot be seen your system. When packets leave your network, their headers are changed so that the packets contain the return address of the proxy server. In contrast, the only way to access the outside world is through a proxy server. Proxy server with firewall is basic network security. It would frankly be negligent to ever run a network that did not have a firewall and proxy server.

HOW INTERNET WORKS

Now that you have a basic idea of how computer communicate with each other over a network, it is time to discuss how the Internet works. The Internet is essentially just a large number of networks connected to each other. So, the Internet works just like your local network. This is sent as data packets using the protocol. These different networks are not connected to the main transmission lines called backbones. The points where backbones connect to each other are called Network Access Points (NAP). You may use an Internet Service Provider (ISP) when you are logged in to the Internet. That ISP has connection either to the Internet backbone or to yet another provider that has a backbone. Thus, logging on to the Internet is a process of connecting your computer to your ISP’s network, which is, in turn, connected to one of the backbone on the Internet.

 IP Address

With tens of thousands of millions of individual computers networking and sending data and data, a probability problem arises. The problem then is to ensure that the data packets go to the right computer. This task is accomplished in much that same way as traditional letter mail is delivered to the right person: via an address. With network communication, this address is a special one, referred to as an IP address. An IP address is an address used to uniquely identify a device a device on an IP network. The address consists of four 3 digit numbers separated by period (an example would be 107, 22, 99, 198.) Each of the three-digit numbers must be betw4en 0 & 255. This rule stems from the fact that IP addresses are actually four binary numbers: you just see them in decimal format. Recall that a byte is eight bits (1s & 0s), & and an eight-bit binary number converted to decimal format will be.

 

IN PRACTICE: Converting Binary Numbers

For those readers not familiar with converting binary numbers to decimal, there are several methods. We will discuss one methods here. You should be aware that the computer will do this for you in case of IP addresses, but some readers may wish to know how this is done. While there are many methods, perhaps the simplest is: Divide repeatedly by 2, Using “remainders” than decimal places, until you get down to 1. For example, convert decimal 31 to binary: 31/2     = 15     Remainder 1 15/2     = 7       Remainder 1 7/2       = 3       Remainder 1 3/2       = 1       Remainder 1 1/2       = 0       Remainder 1 Now read the remainders from bottom to top: the binary equivalent is 00011111. (Note that you complete the octet by filling in the leading spaces with “0”s to make an 8 bit numeral). While you can step through the math to convert a decimal number to a binary number, you may find it easier to use a converter. There are many converters available on the Internet that can be found by searching for the keywords “binary converter”.

Public versus Private

IP addresses come in two groups: public & private. Public IP addresses are for those computers, which connected with Internet. Two public IP addresses can be the same. However, a private IP address, such as one on a private company network, only has to be unique within that network. Within an isolated network, you can assign random IP addresses as long as each one is unique. It does not matter whether other computers throughout the world have the same IP address because this computer is never connected to those other worldwide computers. However, making a copy requires using a registered IP address (called Internet address) to avoid connecting to a private network for the Internet. Often, network administrators use private IP addresses that begin with a 10 such as 10, 102, 230, and 17.

It should also be pointed out that an ISP will often buy a pool of public IP addresses and assign them to you when you log on. Therefore, an ISP might own 100 public IP addresses and have 10,000 customers. Not all 10,000 customers will be online at the same time, because the ISP only gives one customer and IP address when he and the ISP are logged on When the customer logs IP address unassigns.

 Classes

The address of a computer tells you a great deal about that computer. The first byte (or first decimal number) in an address tells you to what class of network that machine belongs. Summarizes the five network classes.

Four numbers of an IP address that are used in different ways to identify a particular network and host on the network. There are four regional Internet registries (ARIN, RIPE, NCC, LACNIC, APNIC) that assign Internet addresses from the A, B & C classes.

These five classes of networking will become more important later in this book (or you should decide to study networking at a deeper level). You will probably discover that limit IP 127.

 

Class	IP Range for the First Byte	Use
A	0 - 126	Extremely large networks. All Classes. A network IP addresses have been used and none are left
B	128 – 191	Large corporate and government networks. All Class B network IP addresses have been used
C	192 – 223	The most common group of IP addresses. It is Class C IP address of ISP.
D	224 – 247	These are reserved for multicasting. Note: Multicasting is transmitting the same data to multiple (but not all) destinations.
E	248 – 255	Reserved for experimental use.

was not listed. It is forgotten because the limit is specific to the test. The IP address of 127.0.0.1 destinates the machine, on which you are working, regardless of the machine’s assigned IP address. This address is called a loopback address. That address will be used often in testing your machine & NIC.

