Domain Names

Domain name - the basics: 1. What is a domain name? Computers can work very well with numbers but humans are not. When you need to connect to a device on the network, you just type the IP of that device. This is obviously very confusing and difficult to remember, so the domain name (domain) is created. Like file, the domain name also has tail, they have the following meaning: .COM: commercial, company or any person. .EDU: education, usually universities or schools. .MIL: military. .GOV: government. .ORG: promotions, usually non-commercial organizations. However, people can also remove this domain.CH, .DE, .VN ...: Depending on the country registered under the world standard. Some sites may have two extensions: .COM.VN The domain name given by Internic and you have to buy it. For example if you want a website called http://www.tenban.com then you have to pay for Internic to get this site. Then you do not have to pay for domains like ten.tenban.com .... When typing a domain name, there will be a server called DNS (Domain Server Name) look up in the table referencing the corresponding IP number is what If it does not find it, it will look for another DSN! The same IP, may have different domain names and this usually happens. For example, if your ISP is vnn.com and your website is http: // www.vnn.com/mypage then you pay for mypage.com and anyone can access your site. http://www.www.mypage.com and of course http: //www.vnn.vom/mypage still exists. The "/" sign indicates the directory that hosts the site on the server. 2. Domain can tell what: When you connect to an ISP, you will have an IP and this IP will have a domain name. For example: Your ISP is vnn.com, you can have domain name users.server1.vnn.com and everyone can know who your ISP is and what your nationality is. 3. Change the domain name like: Can register a new name, buy a fixed IP or change ISP. The DNS reference table is generated from the DNS request that contains the domain. For example if you own "name.com" the DNS server will send a request to your DNS server for "ten.name.com". This reference sheet can not be repaired unless you have full access to the DNS server. But there is no reference table for every domain. So when it does not find the domain, it will send the request to another DNS. To speed up the process, DNS also has a cache. When multiple people request the same domain name, the DNS server will look in the cache first. If you send the fake information to the DNS cache and the other person to the same address they will also receive the fake information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Learn IP Learn about IP addresses 1. What is an IP address? - Each computer connected to the Internet has a unique address, which is the IP address. This address is used to distinguish the computer from the rest of the Internet - The IP address is a 32 bit number, = 4 bytes, so it is possible to see an IP address consisting of four 1-byte numbers, each with a value between 0 and 255. Each IP address consists of two The part is the network address and the host address. - IP address examples: 45.10.0.1, 168.10.45.65, ... 2. How to get your IP address and IP address of a Web site? - để xem địa chỉ của mình thì bạn vào Start --> Run then type winipcfg or go to www.whatismyip.com, it will display your IP - to view the address of a Web page, you use the nslookup command 3. IP address classes - The whole IP address is divided into 6 different classes: A, B, C, D, E and loopback. Each class will have different ways of addressing network addresses and host addresses. - Chart: IP Address Structure Layer Format Number of network bits / host bits Number of hosts / networks Total hosts / networks IP address ranges 0 32 A 0 hostid netid N.H.H.H 7/24 27-2 = 126 224-2 = 17.777.214 1.0.0.1-126.0.0.0 B 1 0 netid hostid N.N.H.H 14/16 214-2 = 16382 216-2 = 65.643 128.1.0.0-191.254.0.0 C 1 1 0 hostid netid N.N.N.H 22/8 222-2 = 4194302 28-2 = 245 192.0.1.0-223.255.254.0 D 1 1 1 0 multicast address - - - - 224.0.0.0-239.255.255.255 E 1 1 1 1 reserved - - - - 240.0.0.0-254.255.255.255 Loopback - - - - - 127.x.x.x 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com Note: N = Network, H = Host - Explain: Layer A: The first bit is equal to 0, the next 7th bits are N for the network address, so there is 27-2 = 126 in class A, the remaining 24 bits are in HHH for the host address. maximum of 224-2 = 17,777,214 machines. The cause is subtracted 2 because there are two