system and network administration

8/7/2019 System and Network Administration

1/46

VIRTUAL LANWhat is a LAN?

Okay, most of you already know what a LAN is but lets give it a definition to make sure. We have to do

this because, if you dont know what a LAN is, you cant understand what a VLAN is.

A LAN is a local area network and is defined as all devices in the same broadcast domain. If you

remember, routers stop broadcasts, switches just forward them.

What is a VLAN?

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches.

Normally, it is a router creating that broadcast domain. With VLANs, a switch can create the broadcast

domain.

This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default

VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on

switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any

other VLAN, other than 10. However, these devices can all communicate because they are on the same

VLAN. Without additional configuration, they would not be able to communicate with any other devices,

not in their VLAN.

Are VLANs required?

It is important to point out that you dont have to configure a VLAN until your network gets so large and

has so much traffic that you need one. Many times, people are simply using VLANs because the

network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLANs are enabled by default and ALL devices are

already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all

the ports on a switch and all devices will be able to talk to one another.

When do I need a VLAN?

You need to consider using VLANs in any of the following situations:

You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN

Groups of users need more security or are being slowed down by too many broadcasts?


2/46

Groups of users need to be on the same broadcast domain because they are running the same

applications. An example would be a company that has VoIP phones. The users using the phone could be

on a different VLAN, not with the regular users.

Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network?

A common question is why not just subnet the network instead of using VLANs? Each VLAN should be in

its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different

physical locations, not going back to the same router, can be on the same network. The limitation of

subnetting a network with a router is that all devices on that subnet must be connected to the same

switch and that switch must be connected to a port on the router.

With a VLAN, one device can be connected to one switch, another device can be connected to another

switch, and those devices can still be on the same VLAN (broadcast domain).

How can devices on different VLANs communicate?

Devices on different VLANs can communicate with a router or a Layer 3 switch. As each VLAN is its own

subnet, a router or Layer 3 switch must be used to route between the subnets.

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of more than

one VLAN, that port is a trunk port.

A trunk port must run a special trunking protocol. The protocol used would be Ciscos proprietary Inter-

switch link (ISL) or the IEEE standard 802.1q.

What do VLANs offer?

VLANs offer higher performance for medium and large LANs because they limit broadcasts. As the

amount of traffic and the number of devices grow, so does the number of broadcast packets. By using

VLANs you are containing broadcasts.

VLANs also provide security because you are essentially putting one group of devices, in one VLAN, on

their own network.

Here is what we have learned:

A VLAN is a broadcast domain formed by switches Administrators must create the VLANs then assign what port goes in what VLAN, manually.


3/46

VLANs provide better performance for medium and large LANs. A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than

one VLAN.

For devices in different VLANs to communicate, you must use a router or Layer 3 switch.


4/46

Protocol Structure - VLAN: Virtual Local Area Network and the IEEE

802.1Q

IEEE 802.1Q Tagged Frame for Ethernet:

y TPID- defined value of 8100 in hex. When a frame has the EtherType equal to 8100, this framecarries the tag IEEE 802.1Q / 802.1P.

y TCI - Tag Control Information field including user priority, Canonical format indicator and VLANID.

y User Priority- Defines user priority, giving eight (2^3) priority levels. IEEE 802.1P defines theoperation for these 3 user priority bits.

y CFI- Canonical Format Indicator is always set to zero for Ethernet switches. CFI is used forcompatibility reason between Ethernet type network and Token Ring type network. If a frame

received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is

to an untagged port.y VID- VLAN ID is the identification of the VLAN, which is basically used by the standard 802.1Q. It

has 12 bits and allow the identification of4096 (2^12) VLANs. Of the 4096 possible VIDs, a VID of

0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible

VLAN configurations are 4,094.


5/46

CONFIGURING A VLAN IN LINUX

Commands to be used in configuring VLAN

add [interface-name] [vlan_id]

rem [vlan-name]

set_dflt [interface-name][vlan_id]

add_port [port-name][vlan_id]

rem_port [port-name][vlan_id]

set_egress_map [vlan-name][skb_priority][vlan_qos]

set_ingress_map [vlan-name][skb_priority][vlan_qos]

set_name_type [name-type]

set_bind_mode [bind-type]

* The [interface-name] is the name of the ethernet card that hosts

the VLAN you are talking about.

