The nslookup command is a standard command-line tool provided in most DNS service implementations. It offers the ability to perform query testing of DNS servers and obtain detailed responses as the command output. This information is useful in troubleshooting name resolution problems, verifying that resource records (RRs) are added or updated correctly in a zone, and debugging other server-related problems.
When trying to join a Windows 2003 DC using NetBIOS name, you may receive this message: “A domain controller for the domain could not be contacted”. Common issue with this error may due to the DNS SRV records required to locate a domain controller for the domain are not registered in DNS. These records are registered with a DNS server automatically when a domain controller is added to a domain.
To verify DNS registration for domain controllers, we may use the nslookup command
On your Command Prompt.
Type:
nslookup
Monday, November 16, 2009
Friday, August 14, 2009
Disable unnecessary network services for security
Whether it is a Windows PC, router, switches, Linux machine or network enable device, it is recommended to stop unnecessary services that are run by default. Every running, but unused, service on your system is an unnecessary security vulnerability. Users may not even be aware that many of these services are running. Each additional service running on it may be a possible avenue for a network cracker to penetrate the system.
It is important to know the security implication of any network service before enabling it in. For example, if the telnet service is activated, a telnet client running on another device on the network can easily establish a telnet session to the system; it needs only the address of the system and the port or socket number of the network service running on the system. The rule of thumb for TCP and UDP ports is: Turn off any services or listeners that you do not need for your application to function. One way to check the list of ports running on your system is to go to one of the many web sites that can run a remote scan of your system and tell you how secure the system.
It is important to know the security implication of any network service before enabling it in. For example, if the telnet service is activated, a telnet client running on another device on the network can easily establish a telnet session to the system; it needs only the address of the system and the port or socket number of the network service running on the system. The rule of thumb for TCP and UDP ports is: Turn off any services or listeners that you do not need for your application to function. One way to check the list of ports running on your system is to go to one of the many web sites that can run a remote scan of your system and tell you how secure the system.
Saturday, April 25, 2009
Using POP3 not SMTP to retrieve email
The Post Office Protocol version 3 (POP3) as defined in RFC1939 is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. The protocol defines how the server responds to requests sent from an e-mail client.
A POP3 mail server receives e-mails and filters them into the appropriate user folders. The POP3 service makes e-mail messages available for download from a server, enabling a server to host e-mail accounts and provide basic e-mail access. When a user connects to the mail server to retrieve his mail, the messages are downloaded from mail server to the user's hard disk. Virtually all modern e-mail clients and servers support this protocol.
POP3 works over a TCP/IP connection using TCP on network port 110. POP3 listens on this TCP port 110 for connections from e-mail clients, authenticates the client, and manages the connection with the client. The design of POP3 and its procedures supports end-users with intermittent connections (such as dial-up connections), allowing these users to retrieve e-mail when connected and then to view and manipulate the retrieved messages without needing to stay connected. Although most clients have an option to leave mail on server, e-mail clients using POP3 generally connect, retrieve all messages, store them on the user's PC as new messages, delete them from the server, and then disconnect.
A POP3 mail server receives e-mails and filters them into the appropriate user folders. The POP3 service makes e-mail messages available for download from a server, enabling a server to host e-mail accounts and provide basic e-mail access. When a user connects to the mail server to retrieve his mail, the messages are downloaded from mail server to the user's hard disk. Virtually all modern e-mail clients and servers support this protocol.
POP3 works over a TCP/IP connection using TCP on network port 110. POP3 listens on this TCP port 110 for connections from e-mail clients, authenticates the client, and manages the connection with the client. The design of POP3 and its procedures supports end-users with intermittent connections (such as dial-up connections), allowing these users to retrieve e-mail when connected and then to view and manipulate the retrieved messages without needing to stay connected. Although most clients have an option to leave mail on server, e-mail clients using POP3 generally connect, retrieve all messages, store them on the user's PC as new messages, delete them from the server, and then disconnect.
Sunday, March 29, 2009
Trouble shoot domain name issue using nslookup
nslookup is a computer program used in Windows and Unix to query Domain Name System (DNS) servers to find DNS details, including IP addresses of a particular computer, MX records for a domain and the NS servers of a domain. The name nslookup means "name server lookup".
nslookup is also use as a command-line administrative tool for testing and troubleshooting DNS servers. In the very simple usage, if you enter a domain name, you get back the IP address to which it corresponds, and if you enter an IP number, then you get back the domain name to which it corresponds.
