|
General
Questions
|
Q31:What
should I set for Router to make Windows XP Remote Desktop work?
(2005/7/29)
About
Internet Network
Q30:
What is DHCP (Dynamic Host Configuration Protocol)?
Q29:
What
is Dynamic IP Address?
Q28: What
is Fixed IP Address?
Q27: What
is TCP/IP?
Q26:
What
is TCP (Transmission Control Protocol)?
Q25:
What
is IP (Internet Protocol)?
Q24:
What
is ICMP Protocol and ping?
Q23:
What
is MAC Address?
Q22:
What
is UDP Protocol (User Datagram Protocol)?
Q21:
What
is Subnet Mask?
Q20:
What
is DNS (Domain Name Server)?
Q19:
What
is default gateway?
About
Broadband Router
Q18:
What
is NAT (Network Address Translation)?
Q17: What
is Router?
Q16:
What is Firewall?
Q15: What
are Hacker and Cracker?
Q14: What
is DoS (Denial of Service Attack)?
Q13: What
is IP Spoofing?
Q12:
What
is Packet Filtering?
Q11: What
is DMZ?
Q10: What
is Load Balancing?
Q09: What
is Mapped IP?
Q08: What
is Service?
Q07: What
is Virtual Server?
Q06: Which
server can be installed in DMZ?
Q05: What
is Throughput?
Q04: If
I already have an Ethernet connected by a router to Internet,
how to test another new
router?
Q03: I
already have a PC connected to an ADSL Modem to Internet,
how to insert a broadband
router between PC and ADSL modem?
Q02: How
to use ping command?
Q01: How
do I know my IP address in Windows?
|
|
Q31:What
should I set for Router to make Windows XP Remote Desktop work?
(2005/7/29)
For
Remote Desktop, you just need to setup PC in Virtual Server port
3389. (Example setting
picture)
Besides
on your XP, you must setup your accounts password and enable
Remote Desktop Control function from system Remote tag.
top
|
Q30:
What is DHCP (Dynamic Host Configuration Protocol)?
DHCP
is Dynamic Host Configuration Protocol, which is a protocol that
lets network administrators manage and allocate Internet Protocol
(IP) addresses in a network. Every computer has to have an IP
address in order to communicate with each other in a TCP/IP based
network. Without DHCP, each computer must be entered in manually the
IP address. DHCP enables the network administrators to assign the IP
from a central location and each computer receives an IP address
upon plugged with the Ethernet cable everywhere on the network.
When
a computer with no fixed IP address starts up, it asks the DHCP
server for a temporary IP address.
The DHCP server allocates an IP address, which falls within
the same sub-network as the DHCP server and does not conflict with
other computers on the network, to the client.
top
|
Q29:
What is Dynamic IP Address?
An
IP address that is assigned automatically to a client station in a
TCP/IP network by a DHCP server.
|
Q28:
What is Fixed IP Address?
An
IP address that is fixed assigned by the network administrator.
If
the IP address is officially registered and managed on the internet,
we call it public IP address. Everybody on the internet can reach
you by public IP address.
If
the IP address is not officially registered and managed only inside
your network, we call it private IP address. Nobody can reach you
through your own private IP address, because only you know its
address and not managed on the internet. There are three IP address
blocks that have been assigned as private IP address space.
|
Q27:
What is TCP/IP?
TCP/IP
is Transmission Control Protocol/ Internet Protocol. The basic
communication language or protocol of the Internet. It can also be
used as a communications protocol in a private network, i.e.
intranet or internet. When you set up with direct access to the
Internet, your computer is provided with a copy of the TCP/IP
program just as every other computer that you may send messages to
or get information from also has a copy of TCP/IP.
top
|
Q26:
What is TCP (Transmission Control Protocol)?
TCP
is a connection-oriented protocol it establishes a logical
connection between two computers.
Before transferring data, the two computers exchange control
messages to make sure a connection has been established, this
process is called handshaking.
TCP sets up control functions in the Flag field of the
Segment Header.