* The port-name is the name of the physical interface that a VLAN

may be attached to.

* The vlan_id is the identifier (0-4095) of the VLAN you are operating on.

* skb_priority is the priority in the socket buffer (sk_buff).

* vlan_qos is the 3 bit priority in the VLAN header

* name-type: VLAN_PLUS_VID (vlan0005), VLAN_PLUS_VID_NO_PAD (vlan5),

DEV_PLUS_VID (eth0.0005), DEV_PLUS_VID_NO_PAD (eth0.5)

* bind-type: PER_DEVICE # Allows vlan 5 on eth0 and eth1 to be unique.

PER_KERNEL # Forces vlan 5 to be unique across all devices.


6/46

To get started, you will want to download the latest vlan.X.X.tar.gz file (to your $HOME directory.)

Unpack it with your favorite commands, for example: tar -xvzf vlan.1.6.tar.gz. Alternatively, you can get

it from the CVS Repository using something like this:

Install and configure on your machine.

Specify the vlan repository:

export CVSROOT=:pserver:[email protected]:/home/cvs_user/vlan

Log in to the repository:

cvs login (PASSWORD: anonymous)

Check out the source:

mkdir vlan; cd vlan; cvs -z3 checkout vlan

Now, you should have a vlan directory in your home directory. You only have to patch the kernel if you

are using Linux 2.4.14 or earlier. Now, read the README or other docs to figure out what kernel it

patches against. A list of mirrors are kept at www.kernel.org. Unzip and un-tar this in your home

directory as well, which should create a linux directory in your $HOME directory. Example: tar -xvzf

linux-2.2.14.tar.gz

Now add the VLAN kernel changes to the kernel if your kernel requires it. I finally figured out how to do

patches that diff can handle (I think I did it right at least!). You will find the patch in the vlan directory. It

will be called: vlan.patch, or something equally straight-foward. Apply the patch to your kernel:

cd $HOME/linux

patch -p 1 < $HOME/vlan/[vlan.patch]

Your new, patched, kernel should be in your INCLUDE path before trying to compile the vconfig

program. One way to get things working is to link $HOME/linux to the 'linux' directory that you just un-

zipped and patched. A command might be something like:

cd $HOME;

ln -s /home/greear/kernel/2.4/linux.dev linux

Build the vconfig program in the $HOME/vlan directory:

cd $HOME/vlan

make


7/46

Now,compile your new kernel! Use the make xconfig command in your $HOME/linux directory to select

your kernel options. The option related to 802.1Q VLANs is found under the Networking options. If the

option is not highlighted, make sure you select "Experimental Drivers" in one of the first xconfig menus.

Assuming your kernel compiled cleanly you are now ready to try it out. Install your kernel in the normal

manner (fix up your /etc/lilo.conf file appropriately and run lilo as root.) Reboot your computer andchoose your new kernel.

As your computer comes back to life, there will be little sign that you are now 802.1Q capable, other

than a line spit out during the boot process. There should be a config programs in your $HOME/vlan

directory: vconfig. vconfig is used to create and destroy VLAN devices. So, lets create a VLAN device on

your first ethernet NIC. vconfig will list a short spiel on how to use it. The vconfig command I

usually use is:

vconfig add eth0 5

This attempts to create a VLAN device with VLAN-ID of 5 on the eth0 device. If you want to delete aVLAN, use something like:

vconfig rem eth0.5

You will also need to give it an ip, eg: ifconfig -i eth0.5 192.168.2.1

and configure it UP: ifconfig -i eth0.5 up

NOTE: You can get lots of VLAN related configuration information from the /proc/net/vlan/* files by

using 'cat' or 'more' to look at them.


8/46

ping CommandDESCRIPTION

Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol

(ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along

with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity,

reachability, and name resolution. Used without parameters, ping displays help.

