Home » Cisco CCNA Training » Networking Fundamentals

Networking Fundamentals

    OSPF Part I

    Overview

    Welcome to the world of OSPF (Open Shortest Path First) routing. This protocol was developed to replace RIP and it is a classless Link State routing protocol that uses areas so as to scale better. This chapter is divided into four parts since it is too broad. The concepts we will learn will be useful in not only the ICND 1, ICND 2 and CCNA composite exam but also in the real world.

    [mlADhere]

    In part 1 of this chapter, we will review concepts on link-state routing protocols and learn how they work. We will then look at the OSPF packets and discuss the algorithm that OSPF uses to find the best part. We will then configure OSPF in a single area and finally we will learn some of the commands that can be used to verify OSPF.

    The concepts you will learn in this part, will be important in understanding OSPF in the routing world and will be useful as you progress in your studies in CCNP and CCIE.

    Link-state routing protocols

    As we learnt in a previous chapter, internal routing protocols fall into two categories, distance vector routing protocols and link state routing protocols. OSPF falls in the link-state routing protocol category. We also used an analogy of a tourist trying to find his destination using a map and said that this is how link state routing protocols work.

    Link-state protocols work by calculating the cost along the path from a source network to the destination network and use the SPF algorithm which was developed by Edsger Dijkstra. the steps shown below describe how Link-state routing protocols such as OSPF work.

    1. All the routers that have been configured with the link-state routing protocol in a domain will learn about the directly connected networks.
    2. The routers that share a link will recognize the neighboring routers and form relationships.
    3. When this relationship has been formed, they will share their directly connected routes with each other. This is done when the router in a link-state routing protocol sends a packet that contains the routes.
    4. The neighbors that receive this information will then propagate it to other neighbors.
    5. When all the neighbors know oof all the routes, each router will use the information to create a “MAP” to all the destinations in the networks.
    6. When this map has been created, the SPF (Shortest Path First) algorithm, is run to determine which the best route to a particular remote network is.

    This is the basic operation of Link state routing protocols such as OSPF and IS-IS, we will continue learning these steps in more detail as we continue in the world of OSPF.

    OSPF operation

    In OSPF, the process above is followed, however, the terms differ and are discussed in this section. There are key concepts that we need to know, so as to understand the operation of OSPF.

    OSPF packets types

    There are 5 different types of packets in OSPF that we need to understand. These are:

    1. Hello – this are the first messages that are sent by routers that have been configured with OSPF. they use the multicast IP address specially reserved for OSPF which is 224.0.0.5. the hello packets are used sent so as to discover neighbors and maintain relationships – adjacency with them.

    NOTE: hello packets are multicast at 10 second intervals in multicast and point to point networks and 30 seconds on NBMA networks. We will explore more of this at a later stage.

    in OSPF, the hello packets have three main tasks as listed below.

    1. Discovery and establishment of neighbor adjacencies
    2. Advertisesment on OSPF parameters needed to form neighbor relationship
    3. Election of the DR (Designated Router) and the BDR (Backup Designated Router) in multi-access networks.
    1. DBD (Database Description) – this packet is a list which contains a summary of routes that have been learnt by a particular router in the routing domain. The router that receives this packet, checks the list against its own link-state database, to discover any missing routes.
    2. LSR – Link-state request – when a router discovers that it is missing some routes as a result of the information contained in a DBD packet it has received, it sends this packet to the router that informed it of the missing routes, requesting more detailed information on the missing routes. This is done so that it can update its link-state database with these missing routes.
    3. LSU – Link-State Update – this packet is sent by a router that has information on any missing routes. It contains detailed information about a particular route, including the next-hop information and the cost to reach the particular route that was requested using an LSR.
    4. LSAck – Link-State Acknowledgment – this is a packet that is sent to confirm that a router has received an LSU. 

    NOTE: at this stage, you are not expected to fully understand these concepts, we will explore them in more detail as we continue in this chapter.