Compared to UDP, TCP is a very reliable protocol, and uses
PAR (Positive Acknowledgment with Re-transmission) to guarantee that
data from one host computer can reach the other host computer safely
and correctly.
|
Q25:
What is IP (Internet Protocol)?
IP
stands for Internet Protocol. IP address uniquely identifies a host
computer connected to the Internet from other Internet hosts, for
the purposes of communication through the transfer of packets.
IP has following features:
-
Defining data packet structure, packet is the basic unit of data
exchange.
-
Addressing data packets.
-
Moving data between Network layer and Transport layer.
-
Routing packets from the sender to the destination network.
-
Breaking messages into packets and reassembling the packets into
the original message.
|
Q24:
What is ICMP Protocol and ping?
ICMP
stands for Internet Control Message Protocol, it is a Network
layer of Internet protocol that reports errors and provides other
information relevant to IP packet processing. ICMP sends the
following messages: Flow Control, Destination Unreachable,
Redirecting Routes and Echo Message. For example, the UNIX command
Ping is based on ICMP to test whether a particular computer is
connected to the Internet.
top
|
Q23:
What is MAC Address?
Each
network interface card has a unique six bytes long identification
number that has been assigned in the factory.
When a data packet arrives, the network card matches the
destination address on the data packet with its own MAC address to
decide whether to receive or discard the packet.
|
Q22:
What is UDP Protocol (User Datagram Protocol)?
User
Datagram Protocol is a transport layer protocol in the TCP/IP
protocol stack.
UDP uses application program to pack user data into packets,
and IP transfer these packets into their destination.
Under UDP, applications can exchange messages with least
costs.
UDP is an unreliable, connectionless protocol.
Unreliable means that this protocol has no specification to
exchange datagram with guaranteed delivery, but it does transfer
data correctly over network.
UDP used source port, and destination port, in the message
header to transfer message to the right application.
|
Q21:
What is Subnet Mask?
The
method used for splitting IP networks into a series of sub-groups,
or subnets. The mask is a binary pattern that is matched up with the
IP address to turn part of the host ID address field into a field
for subnets.
Subnet
Mask is used to segment a network into 2, 4, 8, etc sub-networks.
For example, take a Class B network with network number
172.16.0.0 and subnet mask 255.255.244.0. The first two numbers
represents network number after segmentation.
The first 3 bits of the third number is the Subnet Number.
There are 2^3= 8 sub networks. The remaining five bits plus
the eight bits of fourth number, thirteen bits in total, are the
networks addresses available for each sub-network. Each sub-network
can have 2^13=8192 networks addresses.
|
Q20:
What is DNS (Domain Name Server)?
The
Domain Name Server (DNS) services all request from other TCP/IP
clients, routers or other servers to resolve a domain name into IP
address or vice versa. For example, if you type www.yahoo.com
in URL address line, it needs a DNS server to resolve into IP
address like 66.218.70.50.
top
|
Q19:
What is default gateway?
Every
TCP/IP node needs to know who is the next to send IP packet, if it
has no information where to send that packet, then there is an
assigned IP address who will transfer your packet to the proper
receiver. That assigned IP address is the default gateway of this
node. For example, if all workstations, servers and routers
connected on the same Ethernet, all the stations Ethernet LAN IP
address are in the same network (ex: 192.168.1.xxx), there is no
problem to send from 192.168.1.111 to 192.168.1.222. If there is a
request to send from 192.168.1.111 to 66.218.70.50 which is not the
IP address in the same Ethernet, then there is a router required to
route it to Internet. The router (192.168.1.1) is the default
gateway of all nodes in this Ethernet network.
|
Q18:
What is NAT (Network Address Translation)?
NAT
is the translation of IP addresses between internal or private
networks and the public IP addresses on the Internet. There are
three IP address blocks that have been assigned as private IP
address space:
In
Class A block:
10.0.0.0 10.255.255.255
In
Class B block:
172.16.0.0 172.31.255.255
In
Class C block:
192.168.0.0 192.168.255.255
Through
the NAT mechanism, an enterprises internal networks can use any
IP addresses that fall in the three private spaces. Note that,
private IP addresses cannot pass through routers directly to their
destinations, so there is a network address translation from private
IP to public IP required. This NAT mechanism is a natural firewall
of the LAN users.
|
Q17:
What is Router?