SYNTAX

ping [-t] [-a] [-nCount] [-l Size] [-f] [-iTTL] [-vTOS] [-rCount] [-sCount] [{-jHostList| -k HostList}] [-

wTimeout] [TargetName]

PARAMETERS

-t : Specifies that ping continue sending Echo Request messages to the destination until interrupted. To

interrupt and display statistics, press CTRL-BREAK. To interrupt and quit ping, press CTRL-C.

-a : Specifies that reverse name resolution is performed on the destination IP address. If this is

successful, ping displays the corresponding host name.

-n Count : Specifies the number of Echo Request messages sent. The default is 4.

-l Size : Specifies the length, in bytes, of the Data field in the Echo Request messages sent. The default is

32. The maximum size is 65,527.

-f : Specifies that Echo Request messages are sent with the Don't Fragment flag in the IP header set to 1.

The Echo Request message cannot be fragmented by routers in the path to the destination. This

parameter is useful for troubleshooting path Maximum Transmission Unit (PMTU) problems.

-i TTL : Specifies the value of the TTL field in the IP header for Echo Request messages sent. The default

is the default TTL value for the host. For Windows XP hosts, this is typically 128. The maximum TTL is

255.

-v TOS : Specifies the value of the Type of Service (TOS) field in the IP header for Echo Request messages

sent. The default is 0. TOS is specified as a decimal value from 0 to 255.

-r Count: Specifies that the Record Route option in the IP header is used to record the path taken by the

Echo Request message and corresponding Echo Reply message. Each hop in the path uses an entry in

the Record Route option. If possible, specify a Countthat is equal to or greater than the number of hops

between the source and destination. The Countmust be a minimum of 1 and a maximum of 9.


9/46

-s Count: Specifies that the Internet Timestamp option in the IP header is used to record the time of

arrival for the Echo Request message and corresponding Echo Reply message for each hop. The Count

must be a minimum of 1 and a maximum of4.

-j HostList: Specifies that the Echo Request messages use the Loose Source Route option in the IP

header with the set of intermediate destinations specified in HostList. With loose source routing,

successive intermediate destinations can be separated by one or multiple routers. The maximum

number of addresses or names in the host list is 9. The host list is a series of IP addresses (in dotted

decimal notation) separated by spaces.

-k HostList: Specifies that the Echo Request messages use the Strict Source Route option in the IP

header with the set of intermediate destinations specified in HostList. With strict source routing, the

next intermediate destination must be directly reachable (it must be a neighbor on an interface of the

router). The maximum number of addresses or names in the host list is 9. The host list is a series of IP

addresses (in dotted decimal notation) separated by spaces.

-w Timeout: Specifies the amount of time, in milliseconds, to wait for the Echo Reply message that

corresponds to a given Echo Request message to be received. If the Echo Reply message is not receivedwithin the time-out, the "Request timed out" error message is displayed. The default time-out is 4000 (4

seconds).

TargetName : Specifies the destination, which is identified either by IP address or host name.

ICMP PACKET DETAILS

An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes

worth of ICMP header followed by an arbitrary amount of data. When a packetsize is given, thisindicated the size of this extra piece of data (the default is 56). Thus the amount of data received inside

of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space

(the ICMP header).

If the data space is at least of size of struct timeval ping uses the beginning bytes of this space to include

a timestamp which it uses in the computation of round trip times. If the data space is shorter, no round

trip times are given.

DUPLICATE AND DAMAGED PACKETS

ping will report duplicate and damaged packets. Duplicate packets should never occur, and seem to be

caused by inappropriate link-level retransmissions. Duplicates may occur in many situations and arerarely (if ever) a good sign, although the presence of low levels of duplicates may not always be cause

for alarm. Damaged packets are obviously serious cause for alarm and often indicate broken hardware

somewhere in the ping packet's path (in the network or in the hosts).