    Dijkstra’s algorithm, administrative distance and metric

    As mentioned above, OSPF uses the SPF algorithm. The information contained in a router’s OSPF link state database is the “MAP” that is used to calculate the best path to a remote network. However, unlike EIGRP, OSPF does not keep backup paths to routes, rather, when a route to a network goes down, the SPF algorithm is run again to determine a backup or alternate path.

    OSPF uses an administrative distance of 110. This means that it is preferred over other routing protocols such as RIP, however it is not as trusted as much as EIGRP, static routes and directly connected routes.

    The metric used in OSPF is the cost. This is the bandwidth on each link or the cost as configured by the administrator using the ip ospf cost command. More on this will be discussed later.

    Advantages of link state routing protocols

    There are several advantages of using link state routing protocols. As listed below.

    1. Topology map – as we have seen earlier, this is a map that is stored in the link-state database and it contains information on all the routes in the domain. This is a major advantage since finding a redundant path is simple. The router simply looks in the MAP for an alternative route and calculates the cost to get there using the SPF algorithm.
    2. Fast convergence – unlike distance vector routing protocols that have to calculate information on a route they have received before passing it along to other routers, link-state routing protocols usually flood this information to the other routers on interfaces other than the one they received the packet on. Each router in the domain can then decide whether the information is relevant or not.
    3. Event-driven updates – just like in EIGRP, routers in OSPF do not update other routers at regular intervals, rather this is done when a change has occurred and the information that is sent is only pertaining the change.
    4. Hierarchical design –

      the use of areas is a huge advantage to link-state routing protocols. The use of these areas enables the creation of routes in a hierarchical ip addressing format. However, this means that summarization can only be done at the boundaries between areas.

    Now that we have some of the concepts of OSPF, we can get into it and start configuration. More concepts will be introduced in the next part as we continue in this chapter.

    The topology

    The topology shown below is our lab in this section of OSPF configuration.

    The network consists of 4 routers labeled R1 to R4, there are also 3 LAN segments connected to R1, R3 and R4. The ip subnets in use are shown in the diagram and the ip addressing scheme in use is shown below. The clock rate in use on the DCE interfaces is 64000

    Before we begin the OSPFv2 configuration, design the network above and configure the following

    • Appropriate host names on all devices
    • Appropriate passwords to the console lines and the telnet lines
    • Banners
    • Disable ip domain lookup
    • Ip addresses, subnet masks, default gateways and clock rates appropriately
    • Enable the devices and ensure connectivity on directly connected networks

    Basic ospf configuration

    By now you should be able to do the basic configuration on your own so we will not dwell on it, rather, we will start with the basic OSPF configuration.

    Router ospf command.

    To enable OSPF on our routers, we need to configure the “router ospf <process-ID>” command in the global configuration mode of our routers.

    The process-ID is a logically significant number between 1 and 65535, this number is locally signifcicant which means that it only identifies the OSPF process running on a router. You should note that the OSPF process-ID is not the same as the EIGRP processs ID, thus, neighboring routers do not need this number to match so as to form adjacency.

    However, in this course, we recommend that you use the same process ID for consistency.

    In our topology, we will use 10 as our process ID on all the routers.

    So on R1, we need to execute the command shown below.

    R1(config)#router ospf 10

    This command allows us to enter the OSPF specific configuration mode. From here, we will be able to configure most of the OSPF options that we need.

    The network command

    Just like in EIGRP, the network command is used to advertise routes in OSPF, however, the format differs a bit: the network command in OSPF is shown below:

    router(config-router)#network <network_address> <wildcard_mask> area <area_ID>

    Notice that we have two more parameters, which are the wildcard mask and the area ID.

    Area – As we discussed earlier, OSPF uses areas, all the routers in an area usually have the same map. In this chapter, we will only deal with the backbone area which is area 0 this means that all the routers will be in this area.

