IP BEHAVIOUR

Hi all,

Today I come up with some most basic and important concepts in IP networks. This will briefly explain you that how the datagram packet is crafted and what are all the parameters will help us to achieve the reliable delivery of the packet over the TCP/IP enabled network.


TCP AND UDP(TRANSPORT LAYER):

1. Transport layer has the responsibility to deliver the packet end-host to end-host across the network.
2. TCP makes the guaranteed delivery of the packet. (There is a lot of overhead involved in ensuring the packet delivery. It makes TCP slower).
3. But UDP won’t care about the packet delivery. (So it is faster than TCP).


TCP:

1. It only supports UNICAST only.
2. TCP packets are transported in IP packets since each packet takes a different route. So re-arranging the packet also takes care by TCP.
3. TCP protocol number is 6.

SEQUENCE NUMBER:

For achieving reliable packet delivery TCP uses SEQ.NO, it is 32-bit number. It will be chosen randomly.


ACKNOWLEDGEMENT NUMBER:

Acknowledgement number is last sequence number.

TCP DELIVERY FAILURES:

1. If TCP packet is lost from the middle of the stream, the receiver should be able to detect this. He keeps track of the next expected SEQ.NO.
2. If it receives the TCP packet with the SEQ.NO after one it expects, it will not acknowledge the OUT-OF-ORDER SEQ.NO ERROR. Instead it will send ACK of the next expected SEQ.NO.
3. There are three maximum duplicate acknowledgement packets to convenience the sender that there is some packet drop.

RETRANSMISSION TIMER:

What happens when a sending host fails to get an ACK of sent data?.

If there is response from the receiver side, then sender again will try to send the same packet again. If SRC.PORT and DEST.PORT are same for the sequence of the packets then we know that it is a retry packet.

How do we know that these are retries of the same connection not completely new connection?

First sending host waits 3 sec between the initial attempt and first try. Then it double the waiting time before sending the 2nd packet. It doubles the back off time before sending 3rd packet 12 sec later.

So here rule is IT DOUBLES THE TIME BEFORE SENDING THE SAME CONNECTION TO THE SAME HOST.

So up to now we have learned some basic concepts of TCP/IP network. From next i will come with some more in-depth concepts about the same.

Using SED tool to manipulate the files

Dear geeks,

Here I come with the topic how to manipulate the files by using SED and AWK tool. Before getting into actual topic we will have a look at about the history of these tools.

SED:

SED is often called as stream editor. Because it reads the input file lines by line. It was developed by BELL LABS.

Using this SED we can perform multiple tasks in a single command. It also REGEX compatible.

SYNTAX:

sed [option] 'instruction' input file

Where
[option] - is unix command line options.
instruction - Give the instruction which going to be performed

1.Getting the input based on the line numbers.

a).sed -n '1p' /var/log/messages

It will elaborate the first line from the given file.

b).sed -n '1,5p' /var/log/messages

Giving the 1 to 5 lines from the given file.

c). sed -n '1,5!p' /var/log/messages

Output will be all lines except first five lines.For that we have to issue the "!" symbol. It will relatively enumerate the files

d) sed -ne '$p' /var/log/messages

It prints the last printable line of the given input file.

So far we have seen how to manipulate the file based on the line number. Coming tutorial we will have a deep look into about how to use the REGEXES on SED tool. It will give more granular control than the normal manipulation.

Firewall_Best_Practices

Dear geeks,

Again I came with some wonderful topic which enables us to understand the best practice of the firewalls. Here I am going to focus Checkpoint firewall. And also it is common for all firewalls except some points. Because the checkpoint architecture is little bit different from any other firewalls.

1. Always block the multicast packets if it is not necessary.

2. Enable stealth rule.(Which protects our management server from unwanted traffic and attacks from internal machines).

3. At the end of the rule base enable Clean-up rule. It protects our network from intruders ,whom tries to get into by using flaws in our port level.

4.Try to reduce the rule as much as you can.More number of rules will make you fuzzy about it.

5.While defining custom ports , clearly mention what that port going to be used. For example if you are going to define the port for SQL just mention as SQL_PORT.

6.Configuring auto-backup once in a week. It will help us during the time of DR.

7.Widely used rules should be placed at the top of the rule base.

8.And also multiple administrator environment try to create two profiles with one for monitoring and another one for configuring.

RegEX_Tutorial_Part_1

Hi geeks,

Today we are going to start with the RegEX features in UNIX-LIKE operating systems. Basically RegEX always POSIX compatible. Almost all programming languages supports the RegEX features. Here we start with how to manipulate the texts through BASH SHELL by using some basic commands like grep,sed,awk with RegEX.

For following illustration i am going to use the file , which contains from 1 to 1000.

For creating the file from 1 to 1000 give the following command to your terminal.

seq 1000 > thousand.txt

it will create the file which contains 1 to 1000.

1.Getting the output from based on the first string.

grep '^9' thousand.txt

The symbol "^" enables you to getting the lines which contains 9 as a first letter.


2.Getting the output from based on the last string.

grep '9$' thousand.txt

The symbol "$" enables you to getting the lines which contains 9 as a last letter.

NOTE: The "$" symbol should be placed after the string which you want to find it out.

3.Getting the output by using the neta-character (.) .

For example you want to iterate the computer that you want to manipulate the strings by any match but not at the first field. The first field always should be 9. And after 9 two string may any numbers. For that the following command will help you to search.

grep '^9..' thousand.txt

it will give you all numbers which contains 9 as the first letter and 2-nd and 3-rd numbers with any match.

grep '^9.9' thousand.txt

It will give you the numbers which contains 9 as the first number and also the last number as 9 and middle string with any match.


Likewise you can manipulate your files by inter-changing the RegEX notations. The above prototypes only will help you guys to understand what it will do while giving these input to your computer. But to manipulate the different files with different RegEX ,we have to apply rational thoughts. As this is my first article in blogs I could not able to draft it clearly. Soon I will come with new enhanced topic about RegEx with more practical explanations.