reserved addresses are network address (x.x.x.0) and broadcast address (x.x.x.255). Class A is only for addresses of major organizations in the world. The IP address of class A is 1.0.0.1 to 126.0.0.0 Class B: bit 0 = 0, the next 14 bits for the netwrok address, the remaining 16 bits for the host address. The total number of networks in class B is 16382, with a maximum of 65,643 hosts per class (similar to class A). Class B is dedicated to the addresses of the world's midsize organizations. The address space for class B is 128.1.0.0 to 192.254.0.0 Class C: The first 3 bits are 110, the next 22 bits are for the network, and the remaining 8 bits are for the host. The maximum network class C is 4194302, the maximum number of hosts per network is 245. Class C is reserved for small organizations and your computer as well. The address space of class C is 192.0.1.0 to 223.255.254.0 Class D: The first 4 bits are always 1110. Class D is reserved for multicast groups, address ranges from 224.0.0.0 to 239.255.255.255. Class E: The first 4 bits are always 1111. Class D is for research purposes, the address space is from 240.0.0.0 to 254.255.255.255. Loopback: return address, 127.x.x. You often see the IP address 127.0.0.1, which is the IP address back to the computer you are using to connect to the network. - For example: 128.7.15.1 bin 10000000 00000111 00001111 00000001 dec 128 7 15 1 The first 2 bits are 10, so this address belongs to class B (N.N.H.H), from which you can deduce the network address is 128.7 and the machine address is 15.1. - You can also rely on the first byte of the IP address to determine quickly and accurately it belongs to any class ?! The first byte class of the IP address A 1-126 B 128-191 C 192-223 D 224-239 E 240-254 Loopback 127 - There are some special IP addresses: 0.0.0.0 - the address of the current machine 255.255.255.255 - local limited broadcast broadcast address x.x.x.255 - the direct address of the network x.x.x.0 127.x.x.x - loopback address - For example: 1 AzSoft_watermark_small.png cong-nghe? P = 1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com label: Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www .microsoft.com The gateway in the figure belongs to two different networks, so it must have two IP addresses, 128.10.2.70 and 192.5.48.7. 3. Details about the subnet - to allocate IP addresses to different networks efficiently and easily, one uses a technique called subnet. Subnet will borrow some bits of the hostid to make the subnet mask. I will show you through the examples. You just need to remember three things: The subnet mask has all the network bits and subnets equal 1, the host bits are equal to 0 All machines on the same network must have the same subnet mask In order to distinguish different subnets, the router uses the logical AND logic - Example 1: Class B class address address 128.10.0.0 can be subnet as follows: (a) use the first 8 bits of hostid to subnet: Subnet mask = 255.255.255.0 Network Network Subnet Host 11111111 11111111 11111111 00000000 255 255 255 0 Như bạn thấy số bit dành cho subnet sẽ là 8 -> there are all 28-2 = 254 subnets. The addresses of the subnets are 128.10.0.1, 128.10.0.2, 128.10.0.3, ..., 128.10.0.245 respectively. 8 bits for the host, each subnet will have 28-2 = 254 hosts, the address of the host are 128.10.xxx.1, 128.10.xxx.2, 128.10.xxx.3, ..., 128.10.xxx .254 Suppose you have a Class B network address of 128.10.0.0 that is subnet with subnet mask = 255.255.255.0 as follows: How can gateway G distinguish between hosts of subnet 128.10.1.0 or 128.10.2.0? This will perform the AND operator's IP address assignment with the subnet mask 255.255.255.0 1 cong-nghe? P = 1 128.10.1.1 AND 255.255.255.0 128. 10. 1.1 = 10000000.00001010.00000001.00000001 AND 255.255.255.0 = 11111111.11111111.11111111.00000000 Result = 10000000.00001010.00000001.00000000 1 AzSoft_watermark_big.png AzSoft_watermark_small.png cong-nghe?p=1 des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.quantrimang.com label:Some Text link_original.txt link.txt log.txt meta_desc.txt name.txt news t-142619 testimg2-0.jpg testimg2-1.jpg testimg2.jpg testimg3.jpg testimg.jpg thumb tim-hieu-excel-2016-200.jpg title_vn.txt tmp02.html tmp03.html tmp2.html tmpdesc2.txt tmpdesc3.txt tmpdesc4.txt tmpdesc5.txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.quantrimang.com www.mailenable.com www.microsoft.com [H2] 128.10.2.2 AND 255.255.255.0 128. 10. 