    As the networks grow, the use of multiple-areas is introduced so as to reduce the size of the map. This will be discussed in an upcoming chapter.

    NOTE: you must configure the area as “area 0” on all network statements and all routers.

    The wildcard mask – or inverse mask is a special type of IP address that is used by OSPF to determine the specific subnet that is being advertised.

    Wildcard mask

    The wildcard mask is usually the inverse of the subnet mask. To calculate the inverse mask of a network address follow the steps below.

    1. Write down the subnet mask of 255.255.255.255 which is the broadcast address for any host or the broadcast address of the zero network (global broadcast address)
    2. Write down the subnet mask of the network or the ip address in question
    3. Subtract the values of the network’s subnet mask from the subnet mask of 255.255.255.255

    This is shown in the table below for the network of 192.168.1.0/27

    Therefore the inverse mask or wildcard mask for the network 192.168.1.0/27 is 0.0.0.31.

    When the router is determining the network it should advertise, a value of “0” will be considered while any value higher than that will be ignored, therefore in the above example, when advertising network 192.168.1.0/27 in OSPF, the first three octets will be considered, while the fourth octet will only be partially considered.

    This means that, when the route 192.168.1.0/27 is advertised,

    The router will advertise only routes matching the first three octets and ignore the fourth octet.

    NOTE: the most specific wildcard mask that can be used to advertise networks in OSPF is 0.0.0.0, which means that the router will advertise only a specific ip address and not a network address.

    Just like in EIGRP, we advertise the directly connected networks that we want to participate in OSPF

    To advertise the network 192.168.1.0/28 in OSPF, the command we need on R1 is shown below:

    R1(config-router)#network 192.168.1.0 0.0.0.15 area 0

    Back to the configuration

    In our topology therefore, we will advertise all the directly connected networks on each of the routers using the commands shown in the table below.

    NOTE: When making these configurations make sure that you calculate all the wildcard-masks so that you understand the concept clearly.

    After making these configurations you on all the routers you should be able to see the output shown below:

    This shows that OSPF is working and all the routes have been learnt. Notice the speed by which this happens, this is how fast OSPF takes to converge.

    OSPF Router-ID

    In OSPF, the router-ID is a way to name each router in the routing domain. It is simply an ip address that is specially selected to name a router in OSPF. with CISCO routers, the router-ID is selected based on the criteria shown below.

    1. The IP address configured using the command “router-ID <IP_ADDRESS>” in the OSPF configuration mode.
    2. If it is not configured, use the highest IP address of any of the configured loopback interfaces.
    3. If there is no loopback interface, the router uses the highest IP address of any of the ACTIVE physical interfaces.

    NOTE: the highest ACTIVE physical interface is an interface that is able to forward packets.

    The use and importance of the router ID will be discussed later.

    Configuring the router-ID

    The router-ID is configured in the OSPF configuration mode which is denoted by the prompt shown below:

    Router(config-router)#

    The command used to configure the router-ID is:

    router(config-router)#router-id <unique_ip_address>

    on R1, we will use the ip address 1.1.1.1 as the router-id and this is configured as shown below.

    R1(config-router)#router-id 1.1.1.1

    When the command above is executed, the router will be set with the manual router-id of 1.1.1.1

    On the four routers, we will use the ip addresses shown in the table below as the router-IDs

    Configuring Loopback interfaces

    As we mentioned earlier, a loopback interface can be used as the router ID.

    A loopback interface is a virtual interface – this means, that it only exists in the router and is not connected to any other physical device in the network. A loopback interface, once configured automatically transitions to UP. The command needed to configure a loopback interface is:

    Router(config)#interface <loopback> <Loopback_interface_number>

    After executing this command, you will be taken to the interface configuration mode where you can configure other options such as the ip address.

    To configure the loopback interface, with an ip address of 172.16.1.1/24 on R1, enter the following command:

    Note: when these commands are executed, a new interface will be shown in the “show ip interface brief”. The loopback interface is always up and operates as a physical interface.