10/46

TRYING DIFFERENT DATA PATTERNS

The (inter)network layer should never treat packets differently depending on the data contained in the

data portion. Unfortunately, data-dependent problems have been known to sneak into networks and

remain undetected for long periods of time. In many cases the particular pattern that will have problems

is something that doesn't have sufficient `transitions'', such as all ones or all zeros, or a pattern right at

the edge, such as almost all zeros. It isn't necessarily enough to specify a data pattern of all zeros (for

example) on the command line because the pattern that is of interest is at the data link level, and the

relationship between what you type and what the controllers transmit can be complicated. This means

that if you have a data-dependent problem you will probably have to do a lot of testing to find it. If you

are lucky, you may manage to find a file that either can't be sent across your network or that takes much

longer to transfer than other similar length files. You can then examine this file for repeated patterns

that you can test using the -p option of ping.

TTL DETAILS

The TTL value of an IP packet represents the maximum number of IP routers that the packet can go

through before being thrown away. In current practice you can expect each router in the Internet to

decrement the TTL field by exactly one.

The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems

use smaller values (4.3 BSD uses 30, 4.2 used 15).

The maximum possible value of this field is 255, and most Unix systems set the TTL field of ICMP

ECHO_REQUEST packets to 255. This is why you will find you can `ping'' some hosts, but not reach them

with telnet(1) or ftp(1).


11/46

EXAMPLE:


12/46

netstat CommandDESCRIPTION

Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP

routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6,

ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active

TCP connections.

SYNTAX

netstat [-a] [-e] [-n] [-o] [-pProtocol] [-r] [-s] [Interval]

PARAMETERS

-a : Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.

-e : Displays Ethernet statistics, such as the number of bytes and packets sent and received. This

parameter can be combined with -s.

-n : Displays active TCP connections, however, addresses and port numbers are expressed numerically

and no attempt is made to determine names.

-o : Displays active TCP connections and includes the process ID (PID) for each connection. You can find

the application based on the PID on theProcesses

tab in Windows Task Manager. This parameter can becombined with -a, -n, and -p.

-p Protocol: Shows connections for the protocol specified by Protocol. In this case, the Protocolcan be

tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics by protocol, Protocolcan

be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.

-s : Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP

protocols. If the IPv6 protocol for Windows XP is installed, statistics are shown for the TCP over IPv6,

UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set of protocols.

-r : Displays the contents of the IP routing table. This is equivalent to the route print command.

Interval: Redisplays the selected information every Intervalseconds. Press CTRL+C to stop the redisplay.

If this parameter is omitted, netstat prints the selected information only once.


13/46

Netstat provides statistics for the following:

Proto

The name of the protocol (TCP or UDP).

Local Address

The IP address of the local computer and the port number being used. The name of the local

computer that corresponds to the IP address and the name of the port is shown unless the -n

parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).

Foreign Address

The IP address and port number of the remote computer to which the socket is connected. The

names that corresponds to the IP address and the port are shown unless the -n parameter is

specified. If the port is not yet established, the port number is shown as an asterisk (*).

(state)

Indicates the state of a TCP connection. The possible states are as follows:

CLOSE_WAIT

CLOSED

ESTABLISHED

FIN_WAIT_1

FIN_WAIT_2

LAST_ACK

LISTEN

SYN_RECEIVED

SYN_SEND

TIMED_WAIT


14/46

EXAMPLE


15/46

ipconfig CommandDESCRIPTION

Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration

Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays

the IP address, subnet mask, and default gateway for all adapters.

SYNTAX

ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns] [/displaydns] [/registerdns]

[/showclassidAdapter] [/setclassidAdapter[ClassID]]

PARAMETERS

/all : Displays the full TCP/IP configuration for all adapters. Without this parameter, ipconfig displays

only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent

physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.

/renew [Adapter] : Renews DHCP configuration for all adapters (if an adapter is not specified) or for a

specific adapter if the Adapterparameter is included. This parameter is available only on computers

with adapters that are configured to obtain an IP address automatically. To specify an adapter name,

type the adapter name that appears when you use ipconfig without parameters.

/release [Adapter] : Sends a DHCPRELEASE message to the DHCP server to release the current DHCP

configuration and discard the IP address configuration for either all adapters (if an adapter is not

specified) or for a specific adapter if theAdapterparameter is included. This parameter disables TCP/IP

for adapters configured to obtain an IP address automatically. To specify an adapter name, type the

adapter name that appears when you use ipconfig without parameters.

