Category Archives: networking

network or networking here refers to computer network terms, it means any device that connected each other and can communicate through the media it used.

Understanding GPS : Global Positioning System

GPS or Global Positioning System is space-based global navigation satellite system (GNSS). GNSS is used for satellite navigation system with global coverage. GPS provides location and time information in all weather, anywhere on Earh (where there is an obstructed line to four or more GPS satellite). GPS is maintained by United States goverment and available to anyone with GPS receiver.

gps satellite

Other satellite positioning systems available are GLONASS from Rusia, Compass

Continue reading Understanding GPS : Global Positioning System

TCP/IP Protocol Suite and OSI Model (Protocol Mapping)

TCP/IP protocol suite can be modelled related to OSI. Instead seven layer of OSI, in TCP/IP protocol suite (DoD: Department of Defense), it only has four layers.

DoD and OSI Model
DoD and OSI Model

1. Proces/Application layer in TCP/IP or DoD model integrates the functions of Application, Presentation, and Session Layer of OSI model : node-to-node communication and control of user-interface.

2. Host-to-Host layer in TCP/IP or DoD model represents the functions of Transport Layer of OSI model : transmission service, reliable communication, ensuring error-free delivery of data.

3. Internet Layer in TCP/IP or DoD model  represents the functions of Network Layer of OSI model : logical transmission, IP addressing, routing packets across different network.

4. Network Access Layer in TCP/IP or DoD model represents the functions of  Data Link Layer + Physical Layer of OSI model : monitors data exchange between host and network, hardware addressing, defines protocol for the physical transmission of data.

TCP/IP protocol suite in DoD model.

TCP/IP Protocol Suite in DoD Model
TCP/IP Protocol Suite in DoD Model

Process/Application Layer

1.  Telnet : Terminal Emulation, Allows machine (telnet client) to access resources of other (remote) machines (telnet servers).
2. FTP : File Transfer Protocol, Allows user to transfer transfer file between any machines using it. Protocol + Program (Allow user to do performs certain task by hand).
3. TFTP : Trivial File Transfer Protocol, simple version of FTP, reduced functions and security, but faster than FTP.
4. NFS : Network File System, Protocol specializing in File Sharing, allows different types of file systems to interoperate. Ex : NSF server running in NT server and client in unix allows user to access same file with their normal file system in normal way.
5. SMTP : Simple Mail Transfer Protocol handles email, uses spoole or queued, model of mail delivery.
6. LPD : Line Printer Daemon, Printer Sharing
7. X-Window : Client server operation, Display things trough window server on another computer .
8. SNMP : Simple Network Management Protocol collects and manipulates valuable network information.
9. DNS : Domain Name Service, resolves hostname, changes IP address into hostname and hostname into IP address.
10. DHCP : Dynamic Host Configuration Protocol assigns IP addresses to host. BootP : hardware address must be inputted manually in BootP table. DHCP Provides Information : IP address, Subnet Mask, Gateway address, DNS server, Domain Name, WINS information. using UDP to send broadcast message on FF:FF:FF:FF:FF:FF and

Host-to-Host Layer

TCP ( Transmission Control Protocol )
takes information from application and breaks them into segments, numbers and sequences segments, so that segments can be putted back together in order.

UDP ( User Datagram Protocol )
unreliable protocol, only break information into segments but doesn’t number/sequences the segments, then send it off to destination without any acknowledgement.

TCP and UDP Comparison
TCP and UDP Comparison

Internet Layer

1. IP : Internet Protocol = Internet Layer. it looks each address, using the table, choose the best path to deliver packets.
2. ICMP : Internet Control Message Protocol, provides information about network problems : Destination Unreachable, Buffer Full, Hops, Ping, Traceroute.
3. ARP : Address Resolution Protocol : finds hardware address of known host ip address.
4. RARP : Reverse Address Resolution Protocol : resolves MAC address to ip address.
5. Proxy ARP : Helps Machine reach destination without configuring routing or default gateway.