    After configuring ospf and saving, the router-ID in use will still be the highest active physical interface that we used, and the router-ID configured using the router-id command will still not be active as shown in the output below.

    We need to make the router-ID active by restarting the OSPF process on all the routers: to do this, we have to enter the command “clear ip ospf process” in the privileged exec mode as shown below.

    Executing this command will prompt us to confirm this command and we should answer with “YES

    After executing this command on all the routers, the new router-ids will be in effect.

    Verifying OSPF operation

    After configuring OSPF we need to verify that everything is working fine on all the routers. To verify OSPF we will use these commands:

    1. Show ip ospf neighbor
    2. Show ip ospf database
    3. Show ip route
    4. Show ip ospf interface
    5. Show ip protocols
    6. Show ip ospf
    7. Debug ip ospf adj
    8. Debug ip ospf hello

    Show ip ospf neighbor

    The “show ip ospf neighbor” is top on the list for most useful commands used for verifying and troubleshooting of OSPF neighbor relationships. Some of the information that is displayed using this command is listed below.

    • Neighbors’ router ID
    • Pri – the OSPF priority
    • State – the type of LSA
    • Dead time – this is amount of time that OSPF waits until it considers a neighbor as dead as a result of missing hellos.
    • Address – neighbors IP address for the shared link
    • Interface – the physical interface that a router connects to a neighbor using.

    In OSPF for neighboring routers to form adjacency the following conditions must be met.

    • The subnet masks used on the links must be the same, meaning that links must be on the same subnet
    • Matching OSPF hello and dead timers
    • Matching OSPF network types
    • Correct network statements

    In our scenario, the output of the show ip ospf neighbor on all routers will be as shown below:

    Show ip route

    The show ip route command on a router configured with OSPF will show all the routes that the router has learnt, the next hop, administrative distance and metric as well as the age of the routes. The output of this command on R1 will be as shown below.

    NOTICE: routes learnt via OSPF show up marked as O at the beginning.


    Show ip ospf interface

    This command is used to verify the interfaces participating in OSPF as well as the hello and dead timer intervals. It can also be used to show the statistics on a specific interface when the interface name and number are used. The output of this command on R2 is shown below

    .

    The OSPF hello and dead timers are highlighted in the RED box in the output above. Further, the network type is shown as point to point with a cost of 64.

    Show ip protocols

    The “show ip protocols” command, can be used to verify the routing protocol in use. In this instance, it will show us the OSPF process-ID, router-ID, advertised networks, neighbors, areas and area types, and the OSPF administrative distance.

    The output of this command on R3 is shown below.

    Show ip ospf

    The command “show ip ospf” is also a good way to verify the process ID, router IDs, areas, SPF statistics and other information that can be useful in troubleshooting OSPF.

    The output of this command on R1 is shown below: Some output from this command has been omitted since it is beyond the scope of this course.

    Show ip ospf database

    This command will show all the routers in OSPF that have the same OSPF database or “map” if you will. The output of this command on R1 is as shown below.

    Other commands that can be used to verify and troubleshoot OSPF are the debug commands. These commands will show statistics of OSPF as they happen and therefore can consume a lot of processing power.

    • Debug ip ospf adj
    • Debug ip ospf hello

    Verify connectivity

    After you have configured OSPF on all four routers and verified that all routers have converged and have all the routes, you need to verify connectivity by pinging all the host devices.

    • Ping from PC_A to PC_B
    • Ping from PC_B to PC_C
    • Ping from PC_A to PC_C

    If all the pings are successful, you have successfully configured OSPF, if not, follow the steps shown above and try and solve the problem.

    End of part 1

    With that we have come to the end of part one of OSPF. We have learnt the concepts of LINK STATE routing protocols and especially OSPF, we took at how OSPF works and its advantages. We also configured and verified basic operation of OSPF. In the next part, we will learn more concepts of OSPF and do more configurations.

