sakananote: 8月 2005

2005/8/20

WinXp 不提名稱解析 ---2276先講完

Module 1:

OSI (Open systems Interconnection)
ISO (International Standards Organization ) 於1978 制定OSI
TCP/IP 於1974年制定
Unix 於1969年

Physical Layer 實體層: 1.媒體定義:接腳.訊號0.1
2.編碼方式:曼徹斯特.微分曼徹斯特

對應設備:Repeator,Hub(1.Active Hub 2.Passive Hub)
Ex:Passive Hub 有線電視分接頭

線材部份
category 1 2M telphone
2 4M tokenring
3 10M
4 16M tokenring
5 100M
6 2.4G

EIA/TIA 568B
白橙橙白綠藍白藍綠白棕棕
Tx+ Tx- Rx+ Rx-
1 2 3 6

Data-Link Layer 連結層： 1.MAC:定址.框架化. 存取CSMA/CD
2.LLC:錯誤控制.流量控管
對應設備: Switch, Bridge (介紹Switch and Hub 的差異)

定址的部份: Lab:使用ipconfig /all 觀察
Physical Address . . . . . . . . . . . . : 00-00-00-00-00-00
(48bits Physical Address / 6 Bytes Physical Address)

框架化: 以乙太網路介紹
--------------------------------------------------------------
| D MAC | S MAC | 0800 | Data | CRC |
--------------------------------------------------------------

存取:CSMA/CD

<---------. ------->
-----------------------------------------------------------
| | | |
A B C D
CSMA:多重載波
CD: 碰撞偵測

LLC 錯誤控制:利用CRC 檢查正確性
流量控制:利用buffer

Network Layer 網路層: 1.定址: 區域性, 唯一性
2.路由:
對應設備: Router, Layer 3 Switch
------------------
------------------------- | Router |------------------------------
------------------
<---collision------> <---collision------------->
<---broadcast----> <---broadcast----------->

------------------
------------------------- | Switch |------------------------------
------------------
<---collision------> <---collision------------->
<--------------------------broadcast------------------------------->

------------------
------------------------- | Hub |------------------------------
------------------
<-----------------------collision Domain------------------------->
<---------------------broadcast Domain------------------------->

以下的環境要採購那些設備?
------------------
-----IP----------------- | Router |-----------------IP---------
------------------
------------------
-----IPX--------------- | Router |----------------IPX---------
------------------
------------------
-----BNC------------- | Hub |---------------UTP---------
------------------
------------------
-----ethernet------- | Bridge |------Token Ring--------
------------------

Layer 3 Switch
----------------------------------------------------
| 0 0 <-----> 0 0 |
----------------------------------------------------
VLAN1 VLAN2

Transport Layer傳輸層: 1.錯誤控制 2.流量控制

Session Layer 會議層: 1.連線維護
2.資料交換方式：全雙工, 半雙工, 單工
單工：收音機
半雙工: 對講機
雙工: 電話

Lab:開啟兩個browser 觀察session

Presentation Layer 表現層: 資料格式加密/解密字元碼(ASCII,EBCDIC)

Lab:開啟網頁觀察原始檔

Application Layer 應用層: Server 服務 Client 要求

介紹光碟的內容(OSI多媒體部份）......概述
光碟內
addread ----> RFC文件
multimedia --> 上課用的多媒體及flash練習
flash ----> Flash程式

介紹RFC
http://www.ietf.org/rfc.html

LAB: 輸入書上的1180觀察文件內容(TCP/IP)

介紹TCP/IP Protocol Suite

TCP: connection-oriented reliable communications
http://tw.yahoo.com

Three way and shake
A ------------------> B
<-----------------
------------------>

UDP: connectionless communications
for example: DNS service

Ipv4: 32 bits
Ipv6: 128 bits

ARP: Address Resolution Protocol IP ---> MAC (將IP轉換成MAC address)
RARP: MAC ---> IP (將MAC address轉換成IP)