Between
two networks, there is a router required to let them communicate to
each other. These two network are in two different addresses. For
example, network 192.168.1.xxx and 192.168.2.xxx are two different
networks. LAN and WAN are two different networks, too. To
communicate between LAN and WAN, there is a broadband router
required. The modern broadband router is not only routing data
packet, it is usually added with many functions like DHCP Server,
NAT, Firewall, Security control as well as many application
features.
top
|
Q16:
What is Firewall?
The
firewall has three basic functions:
1.Restrict
data to enter at a control point.
2.Restrict data to flow out at a control point.
3.Keep attackers away from servers.
Firewall protects:
1.Software
data
2.Hardware data
3.Companys reputation
Firewalls
standard interfaces are
1.External
(WAN) network also known as Un-trusted Network
2.Internal (LAN) network also known as Trusted Network
3.DMZ network also known as De-Militarized Network
Add-on values of firewall are:
1.NAT
to provide company with enough IP addresses.
2.Reduce
the risk of exposing server to the outside world.
3.Record Internet usages effectively
4.Alarm the administrator to take emergency step in a timely fashion
5.Encrypt sensitive data to transfer them safely across internet
Firewall has following restriction:
1.Cant
block hackers attacks from inside.
2.Cant monitor connection that doesnt pass through firewall
3.Cant prevent new type of threats.
4.Cant
prevent viruss attacks.
top
|
Q15:
What are Hacker and Cracker?
Hackers
are those smart and aggressive programmers who actually initiate the
recent computer revolution. These programmers are crazy about
exploring new technology to solve problems and create new
methodologies.
Their objectives are to construct solid networks and not to
destroy other computer systems.
Crackers
on the other hand are programmers who attack private networks, but
dont steal or destroy data. Phrackers are people who use stolen data to enter computer
systems illegally to make damage.
|
Q14:
What is DoS (Denial of Service Attack)?
DoS
attacks disables the servers abilities to serve, makes system
connections impossible, and prevents system from providing services
to any legal or illegal users. In other word, DoSs objective is
to kick the server under attacked out of the network.
There
are four known types of DoS attacks:
-
Bandwidth
Consumption: Attackers use wider bandwidth to flood victims
bandwidth with garbage data. For example, using a T1 (1.511Mbps)
leased line to attack 56k or 128k leased line, or using several
56k sites to stuff a T3 (45Mbps).
-
Resource Exhaustion: This attack exhausts the victims systems
resources, such as CPU usage, memory, file system quota or other
system processes.
The attack can bring down the system or slow down the
system.
-
Defect
program: Attackers use programs to generate exception condition
that cant be handled by applications, systems, or embedded
hardware to cause system failure.
In many occasions, attackers send weird (system can not
identify) packet to targeted systems to cause core dumps and
attacker issue commands that has privileges to destroy the
systems in the mean time.
-
Router and DNS attacks: Attacker alter routing table and cause
legal requests to servers be rejected. This kind of attack
redirects user requests to an enterprises DNS to specific
addresses or black holes, usually un-existing addresses.
top
|
Q13:
What is IP Spoofing?
Data
packets sent is from a fake source address. If the
firewalls policy does not restrict these packets from passing
through, they could be used to attack internal servers easily.
|
Q12:
What is Packet Filtering?
Packet
Filters check the headers of IP, TCP and ICMP packets to gather
information, such as sources addresses, source ports, destination
addresses, and destination ports.
It also checks the relationships between packets to decide
whether a packet is for normal connection. In this way, attacks can
be detected and blocked.
|
Q11:
What is DMZ?