    Read more

    Adding Speed

    The phrase “you can never get too much of a good thing” can certainly be applied to networking. Once the benefits of networking are demonstrated, there is a thirst for even faster, more reliable connections to support a growing number of users and highly-complex applications.

    [mlADhere]

    How to obtain that added bandwidth can be an issue. While repeaters allow LANs to extend beyond normal distance limitations, they still limit the number of nodes that can be supported.
    Bridges and switches on the other hand allow LANs to grow significantly larger by virtue of their ability to support full Ethernet segments on each port. Additionally, bridges and switches selectively filter network traffic to only those packets needed on each segment, significantly increasing throughput on each segment and on the overall network.

    Network managers continue to look for better performance and more flexibility for network topologies, bridges and switches. To provide a better understanding of these and related technologies, this tutorial will cover:

    • Bridges
    • Ethernet Switches
    • Routers
    • Network Design Criteria
    • When and Why Ethernets Become Too Slow
    • Increasing Performance with Fast and Gigabit Ethernet

    Bridges

    Bridges connect two LAN segments of similar or dissimilar types, such as Ethernet and Token Ring. This allows two Ethernet segments to behave like a single Ethernet allowing any pair of computers on the extended Ethernet to communicate. Bridges are transparent therefore computers don’t know whether a bridge separates them.

    Bridges map the Ethernet addresses of the nodes residing on each network segment and allow only necessary traffic to pass through the bridge. When a packet is received by the bridge, the bridge determines the destination and source segments. If the segments are the same, the packet is dropped or also referred to as “filtered”; if the segments are different, then the packet is “forwarded” to the correct segment. Additionally, bridges do not forward bad or misaligned packets.

    Bridges are also called “store-and-forward” devices because they look at the whole Ethernet packet before making filtering or forwarding decisions. Filtering packets and regenerating forwarded packets enables bridging technology to split a network into separate collision domains. Bridges are able to isolate network problems; if interference occurs on one of two segments, the bridge will receive and discard an invalid frame keeping the problem from affecting the other segment. This allows for greater distances and more repeaters to be used in the total network design.

    Dealing with Loops

    Most bridges are self-learning task bridges; they determine the user Ethernet addresses on the segment by building a table as packets that are passed through the network. However, this self-learning capability dramatically raises the potential of network loops in networks that have many bridges. A loop presents conflicting information on which segment a specific address is located and forces the device to forward all traffic. The Distributed Spanning Tree (DST) algorithm is a software standard (found in the IEEE 802.1d specification) that describes how switches and bridges can communicate to avoid network loops.

    Ethernet Switches

    Ethernet switches are an expansion of the Ethernet bridging concept. The advantage of using a switched Ethernet is parallelism. Up to one-half of the computers connected to a switch can send data at the same time.

    LAN switches link multiple networks together and have two basic architectures: cut-through and store-and-forward. In the past, cut-through switches were faster because they examined the packet destination address only before forwarding it on to its destination segment. A store-and-forward switch works like a bridge in that it accepts and analyzes the entire packet before forwarding it to its destination.

    Historically, store-and-forward took more time to examine the entire packet, although one benefit was that it allowed the switch to catch certain packet errors and keep them from propagating through the network. Today, the speed of store-and-forward switches has caught up with cut-through switches so the difference between the two is minimal. Also, there are a large number of hybrid switches available that mix both cut-through and store-and-forward architectures.

    Both cut-through and store-and-forward switches separate a network into collision domains, allowing network design rules to be extended. Each of the segments attached to an Ethernet switch has a full 10 Mbps of bandwidth shared by fewer users, which results in better performance (as opposed to hubs that only allow bandwidth sharing from a single Ethernet). Newer switches today offer high-speed links, either Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet or ATM. These are used to link switches together or give added bandwidth to high-traffic servers. A network composed of a number of switches linked together via uplinks is termed a “collapsed backbone” network.

    tutors_p2-switches

    Routers

    A router is a device that forwards data packets along networks, and determines which way to send each data packet based on its current understanding of the state of its connected networks. Routers are typically connected to at least two networks, commonly two LANs or WANs or a LAN and its Internet Service Provider’s (ISPs) network. Routers are located at gateways, the places where two or more networks connect.