/flushdns : Flushes and resets the contents of the DNS client resolver cache. During DNS

troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as

any other entries that have been added dynamically.

/displaydns : Displays the contents of the DNS client resolver cache, which includes both entries

preloaded from the local Hosts file and any recently obtained resource records for name queries

resolved by the computer. The DNS Client service uses this information to resolve frequently queriednames quickly, before querying its configured DNS servers.

/registerdns : Initiates manual dynamic registration for the DNS names and IP addresses that are

configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or

resolve a dynamic update problem between a client and the DNS server without rebooting the client

computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names

are registered in DNS.


16/46

/showclassidAdapter: Displays the DHCP class ID for a specified adapter. To see the DHCP class ID for

all adapters, use the asterisk (*) wildcard character in place ofAdapter. This parameter is available only

on computers with adapters that are configured to obtain an IP address automatically.

/setclassidAdapter[ClassID] : Configures the DHCP class ID for a specified adapter. To set the DHCP

class ID for all adapters, use the asterisk (*) wildcard character in place ofAdapter. This parameter is

available only on computers with adapters that are configured to obtain an IP address automatically. If a

DHCP class ID is not specified, the current class ID is removed.

EXAMPLE


17/46

tracert Command

DESCRIPTION

Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo

Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The

path displayed is the list of near-side router interfaces of the routers in the path between a source host

and a destination. The near-side interface is the interface of the router that is closest to the sending host

in the path. Used without parameters, tracert displays help.

SYNTAX

tracert [-d] [-hMaximumHops] [-j HostList] [-w Timeout][TargetName]

PARAMETERS

-d : Prevents tracert from attempting to resolve the IP addresses of intermediate routers to their names.

This can speed up the display oftracert results.

-h MaximumHops : Specifies the maximum number of hops in the path to search for the target

(destination). The default is 30 hops.

-j HostList: Specifies that Echo Request messages use the Loose Source Route option in the IP header

with the set of intermediate destinations specified in HostList. With loose source routing, successive

intermediate destinations can be separated by one or multiple routers. The maximum number ofaddresses or names in the host list is 9. The HostListis a series of IP addresses (in dotted decimal

notation) separated by spaces.

-w Timeout: Specifies the amount of time in milliseconds to wait for the ICMP Time Exceeded or Echo

Reply message corresponding to a given Echo Request message to be received. If not received within the

time-out, an asterisk (*) is displayed. The default time-out is 4000 (4 seconds).

TargetName : Specifies the destination, identified either by IP address or host name.


18/46

EXAMPLE


19/46

netuser

DESCRIPTION

Adds or modifies user accounts or displays user account information.

SYNTAX

net user [UserName [Password| *] [options]] [/domain]

net user [UserName {Password| *}/add [options] [/domain]]

net user [UserName [/delete] [/domain]]

PARAMETERS

UserName : Specifies the name of the user account to add, delete, modify, or view. The name of the

user account can have as many as 20 characters.

Password: Assigns or changes a password for the user's account. Type an asterisk (*) to produce a

prompt for the password. The password is not displayed when you type it at the password prompt.

/domain : Performs the operation on the domain controller in the computer's primary domain.

options : Specifies a command-line option. The following table lists valid command-line options that youcan use.

Command-line option syntax Description

/active:{no | yes} Enables or disables the user account. If the user account is not

active, the user cannot access resources on the computer. The

default is yes (that is, active).

/comment:"text" Provides a descriptive comment about the user's account. This

comment can have as many as 48 characters. Enclose the text in

quotation marks.

/countrycode:nnn Uses the operating system Country/Region codes to implement

the specified language files for a user's Help and error messages. Avalue of 0 signifies the default Country/Region code.

