Friday 6 January 2012

Configuring The IOS

Using Lines to Configure The IOS: 

Lines identify ports that allow us to connect into, and then configure, Cisco devices. There are three methods (or lines) to configure cisco IOS devices.

1. Console ports: Nearly, every modern Cisco router or switch includes a console port, sometimes labeled on the device simply as con. The console port is generally a RJ-45 connector, and requires a rollover cable to connect to. The opposite side of the rollover cable connects to a PC's serial port using a serial terminal adapter.
             From the PC, software such as HyperTerminal is required to make a connection from the local serial port to the router console port. The following settings are necessary for a successful connection:
  • Bits per second - 9600
  • Data bits - 8
  • Parity -  None
  • Stop bits - 1
  • Flow Control - Hardware
2. Auxiliary port:  The auxiliary port can function similarly to a console port, and can be accessed using a rollover cable. Additionally, auxiliary ports support modem commands, thus providing dial-in access to Cisco Devices.


3. Telnet (VTY) ports:  Telnet, and now SSH, are the most common methods of remote access to routers and switches. The standard edition of the IOS supports up to 5 simultaneous VTY connections. Enterprise editions of the IOS supports up to 255 VTY connections.
                These are two requirements before a router/switch will accept a VTY connection:
a) An IP address must be configured on an interface.
b) Atleast one VTY port must be configured with a password.

Cisco IOS

The Cisco IOS is a command-line interface used by nearly all current Cisco routers and Catalyst switches. The IOS provides the mechanism to configure all layer 2 and layer 3 functions on Cisco devices.
                          The IOS is structured into several modes, which contain sets of commands specific to the function of that mode. Access to a specific mode (and specific commands) is governed by privilege mode.

The following is a representation of the IOS command-line interface, with an example command:

                       Router#show startup-config

Router--------------------> Hostname
# -------------------------> Mode
show ---------------------> Command
startup-config -------------> Argument

Hitting the "enter" key after a command will usually yield output specific to your command.

IOS version Numbers:
  IOS version numbers are formatted as follows:
                                  x.y(z)t
  • "x" designates a major revision number.
  • "y" designates a minor revision number.
  • "z" designates an individual release number.
  •  "t" designates a train identifier
Train Identifiers:
  • "T" or technology train is continously updated with new features and security fixes.
  • "E" or Enterprise train features and a command-set for specific equipment.
  • "S" or Service Provider train contains features and a command-set for specific ISP equipments.
The absence of a train identifier denotes a Mainline release. Security updates are releases for the mainline train, but new functionality is never added to the feature set.
The latest version of the IOS (as of this writing) is 24.4(11)T. To view the IOS version of your Cisco device:
           Router#show version

NOTE:
To practice configuring routers and switches, please download and install any network simulation program. i would recommend Cisco Packet Tracer.



Router Components

Processor: Cisco router has a CPU that execute the IOS (Inter-networking Operating System) commands.
for examples:
700 Series Intel 80386SL
800 Series Motorola PowerQUICC 8xx PowerPC core
1000 Series Motorola Dragonball
1600 Series Motorola Dragonball
2500 Series Motorola 680EC30
3100 Series Motorola 680EX30

ROM Monitor: It is used for manufacturing, testing and troubleshooting. It is a non-volatile memory. It stores bootstrap program.
                    Bootstrap program loads the IOS image for the router with the help of configuration register, this configuration register is a file that decide the boot mode for the IOS image, the register value is a set of 4 hexadecimal digit, the last hexadecimal digit decide the boot up process. The value for the image are:
  • 0*0  - boots the router into ROM monitor mode.
  • 0*1 - boots the router using the mini-IOS.
  • 0*2 - boots the router using the default boot sequence.
 RAM: It holds packet buffer, ARP cache, routing table, software and data structure that allows the router to function. It stores running-config of the router and it also stores decompressed IOS in later router models.

Flash Memory: It is an Electronically Erasable and Re-Programmable memory chip. The Flash memory contains the full Operating System Image (IOS, Internetwork Operating System). This allows you to upgrade the OS without removing chips. Flash memory retains content when router is powered down or restarted.

NVRAM: NVRAM (Non-volatile Random Access Memory) is used to store the startup configuration. This is the configuration file that IOS reads when the router boots up. It is extremely fast memory and retains its content when the router is restarted.

Mini-IOS: The mini-IOS is not present in every router. The mini-IOS components provides an alternative file for the router boot up. It can also perform a few other maintenance operations.

Router Boot Sequence
1. Router is powered on.

2. The bootstrap program (ROMmon) is loaded from ROM.

3. The bootstrap runs POST. 
               POST (Power On Self Test) checks for the basic functionality of router hardware and determines which interface are present or not. The POST is a series of 14 tests that runs in the reverse numerical order.