    Routers filter out network traffic by specific protocol rather than by packet address. Routers also divide networks logically instead of physically. An IP router can divide a network into various subnets so that only traffic destined for particular IP addresses can pass between segments. Network speed often decreases due to this type of intelligent forwarding. Such filtering takes more time than that exercised in a switch or bridge, which only looks at the Ethernet address. However, in more complex networks, overall efficiency is improved by using routers.

    Network Design Criteria

    Ethernets and Fast Ethernets have design rules that must be followed in order to function correctly. The maximum number of nodes, number of repeaters and maximum segment distances are defined by the electrical and mechanical design properties of each type of Ethernet media.

    A network using repeaters, for instance, functions with the timing constraints of Ethernet. Although electrical signals on the Ethernet media travel near the speed of light, it still takes a finite amount of time for the signal to travel from one end of a large Ethernet to another. The Ethernet standard assumes it will take roughly 50 microseconds for a signal to reach its destination.

    Ethernet is subject to the “5-4-3” rule of repeater placement: the network can only have five segments connected; it can only use four repeaters; and of the five segments, only three can have users attached to them; the other two must be inter-repeater links.

    If the design of the network violates these repeater and placement rules, then timing guidelines will not be met and the sending station will resend that packet. This can lead to lost packets and excessive resent packets, which can slow network performance and create trouble for applications. New Ethernet standards (Fast Ethernet, GigE, and 10 GigE) have modified repeater rules, since the minimum packet size takes less time to transmit than regular Ethernet. The length of the network links allows for a fewer number of repeaters. In Fast Ethernet networks, there are two classes of repeaters. Class I repeaters have a latency of 0.7 microseconds or less and are limited to one repeater per network. Class II repeaters have a latency of 0.46 microseconds or less and are limited to two repeaters per network. The following are the distance (diameter) characteristics for these types of Fast Ethernet repeater combinations:

    Fast Ethernet Copper Fiber
    No Repeaters
    One Class I Repeater
    One Class II Repeater
    Two Class II Repeaters
    100m
    200m
    200m
    205m
    412m*
    272m
    272m
    228m

    * Full Duplex Mode 2 km

    When conditions require greater distances or an increase in the number of nodes/repeaters, then a bridge, router or switch can be used to connect multiple networks together. These devices join two or more separate networks, allowing network design criteria to be restored. Switches allow network designers to build large networks that function well. The reduction in costs of bridges and switches reduces the impact of repeater rules on network design.

    Each network connected via one of these devices is referred to as a separate collision domain in the overall network.

    When and Why Ethernets Become Too Slow

    As more users are added to a shared network or as applications requiring more data are added, performance deteriorates. This is because all users on a shared network are competitors for the Ethernet bus. On a moderately loaded 10Mbps Ethernet network that is shared by 30-50 users, that network will only sustain throughput in the neighborhood of 2.5Mbps after accounting for packet overhead, interpacket gaps and collisions.

    Increasing the number of users (and therefore packet transmissions) creates a higher collision potential. Collisions occur when two or more nodes attempt to send information at the same time. When they realize that a collision has occurred, each node shuts off for a random time before attempting another transmission. With shared Ethernet, the likelihood of collision increases as more nodes are added to the shared collision domain of the shared Ethernet. One of the steps to alleviate this problem is to segment traffic with a bridge or switch. A switch can replace a hub and improve network performance. For example, an eight-port switch can support eight Ethernets, each running at a full 10 Mbps. Another option is to dedicate one or more of these switched ports to a high traffic device such as a file server.