DMZ
is the network between the firewalls external interface and
routers. DMZs network number is allocated by ISPs. For example,
when the network number an ISP provides is 210.71.253.128 and subnet
mask is 255.255.255.240. Machines inside DMZ can have IP addresses ranged from
210.71.253.128 to 210.71.253.140, sixteen different IP addresses.
However, only thirteen of the sixteen IP addresses ranged from
210.71.253.129 to 210.71.253.141 are useable. 128 is the network
number, 143 is the Broadcasting Address, and 142 is used by router.
Because DMZ is located at the outside of a firewall and is
not protected by firewall, it is considered to be insecure. To fix the loophole, more firewall products provide a
dedicate DMZ interface to provide protection for DMZ connections.
In the previous example, the system manager segments the
network into two sub-networks, 210.71.253.128/29 and
210.71.253.136/29 respectively. Since the routes IP is 210.71.253.142, the external
interfaces IP must be one of 210.71.253.136/29, and DMZ
interfaces IP must belong to 210.71.253.128/29. As the following
graph shows:
top
|
Q10:
What is Load Balancing?
Load
Balancing is a function that Virtual Servers provide.
It allows a Virtual Server to be mapped to more than one
physical server, which provide the specific service at the same
time.
When a Virtual Server receives data packets, it forwards the
packet to the first physical server, and the next packet to the next
physical server.
The INTERNET FIREWALL uses Least Connection for load
balancing.
Least
Connection: Because each physical server has different processing
speeds, Least Connection forwards data packets to the physical
server with the least number of connections at that time. In this
way, each packet can have the least waiting time, and the number of
packets a server receives is proportional to its processing
efficiency.
|
Q09:
What is Mapped IP?
Both
Mapped IP and Virtual Server use IP mapping mechanism to allow
outside users access internal servers through the firewall.
They are different in following ways:
-
Virtual
Server has Load balance feature, and Mapped IP has not.
-
Virtual
Server has a one-to-many mapping relationship to physical
servers and Mapped IP is mapped to physical servers in
one-to-one fashion. A virtual server can be mapped to only one
service, such as SMTP, HTTP or FTP. A Mapped IP can be mapped to
all services provided by a physical server.
|
Q08:
What is Service?
TCP
protocol and UDP protocol provided different services. Each service
has a TCP port number and a UDP port number, such as TELNET(23),
FTP(21), SMTP(25), POP3(110), etc. This system supports two kinds of
services: standard services and user defined services. The most
popular TCP and UDP services are already defined in standard
services table, and can not be modified or deleted. Users can setup
their own services with proper TCP and UDP port numbers if
necessary. When setting up a user defined service, the clients
port number range is 1024:65535, and servers is 0:1023.
top
|
Q07:
What is Virtual Server?
The
router separates an enterprises Intranet and Internet into
internal networks and external networks respectively. Generally
speaking, in order to allocate enough IP addresses for all
computers, an enterprise assigns each computer a private IP address,
and converts it into a real IP address through the firewalls NAT
(Network Address Translation) function. If a server is located in
the internal network, outside users cant directly connect to it
by specifying the servers private IP address. First, we set the
real IP address of an external network interface to the actual IP
address of a Virtual Server. Through IP translation of the Virtual
Server, outside users can access the servers of the internal
networks.
|
Q06:
Which server can be installed in DMZ?
The
Internet router provides three Interface Ports to divide the
enterprises networks into internal networks, external networks,
and DMZ. The internal networks use private IP addresses, which
routers cant transfer. Therefore servers IP address needs to
be a real IP address instead of a private one. External Internet
users cant connect to any server with private IP address in the
internal networks directly. DMZ employs real IP addresses. By
setting the permission in DMZ policies to allow packets to flow
through, servers inside DMZ can exchange packet with any Internet IP
address. There is no restriction about which kind of server is
used in DMZ.
|
Q05:
What is Throughput?
The
amount of data transferred successfully from one point to another in
a given period of time.