source : CCNA Study Guide Exam

Block Program Through Windows Firewall

use your firewall to block all exe files in the game’s intsall directory from going online.
blocking program to access internet can be done by setting in windows 7 firewall. Step by step to block program using windows 7 firewall :

1. Open start, write firewall in search program and files

block exe program with firewall
block exe program with firewall

2. Choose allow a program through windows firewall.
3. In new window that appear choose ‘Change Setting’ to enable you to edit firewall rules for each program.

allow program through windows firewall
list of allowed program through windows firewall

4. Find program names that you want to block, for example Pro Evolution Soccer
if you want to block the program from accessing the internet, make sure the check box is empty.

if you fill the check box before program names, it means you allow this program to access the internet. Removing the check in the check box before the program name means you block/disallow this program to access the internet.

Internet Model – Protocol Mapping

internet end-user or we can refer to common user normally doesn’t care about how internet works. what they really want is just internet access. what they now consider maybe just speed of their internet connection and amount data transfer quota they have. but sometime knowledge about how internet works is needed. for example to explain view questions about how to check whether or not out connection work, how to solve our miss-configuration settings, etc.

Internet model can serve as guide to answer these questions. internet model comes up with protocol classification. once you know where your need is in the internet model, it will be easier for you to determine the problem and solve or at least know why the problem happened.

these are how internet models map their protocols. there are 2 internet models, OSI and TCP/IP. what we use today is actually TCP/IP model, but OSI model can somewhat help us to understand the ideal internet model.

TCP/IP model
protocol mapping on TCP/IP model
OSI model
OSI model

you can go to these wikipedia pages to learn mode about them :

VLAN Tagging Switch HP Procurve

LAN Select the VLAN to configure.
Tag / Untag / Exclude All. For a port or trunk to participate in a VLAN, its tagging policy must be defined. By default, all ports and trunks are configured as untagged members of VLAN1, and are excluded from all other newly created VLANs.
You can use the Tag / Untag / Exclude All box to configure all ports at once. Click this box until the appropriate options displays:

E — exclude all ports from this VLAN.
T — participate in the selected VLAN and tag all frames.
U — participate in the selected VLAN and leave all outgoing frames untagged. Each port can have only one untagged VLAN membership. If a port is an untagged member of a VLAN and a second VLAN is selected for untagged membership, then the first VLAN membership is automatically changed to E (Exclude).
Then, you can use the Port boxes to refine the ports participation and tagging settings.

Snort Installation on Ubuntu

Snort is free intrusion detection system (ids) for unix, linux, and windows. Snort is very light, means it will not asked your cpu to work to hard. Snort is actually simple to install and to use in it basic installation, it is advanced configuration of course, need more research and practice. Here i will give example of Snort installation on Ubuntu. This guide is for snort 2.9. on Ubuntu 10.04.

Original installation documentation can be found on snort web page.

1. Install dependencies
Snort require these application installed to work well:
sudo apt-get install nmap
sudo apt-get install nbtscan
sudo apt-get install apache2
sudo apt-get install php5
sudo apt-get install php5-mysql
sudo apt-get install php5-gd
sudo apt-get install libpcap0.8-dev
sudo apt-get install libpcre3-dev
sudo apt-get install g++
sudo apt-get install bison
sudo apt-get install flex
sudo apt-get install libpcap-ruby
sudo apt-get install mysql-server
sudo apt-get install libmysqlclient16-dev

2. Update Ubuntu
apt-get update
apt-get upgrade

3. Install Jpgraph and Snortreport
Jpgraph is required to display graph later on our web monitoring
sudo wget
sudo mkdir /var/www/jpgraph
sudo tar zxvf jpgraph-1.27.1.tar.gz
sudo cp -r jpgraph-1.27.1/src /var/www/jpgraph/
Continue reading Snort Installation on Ubuntu

Step by Step to Check Your Internet Connection

After u make sure u have turned on your network interface such as wifi or plugged in your LAN cables, there is some steps u could do to determine whether you get internet access or not:

1. ping localhost, if it doesnt work, then maybe your (pc/laptop) network service is disabled. on windows u can enable it in start > control panel > netwrok connection

2. on windows, chech for logo internet connection, if this icon is clear, it means u are connected to internet. if not, maybe you’re just connected to Local Area Network.

