Networking

DNS Server
On a typical small or home network, the DNS server IP addresses are often the same as the default gateway address. Devices send their DNS queries to your router, which then forwards the requests on to whatever DNS servers the router is configured to use.

https://www.cyberciti.biz/faq/how-to-find-out-dns-for-router/

PING

ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP echo reply. The program reports errors, packet loss, and a statistical summary of the results, typically including the minimum, maximum, the mean round-trip times, and standard deviation of the mean.

ping requests host if it is alive and print required time to get a response from that host server.
ping www.google.com

check dns server
nslookup www.google.com
host www.google.com

To view dns traffic run tcpudmp as root

# tcpdump udp and src port 53
# tcpdump udp and dst port 53
# tcpdump -n -s 1500 -i eth0 udp port 53

Traceroute - 




Traceroute will print out a list of all the routers, computers, and any other Internet entities that your packets must travel through to get to their destination. * in tracroute results mean udp/icmp is blocked by that router or ttl becomes 0.

traceroute -I www.yahoo.com

Note that simply replacing domain name with server's IP won't work for most websites. It's because of virtual hosts. It's a mechanism that lets you run multiple websites on one IP address. When the server behind an IP receives a HTTP request, it checks request headers to determine what website the client wants to see. Then it serves appropriate document. Now, if a server 198.51.100.1 is configured to accept only requests for example.com, it won't respond to your request for http://198.51.100.1/ because the domain is not example.com.


TTL
Time to live (TTL) or hop limit is a mechanism that limits the lifespan or lifetime of data in a computer or network. TTL prevents a data packet from circulating indefinitely. Under the Internet Protocol, TTL is an 8-bit field. The maximum TTL value is 255. A recommended initial value is 64. TTL is measured in seconds, although every host that passes the datagram must reduce the TTL by at least one unit.





IP: The full ip assigned to a user has two parts - network id and host id, which is used to communicate over an inter-connected network.
Network ID: Node where users of this specific branch are connected.
Host ID: User device id 
Subnet Mask: This is used to identify the range of network ID.

Default Gateway Address
It’s the default IP address to which a device sends network data when that data is intended to go to a different network than the one the device is on. On a home network that uses 192.168.1.0 for a network ID, the router is usually going to be 192.168.1.1.







TCP/IP Protocol Layers

Transmission Control Protocol

TCP is responsible for routing application protocols to the correct application on the destination computer. To accomplish this, port numbers are used. Ports can be thought of as seperate channels on each computer. For example, you can surf the web while reading e-mail. This is because these two applications (the web browser and the mail client) used different port numbers. When a packet arrives at a computer and makes its way up the protocol stack, the TCP layer decides which application receives the packet based on a port number.


TCP is a connection-oriented, reliable, byte stream service. Connection-oriented means that two applications using TCP must first establish a connection before exchanging data.

  • When the TCP layer receives the application layer protocol data from above, it segments it into manageable 'chunks' and then adds a TCP header with specific TCP information to each 'chunk'. The TCP header includes the port number of the application the data needs to be sent to.
  • When the TCP layer receives a packet from the IP layer below it, the TCP layer strips the TCP header data from the packet and then sends the data to the correct application using the port number taken from the TCP header.

Internet Protocol

IP is an unreliable, connectionless protocol. IP doesn't care whether a packet gets to it's destination or not. Nor does IP know about connections and port numbers. IP's job is too send and route packets to other computers.

IP layer adds IP header in the packet received from TCP Layer which includes IP addresses of the sending and receiving computers.

The application layer data is segmented in the TCP layer, the TCP header is added, the packet continues to the IP layer, the IP header is added, and then the packet is transmitted across the Internet.






Router

This a node where two different host/client/network connected. Which is also called Hop. 


  • OSI Layer 2 uses MAC addresses and is responsible for packet delivery from hop to hop.
  • OSI Layer 3 uses IP addresses and is responsible for packet delivery from end to end.

Between each Router, the MAC address header is stripped and regenerated to get it to the next hop. The IP header generated by the first computer is only stripped off by the final computer, hence the IP header handled the “end to end” delivery, and each of the four different MAC headers involved in this animation handled the “hop to hop” delivery.



http://www.practicalnetworking.net/series/packet-traveling/osi-model/
https://www.howtogeek.com/341307/how-do-ip-addresses-work/

http://www.theshulers.com/whitepapers/internet_whitepaper/



HTTPS

HTTPS is based on public/private-key cryptography. This basically means that there is a key pair: The public key is used for encryption and the secret private key is required for decryption.
certificate is basically a public key with a label identifying the owner.
So when your browser connects to an HTTPS server, the server will answer with its certificate. The browser checks if the certificate is valid:
  • the owner information need to match the server name that the user requested.
  • the certificate needs to be signed by a trusted certification authority.
If one of these conditions is not met, the user is informed about the problem.
After the verification, the browser extracts the public key and uses it to encrypt some information before sending it to the server. The server can decrypt it because the server has the matching private key.
The certificate contains the public key of the webserver. The malicious proxy is not in the possession of the matching private key. So if the proxy forwards the real certificate to the client, it cannot decrypt information the client sends to the webserver.
The proxy server may try to forge the certificate and provide his own public key instead. This will, however, destroy the signature of the certification authorities. The browser will warn about the invalid certificate.
If the administrator of your computer cooperates, it is possible for a proxy server to sniff https connections. This is used in some companies in order to scan for viruses and to enforce guidelines of acceptable use.
local certification authority is setup and the administrator tells your browser that this CA is trustworthy. The proxy server uses this CA to sign his forged certificates.

  1. When a client and a server negotiate HTTPS, the server sends its public key to the client.
  2. The client encrypts the session encryption key that it wants to use using the server's public key, and sends that encrypted data to the server.
  3. The server decrypts that session encryption key using its private key, and starts using it.
  4. The session is protected now, because only the client and the server can know the session encryption key. It was never transmitted in the clear, or in any way an attacker could decrypt, so only they know it.

Proxy server can act as a certificate authority, however, not a very trustworthy one: Instead of issuing certificates to actual persons or organizations, proxy dynamically generates certificates to whatever hostname is needed for a connection. If, for instance, a client wants to connect to https://www.facebook.com, proxy generates a certificate for “www.facebook.com” and signs it with its own CA. Provided that the client trusts this CA, both of the above mentioned conditions are true (trusted CA, same CN) — meaning that the client believes that the proxy server is in fact “www.facebook.com”. 

SSL VS TLS

The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.
Hole Punching

Comments

Popular posts from this blog

Thread & Locks

Opengl-es Buffer

Kernel Startup