Networking Video Blog Posts

YouTube Channel Playlist

YouTube Channel

 

Indian Wedding Highlights & Photoshoot Gallery – Silky Sakun Sharma

Address Resolution Protocol (ARP) Working

ARP is a layer 2 protocol, used for obtaining MAC address of any devices within a network. Host machines use ARP protocol to obtain MAC Address. ARP protocol in conjunction with Layer 3 IP Protocol addressing (IP Address).

Host machine uses ARP because when machine needs to send packet to another device, destination MAC address is needed to be written in packet sent, so host machine should know the MAC Address of destination machine. Operating Systems also maintain ARP Table (MAC Address Table).

To obtain MAC address, ARP performs following process: (ARP request by host machine)

  • Source machine generate ARP REQUEST packet with source MAC address (of this machine), source IP address (of this machine) and destination IP address and forwards this packet to switch.
  • Switch receives the incoming packet and reads the source MAC address and checks its MAC address table, if entry for packet at incoming port is found then it checks its MAC address with the source MAC address and updates it, if entry not found then switch add and entry for incoming port with MAC address.
  • All ARP REQUEST packets are broadcasted in network, so switch broadcast ARP REQUEST packet in network.

(Broadcast are those packets which are sent to everyone in network except the sender, only in network to which it belongs, it cannot span multiple networks)

  • All devices in network receives ARP packet and compare their own IP address with the destination IP address in that packet.
  • Only the machine which matches the both will reply with ARP reply packet. This packet will have source IP of this machine (which was destination machine in previous packet, as now its replying this machine will be the source machine) , source MAC address, destination MAC address (same as source MAC address in REQUEST packet) and destination IP address (same as source IP address in REQUEST packet).
  • Then switch reads the ARP reply message and add entry in its MAC Address Table for port number on which it has received packet by reading its source MAC address field and forwards that packet to destination machine (source machine in REQUEST packet) as its MAC is in destination MAC address.
  • Further host machine add destination machine entry into its ARP table.

Using this ARP protocol devices in network obtain MAC address of any other device in a network. Remember ARP works on broadcast, so it works only in a single network (local network).

To Understand How Networks Works on Layer 2 (Local Network) click here….

Ping (ICMP) is Layer 3 or Layer 4 Protocol?

Download PDF Version – Click Here

Video Post:

There is always a debate on is Ping (ICMP) a layer 3 or layer 4 protocol? If it is Layer 4 which protocol it uses TCP or UDP?

Ping is very common network utility to test the end to end connectivity between the two end points (can be machines, a router, etc). Ping utility uses ICMP protocol for its functioning.

ICMP is a Layer 3 protocol; it does not use any Layer 4 protocol for its functioning. It packs all its ICMP information under IP packet.

For test, I ping to my own website from my laptop – www.sakunsharma.in

 

So this ping generated following sequence of packets from my computer:

ICMP Packets

ICMP Packets

 

Now, let’s see first ICMP (ping) Echo request packet in detail:

ICMP Packet Detail 1

ICMP Packet Detail 1

 

From the above information we can see that ICMP do not use any Layer 4 protocol (TCP/UDP). It simply packs all ICMP information in ICMP header and packs that ICMP as data in Layer 3 IP Protocol and further in Layer 2 Ethernet and transmits.

So finally Ping (ICMP) is a Layer 3 Protocol.

 

How to install Hyper-V Client in Windows 8

Download PDF Version

Microsoft has introduced virtualization in Windows 8 client operating system for the first time. Yes, Windows 8 support client edition of Microsoft Hyper-V virtualization software.

Minimum Requirements to use Hyper-V client is:

  • 64-bit processor with SLAT (Second Level Address Translation)
  • Minimum 4 GB of RAM.

Only following versions of Windows 8 Support Hyper-V

  • Windows 8 Pro – 64-bit
  • Windows 8.1 Pro – 64-bit
  • Windows 8 Enterprise – 64-bit
  • Windows 8.1 Enterprise – 64-bit

Steps to install Hyper-V in Windows 8

  1. Open control panel
  2. Open Programs and Features
  3. On left pane – open Turn Windows Features on or off
  4. Select Hyper-V checkbox from the list.
    • If your hardware does not support you won’t be able to install the Hyper-V platform but can install management tools.

    Hyper-V Selection

    Hyper-V Selection

After this you can see Hyper-V application in your start menu.

Backup Router/Switch Configuration

Download PDF Version

I am going to mention two easy methods to backup router / switch configuration file.

  • Using Putty logging
  • Using TFTP

Using Putty Logging

  1. Open router / switch terminal via putty connection.
  2. Enter enable mode (by entering enable command).
  3. Enter command terminal length 0 (to display show run commands without breaks)
  4. Right click putty and select Change Settings.
  5. Putty Right Click

  6. Select Session
    • Logging
    • All Session output
    • Log File Name – path and filename of the config file.

    Putty Change Settings

  7. Enter command show run on your router/switch.
  8. Close the session.

Using TFTP

  1. You can transfer file from router/switch to your TFTP server.
  2. For TFTP server, you can use open source TFTPD32 application.
    • Download Link – http://tftpd32.jounin.net/tftpd32_download.html
  3. Configure your TFTPd32 application as shown in screenshot.
  4. TFTPd32 Setting

    • Current Directory – Directory where you want to store your configuration file.
  5. Enter following command in enable mode of your router / switch.
    • Copy running-config tftp:
      • Enter the tftp server address – eg. 192.168.0.101
      • Enter the file name of the config – eg. r1-config

tftp commands

tftp file receive

desktop

Similary you can use this method for copying firewall or other device configurations.