    Greater throughput is required to support multimedia and video applications. When added to the network, Ethernet switches provide a number of enhancements over shared networks that can support these applications. Foremost is the ability to divide networks into smaller and faster segments. Ethernet switches examine each packet, determine where that packet is destined and then forward that packet to only those ports to which the packet needs to go. Modern switches are able to do all these tasks at “wirespeed,” that is, without delay.

    Aside from deciding when to forward or when to filter the packet, Ethernet switches also completely regenerate the Ethernet packet. This regeneration and re-timing allows each port on a switch to be treated as a complete Ethernet segment, capable of supporting the full length of cable along with all of the repeater restrictions. The standard Ethernet slot time required in CSMA/CD half-duplex modes is not long enough for running over 100m copper, so Carrier Extension is used to guarantee a 512-bit slot time.

    Additionally, bad packets are identified by Ethernet switches and immediately dropped from any future transmission. This “cleansing” activity keeps problems isolated to a single segment and keeps them from disrupting other network activity. This aspect of switching is extremely important in a network environment where hardware failures are to be anticipated. Full duplex doubles the bandwidth on a link, and is another method used to increase bandwidth to dedicated workstations or servers. Full duplex modes are available for standard Ethernet, Fast Ethernet, and Gigabit Ethernet. To use full duplex, special network interface cards are installed in the server or workstation, and the switch is programmed to support full duplex operation.

    Increasing Performance with Fast and Gigabit Ethernet

    Implementing Fast or Gigabit Ethernet to increase performance is the next logical step when Ethernet becomes too slow to meet user needs. Higher traffic devices can be connected to switches or each other via Fast Ethernet or Gigabit Ethernet, providing a great increase in bandwidth. Many switches are designed with this in mind, and have Fast Ethernet uplinks available for connection to a file server or other switches. Eventually, Fast Ethernet can be deployed to user desktops by equipping all computers with Fast Ethernet network interface cards and using Fast Ethernet switches and repeaters.

    With an understanding of the underlying technologies and products in use in Ethernet networks, the next tutorial will advance to a discussion of some of the most popular real-world applications.

    Read more

    What Is Packet Sniffing

    Sniffer Attack. A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.Attacker store the incoming and outgoing data into the packet using network sniffer tool.Apart from network sniffer,lots of packet sniffer and packet analysis tools is available which is used to check the sniffed packed.

    [mlADhere]

    Wiretapping is a process of monitoring the telephone and internet conversations by a third party attackers connect a hardware or software or combination of both to the switch carrying information between two phones or hosts on the internet.

    Types of wire taping

    1. Active wire taping: It only monitors, records the traffic (silently) and also alters the traffic.
    2. Passive wire taping: It only monitors and records the traffic.
    Sniffing attacks are vulnerable to following protocols.
    1. Telnet
    2. FTP
    3.SMTP
    4. HTTP
    5. POP3
    6. NTP
    7. IMAP
    8. SNMP
    9. RDP
    In network sniffing attacks are mostly done on data link layer and network layer of OSI reference model based switches
    Recommended sniffing tool is Wireshark.

    Wireshark is available for both windows and Linux, it is the best tool for sniffing and it&amp;rsquo;s absolutely free.

    You can download Wireshark from their official site Wireshark download.
    Session Hijacking

    1. HTTP Cookie: It is a small piece of data sent from a website and stored in the user&amp;rsquo;s web browser while the user is browsing it.
    Every time the user loads the website. a browser sends a cookie back to the server to notify the user&amp;rsquo;s previous activity.
    This is how Facebook tracks your behavior on the internet and according to that, the ads are shown on your wall.
    2. Session ID: A session ID is a unique number that a website server assigns a specific user for the duration of that users to visit or session.
    The session ID can be stored as a cookie, form feed or URL. Some web servers generate session ids by simply incrementing static members. Every time an internet user visits a specific website, a new session id&amp;rsquo;s assigned. Closing a browser and then re-opening and visiting the site again generates a new session ID. However, the same session ID is sometimes maintained as long as the browser is open in some cases web servers terminate a session and assigns a new session ID after a few minutes of inactivity.
    Session Hijacking

    It is when a hacker takes control of a user session after the user has successfully authenticated with a server, session hijacking involves an attack identifying the current session ids of a client or server communication and taking over the client&amp;rsquo;s session. Session hijacking is made possible by tools that perform sequence number prediction.