1.1 = 10000000.00001010.00000010.00000010 AND 255.255.255.0 = 11111111.11111111.11111111.00000000 Results = 10000000.00001010.00000010.00000000 Thus, the G gateway can easily identify the subnet addresses of H1 and H2 and know it belongs to two different subnets. (b) only use the first 7 bits of hostid to subnet: Subnet mask = 255.255.254.0 = 11111111.11111111.11111110.00000000 Như vậy số bit dành cho subnet sẽ là 7 -> there are all 27-2 = 126 subnets (subnets). But in return, each subnet will have up to 510 hosts because the next 9 bits are reserved for the host, 29-2 = 510. The addresses of the subnet and host are as follows: Subnet ID Hosts 128.10.0.0 128.10.0.1-128.10.0.254 128.10.2.0 128.10.2.1-128.10.3.254 128.10.4.0 128.10.4.1-128.10.5.254 ... 128.10.254.0 128.10.254.1-128.10.255.254 + example 1: 128.10.2.1 & 128.10.3.254 ?! 128.10. 2.1 = 10000000.00001010.00000010.00000001 AND 255.255.254.0 = 11111111.11111111.11111110.00000000 Results = 10000000.00001010.00000010.00000000 128. 10. 3.254 = 10000000.00001010.00000011.11111111 AND 255.255.254. 0 = 11111111.11111111.11111110.00000000 Results = 10000000.00001010.00000010.00000000 128.10.2.1 & 128.10.3.254 belong to the same subnet Example 2: 128.10.2.1 & 128.10.5.75 1 128.10. 2.1 = 10000000.00001010.00000010.00000001 AND 255.255.254.0 = 11111111.11111111.11111110.00000000 Results = 10000000.00001010.00000010.00000000 128. 10. 5.75 = 10000000.00001010.00000101.01001011 AND 255.255.254. 0 = 11111111.11111111.11111110.00000000 Result = 10000000.00001010.00000100.00000000 128.10.2.1 & 128.10.5.75 belong to two different subnets 4. IPCalc 2.0.7 - a program that helps you calculate fast subnet mask You can find this utility on WebLH-Net disk or can also be downloaded at http://www.progression-inc.com/. 5. Distinguish between provincial IP address and dynamic IP address Computers connected to the Internet often, such as a WEB server or FTP server, must always have a fixed IP address called a static IP address. For computers that occasionally connect to the Internet, such as my computer and you use the same dial-up connection to your ISP. For example, every time I use the Internet, DHCP (Dynamic Host Configuration Protocol) server of VDC ISP will give me an IP address such as 203.162.30.209. The next time I re-enter the Internet, my IP address can be 203.162.30.186 because the VDC's DHCP server will choose a slot IP address to allocate to my machine. As such, my IP address is dynamic IP address. - to determine the dynamic IP address of your computer when using the Internet, on Windows you run Start / Run: winipcfg ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Learn Ping Learn about "Ping" What is Ping? Ping is a program that allows you to specify whether a host is alive. An example of Ping! ping www.aqnet.com Pinging www.aqnet.com 1 with 32 bytes of date: Reply from 209.54.218.119: bytes = 32 time <10ms ttl="128" reply="" from="" 209="" 54="" 218="" 119:="" bytes="32"> <10ms ttl="128" reply="" from="" 209="" 54="" 218="" 119:="" bytes="32"> <10ms ttl="128" reply="" from="" 209="" 54="" 218="" 119:="" bytes="32"> <10ms ttl="128" ping="" statistics="" for="" 209="" 54="" 218="" 119:="" packets:="" sent="4," received="4," lost="0" 0="" loss="" approximate="" round="" trip="" times="" in="" milli-seconds:="" minimum="0ms," maximum="0ms," average="0ms" c:=""> www.aqnet.com(209.54.218.119) -> alive! If you get the message "Host Alive", this means the host is no longer active! How does ping work? Ping sends an ICMP message "echo request" to the host. If an ICMP message "echo reply" is received by the host, the ping will announce the active host. If the ICMP message "echo reply" is not received by the host, ping will notify that host has stopped working! ICMP "echo request" and "echo reply" formats are as follows: 0 7 8 15 16 31 + ----------------- + ----------------- + ------------- ---- + | Type (0 or 8) | Code (0) | 16-bit Checksum | + ----------------- + ----------------- + ------------- ---- + | Indentifier | sequence number | + ----------------- + ----------------- + ------------- ---- + | | | (Optional Data) | | | + ------------------------------------------------- ---- + Whenever the host receives an ICMP request message, it replies with an identifier and a sequence number. In most Unix systems, the field indentifier is set to the process ID of the packet sending process. So, if you ping at the same time multiple times to a Unix system, the value of the indentifier that you get in each ping will be different! The sequence number