4. The bootstrap attempts to load the IOS from Flash.
          a) If the IOS is not found in the Flash, the bootstrap loads into RAM the basic IOS stored in ROM
          b) If the IOS is found in Flash, it is loaded into RAM.

5. The IOS attempts to load the startup-config file from NVRAM
          a) If the startup-config is not found in NVRAM, the IOS attempts to load a configuration file from TFTP.
          b) If no TFTP server responds, the router enters Initial Configuration Mode.
          c) If startup-config is found in NVRAM, it is loaded into RAM.

6. The startup-config becomes the running-config in RAM.

Saturday 24 December 2011

Types of Twisted-Pair Cables

1. A straight-through cable is used when devices at the both end, are not similar in nature of it's operation. for example:
                 a)   from host to a hub (or switch)
                 b)   from a router to a hub (or switch)
The wires on each end of a straight-through cable must be identical. The most common straight-through standard is wired as follows:

2. A cross-over cable is used, when connecting "like" devices. for example:
                          a) a host to a host
                          b) a hub to a hub
                          c) a switch to a switch
To make cross-over cable, we must swap pins 1 and 3, and pins 2 and 6 on the one end of the cable. The most common cross-over standard is as follows:
3. A roll-over cable is used to connect a PC into a Cisco Router's console or auxiliary port The pins are completely reversed on one end to make a rollover cable.
Note:  
  1. pins 1, 2 3 and 6 are responsible for transmission of data, rest pins are being used for flow control, congestion control and noise control.
  2. Connector RJ45 is used in twisted pair cables.
RJ45
  3. Roll-over cable is used to configure routers.         

Wednesday 14 December 2011

TCP/IP Utilities

You can use several utilities to verify TCP/IP function on Windows workstations:

Using the arp utility:
  1. Choose Start--->Run and enter cmd to open the MS-DOS Prompt window.
  2. type "arp -a", you'll get.


The arp utility is primarily useful for resolving duplicate IP addresses. For example, your workstation receives its IP address from a DHCP server, but it accidentally receives the same address as another workstation. Your workstation is trying to determine the MAC address, and it can't do so because two machines are reporting that they have the sane IP address. To display the entire current ARP table, use arp command with -a switch.

Using the netstat Utility:
  1. Open MS-DOS Prompt window
  2. enter "netstat /?", it will show all its coll switches and its functions.
'netstat' with switch '-a' is normally used to get a list of open ports on your own system, i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Remember, port numbers over 1024 are used by your system to connect to remote computers.
Trojans:  Netbus uses port number 12345 (TCP) and Back Orifice uses port number 31337(UDP)
"netstat -n" is numerical form of -a, its shows ip address of local and remote systems.


Using the ping Utility: We use ping utility for two primary puurposes; to find out if you can reach a host, to find out if a host is responding.
open MS-DOS window
ping hostname or IP address


Using tracert utility : It will show you every router interface a TCP/IP packet passes through on its way to a destination.
  1. open MS-DOS window
  2. enter "tracert hostname( or host's ip address)"
  3. It will respond with a list of DNS names and IP address of routers that the packet is passing through on its way.

 Using Telnet utility:: It  is used to open terminal sessions from remote system to server, it has evolved into a troubleshooting tool.
  1. open MS-DOS, type telnet hostname(or host ip address), make sure this facility is installed in your system. If installed then jump to  4 , otherwise follow the steps.
  2. Control Panel----> Programs-----> "Turn Windows features on or off", a dialog box will appear.
  3. Select telnet client and server or any other service which you want to install.
  4. It will ask for login name and password.
  5. Once login name and password is being verified, a telnet session get established.
  6. If the host supports SSH then use putty.
  7. If the telnet service is not running at the default port number on the host, then use telnet hostname:port number command.

Using nslookup Utility: It allows you to query a name server and quickly find out which name resolves to which IP address.
  1. open MS-DOS window.
  2. enter nslookup example.com 
















Configuring TCP/IP on Windows Workstations

To begin configuring TCP/IP, folloe these steps:
  1. Start--> Settings--> Conrol Panel--> Network  and Dial-Ip connections to open the Network and Dial-Up Connections dialog box, which list all of the currently installed network components.
  2. Right-click one of your network adapters and select properties to open the Properties dialog box for your adapter.
  3. If you do not see Internet Protocol (TCP/IP) in the scrolling list, follow the next three steps. If you do see it, skip to step 7.
  4. Click the install button, which brings up the select Network Component Type window.
  5. Click Protocol in the list and click the Add button to bring up the Select Network protocol dialog box.
  6. Select Microsoft from te left frame and Internet Protocol (TCP/IP) from the right frame and click the OK button.This take you to the Property dialog box for your adapter. Now Internet protocol (TCP/IP) should appear in the scrolling list.
  7. Click Internet Protocol (TCP/IP) and the Properties button, which will oen Internet Protocol (TCP/IP) properties window.
  8. Initially, you see the General tab, which is set to obtain your IP address, subnet mask, default gateway, and DNS server via DHCP.
  9. Click the advance button, which brings up the Advance TCP/IP Settings dialog box.
  10. Notice the IP settings, DNS, WINS, and Options tabs along the top of the Advanced TCP/IP settings dialog box.
 