    What is Social Engineering?

    Social engineering is a non-technical method of breaking into a system or network it is the process of deceiving. Users of a system and convincing them to perform acts useful to the hacker such as giving out information that can be used to defeat or bypass security mechanisms.
    Social Engineering is important to understand because hackers can use it to attack a human element of a system and circumvent technical security measures. This method can be used to gather information before or during an attack.

    Social engineering is divided into 3 methods.

    1. Phishing: The practices of sending emails appearing to be from reputable sources with the goal of influencing or aiming personal information.
    2. Vishing: The practice of extracting information or attempting to influence action via the telephone.
    3. Impersonation: The practice of pretexting as another person with the goal of obtaining information or access to a person, company or computer system.

    Social Engineering Countermeasures in a corporate environment

    1. Train employees and helpdesk to never reveal passwords or other information by phone.
    2. Implement script bad from a token or biometric authentication, employee training and security guards.
    3. Employee trainee, best practices, and checklist for using passwords and escort all guests from shoulder surfing based attacks.
    4. Lock and monitor mail room from theft, damage or forging of mail based attacks.
    5. Keep the phone closed, server rooms locked at all times and keep updated inventory on equipment
    for attacks like attempting to gain access, remove equipment and attach a protocol analyzer to grab the confidential data.

    What is DOS attack?

    DOS ( Denial of Service) is an attack on a computer or network that prevents the genuine use of its resources. In a DoS attack attackers flood a victim&amp;rsquo;s system or network with an illegal service request or traffic to overload its resources which prevent it from performing intended tasks.
    DDoS (Distributed Denial of Service) attack

    A DDoS attack involves a multitude of compromise systems attacking a single target thereby causing DoS for users of the target system. To launch a DDoS attack an attacker uses BOTnets which are created using &amp;ldquo;RAT&amp;rdquo; and attacks a single system.

    Types Of DoS and DDoS attacks

    1.Bandwidth attacks
    2.Service Request Floods
    3.Buffer overflow
    4.Protocol based attacks
    5.HTTP flood attack
    6.SYN flood attack
    7.UDP flood attack
    8.TCP flood attack

    Read more

    Introduction to Networking

    In this day and age, networks are everywhere. The Internet has also revolutionized not only the computer world, but the lives of millions in a variety of ways even in the “real world”. We tend to take for granted that computers should be connected together. In fact, these days, whenever I have two computers in the same room, I have a difficult time not connecting them together!

    Given the ubiquitousness of networking, it's hard to believe that the field is still a relatively young one, especially when it comes to hooking up small computers like PCs. In approaching any discussion of networking, it is very useful to take a step back and look at networking from a high level. What is it, exactly, and why is it now considered so important that it is assumed that most PCs and other devices should be networked?

    Read more

    The Advantages (Benefits) of Networking

    You have undoubtedly heard the “the whole is greater than the sum of its parts”. This phrase describes networking very well, and explains why it has become so popular. A network isn't just a bunch of computers with wires running between them. Properly implemented, a network is a system that provides its users with unique capabilities, above and beyond what the individual machines and their software applications can provide.

    [mlADhere]

    Most of the benefits of networking can be divided

    into two generic categories: connectivity and sharing. Networks allow computers, and hence their users, to be connected together. They also allow for the easy sharing of information and resources, and cooperation between the devices in other ways. Since modern business depends so much on the intelligent flow and management of information, this tells you a lot about why networking is so valuable.

    Read more

Social Media Auto Publish Powered By : XYZScripts.com