field has a default value of 0. This value will be incremented each time the system responds to the ICMP request message of the ping program. Ping will print out the sequence number of each packet, which tells us whether the packet is faulty or not. (For more information on other schools, please refer to the article on the TCP-IP protocol!) Now let's take a look at the last example: # ping hackingtruths.box.sk Pinging hackingtruths.box.sk 1 with 32 bytes of date: 32 bytes from 194.x.yyy.227: icmp_seq = 0 ttl = 225 time = 0 ms 32 bytes from 194.x.yyy.227: icmp_seq = 1 ttl = 225 time = 0 ms 32 bytes from 194.x.yyy.227: icmp_seq = 2 ttl = 225 time = 0 ms 32 bytes from 194.x.yyy.227: icmp_seq = 3 ttl = 225 time = 0 ms 32 bytes from 194.x.yyy.227: icmp_seq = 4 ttl = 225 time = 0 ms 32 bytes from 194.x.yyy.227: icmp_seq = 5 ttl = 225 time = 0 ms 32 bytes from 194.x.yyy.227: icmp_seq = 6 ttl = 225 time = 0 ms ... On the first line, ping parses the hostname out of the ip address. Do you notice the icmp_seq increment from 0 after each ping receives the ICMP message "echo reply" from the host? That is the packet that we receive no error whatsoever! Ping also tells us TTL (Time To Live) time! Ping saves each time an ICMP message "echo request" is sent. When receiving the ICMP message "echo reply" from the host, Ping will take the current time minus this value will output TTL! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Learn FTP Introduce FTP is the filename of the File Transfer Protocol. FTP is a file transfer protocol based on the TCP standard so it is very reliable! Some common commands of FTP The following is a list of some commonly used commands with instructions you need to know! Ascii switches to file transfer mode in text format binary file transfer mode in binary format cd [directory] moved to directory directory cdup moved up one level hierarchy close disconnect from the server del [remote-file] delete a file on the server dir [remote-directory | file] lists the contents of the directory or list of files on the server help [command] gives instructions on the command lcd [local-directory] sets the working directory on the client to local-directory ls [remote-directory | file] [-la] lists the contents of the directory or list of files on the server; The -la parameter will list all available descriptions of permissions mdelete [remote-files] delete multiple files on the server mget [remote-files] download the files on the server mkdir Creates a directory named directory-name mput [local-files] upload files to the server open host [port] connects to an FTP server whose hostname is host and is running the FTP service at the port put [remote-file] upload the local-file to the server with the new name remote-file if possible pwd indicates the current working directory exit quit recv [local-file] receives the remote-file on the server and saves it on the local machine as local-file if possible rename [from] [to] rename the file or directory from to rmdir directory-name delete directory named directory-name send local-file [remote-file] sends the local-file from the computer to the server with the new name remote-file if possible The status of the current session The server's operating system user user-name [password] [account] login as user-name, password is password, account is account 1 call guide Examples For the best understanding, let's take a look at these examples: (I use these to upload files to the site, without the need for powerful FTP programs like WS_FTP Pro, FTPNet, CuteFTP, AbsoluteFTP, ...!) I save the site to upload to server in c: website! Now I will upload it! C:website> ftp myftpsrv // connect to the myftpsrv server Connected to myftpsrv. User (ftpsrv: (none)): dt 331 User name okay, need password. Password: 230 User logged in, proceed. ftp> pwd // indicates the current directory is working! 257 "/ home / dt" is current directory. ftp> status // view current status Type: ascii; Verbose: on; Bell: Off; Prompting: on; Globbing: on Debugging: Off; Hash mark printing: Off. // ascii = 1 ftp> cd www // transfer to the www directory 250 Directory changed to / home / dt / www ftp> put index.html // upload the index.html file to the server 200 PORT Command successful. 