3. on windows use ipconfig command. run > cmd > ipconfig , to see your ip adress. if you see as your internet address, it’s default address of microsoft interface, it means your computer didnt get dhcp address. probably thera to many users using internet connection near you. on linux use ifconfig command

4. if you know your gateway address, try to ping it.

5. ping internet familiar (unblocked) address such as google or its (easy to remember) dns address , if this works then u can make sure now u can access internet.

Squid + Squidguard Words Restriction

Squid, an Open Source proxy server is really good proxy server i think, since its free, yet it can serve us enough basic and middle needs of proxy server. Mostly, proxy server is used to limit amount of bandwidth that users can reach, by using proxy server we can distribute bandwidth fairly between user. it can also serve caching service. any request and response through that proxy will be saved as in certain amount of cache size. it then, help us to give faster access, because we don’t need to download all the element of web pages directly from the source, instead we can access the cached pages on our proxy server.

squid logo

Combination from Squid and Squidguard can works even better. Some instances and educational institutions use it to help blocking unwanted internet access completely and in a good way. In my college for example, it use squid as transparent proxy. All web access will be diverted to this proxy, while squidguard is there to block unwanted web address. At first some methods can be done to bypass this Squid + Squidguard resctriction, for example we can use proxy that available in many websites. But last time i tried it can be used again and any website address i entered through the proxy directed to warning page from squid proxy.

Then i find out that it is the use of Squidguard. by visiting documentation section in its website i find regular expression configuration. using this regular expression configuration, we can detect any words and restrict it. the admin must have found common characteristic of web proxy provider that will convert any address entered into “some.php” string passed into our browser. all the admin needs is just to set this regular expression matched with the string.

Well, since the method i use to bypass proxy is really easy method, i can hope for hard way to block it too. gonna find other way to bypass it though. hope this information can help you to understand how squid and squidguard work. 🙂

Step by Step Backtrack Methodology

I found interesting book about backtrack and how the term penetration testing described. it is far beyond my imagination though. Here, the term penetration testing comes with words auditor, security auditor. Pentester can also become security auditor that has great responsibility to a system.

In those book i found backtrack methodology. it is actually step by step action taken by security editor in doing his penetration testing using backtrack.

those step divided into :
1. Target Scope
2. Gathering Information
3. Target Discovery
4. Enumerating Target
5. Vulnerability Mapping
6. Social Networking
7. Exploiting target
8. Privilege Escalation
9. Maintaining Access
10. Document and Reporting

Each of those processes can be done with all backtrack tools available on fresh installation of backtrack OS.
Well, i haven’t done any practical action yet actually. So later i will come up with it.

Setting Static IP Address in Ubuntu / Backtrack

As laptop user, we may find that we usually connect to the internet using wifi, modem, or lan cable in public rooms, we usually get an IP address from dhcp, so that we dont need to configure manually our interface address. In some occasion, for example if we want to set our ubuntu to work as a server or to be kept in permanent place we need to set its IP address to static IP.

it can be done by modifiing /etc/network/interfaces file.
for default configuration this will display these lines
(eth0 for lan card
wlan0 for wirelesscard)

auto eth0
iface eth0 inet dhcp

by basic understanding for TCP/IP
u can change it to static configuration by doing this step :
1. Edit /etc/network/interfaces file

#rootbt: nano /etc/network/interfaces

2. Change the default example to these lines

auto eth0
iface eth0 inet static

3. Save edited file by pressing Ctrl+O
4. Restart Network just to make it sure it works
#rootbt: ifconfig eth0 down
#rootbt: ifconfig eth0 up
#rootbt: /etc/init.d/networking restart

its just example, u need to change all the number according to your own setting, ask your system administrator if you dont have any information about IP address allocation on your workplace.