/expires:{{mm/dd/yyyy|

dd/mm/yyyy| mmm,dd ,yyyy} |

never}

Causes the user account to expire if you specify date. Expiration

dates can be in [mm/dd/yyyy], [dd/mm/yyyy], or [mmm,dd ,yyyy]

format, depending on the Country/Region code. Note that the

account expires at the beginning of the specified date. For the

month value, you can use numbers, spell it out, or use a three-

letter abbreviation (that is, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug,


20/46

Command-line option syntax Description

Sep, Oct, Nov, Dec). You can use two or four numbers for the year

value. Use commas or slashes to separate parts of the date. Do not

use spaces. If you omit yyyy, the next occurrence of the date (that

is, according to your computer's date and time) is assumed. For

example, the following entries are equivalent if entered betweenJan. 10, 1994, and Jan. 8, 1995:

jan,9

1/9/95

january,9,1995

1/9

/fullname:"name" Specifies a user's full name rather than a user name. Enclose the

name in quotation marks.

/homedir:Path Sets the path for the user's home directory. The path must exist.

/passwordchg:{yes | no} Specifies whether users can change their own password. The

default is yes./passwordreq:{yes | no} Specifies whether a user account must have a password. The

default is yes.

/profilepath:[Path] Sets a path for the user's logon profile. This path points to a

registry profile.

/scriptpath:Path Sets a path for the user's logon script. Path cannot be an absolute

path. Path is relative to

%systemroot%\System32\Repl\Import\Scripts.

/times:{day[-day][,day[-day]] ,time[-

time][,time[-time]] [;] | all}

Specifies the times that users are allowed to use the computer.

Time is limited to 1-hour increments. For the dayvalues, you can

spell out or use abbreviations (that is, M,T,W,Th,F,Sa,Su). You can

use 12-hour or 24-hour notation for hours. If you use 12-hour

notation, use AM and PM, or A.M. and P.M. The value all means a

user can always log on. A null value (blank) means a user can never

log on. Separate day and time with commas, and units of day and

time with semicolons (for example, M,4AM-5PM;T,1PM-3PM). Do

not use spaces when designating times.

/usercomment:"text" Specifies that an administrator can add or change the "User

comment" for the account. Enclose the text in quotation marks.

/workstations:{ComputerName[,...] |

*}

Lists as many as eight workstations from which a user can log on to

the network. Separate multiple entries in the list with commas. If

/workstations has no list or if the list is an asterisk (*), users can

log on from any computer.


21/46

EXAMPLE


22/46

net statistics Command

DESCRIPTION

Displays the statisticslog for the local Workstation or Serverservice, or the running services for

which statistics are available. Used without parameters, net statisticslists the running services

for which statistics are available.

SYNTAX

net statistics [{workstation | server}]

PARAMETERS

workstation : Displays statistics for the local Workstation service.

server : Displays statistics for the local Server service.

EXAMPLE


23/46

net start command

DESCRIPTION

Starts a service. Used without parameters, net start displays a list of services that are currently

operating.

SYNTAX

net start [service]

PARAMETERS

service : Starts the specified service. The following table lists values for service.

Value Description Remarks

alerter Starts the

Alerter service.

Start the Alerter service to send alert messages to specified users that are

connected to the server. Alert messages warn users about security,

access, and user session problems.

Use Server Manager (that is, systemroot\System32\Srvmgr.exe) to specify

the administrators who you want to receive administrative alerts. Server

Manager is available on Windows Server 2000 computers only.

Alert messages are sent as messages from the server to a user's

computer. The Messenger service must be running on the user's

computer for the user to receive alert messages.

browser Starts the

Computer

Browser service.

The Computer Browser service maintains an up-to-date list of computers

on your network and supplies the list to programs that request it.

"client

service for

netware"

Starts the Client

Service for

NetWare

service.

This command is available only if you have installed Client Service for

NetWare.

clipbook Starts the

ClipBook

service.

ClipBook permits you to cut and paste text and graphics over the network.

The ClipBook service supports ClipBook Viewer, which allows pages to be

seen by remote ClipBooks.eventlog Starts the Event

Log service.

The Event Log service logs event messages issued by programs and

Windows XP. Event Log reports contain information that can be useful in

diagnosing problems. Reports are viewed in Event Viewer. The Event Log

service must be started prior to using Event Viewer to view the logged

events.


24/46

EXAMPLE


25/46

net accounts command

DESCRIPTION

Updates the user accounts database and modifies password and logon requirements for all accounts.

