Internet Protocol V4

IP ADDRESS AND ITS DIFFERENT CLASSES

IP address is the short form for Internet Address. These help to uniquely identify the hosts on the internet. The data which is sent over the network is delivered to the correct host with the help of the IP address.There are two versions of IP addresses available. IPv4 and IPv6. Let us talk about IPv4 now.

IPv4

---

IPVersion 4 addresses consist of 32 bits(0 through 31) partitioned into four groups of eight bits each. Each of this group is called an octet. It will be very difficult to understand and decipher the IP addresses if they were represented in the binary form and so they are reprsented in decimal form. Four decimal numbers separated by a dot, each standing for one octet. So, for example an IP address would look like this, 206.172.180.100.

• IP address consist of 32 bits.
• Each grouped into 4 groups of eight bits each.
• Each of the eight bits are referred to as octets.

IP addresses are grouped into five classes class A, class B, class C, class D and class E. In order to differentiate between all these classes, we have to observe the first four bits of the first octet of the IP address.
CLASS A:
If the first bit is 0, then the IP address belongs to Class A. Class A addresses begins with a decimal number ranging from 0 to 127.Both 0 and 127 are reserved. So the first octet’s bit representation.

X X X X X X X X X - First octet's bit position
0 X X X X X X X X - Class A address representation
Each X stands for a bit which can be 0 or 1. For class A addresses the first bit would be a zero only.

CLASS B:
If the first two bits are 10, then the IP address belongs to class B. Class B addresses begins with a decimal number ranging from 128 to 191.
X X X X X X X X - First octet's bit position
1 0 X X X X X X - Class B address representation

The lowest class B address would be 1 0 0 0 0 0 0 0. The decimal equivalent of the same is 128. The highest class B address would be 1 0 1 1 1 1 1 1. The decimal equivalent of the same would be 191. That is why the decimal number range is between 128 to 191.
CLASS C:
If the first three bits are 110, then the IP address belongs to class C. Class C addresses begin with a decimal number ranging from 192 to 223.
X X X X X X X X – The first octet’s eight bits
1 1 0 X X X X X - Class C address representation

The lowest class C address would be 1 1 0 0 0 0 0 0. The decimal equivalent of the same is 27+26 = 192. The highest class C address would be 1 1 0 1 1 1 1 1. The decimal equivalent of the same is = 223.
CLASS D:
If the first four bits are 1110, then the address is class D address. Range of values from 224 to 229.

X X X X X X X X – The first octet’s eight bits
1 1 1 0 X X X X – Class D address
The lowest address would be 1 1 1 0 0 0 0 0. Decimal equivalent of the same is 128 + 64 + 32 = 224. Highest class D address would be 1 1 1 0 1 1 1 1. Again decimal equivalent of the same would be 128 + 64 + 32 + 8 + 4 + 2 +1 = 239. Class D addresses are used for multicasting.

CLASS E:
If the first four bits are 1111, then the address is a class E address. Range of decimal numbers ranging from 240 to 255.

X X X X X X X X – The first octet’s eight bits
1 1 1 1 1 1 1 1 – Class E address.
Lowest address = 1 1 1 1 0 0 0 0 = 128 + 64 + 32 + 16 = 240
Highest address = 1 1 1 1 1 1 1 1 = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

STEPS TO FIND OUT THE CLASS OF IP ADDRESS

Given a IP address consider only the first octet. The rest of the octets can be of any value. That should not be of a concern in identifying the class of IP address. When we consider the first octet, there are two ways of identifying the class of IP address. One is to remember the decimal range of values for each class.

1. Class A - 0 to 127
2. Class B - 128 to 191
3. Class C - 192 to 223
4. Class D - 224 to 239
5. Class E - 240 to 255

So if in the first octet the decimal number is given as 200.200.192.55 then the IP address belongs to class C because it falls in that range. But we might forget this sequence of numbers and that will be trouble for us. So, another way of working this out is to remember only the bit values for each of the class addresses.