OSI 7 Layer 只有 Physical Layer 有實體連結,其他都是虛擬連結

ICMP:Internet Control Message Protocol Ex: ping and router 回覆錯誤訊息
Lab: ping www.microsoft.com ---> Request timed out
http://www.microsoft.com ---> Ok
ICMP 不保證網路是否正常或是不正常,單純測試用. 但某些網站會拒絕回應
ICMP request: type 8 code 0
ICMP reply: type 0 code o

Unicast: 目的是一台主機

--->
--------------------------------------------------
| | | |
A B C D

A unicast B
------------------------------------
| D B_MAC | S A_MAC |
------------------------------------

Broadcast: 目的是同一實體網路上的所有主機
--->
--------------------------------------------------
| | | |
A B C D

A broadcast
---------------------------------------------------
| FF:FF:FF:FF:FF:FF | S A_MAC |
---------------------------------------------------
broadcast and unicast 都是傳送一個封包,所以不會遽增網路流量.只是因為 broadcat 封包每台主機都要處理.會影響效能

Multicast: 目的是一群主機

--->
--------------------------------------------------
| | | |
A B C D

A Multicast (for B and C)
IP address range 224~239開頭的ip Multicast

---------------------------------------------------
| 01:00:5E:xx:xx:xx | S A_MAC |
---------------------------------------------------
固定以 01:00:5E開頭
後面xx:xx:xx 取TCP/IP 低23位元的組合
例如：ip為 224.0.1.10
D MAC為 01:00:5E:00:01:0A
00:01:10對應224.0.1.10中的0.1.10使用16位元轉換
0 --> 00 1 --> 01 10 --> 0A
概略介紹
SMTP: Simple Mail Transport Protocol郵件傳送及交換
SNMP: Simple Network Management Protocol

What is ping?

Lab: ping 10.0.1.254 -----> ping 區網應該< 10以下的ms
ping 168.95.1.1 -----> ping 外網應該< 200以下的ms
了解網路品質及狀況

Network Monitor
在2000 & 2003 server上才有server端但是為簡易版
在 Microsoft Systems Management Server (SMS) 為全功能版
XP --> 只有client端 --> 被監控

可以使用 http://www.ethereal.com 上面的工具 ---> 全功能版

Lab: Install Network Monitor

1.Start --> Control Panel --> Add or Remove Programs
2.Add/Remove Windows components
3.Management and Monitoring Tools --> Details
4.Network Monitor Tools --> Select --> Ok --> Next -->select source --> open --> Finish

在教室的環境由於是用image所以必須開啟my computer
1.E:\Document and Setting\Administrator --> Mouse Right click --> Properties
2.Security --> Remove unknown user and add administrator --> 勾選Full control --> OK

在家中練習不需要更改以上!!

Lab: ping 10.0.1.254並用Network Monitor監看
Network Monitor

1.Start --> All Programs --> Administrative Tools --> Network Monitor
2.Select a network --> Local computer --> Local Area Connection --> OK
3.Capture --> Start
4.使用command prompt -->ping 10.0.1.254
5.Capture --> Stop and View
6.觀察
1.ETHERNET: Destination address, Source address
2.IP: Source Address, Destination address
3.ICMP:

How Dotted Decimal Notation Relates to Binary Numbers

27 26 25 24 23 22 21 20
128 64 32 16 8 4 2 1

Ex:
228 --> 1 1 1 0 0 1 0 0
0 --> 0 0 0 0 0 0 0 0
255 --> 1 1 1 1 1 1 1 1

What are the classes of IP Addresses?

class A Network host
w . x . y . z
第一個bit為必須0, 1~126開頭的網段 27-2個網路
Ex: ping apple.com

class B Network host
w . x . y . z
前兩個bits為必須10, 128~191開頭的網段 2(16-2) 個網路

class C Network host
w . x . y . z
前三個bits為必須110, 192~223開頭的網段 2(24-3) 個網路

class D Multicast
前三個bits為必須1110, 224~239開頭的網段

Subnet Mask

1 bits to indicate the network ID
0 bits to indicate the host ID

Example: 10.0.1.200/255.0.0.0

00001010.00000000.00000001.11001000 (IP)
AND 11111111.00000000.00000000.00000000 (Subnet Mask)
------------------------------------------------------------------------------------------------
00001010.00000000.00000000.00000000
10 . 0 . 0 . 0 (網段)