150 Opening the ASCII data connection mode for index.html. 226 Transfer complete. ftp: 2095 bytes sent in 0.00Seconds 2095000.00Kbytes / sec. ftp> mkdir tools // create directory / home / dt / www / tools 257 "/ home / dt / www / tools" directory created. ftp> cd tools // move to tools directory 250 Directory changed to / home / dt / www / tools ftp> lcd c: websitetools // change back local directory = c: websitetools Local directory now C: websitetools. ftp> bin // switch to binary file transfer mode 200 Type set is I. ftp> mput AzSoft_watermark_small.png des.txt en_metadesc.txt en_name.txt getpageinfo.sh getpagelink.sh imglink.txt imglist.txt img.AzSoft.com link_original.txt link.txt log.txt meta_desc.txt name.txt testimg2- Tmp03.jpg testimg2.jpg testimg3.jpg testimg.jpg .txt tmpdesc6.txt tmpdesc7.txt tmpdesc.txt tmp.html tmpresult.txt tmptrans.txt transresult.txt wm.AzSoft.com www.mailenable.com www.microsoft.com // upload all files in c: websitetools up server, go to / home / www / tools / mput test.zip? y 200 PORT Command successful. 150 Opening BINARY mode data connection for test.zip. 226 Transfer complete. ftp: 10168 bytes sent in 0.06Seconds 169.47Kbytes / sec. mput test.exe? y 200 PORT Command successful. 150 Opening BINARY mode data connection for test.exe. 226 Transfer complete. ftp: 54625 bytes sent in 0.11Seconds 496.59Kbytes / sec. ftp> ls -la // list the contents of / home / www / tools 200 PORT Command successful. 150 Opening date ASCII mode for / bin / ls. drwxr - r-- 1 dt group 0 Sep 30 14:13. drwxr - r-- 1 dt group 0 Sep 30 14:13 .. -rwxr - r-- 1 dt group 54625 Sep 30 14:14 test.exe -rwxr - r-- 1 dt group 10168 Sep 30 14:14 test.zip 226 Transfer complete. ftp: 247 bytes received in 0.00Seconds 247000.00Kbytes / sec. ftp> del test.exe // I accidentally uploaded the file to test.exe, now I need to delete it 250 DELE command succeed ftp> cd .. // move to upper level directory 250 Directory changed to / home / dt / www ftp> mkdir cgi-bin2 // create a new folder 257 "/ home / dt / www / cgi-bin2" directory created. ftp> rename cgi-bin2 cgi-bin // I entered wrong then, now rename it again! 350 File hay directory có sẵn, sẵn sàng cho đích tên 250 RNTO command successful. ftp> cd cgi-bin // move to cgi-bin directory 250 Directory changed to / home / dt / www / cgi-bin ftp> lcd c: websitecgi-bin // reset local directory! Local directory now C: websitecgi-bin. ftp> ascii // switch to text file transfer mode because i need to upload some .cgi + .pl files 200 Type set to A. ftp> put test.cgi // upload file test.cgi 200 PORT Command successful. 150 Opening ASCII mode data connection for test.cgi. 226 Transfer complete. ftp: 222 bytes sent in 0.00Seconds 222000.00Kbytes / sec. ftp> ls -la // see the contents of / home / www / cgi-bin 200 PORT Command successful. 150 Opening date ASCII mode for / bin / ls. drwxr - r-- 1 dt group 0 Sep 30 14:16. drwxr - r-- 1 dt group 0 Sep 30 14:16 .. -rwxr - r-- 1 dt group 222 Sep 30 14:17 test.cgi 226 Transfer complete. ftp: 182 bytes received in 0.00Seconds 182000.00Kbytes / sec. ftp> site chmod 755 test.cgi // set the permissions of 755 (wrxx-xr-x) for test.cgi file ftp> ls -la // I re-catalog the cgi directory again 200 PORT Command successful. 150 Opening date ASCII mode for / bin / ls. drwxr-xr-x 1 dt group 0 Sep 30 14:16. drwxr-xr-x 1 dt group 0 Sep 30 14:16 .. -rwxr-xr-x 1 dt group 222 Sep 30 14:17 test.cgi 226 Transfer complete. ftp: 182 bytes received in 0.00Seconds 182000.00Kbytes / sec. ftp> bye // all done, now i can disconnect! 221 Goodbye! C:website> Hope you understand the example above! More about FTP How to connect to an FTP server via a proxy-server, such as Wingate? Just ftp to proxy-server and type in the following form, user @ host [: port]. For example, I am running Wingate-FTP on port 21 and Serv-U FTP-Server v2.5i on port 2121. I can connect to Serv-U FTP-Server v2.5i via Wingate-FTP as follows: ftp localhost Connected to dt. 220 WinGate Engine FTP Gateway ready User (dt: (none)): dt @ localhost: 2121 331 User name okay, need password. Password: 230 User logged in, proceed. ftp> Okay, now I upload and download the file as usual! Hack with FTP FTP also said some very important information! You can easily guess the operating system of the FTP server! Take a look at these examples: ftp localhost Connected to dt. 220 dt Microsoft FTP Service (Version 1.0). Người dùng (dt: (none)): anonymous 331 Anonymous access allowed, send the identity (email) as password. Password: 230-Windows 95 FTP Service. 230 Anonymous user logged in as anonymous. Yeah! Certainly this server is PWS running on Windows! If the admin disabled the ads on the line then? Still another way! You login and issue the syst command as follows: ftp> literal syst 215 Windows_NT version 4.10 It looks like the server operating system is Win9.x or WinNT. (If you are running Linux *, just type syst). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Learn TCP Understanding TCP / IP: This is a post by NNTank aka You-Know-Who in ourviet. I only have the task of decode the mine-encode file and post it here. Hopefully the author does not complain. Please be thankful to the author. --------- TCP / IP TCP / IP consists of four layers of protocol, corresponding to seven layers of ISO OSI protocol. The four layers are composed of (in order from top to bottom): Application layer, Host-to-host layer, Internet layer, and finally Physical layer. TCP is located in the third layer (Host-to-host layer), the IP is in the second layer (Internet layer). Name Number Application layer 4 Host-to-host layer 3 Internet layer 2 Physical layer 1 Going from top to bottom, the application layer processes information and sends commands to the TCP layer to transmit and receive data. TCP stands for Transmission Control Protocol. TCP is responsible for transmitting and receiving data. TCP allows the application layer to use the IP layer (the IP layer is because of the Internet-only IP layer) transparently. This means that the application layer does not need to know what the hardware is going to do, just the data processing itself. TCP is also responsible for receiving the correct data and sending it to the correct program. TCP also checks and corrects errors by synchronizing the two data transmissions and acknowledgments from the receiving side. The IP layer is responsible for finding the optimal route for sending data over the network and for sending data down to the physical layer. The physical layer transfers data into bits and transmits data to the cable. When data arrives, the physical layer receives the data, pooled into bits, bytes and passed back to the IP layer. In turn the IP layer after checking the data belongs to the TCP protocol that will pay that data for the TCP layer (note, I use the word "TCP layer" to refer to the TCP protocol, TCP / IP does not have "layer TCP "which is" host-to-host layer ", including TCP and UDP. Operating principle: This article introduces how the TCP layer and the IP layer work. TCP Properties: - Connected (connection oriented) with 3-way handshake. - Error detection & recovery. TCP is a connected protocol. This means that every connection has prior information. For example, if A wants to connect to B, then A must tell B to know it first and wait for a reply from B. This information takes place in 3-way handshake as follows: 1. A message that wants to connect to B. (SYN) 2. B sends a message agreeing to reconnect to A. (ACK, SYN) 3. A message has been sent back to B. (ACK) SYN: synchronize, synchronize connection. ACK: acknowledgment. Process Interpretation: Step 1: A sends a SYN message to B, the port it needs to connect to, the traffic of A, the ability to send as many messages as it does not need to be recognized (windowing, explain later), and other other information. Step 2: B receives information from A, accepts the connection, sends back the received connection request from A and accepts the connection, and also sends additional information about B such as the ability to send how many messages do not need to know, etc. Step 3: A sends an ACK message to B indicating that A has received. Connection succeeded. In addition, when you want to terminate a connection, the following four steps will be taken: 1. A send signal to terminate the connection. (SYN) 2. B receives the signal and sends back the acknowledgment signal. (ACK) B sends a signal to the application layer that the connection is terminated and sends a message indicating that the message is terminating. (SYN) 4. A sends back to the B signal indicating that A has received the message from B. (ACK) In short, TCP is connected. TCP is error-prone because all messages sent by TCP are tested through a 32-bit integer that indicates the Cyclic Redundant (CRC) value of the message sent. The sender will calculate the CRC value and include it in the message. The receiver will re-calculate that value and compare it with the value sent by the sender. If incorrect, there is an error. TCP is error correction because when the error is detected, the receiver sends a false message to the sender, requesting to send back the wrong message. Not after each message is sent, there is a message received from the sender. It is possible that after 10 messages have been sent, a message has been sent. That's called the ability to send without recognition. Example: A sends B 6 turns, 1000 bytes per turn, A's non-recognizable ability is 3, B receives the complete message, the second message is wrong, the following message is normal. The process will be as follows: 1. Send B 3 messages in turn. 2. B sends back A ACK message with a value of 2000. If B receives all the complete messages, B sends back an ACK message with a value of 4000 (the next value that A can send ). 