SYNTAX

net accounts [/forcelogoff:{minutes | no}] [/minpwlen:length] [/maxpwage:{days | unlimited}]

[/minpwage:days] [/uniquepw:number] [/domain]

PARAMETERS

/forcelogoff:{minutes | no} : Sets the number of minutes to wait before ending a user's session with aserver when the user account or valid logon time expires. The default value, no, prevents users from

being forced to log off.

/minpwlen:length : Sets the minimum number of characters for a user account password. The range is

from 0 through 127 characters and the default is six characters.

/maxpwage:{days | unlimited} : Sets the maximum number of days that a user account's password is

valid. The unlimited value sets no maximum time. The /maxpwage command-line option must be

greater than /minpwage. The range is from 1 through 49,710 days (that is, unlimited equals 49,710

days), and the default value is 90 days.

/minpwage:days : Sets the minimum number of days before a user can change a new password. The

default value is zero days, which sets no minimum time. The range is from 0 through 49,710 days.

/uniquepw:number: Requires a user to not repeat the same password for the specified numberof

password changes. The range is from 0 through 24 password changes, and the default is five password

changes.

/domain : Performs the operation on the primary domain controller of the current domain. Otherwise,

the operation is performed on the local computer.

net help command: Displays help for the specified net command.


26/46


27/46

net stop command

DESCRIPTION

Stops a running service.

SYNTAX

net stopservice

PARAMETERS

service : Stops the specified service. The following table shows some values for service.

Value Description Remarks

alerter Stops the Alerter service. Stop the Alerter service that sends alert messages to

specified users that are connected to the server

computer. Alert messages warn users about

security, access, and user session problems.

Use Server Manager (that is,

systemroot\System32\Srvmgr.exe) to specify the

administrators who you want to receive

administrative alerts. Server Manager is available on

Windows 2000 Server computers only.

Alert messages are sent as messages from the serverto a user's computer. The Messenger service must

be running on the user's computer for the user to

receive alert messages.

browser Stops the Computer Browser

service.

The Computer Browser service maintains an up-to-

date list of computers on your network and supplies

the list to programs that request it.

"client service for

netware"

Stops the Client Service for

NetWare service.

This command is available only if you have installed

Client Service for NetWare.

clipbook Stops the ClipBook service. ClipBook permits you to cut and paste text and

graphics over the network.

The ClipBook service supports ClipBook Viewer,

which allows pages to be seen by remote ClipBooks.

dhcp client You cannot stop or pause the

DHCP Client service.

The DHCP Client service manages network

configuration by registering and updating IP

addresses and DNS names. The DHCP Client service

supports obtaining an IP address from the DHCP

service.


28/46

EXAMPLE


29/46

sc CommandService Control - Create, Start, Stop, Query or Delete any Windows SERVICE. The command options for

SC are case sensitive.

Syntax

SC [\\server] [command] [service_name] [Options]

Key

server: The machine where the service is running

Commands

query [qryOpt] Show status

queryEx [qryOpt] Show extended info - pid, flags

GetDisplayName Show the DisplayName

GetKeyName Show the ServiceKeyName

EnumDepend Show Dependencies

qc Show config - dependencies, full path etc

start START a service.

stop STOP a service

pause PAUSE a service.

continue CONTINUE a service.

create Create a service. (add it to the registry)

config permanently change the service configuration

delete Delete a service (from the registry)

control Send a control to a service

interrogate Send an INTERROGATE control request to a service

Qdescription Query the description of a service


30/46

description Change the description of a service

Qfailure Query the actions taken by a service upon failure

failure Change the actions taken by a service upon failure

sdShow Display a service's security descriptor using SDDL

SdSet Sets a service's security descriptor using SDDL

sc configThis command has a number of functions but one is to determine the status of a service at

system startup. A service can be set to run automatically, manually or not at all. The commands

are

sc config ServiceName start=flag

Here ServiceName is the name of the service andflag has one of the valuesauto, demand. or

disabled. For example, to set a service to run manually the command is

sc config ServiceName start= demand

Note that there must be a space after the equals sign. The correct value for the parameter

ServiceName may not always be obvious and the next command can be used to find it for all

services.