 

Availability of Addresses

If you do the math, you will find that our current addressing method means there are a total of over 4.2 million possible IP addresses. That seems like a very large number but, in reality; the number of unassigned Internet addresses is running out. You should not be concerned, however, as methods are already in place to extend the use of addresses. The new addressing system will be a classless scheme called CIDR (Classless Inter – Domain Routing), & it is tied to the replacement of IP V4 with IP V6.

The entire discussion of IP addresses up to this point is based on IP V4 (version 4.0), the current standard. IP V6 (version 6.0), however, is likely t be implemented in future. Rather than 32 – bit addresses (four 8 – bit number), the IP V6 uses 128 – bit addresses. IP V6 is configured for backward compatibility, which means that to use the new IP V6, there will fortunately not be a need to change ever IP address in the world. Keep in mind that, when we discuss the packet structure of an IP packet, we are talking about both the IP V4 & IP V6 packets. In comparison IP V4 packet, IP V6 packets have longer header segments and the header is structured a little differently.

With CIDR, a single IP address can be used to designate many different and unique IP addresses. In contrast to an IP address, a CIDR IP address ends with a slash followed by a number, called the IP network prefix. An example of a CIDR IP address is 156.201.10.10/12. The IP network prefix specifies how many addresses are covered by the CIDR address. Lower numbers specify more addresses. In other hands to providing more addresses within organization, CIDR addresses also reduce the size of routing table.

 Subnet

A subnet is a portion of a network that shares a particular subnet address (a common address component). Subnets of all devices on a TCP / IP network that IIP addresses are the same as the previous one. For example, all devices with an IP address that starts with 200.200.200. Would be part of the same subnet. It is useful for network security as well as its performance that we divide the network into sub networks. Sub-netting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, the host address is reserved to identification the particular subnet. IP networks are divided using a subnet mask.

 Subnet Mask

As we discussed earlier, an IP address is made up of 32 binary bits. These bits can be divided into two components: the network address and the host address. A subnet mask is a 32 – bit combination used to describe which portion of an address refer to the subnet (network) and which part refers to the host. This mask is used to determine what subnet an IP address belongs to. For example, in the IP address 185.201.20.2 (assuming this is part of a Class B network), the first two numbers (185.201) represent the Class B network address, and the second two numbers (20.2) identify a particular host on this network.

Uniform Resource Locators

After you connect to your ISP you will, of course, want to visit some Websites. You probably type name into your browser’s address bar rather than IP addresses. i.e., you might type in www.chuckeasttom.com to go my Website. Your computer or your ISP must translate the name you typed (caked a Uniform Resource Locator (URL) into an IP address. The DNS protocol handles this translation process. You type a name, which has meant by human, but your computer is using a finding specific IP address to connect. Packet 80 is sent by your browser. If that target computer has software that listens and responds to such request (like Web server software such as Apache or Microsoft Internet Information Server), then the request of your browser is excepted and communication will continue. This method is how Web pages are viewed.

If you have ever received an Error 404: File Not Found message, what you are seeing is that your browser received back a packet (from the Web server) with error code 404, denoting that Web page you requested could not be found. The error message by web server you will receive on your web browser to point out your mistakes.  Many of these problems can be handled by the browser itself and you never see the error message. All error messages in the 400 series are client error. This term means that something is wrong on your side, not the Web server. Messages in the 500 series are server errors, which mean that there is a problem on the Web server. Massages of 100-series are only informative; 200-series messages indicate success; 300-series messages are re-directional, meaning the Web page you are moved and your browser is directed to the new location.

E-mail works the same way as visiting Web sites. Your e-mail client (the software you use to manage your e-mail account) will seek out the address of your e-mail server. Your e-mail client will then use either POP3 to retrieve your incoming e-mail or SMTP to send your outgoing e-mail. Your e-mail server (probably at your ISP or company) will then try to resolve the address you are sending to. If you send something to chuckeasttom@yohoo.com , your e-mail server at yahoo.com; your server will then send your e-mail there. Not that there are newer e-mail protocol available, but POP3 is still the most commonly used.