3. A send back to the second B message (from position 2000 to position 2999) and wait. At this point A hopes that B receives the first message and the complete third message, A will not have to send all the messages from the wrong address but only send the wrong message. 4. B sends back A ACK message with a value of 4000 indicating that B receives the 3 complete message and A can send the following messages, starting at position 4000. 5. Send the 4th, 5th and 6th messages to B. 6. B sends the ACK message with a value of 7000. Assuming that while sending a message 4, 5, 6, A has not yet sent the fifth message received the ACK message from B to 5000, then the window of A will be corrected to 3. If A Sends message 4, 5 and receives ACK message of B with value 5000, window A is modified to 2, A can send 2 messages 6 and 7. That is, maximum A can send 'window' number of messages. For each message sent, the window value decreases until the value is 0. When the ACK message is received, the value changes, increasing until the number of messages sent that has not received the ACK message is equal to the main window value). . In the process of transmitting such signal, if Party B feels able to receive the signal faster, then Party B sends the SYN message back to A, the message that wants to increase the window value (reducing the time and ACK message number is send). Party A will return the ACK message and manually increase the window value according to the request of Party B. In contrast, B will request A to decrease the window value. In addition, the amount of information sent in each message may vary depending on the connection. With TCP, this amount of information is measured in bytes. MTU (Maximum Transmission Unit) is the number of transmission units (with TCP calculated as bytes) for each message that can be contained. In short, TCP communication is detectable and error-correct, as well as there is automatic interference of the TCP layer depending on the transmission condition. TCP distinguishes messages sent to this program and messages sent to other programs via socket. Socket is a concept to refer to the two values ​​needed when initiating a connection. That is the IP address of the machine and the port. Suppose B runs a server, receives the connection at port 80, has an IP address of 1.1.1.1. A is the client, running two client programs to connect to B, A address is 1.1.1.2. The first client to use port 1024, the second client to use port 1025. When B receives the connection signal from client 1, B understands that the signal is from IP address 1.1.1.2 and from port 1024. Similarly, B knows client 2nd from another socket. Thus, when B answers A, B sends the information to socket corresponding to client 1 or 2 of A. When A sends to B, B also knows that information from client 1 or 2 is sent to itself via the receiver. That information comes from the client socket 1 or 2. The process of passing information to this application layer is called multiplexing. More about UDP. UDP is another transport protocol, also located in the third layer (Host-to-host layer), which also acts as TCP. Other UDP TCP is a non-connectable protocol, with no checksum and error correction. UDP is based on the top layer (application layer) to do this. UDP stands for Unreliable Datagram Protocol. The program using UDP must manually install the test data. However, the strength of UDP is that because there are not many calculations and other test information, UDP is faster than TCP, using less memory and CPU time. UDP also uses the IP address and port to identify and pass information to the class. IP has the function of passing information through the network to the end. IP does this by using a routing table based on the network address, not on the machine's address, and passing that information to the end. On the way, the information can go through many intermediaries (old documents used from the gateway, new documents from the router), also use the