There are two modes available in nslookup: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. Following is an example in using interactive mode of nslookup.
nslookup is also use as a command-line administrative tool for testing and troubleshooting DNS servers. In the very simple usage, if you enter a domain name, you get back the IP address to which it corresponds, and if you enter an IP number, then you get back the domain name to which it corresponds.
There are two modes available in nslookup: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. Following is an example in using interactive mode of nslookup.
C:\>nslookup
Default Server: dns3.maxonline.com.sg
Address: 202.156.1.58
> ipcnetworking.com
Server: dns3.maxonline.com.sg
Address: 202.156.1.58
Non-authoritative answer:
Name: ipcnetworking.com
Address: 74.220.215.82
Saturday, March 28, 2009
Study of ARP using Wireshark
Wireshark is a very useful tool for the study of network protocol!
In my previous post on ARP, we have learned some basic about the ARP protocol. Let's look more detail into the ARP request packet in this post.
When the MAC address for a next hop device is not found in the local ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. The following diagram shows an example of an ARP request packet captured using Wireshark.
As shown in the diagram, the ARP packet is contained directly in an Ethernet packet and does not have an IP header. On Ethernet networks, these packets use an EtherType of 0x0806 as indicated in the Packet Details Pane of Wireshark.
As Ethernet protocol specification only assigns a single type value to ARP, an Ethernet frame that contains an ARP request or ARP response message will have the same type indicated. As such, the receiver must examine the Opcode field in the ARP packet to determine whether it is a ARP request or ARP response message.
In my previous post on ARP, we have learned some basic about the ARP protocol. Let's look more detail into the ARP request packet in this post.
When the MAC address for a next hop device is not found in the local ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. The following diagram shows an example of an ARP request packet captured using Wireshark.
As shown in the diagram, the ARP packet is contained directly in an Ethernet packet and does not have an IP header. On Ethernet networks, these packets use an EtherType of 0x0806 as indicated in the Packet Details Pane of Wireshark.
As Ethernet protocol specification only assigns a single type value to ARP, an Ethernet frame that contains an ARP request or ARP response message will have the same type indicated. As such, the receiver must examine the Opcode field in the ARP packet to determine whether it is a ARP request or ARP response message.
Friday, March 27, 2009
ARP resolves MAC address from IP address
A PC in an Ethernet network can communicate with another PC, if only it knows the Ethernet address (MAC address) of that PC. Address Resolution Protocol (ARP) is a network protocol uses to translate a PC's IP address to physical (hardware) address. From OSI model point of view, ARP belongs to the OSI data link layer (Layer 2).
When a PC to resolve a given IP address to Ethernet address, an ARP request packet is broadcasted to the whole network. This ARP request packet contains the source MAC address, the source IP address and the destination IP address. Every PC in the local network receives this packet - whether it is connected to a hub or switch as this is a broadcast packet. This ARP request is then processed by all the PCs in the network and the PC with the specified destination IP address will send an ARP reply packet to the originating host with its MAC and IP address.
ARP maintains the mapping between IP address and MAC address in a table in memory called ARP cache. To display the current ARP entries, execute arp command with "-a" option.
When a PC to resolve a given IP address to Ethernet address, an ARP request packet is broadcasted to the whole network. This ARP request packet contains the source MAC address, the source IP address and the destination IP address. Every PC in the local network receives this packet - whether it is connected to a hub or switch as this is a broadcast packet. This ARP request is then processed by all the PCs in the network and the PC with the specified destination IP address will send an ARP reply packet to the originating host with its MAC and IP address.
ARP maintains the mapping between IP address and MAC address in a table in memory called ARP cache. To display the current ARP entries, execute arp command with "-a" option.
C:\arp -a
Interface: 202.156.207.116 --- 0x2
Internet Address Physical Address Type
202.156.200.1 00-30-b8-c7-d9-90 dynamic
Monday, March 23, 2009
Switch as Intelligent Hub
In an Ethernet network, every client, server and network device is wired to a hub or switch. However, what is the different between hub and switch?
In a word: intelligence. Answer this in short sentence: Hub versus Switch - Shared versus dedicated channels!
Technically hubs operate at the layer one (Physical Layer) of the OSI model. When a computer sends data on the network it sends it in packets. Each packet is labeled with a Source and Destination address, known as MAC address. Hub does not inspect traffic quality or verify packet integrity. Its job is very simple: When it receives a packet of data at one of its ports from a PC on the network, it transmits the packet to all of its ports and, thus, to all of the other PCs on the network. Every computer connected to the hub "sees" everything that every other computer on the hub sees. The total bandwidth is shared among the computers. This is a highly in-efficient use of your network bandwidth. However, there is no processing delay created by the hub because the hub, by definition, does no processing.