For Ethernet CSMA/CD protocol, the protocol overhead as follows:
There is a minimum Frame Gap between packets: 96 Bit Time
There is a Preamble required: 64 Bit Time
There is a CRC required: 32 Bit Time
So, for transmitting 60-byte packet, the overhead is (12 + 8 + 4) /
(12 + 8 + 60 + 4) = 28.57 %
For
transmission 1,024-byte packet, the overhead is (12 + 8 + 4) / (12 +
8 + 1024 + 4) = 2.29 %
For
transmission 1,514-byte packet, the overhead is (12 + 8 + 4) / (12 +
8 + 1514 + 4) = 1.56 %
That
means physically for 100Mbps, transmission 1K bytes packet
throughput maximum is 97.71Mbps.
But considering the other interface overhead between hardware bus,
software driver, lower to upper layer protocols and other factors,
the Fast Ethernet throughput maybe up to 80 to 90 Mbps is the
sealing of the number.
top
|
Q04:
If I already have an Ethernet connected by a router to Internet, how
to test another new router?
The
router is usually shipped from factory with:
1.WAN
port set as automatically get dynamic IP address from a DHCP server.
2.LAN port set as DHCP server enabled to assign IP addresses to
clients.
You
just need to connect WAN port to the existing Ethernet and check if
WAN LED light correctly.
Then connect a Windows PC (automatically get IP address) to the LAN
port of router and check LAN LED light.
It is almost plug and play, then you may browse Internet from PC
Windows.
There is one thing maybe need to be verified, the router LAN IP
address cannot be the same as the other router.
|
Q03:
I already have a PC connected to an ADSL Modem to Internet, how to
insert a broadband
router between PC and ADSL modem?
Please
set hardware as follows:
1.ADSL
Modem LAN port connects to the router WAN port and check if WAN LED
light correctly.
2.PC LAN port connects to the router LAN port and check if LAN LED
light correctly.
Please
set software as follows:
1.Set
PC Windows to get IP address automatically from router.
(Ex: Router IP is 192.168.1.1; PC IP address is
assigned 192.168.1.100)
2.Open PCs Web browser to URL address of Router IP address
(192.168.1.1)
3.Login with default administrator password, it is usually
admin for most routers.
4.Setup WAN connection with your ADSL account/password
(PPPoE or PPTP depends on what your ISP supplied).
5.Save WAN settings and reboot the router to make it active.
There
is one thing need to be noticed, if your ISP does not supply DNS
server setting automatically, you may enter DNS server manually.
Most of the case is that you can ping to Internet by IP address, but
can not use domain name for browsing.
top
|
Q02:
How to use ping command?
It
is very easy to make sure Internet connection by ping command.
1.In
Windows DOS prompt, jut type ping and its options then press enter
to get result message of ping.
2.For example, if your PC
connected to a router with IP address 192.168.1.1, after you type
C:>ping 192.168.1.1 you get reply from that IP address, that
means your PC is connected to the router.
3.For example, if you type
C:>ping 66.218.70.50 you get reply from 66.218.70.50, that means
your PC is routed through router to the 66.218.70.50 web server.
4.If you type C:>ping www.yahoo.com
then you get reply from 66.218.70.50, that means your PC set up with
working DNS server. If you can not get reply that means your DNS
maybe not setup correctly.
5.Other ping command options as
follows: (please type ping /? To see detail)
Usage:
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r
count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout]
destination-list
|
Q01:
How do I know my IP address in Windows?
There
are different ways to know your IP address:
1.Windows
XP: Click Start -> Setting -> Network,
double click LAN Card Connection-> Support.
2.Windows 2000, open DOS Prompt, type command ipconfig
3.Window 98/Me, Click Start -> Run -> type
winipcfg
top
|
|
|
EUSSO
Technologies, Inc. is a dedicated data communication and networking
company. With professional experiences in design, production,
marketing and service support, we deliver the full range networking
products including Gigabit Ethernet, Fiber Optic, Wireless LAN,
Switches, Hubs, LAN cards, PCMCIA adapters, Converter, Transceivers.
As well as Internet Telephony Gateway, Print Servers, Broadband Router
and many others.
Copyright
EUSSO Technologies, Inc. 2003
|
|