練習Module2 p15

介紹Private IP range

練習Module2 p15

為何要切割子網路?
1.Mix different network technologies
2.Overcome limitations of current technologies
3.Reduce network congestion
4.security

如何切割子網路 CIDR (Classless Inter Domain Routing)

1.依實際需求算出subnet mask (依照網路數量或是主機數量)
網路數量小於等於 2的n次方
主機數量小於等於 2的n次方
例如切割3個網路小於等於2的2次方
192.168.0.0/255.255.255.192
192.168.0.0/11111111.11111111.11111111.11000000
向右邊移動兩個bits
例如需要100台主機小於等於2的7次方
192.168.0.0/255.255.255.128
192.168.0.0/11111111.11111111.11111111.10000000
向右邊移動一個bits --> 因為host id 要大於100 故至少要27
2.根據subnet mask 展開每一個網路
192.168.0. 00000000~~00111111 192.168.0.0~63
01000000~~01111111 192.168.0.64~127
10000000~~10111111 192.168.0.128~191
11000000~~11111111 192.168.0.192~255
3.host id 全為0 --> Network, host id 全為1 --> Broadcast

CIDR
切割出來的subnet mask and host 都一樣
提一下速算法

2005/8/21

提一下IP浪費的問題及如何解決
使用private network (proxy & nat)

VLSM (variable length subnet masks)

介紹 192.168.0.0/255.255.255.0 及 192.168.0.0/24

假設有切割子網路的需求, 需求主機數量分別為
1.100 hosts 2.60 hosts 3. 20 hosts 4.16 hosts

其切割方式
192.168.0. 00000000
CIDR 00000000 --> 192.168.0.0/25 給100 hosts
10000000 剩下的子網路再切割
CIDR 10000000 --> 192.168.0.128/26 給 60 hosts
11000000 剩下的子網路再切割
CIDR 11000000 --> 192.168.0.192/27 給 20 hosts
11100000 --> 192.168.0.224/27 給 16 hosts
可搭配p51回去練習
What is Supernetting?

參考Module2 P53頁

220.78.168.0 11011100 01001110 10101000 00000000 -->start
220.78.175.0 11011100 01001110 10101111 00000000 -->end
<------------ 21 bits相同------->

將network Id往左邊移三個位址合併其網路
所以此連續的網段可以記為 220.78.168.0/21

Module 2 P.25 提到

RFC 950 文件提到舊的router設備只支援RFC 950, RFC 950 不允許subneting網路id全為0以及全為1. 故要將兩個子網路刪除,不可以使用!!
但現今的設備都支援RFC 1812的文件, RFC 1812的文件就允許網路id全為0以及全為1的subnet. 故可以使用所有的subnet.

Using IP Routing Tables

What is a Router？

1.啟動路由
2.有兩個以上的網路介面

The default gateway

1.Routes packets to other network.
2.Is used when the interal routing table on the host has no information on the destination subnet.

default gateway 通常為router

internet
| public ip
------------------
| Router |
------------------
.254 | | .254
--------------------- -------------------
| |
.1 A .1 B
192.168.1.0/24 192.168.0.0/24
default gateway default gateway
192.168.1.254 192.168.0.254

Practice: Determining Whether an IP Address is a Local or Remote

Your IP address 176.149.115.8
Subnet mask 255.255.252.0

Destination 176.149.117.201
Subnet mask 255.255.252.0

Is the destination address local or remote?