1. Class A - First bit is 0
2. Class B - First two bits 1 0
3. Class C - First three bits 1 1 0
4. Class D - First four bits 1 1 1 0
5. Class E - First four bits 1 1 1 1

So, given any IP address convert the first octet's decimal number to the binary equivalent. Look at the first few bits and decide the class of the IP address.
1. In IPv4, the IP address 200.200.200.200 belongs to
(A) Class A
(B) Class B
(C) Class C
(D) Class D
Ans :- C
Explanation:- Consider only the first octet's decimal value. Ignore the rest. The first octet value is 200. Convert the same to binary equivalent. It is 11001000. If the converted bit equivalent has less than 8 bits, then fill its left side with 0's and bring it to a count of 8 bits. The first 3 bits are 110 here and so this IP address belongs to class C address. So the answer is C. This question is from December 2013 - Paper III.
2. In classful addressing, the IP address 190.255.254.254 belongs to
(A) Class A
(B) Class B
(C) Class C
(D) Class D
Ans:- B
Explanation:- Again consider only the first octet. The value there is 190. Convert it into binary equivalent. It is 1011 1110. Look at the first two bits. It is 10. So it is class B address and so the correct answer is B. This question is from June 2013 - Paper II.
3. In classful addressing, the IP address 123.23.156.4 belongs to __________class format.
(a) A
(b) B
(c) C
(d) D
Ans:- A
Explanation:- Consider the first octet. The value is 123. The binary equivalent is 111 1011. There are only 7 bits. Add a zero in the high order bit. 0111 1011. The first bit is 0 and so the class address is A.This question is from December 2012 - Paper III.
4. IP address in class B is given by:
(A) 125.123.123.2
(B) 191.023.21.54
(C) 192.128.32.56
(D) 10.14.12.34
Ans:- B
Explanation:- You should be in a position to explain it on your own by now!!.

Networks

COMPUTER NETWORKS

An Ebook on COMPUTER NETWORKS is available for FREE download here. The book has the following salient features.

1. Detailed explanation of theory on certain topics.
2. Over 100+ solved questions in computer networks of previous year papers(starting from 2008) with detailed explanation.
3. Important formulae.
4. Important URLs where MCQ's in computer networks are available.

Overall a very useful book for your learning reference in Computer Networks. Click here on the following link, complete a small survey questionnaire and then download....

DOWNLOAD COMPUTER NETWORKS - EBOOK

How to configure DHCP in CentOS to use

How to configure DHCP in CentOS to use 

Check current IP configration of eth0. It is seen that IP address has not been assigned.

ifconfig eth0

Then, the contents of eth0 configuration file is viewed using 'cat' command.

cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
HWADDR="00:xx:xx:xx:xx:xx"
NM_CONTROLLED="yes"
ONBOOT="no"

vi is used to modify the configuration to be like this.

DEVICE="eth0"
BOOTPROTO="dhcp"
HWADDR="00:xx:xx:xx:xx:xx"
NM_CONTROLLED="yes"
ONBOOT="yes"

Internet and normal people

Internet and normal people

This internet connection is killing me. Mostly, I can surf the Internet or download files at ease. Though, it is disrupted and I am disconnected occasionally. When it happens, I have got nothing to do but repairing the connection several times. Yeah, several times. I mean it. Never a single repair restores the connection. I have been looking for the solution. I have tried setting a fixed IP for the connection, using OpenDNS servers as my primary and secondary servers instead of the router. None of these helped. I even doubted that it has got problems with the router. It is quite a nuisance.

It kept annoying me. I started to do some more research. While I was disconnected, I can mostly ping the default gateway. But not to the other side of the router. Completely out of the blue, I got the idea that there might be another 192.168.1.1 (default gateway's ip address) sitting in the network. I even scanned the network using Angry IP scanner aka ipscan-3.0-beta4. But no interesting information. So, I browsed the Internet and found out interesting things about arp command. ARP stands for Address Resolution Protocol. In every PC's network protocol stack, ARP maintains a cache of IP address-to-media access control address mappings for future use.

When I viewed the IP to MAC address list in my PC, one MAC address is belonged to the ip address of the default gateway. At that time, I was enjoying the Internet. It's been a while and the problem came up. Then I checked the arp cache, and there was another MAC address associated with 192.168.1.1. I was not able to connect to websites at all. According to the previous experience, I repaired the connection until I got the connection back. When the connection was restored, the MAC address again became the first one.

I continued playing with the commands, arp -a and arp -d. It was confirmed that the second MAC address was the main source of the problem. Anyway that connection is shared among the tenants of the building and I have no idea which crazy bastard has that IP address. So, I have to tackle it from my part. I waited another day making sure that the first MAC address owns. And I put a static arp record at the startup linking the first MAC address to the IP address, 192.168.1.1
(The command is arp -s 192.168.1.1 xx-xx-xx-xx-xx-xx). And since then, the problem never come back.