IP layer to forward (forward) those signals to other stations near the machine more purpose. The method of calculating a network address, host address, subnet address, and addressing issues is covered in another article. References: - Internetworking with TCP / IP volume I - TCP / IP illustrated volume I - Sybex CCNA Study Guide v2.0 IP WHAT IS 1 Each ISP has a server that is responsible for distributing IP numbers when there is an online machine and retrieving that IP address when it Disconnect. A computer with a high-speed connection (ie, always online) is assigned by ISPs a fixed IP address (called static IP), and a computer using a dial-up modem assigned by the ISP to an ISP. The IP address is temporary when online to be recognized on the Internet, when this computer Disconnect, the IP number is taken to allocate to another computer online (this IP number is called dynamic IP). In a nutshell, computers that use Modem every time online have different IP numbers. Use Scan Ip to Scan IP Addresses! After the result, you use Telnet to login to that computer with that IP, followed by Victim's Computer Port, typically Port 80, 8000, 8001 TCP. IP mask when going online: - Hello friends! Recently, some of you asked me about IP over IP. After swimming on the Internet for a while, I found some documents mentioned programs such as DC_JS, Genius, Stealth Anonymizer, Multiproxy .... I do not need these programs. All you need is a browser, a telnet and some network skills. I would like to take a little knowledge of your shallow to share with you. Here is how to cover the IP in action (Web, E-mail, FTP, Telnet). Surely you will think that simple post like that also send, please sympathy .... I send up for you Beganner. - IP cover when browsing the Web: Too simple, say you also know ... Just use Proxy is ok right. Get Configured Web Proxies are available, just type in the Web address you want to visit anonymously-Ok. If you go to the Internet to find a proxy like the following: 208.57.0.100:80... Port 80, oh this is the Proxy for the Web then. You launch Inernet Explorer. Go to Tools / Internet Options / Connection / Lan Setting. Click on Use a Proxy Setting / Advance .... There are Forms to configure Proxy for Web, FTP .... you copy 208.57.0.100 to Address and = 80 to Port. FTP to see what the Proxy is copied to notepad (FTP has Port mac dinh 21). Make sure you choose to use the Anonymous Proxy. - IP Send Mail: you can use Dnd program ... It can create fake IP as well as fake is always host. You do not mind Download it then use Webmail. Then use Proxy to access Webmail to Send mail. Your IP as well as the Mailer's Header will be the IP of the proxy that you use. - IP cover when Telnet and FTP: Here you can follow the way that you camaptrang @ mentioned the other day. Get the Wingate Sever, Telnet on it .... Then Telnet, or FTP to the target you want to cover the IP. The server that it logs is the Ip of the Wingate Server. Telnet commands, if the server uses Winnt, its command line is like the DOS command line, if Unix / Linux uses Unix / Linux, its commands are the same as Unix / Linux. FTP has the following standard command line (any server running the OS) - First you type: ftp host to connect to the FTP server, if the server is anonymous, then user / pass you can enter Guest, Anonymous or something also OK (for this type of server you can only download, dir, cd is generally not allowed to modify the file on the server), if it is Server Normal it will change User / Pass .... you must have User / Pass before Connect (with this type of server you have full rights to modify, move, del .... unlimited files on Server). After successful you will see the form. ftp> - OK! You have to connect to FTP Server then. Here are the FTP commands. If you are familiar with the need to use FTP programs like Cute FTP, WS FTP pro ... again. You type the command is done. dir-show directory and file on Server. cd-switch between folders on the server. get-download 1 file from Server. mget-Download multiple files from the server. put-upload a file to the server. mput-upload multiple files to the server. pwd-displays the current directory on the server. mkdir-create directory. rmdir-delete directory chmod-set options for directory / file hash-display detailed information about the transmission of data. ascii-switch to ascii mode. binary-switch to binary mode. close-terminate the connection. quit-exit FTP environment. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~