All network data a hub receives on one port will be immediately transmitted out all the other ports. If two or more PCs on the network try to send packets at the same time a collision is said to occur. As such each computer must take it's turn before sending data. This is called half-duplex.
In a word: intelligence. Answer this in short sentence: Hub versus Switch - Shared versus dedicated channels!
Technically hubs operate at the layer one (Physical Layer) of the OSI model. When a computer sends data on the network it sends it in packets. Each packet is labeled with a Source and Destination address, known as MAC address. Hub does not inspect traffic quality or verify packet integrity. Its job is very simple: When it receives a packet of data at one of its ports from a PC on the network, it transmits the packet to all of its ports and, thus, to all of the other PCs on the network. Every computer connected to the hub "sees" everything that every other computer on the hub sees. The total bandwidth is shared among the computers. This is a highly in-efficient use of your network bandwidth. However, there is no processing delay created by the hub because the hub, by definition, does no processing.
All network data a hub receives on one port will be immediately transmitted out all the other ports. If two or more PCs on the network try to send packets at the same time a collision is said to occur. As such each computer must take it's turn before sending data. This is called half-duplex.
Sunday, March 22, 2009
Protocol Data Unit (PDU) - Process of Network Data Encapsulation
Within the layer in the OSI Reference Model, the communication between layers higher than layer one is logical; the only hardware connection is at the physical layer. Communication take the form of some sort of message that is sent between corresponding software elements on two or more devices.
Since these messages are the mechanism for communicating information between protocols, they are most generally called protocol data units (PDUs).
In order for a protocol to communicate, it must pass down its PDU to the next lower layer for transmission. Lower layers in OSI model are said to provide services to the layers immediately above them. One of the services each layer provides is this function: to handle and manage data received from the layer above.
At any particular layer N, a PDU is a complete message that implements the protocol at that layer. However, when this “layer N PDU” is passed down to layer N-1, it becomes the data that the layer N-1 protocol is supposed to service. This layer N protocol data unit (PDU) is refered to as the layer N-1 service data unit (SDU).
The application or higher layer understands the structure of the data in the SDU, but the lower layer at the interface does not; it treats it as payload, undertaking to get it to the same interface at the destination. The job of layer N-1 is to transport this SDU, which it does in turn by placing the layer N SDU into its own PDU format, preceding the SDU with its own headers and appending footers as necessary. In this process, the entire contents of the higher-layer message are encapsulated as the data payload of the message at the lower layer. This process is called data encapsulation and takes place at each layer of the OSI reference model.
Layer N-1 will subsequently pass the PDU down to the next lower layer, where it is treated as a layer N-2 SDU. Layer N-2 creates a layer N-2 PDU containing the layer N-1 SDU and layer N-2’s headers and footers. This process will continue, all the way down to the physical layer. In the theoretical model, what you end up with is a message at layer 1 that consists of application-layer data that is encapsulated with headers and/or footers from each of layers 7 through 2.
Since these messages are the mechanism for communicating information between protocols, they are most generally called protocol data units (PDUs).
In order for a protocol to communicate, it must pass down its PDU to the next lower layer for transmission. Lower layers in OSI model are said to provide services to the layers immediately above them. One of the services each layer provides is this function: to handle and manage data received from the layer above.
At any particular layer N, a PDU is a complete message that implements the protocol at that layer. However, when this “layer N PDU” is passed down to layer N-1, it becomes the data that the layer N-1 protocol is supposed to service. This layer N protocol data unit (PDU) is refered to as the layer N-1 service data unit (SDU).
The application or higher layer understands the structure of the data in the SDU, but the lower layer at the interface does not; it treats it as payload, undertaking to get it to the same interface at the destination. The job of layer N-1 is to transport this SDU, which it does in turn by placing the layer N SDU into its own PDU format, preceding the SDU with its own headers and appending footers as necessary. In this process, the entire contents of the higher-layer message are encapsulated as the data payload of the message at the lower layer. This process is called data encapsulation and takes place at each layer of the OSI reference model.
Layer N-1 will subsequently pass the PDU down to the next lower layer, where it is treated as a layer N-2 SDU. Layer N-2 creates a layer N-2 PDU containing the layer N-1 SDU and layer N-2’s headers and footers. This process will continue, all the way down to the physical layer. In the theoretical model, what you end up with is a message at layer 1 that consists of application-layer data that is encapsulated with headers and/or footers from each of layers 7 through 2.
Subscribe to:
Posts (Atom)