Ans: remote
256-252=4 115/4 = 28 28*4=112 --> 自己
117/4 = 29 29*4=116 --> remote

What is static and dynamic routing

Windows 2003 只支援 RIP(Routing Information Protocol) and OSPF(Open Shortest Path First) 兩種協定

路由表不是路由器的專屬.支援TCP/IP 的host 也有routing table

route print & netstat -r 兩個指令可以觀察路由表

255.255.255.255/255.255.255.255 limit broadcast 實體廣播
下表摘要列出用於指派連結至不同速度的網路介面之路由的標準。
連結速度
公制
大於 200 MB
10
大於 20 MB 且小於或等於 200 MB
20
大於 4 MB 且小於或等於 20 MB
30
大於 500 KB 且小於或等於 4 MB
40
小於或等於 500 KB
50

Lab: 觀察routing table

Teacher綁兩個ip
| 172.16.200.1
| 10.0.1.200
-----------------------------------------------
| |
A B 10.0.1.x
於B主機上
ping 10.0.1.200 --> OK
ping 172.16.200.1 --> timeout

解決此一問題 --> 新增一筆routing

route add _____________ mask ___________________ ______________
主機 255.255.255.255 gateway
網路 network subnetMask
Default gateway 0.0.0.0

route add 172.16.200.1 mask 255.255.255.255 10.0.1.200 (新增主機路由)

route print

ping 172.16.200.1 --> OK

route delete 172.16.200.1 mask 255.255.255.255 (刪除主機路由)

route print

ping 172.16.200.1 --> timeout

route add 172.16.200.0 mask 255.255.255.0 10.0.1.200 (新增網路路由)

route print

ping 172.16.200.1 --> OK

如果於route 指令後面加上 -p (persistent route) 就可以永遠生效, 沒有加上 -p 為暫時性的生效

Module 3 configuring a client IP address

IP addresses can be:

1.Static 靜態IP
2.Dynamic 動態IP

練習static ip 設定並使用ipconfig來檢視

使用DHCP設定 IP

Discover
------------------->
Offer
<------------------- ------
Host A Request | |
DHCP --------------------> | | scope
client Ack ------
<-------------------- DHCP Server

View DHCP Assigned Setting on the client

使用ipconfig /all查看

DHCP Enabled yes --> Dhcp client
DHCP Server ip --> Dhcp server ip
Node type --> Dhcp type
Lease Obtained -->何時租用
Lease Expires -->租約到期

Renewing an IP Address

lease time
|----------------|----------------|---------|

1∕ 2 7/8
renew rebind
(use unicast) (use broadcast)
(T1) (T2)
|---------------------------------------------| (成功就將租約延長)

To release and renew an IP address

ipconfig /release
ipconfig /renew

APIPA(Automatic Private IP Addressing)

Windows 98 之後支援APIPA
range from 169.254.0.1 through 169.254.255.254

Lab: APIPA 練習 and Alternate configuration

前置動作：關閉DHCP server

ipconfig /release
ipconfig /renew

取得DHCP client Ip失敗 --> 使用APIPA
ipconfig /all

使用Alternate configuration
1.start --> control panel --> network connections --> localarea connection
2.properties --> TCP/IP --> properties --> Alternate Configuration --> User configured --> ok --> close

ipconfig /all

Disable APIPA on the entire computer (停用APIPA)
1.start --> run --> regedit --> ok
2.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3.Edit --> New --> DWORDValue
4.Type “IPAutoconfigurationEnabled” --> Enter
5.Reboot

Module 4: Configuring a client for Name Resolution

NetBIOS(Network Basic Input/Output System)
DNS(Domain Name System)

DNS (computer name) Wins
DNS Host name Application NetBIOS Name
Hosts 255個字 15個字 lmhosts
Socket NetBIOS
Transport
TCP UDP

Internet

使用arp -a 看arp cache

arp cache dynamic 2 mins ~ 10 mins
arp cache static (使用arp -s 設定)
example:
arp -s 10.0.1.201 33-33-33-33-33-33
IP MAC
arp -d 10.0.1.201 (刪除 arp cache)

arp -g -N 10.0.1.200 (觀察10.0.1.200網卡上的arp cache)

arp -g 10.0.1.254 (只查看10.0.1.254)

ping 10.0.1.254
arp -a

Lab: 修改computer name ( 修改為Serverxx)

start --> My computer --> right click --> Properties --> computer name --> change -->type “Server6” --> ok --> ok
reboot