        

Tuesday 13 December 2011

Ports and Sockets

Ports
A port is numerical value that identifies the application associated with data. The source port number identifies the application that sent the data, and the destination port number identifies the application that receives the data. Each port is assigned a unique 16-bit number in the range of 0 through 65535. 
                     The well known port are those from 0 through 1023. This range or port is bound to the services running on them. for example, FTP runs on port 21 by default. 
                   The registered ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, networking utilities like your browser opens a random port within this range and starts a communication with remote server.
                    The dynamic or private ports are those from 49152 through 65535. this range is rarely used and is mostly used by Trojans. However some application do tend to use such high range port numbers.

Re-mapping Ports: A common technique employed by a number of system administrators is re-mapping ports. for example, normally the default port for HTTP is 80. However it can be re-mapped to port 8080. If that is the case then homepage hosted on that server would be at : http://domain.com:8080 
             The idea behind port re-mapping is that instead of running a service on a well-known port, where it can easily be exploited, it is better to run it on a not so well-known port, as any hacker, will find it more difficult to find that service.



Sockets
Let 10.0.0.1 wants to connect to the ftp daemon to download a file and at the same time, it wants to connect to 20.0.0.1's website, i.e. connect to its HTTP daemon. In such a scenario, 20.0.0.1 will have to initiate two distinct connections with 10.0.0.1 simultaneously. If there are two distinct connections existing between the same pair of systems. There has to be a way in which this system is able to distinguish between connection for FTP daemon and HTTP daemon. To solve such problems, we have ports. Thus, the 10.0.0.1 computer knows as to which port to connect to in order to download a FTP file. As a result, it will communicate with the 20.0.0.1 machine using what is known as the "socket pair", which is a combination of an ip address and a port. TCP/IP or over the Internet, all communication is done using this socket pair.

socket pair for HTTP port on local host : 127.0.0.1:80
socket pair for SMTP port on local host: 127.0.0.1:25


Appication Protocols

Application layer protocols are built on top of and ito the TCP/IP protocol suite and are available on most implementations. Some of application protocols have been discussed below:

File Transfer Protocol : It provides a mechanism for single or multiple file transfers between computer systems; when written in lower case as "ftp". The FTP package provides all the tools needed to look at files and directories, and transfer text and binary files from one system to another. FTP uses TCP to actually move files.
accessing files on remote machine:
  1. ftp machine_name(or machine address)
  2. FTP responds by asking login_name and password.
  3. once authentication is being done, it will prompt
  4. ftp> 
  5. ftp> ? (help), "explore different commands by yourself".
Simple Mail Transfer Protocol: It allows for a simple e-mail service and is responsible for moving messages from one e-mail server to another.


Post Office Protocol (POP): It provides a storage mechanism for incoming mail, the latest version of the standard is known as POP3. When a client connects to a POP3 server, all the messages addressed to that client are downloaded; there is no way to download messages selectively.Once messages are downloaded, we can delete or modify without any interaction with server.
gmail e-mail pop server: pop.gmail.com (Port 995 with SSL) 
yahoo e-mail pop server: pop.mail.yahoo.com

Internet Message Access Protocol (IMAP): It allows users to download mail selectively, look at the message header, download just a part of a message, store message on the e-mail server in a hierarchical structure, and link to documents.The current version of IMAP is version 4.
gmail e-mail imap server: imap.gmail.com (port 993 with ssl)
yahoo e-mail imap server : imap.mail.yahoo.com (port 993 with ssl).


Telnet: Telnet is a terminal emulation protocol that provides a remote logon to another host over the network. It allows a user to connect to a remote host over a TCP/IP connection as if they were sitting at that host. Keystroke typed into a Telnet program will be transmitted over a TCP/IP network to the host and the visual reponses are sent back by the host to the client's screen.


Hypertext Transfer Protocol (HTTP): HTTP is the command and control protocol used to manage communications between a web browser and a web server. HTTP is the mechanism that opens the related document when you select a link, no matter where that document is actually located. Secure version of HTTP is known as HTTPS.


Lightweight Directory Access Protocol (LDAP): In large network, most administrator have set uo some kind of directory that keeps track of users and resources. LDAP allows client to perform object lookups with a directory using a standard method.