The reason that let me connect sometimes and that barred is because of the ARP lifetime. This following explanation is from MS Technet about ARP cache.

ARP cache

To minimize the number of broadcasts, ARP maintains a cache of IP address-to-media access control address mappings for future use. The ARP cache can contain both dynamic and static entries. Dynamic entries are added and removed automatically over time. Static entries remain in the cache until the computer is restarted.

Each dynamic ARP cache entry has a potential lifetime of 10 minutes. New entries added to the cache are timestamped. If an entry is not reused within 2 minutes of being added, it expires and is removed from the ARP cache. If an entry is used, it receives two more minutes of lifetime. If an entry keeps getting used, it receives an additional two minutes of lifetime up to a maximum lifetime of 10 minutes.

NIDS Network Intrusion Detection System, my graduation part

https://www.mediafire.com/?2g0y8ptuu128ra2

NIDS Network Intrusion Detection System Full to full source code

https://www.mediafire.com/?ye9gmtuxe1u7um1

Intrusion Detection System based on agent with java

https://www.mediafire.com/?7tdn9erm4xjarb6 


Teaching plan of Intrusion Detection Technology.
 
PPT ON NETWORK Intrusion clustering in intrusion detection ppt teaching intrusion detection information security in  google best search engine

TCP 3-Way Handshake (SYN,SYN-ACK,ACK)

The TCP three-way handshake in Transmission Control Protocol (also called the TCP-handshake; three message handshake and/or SYN-SYN-ACK) is the method used by TCP set up a TCP/IP connection over an Internet Protocol based network. TCP's three way handshaking technique is often referred to as "SYN-SYN-ACK" (or more accurately SYN, SYN-ACK, ACK) because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers. The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of the network TCP socket connection before transmitting data such as SSH and HTTP web browser requests.
This 3-way handshake process is also designed so that both ends can initiate and negotiate separate TCP socket connections at the same time. Being able to negotiate multiple TCP socket connections in both directions at the same time allows a single physical network interface, such as ethernet, to be multiplexed to transfer multiple streams of TCP data simultaneously.

TCP 3-Way Handshake Diagram

Below is a (very) simplified diagram of the TCP 3-way handshake process. Have a look at the diagram on the right as you examine the list of events on the left.

EVENT	DIAGRAM
Host A sends a TCP SYNchronize packet to Host B Host B receives A's SYN Host B sends a SYNchronize-ACKnowledgement Host A receives B's SYN-ACK Host A sends ACKnowledge Host B receives ACK. TCP socket connection is ESTABLISHED.	TCP Three Way Handshake (SYN,SYN-ACK,ACK)

SYNchronize and ACKnowledge messages are indicated by a either the SYN bit, or the ACK bit inside the TCP header, and the SYN-ACK message has both the SYN and the ACK bits turned on (set to 1) in the TCP header.
TCP knows whether the network TCP socket connection is opening, synchronizing, established by using the SYNchronize and ACKnowledge messages when establishing a network TCP socket connection.
When the communication between two computers ends, another 3-way communication is performed to tear down the TCP socket connection. This setup and teardown of a TCP socket connection is part of what qualifies TCP a reliable protocol. TCP also acknowledges that data is successfully received and guarantees the data is reassenbled in the correct order.
Note that UDP is connectionless. That means UDP doesn't establish connections as TCP does, so UDP does not perform this 3-way handshake and for this reason, it is referred to as an unreliable protocol. That doesn't mean UDP can't transfer data, it just doesn't negotiate how the conneciton will work, UDP just transmits and hopes for the best.

Protocols Encapsulated in TCP

Note that FTP, Telnet, HTTP, HTTPS, SMTP, POP3, IMAP, SSH and any other protocol that rides over TCP also has a three way handshake performed as connection is opened. HTTP web requests, SMTP emails, FTP file transfers all manage the messages they each send. TCP handles the transmission of those messages.
TCP 'rides' on top of Internet Protocol (IP) in the protocol stack, which is why the combined pair of Internet protocols is called TCP/IP (TCP over IP). TCP segments are passed inside the payload section of the IP packets. IP handles IP addressing and routing and gets the packets from one place to another, but TCP manages the actual communication sockets between endpoints (computers at either end of the network or internet connection).