Lab: Access List (ACL) in Simple Networks

Download PDF Version


Description:

This lab demonstrates how to use access list (ACL) in simple network to filter traffic. We will use simple access list as well as ip access list in this.

Scenario:

There are two different networks connected through routers. By default router perform the routing between those two networks and working fine. Now company has deployed Client-Server Architecture, and wants to add security so that only particular hosts can access some particular server. Our responsibility is to fulfill the security requirement.

Topology:

SakunSharma_ACL_Topology

Sakun Sharma ACL Lab Topology



Requirement:

  1. Only HostC can access AccServer.
  2. Both machines can access WebServer only for HTTP Services.
  3. Only AccServer can access DatabaseServer.


Device Details:

Device
IP Address
Remarks
AccServer
192.168.1.51 / 24
Accounts Server
WebServer
192.168.1.91 / 24
Web Server
DatabaseServer
10.1.1.1 / 24
Database Server
SW1
No IP Address
Server Switch (No VLAN’s)
R1
f0/0 – 192.168.1.1/24
f1/0 – 172.16.50.1/16
f2/0 – 10.1.1.2/24
Server Network Gateway
LAN Gateway
Database Server Gateway
HostC
172.16.10.22 / 16
Accounts User
HostD
172.16.15.11 / 16
Normal User


Implementation:

We will use two ACLs which will be as follows:

  1. On R1 at s0/1 IN – IP Extended Access list – To allow HostC to access AccServer, allow both hosts to access WebServer and block access to AccServer.
  2. On R1 f2/0 OUT – Standard Access list – To allow traffic only from AccServer and block rest all.


Access Lists:

On R1 at s0/1 in:

Extended IP access list 101
10 permit ip host 172.16.10.22 host 192.168.1.51
20 permit tcp 172.16.0.0 0.0.255.255 host 192.168.1.91 eq www

Command: access-list 101 permit ip host 172.16.10.22 host 192.168.1.51
access-list 101 permit tcp 172.16.0.0 0.0.255.255 host 192.168.1.91 eq www


Here we have created an extended numbered access list 101, which contains two statements with sequence number 10 and 20.

10 : To permit all ip protocols from host 172.16.10.22 to host 192.168.1.51 – This statement will permit traffic from HostC to AccServer.

20 : To permit only TCP Protocol ‘www’ (Port 80) from network 172.16.x.x to host 192.168.1.91 – This statements permit only HTTP traffic from 172.16.x.x network to WebServer.

:: Implicit Deny – At the end of every access list there is Implicit Deny, means packet which does not match any criteria above will be dropped. So that is why all the traffic to AccServer other than from host 172.16.10.22 is dropped and all other protocol traffic to WebServer is dropped.

On R1 at fa2/0 out:

Standard IP access list 10
10 permit 192.168.1.51

Command: access-list 10 permit 192.168.1.51



Here we are creating an Standard Access List to filter traffic to Database Server. In this command at sequence no 10, we are permitting host 192.168.1.51 only, all other will be denied due to implicit deny at the end.

Accesslist


ACL Interface


Here we are assigning those access lists onto the interfaces.
Extended Access List 101 is applied at ‘interface FastEthernet1/0’ – ip access-group 101 in. It is configured as inbound access list.

Standard Access List 10 is applied at ‘interface FastEthernet2/0’ – ip access-group 10 out. It is configured as outbound access list.

Testing:

From Host C

SakunSharma_ACL


Note: Ping to 192.168.1.91 (WebServer) fails because only HTTP 80, traffic is allowed.


From Host D

SakunSharma_ACL


From AccServer

SakunSharma_AccServer

Account Server Ping




From WebServer

SakunSharma_ACL


Download GNS 3 Lab:

ACL Simple Lab: http://www.sakunsharma.in/Labs/ACL/ACL_Simple.zip



Journey to the Dreams

Download PDF Version

Dreams Dreams Dreams!!!!

We all have many dreams, but some dreams are very close to us; we badly wish they come true. We always listen from our elders that to achieve your dreams you need to work hard accordingly. We put efforts and sometimes we achieve something, but not exactly what we want.

We wish god to achieve our dreams, and god is ready to give us, still we don’t get it. Why?!

Here we need to understand something; god is always ready to support us, but still we don’t get it because we are not ready to get it. We need to prepare ourselves to receive god’s blessing. Preparing yourself means preparing for the struggle but not results. Most of the time, we alone cannot get through this struggle; that’s why god will keep on sending help for those who are putting efforts on their way to fulfil their dream.

Seeing dreams, or by wishing for them will never make it happen. We need to make it happen by working on it. So the first and most important thing is that you should understand your personality. After knowing yourself, you need to understand your dream, and where you stand now. Understanding is very important. Seeing a dream is easy and delightful, but achieving it, is never easy.

Whenever you start from somewhere with a target to reach some destination, that journey is what gives you happiness, good feeling and excitement. So don’t be scared about the tough path to achieve your dreams, because on completion of each step that you take towards your dreams, will give lots of happiness and internal satisfaction. After achieving your dreams, journey is what you won’t be able to forget in your life.

Good Luck, make your dream come true by your actions (god is with you, always helping you out), don’t just wish, make it happen.

“Some see dreams, some wishes for them to come true; others act to make them come true.”

newsletter software