NetBIOS Name
第16 byte name
Suffix(Hex) First 15 Characters Networking Service
00 Computer name Workstation service用戶端
00 Domain name Domain Name
03 Computer name Messenger service 信差服務
20 Computer name File Server Service
1C Domain name Domain controllers
1B Domain name Domain master browser

使用nbtstat -n 查看
NetBT(NetBIOS over TCP/IP)
Run on top of the TCP/IP network protocol
Supports discovery, registration and release of NetBIOS names
Uses broadcast of a NetBIOS name server, depending on node type

NetBT Node type

1 2 4
B-node P-node Mix-nod
NetBIOS cache NetBIOS cache NetBIOS cache
| | |
Broadcast Wins Broadcast
| | |
lmhosts lmhosts Wins
|
lmhosts

8
H-node
NetBIOS cache
|
Wins
|
Broadcast
|
lmhosts
---------------------
|
DNS cache
|
localhost name
|
hosts (2003 會將 hosts 寫入DNS cache)
|
DNS

如果下ipconfig /all

Node type ...............Unknown --> H-node

2003 可以填上12筆wins server
9x 只可以填上2筆wins server

Lab：如何修改node type

1.start --> run --> regedit --> ok
2.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
3.Edit --> New --> DWORDValue
4.Type “Nodetype” --> Enter
5.select “nodetype” --> modify --> 填入適當的值 --> ok
6.Restart network
7.ipconfig /all

nbtstat -c 查看NetBIOS 資訊
nbtstat -R 根據lmhosts 來update cache

Lab: 設定lmhosts

lmhosts 檔案存放於（沒有副檔名,其目錄下的lmhosts.sam為sample)
系統安裝目錄\System32\drivers\etc
於該目錄下新增一檔案lmhosts (沒有副檔名)

10.0.1.200 london #PRE
ip NetBIOSname 一定要大寫...設為#PRE會放入cache永遠生效

nbtstat -R
nbtstat -c

ping 旁邊的同學ip
nbtstat -c (cache 為10mins)

What is WINS?

-------
| |
| |WINS server
-------
|
----------------------------------------------------------------
|
A
WINS client
開機會註冊名稱關機會release名稱

2003 可以填上12筆wins server
9x & nt 只可以填上2筆wins server

DNS search

DNS cache (windows 2000之後有DNS cache)
|
localhost name
|
hosts (2003 會將 hosts 寫入DNS cache)
|
DNS
----------------------------------------
NetBIOS cache
| ------
Wins |
| |
Broadcast | H-node
| |
lmhosts ------

Using a Hosts File

hosts 存放於
Microsoft Windows NT, 2000,and XP :

系統安裝目錄\System32\drivers\etc\hosts

Microsoft Windows 95 or Windows 98:

系統安裝目錄\hosts

Lab: 編輯hosts

修改系統安裝目錄\System32\drivers\etc\hosts
加入
10.0.1.200 router
ping router --> 成功
ipconfig /displaydns --> 顯示 DNS cache
ipconfig /flushdns --> 清除 DNS cache

http://www.icann.org/registries/listing.html (DNS Top-level domain註冊類別)

The DNS Suffix

www.pchome.com.tw
<----><------------------->
Host DNS Suffix
<---------------------------->
FQDN

nslookup

Lab:

nslookup www.microsoft.com

nslookup

server 168.95.1.1
>www.microsoft.com

hostname

netstat

netstat -a -o (-o process id)

ping 127.0.0.1

ping 自己的ip

ping gateway

ping 168.95.1.1

ping FQDN

ping -i 3 168.95.1.1 ( -i 3 #TTL 為3）

tracert -d 168.95.1.1 ( -d 不做名稱解析)

pathping 168.95.1.1

sakananote

星期日, 8月 28, 2005

MS class note

星期六, 8月 13, 2005

LINUX SERVER HACKS 心得