sc query

Information about services and drivers can be obtained with this command. Used alone it

returns a list of running services with various information about the service. Lists can be

inconvenient to read on a screen and they can be redirected to a text file. To create a text list of

running services use the command

sc query > serviceslist.txtThe path for the text file serviceslist.txt

can be anywhere that is convenient. To create a list of all services, use

sc query type= service state= all > allserviceslist.txt

To create a list of active drivers, use

sc query type= driver

Or for a list of everything, use

sc query state= all

sc startTo start up a service that is not running, usesc start ServiceName

sc stopTo stop a running service, use sc stop ServiceName However, some services cannot or should

not be stopped.


31/46

DNSDomain Name System

The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for

computers, services, or any resource connected to the Internet or a private network. It associates

various information with domain names assigned to each of the participating entities. Most importantly,

it translates domain names meaningful to humans into the numerical identifiers associated with

networking equipment for the purpose of locating and addressing these devices worldwide.

The Domain Name System distributes the responsibility of assigning domain names and mapping those

names to IP addresses by designating authoritative name servers for each domain. Authoritative name

servers are assigned to be responsible for their particular domains, and in turn can assign other

authoritative name servers for their sub-domains. This mechanism has made the DNS distributed andfault tolerant and has helped avoid the need for a single central register to be continually consulted and

updated.

Application Layer

BGP DHCP DNS FTP HTTP IMAP IRC LDAP MGCP NNTP NTP POP RIP RPC RTP SIP SMTP

SNMP SSH Telnet TLS/SSL XMPP

Transport Layer

TCP UDP DCCP SCTP RSVP ECN

Internet Layer

IP ICMP ICMPv6 IGMP IPsec

Link Layer

ARP/InARP NDP OSPF Tunnels (L2TP) PPP Media Access Control (Ethernet, DSL, ISDN, FDDI)

Domain name space

The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or

more resource records, which hold information associated with the domain name. The tree sub-divides

into zones beginning at the root zone.

Administrative responsibility over any zone may be divided by creating additional zones. Authority is

said to be delegated for a portion of the old space, usually in form of sub-domains, to another

nameserver and administrative entity. The old zone ceases to be authoritative for the new zone.


32/46

Address resolution mechanism

Domain name resolvers determine the appropriate domain name servers responsible for the domain

name in question by a sequence of queries starting with the right-most (top-level) domain label.A DNS

recursor consults three nameservers to resolve the address www.wikipedia.org.

The process entails:

A network host is configured with an initial cache (so called hints) of the known addresses of the root

nameservers. Such a hint file is updated periodically by an administrator from a reliable source.

A query to one of the root servers to find the server authoritative for the top-level domain.

A query to the obtained TLD server for the address of a DNS server authoritative for the second-level

domain.

Repetition of the previous step to process each domain name label in sequence, until the final stepwhich returns the IP address of the host sought.

The mechanism in this simple form would place a large operating burden on the root servers, with every

search for an address starting by querying one of them. Being as critical as they are to the overall

function of the system, such heavy use would create an insurmountable bottleneck for trillions of

queries placed every day. In practice caching is used in DNS servers to overcome this problem, and as a

result, root nameservers actually are involved with very little of the total traffic.

Reverse lookup

A reverse lookup is a query of the DNS for domain names when the IP address is known. Multipledomain names may be associated with an IP address. The DNS stores IP addresses in the form of domain

names as a specially formatted names in pointer (PTR) records within the infrastructure top-level

domain arpa. For IPv4, the domain is in-addr.arpa. For IPv6, the reverse lookup domain is ip6.arpa. The

IP address is represented as a name in reverse-ordered octet representation for IPv4, and reverse-

ordered nibble representation for IPv6.

When performing a reverse lookup, the DNS client converts the address into these formats, and then

queries the name for a PTR record following the delegation chain as for any DNS query. For example, the

IPv4 address 208.80.152.2 is represented as a DNS name as 2.152.80.208.in-addr.arpa. The DNS resolver

begins by querying the root servers, which point to ARIN's servers for the 208.in-addr.arpa zone. From

there the Wikimedia servers are assigned for 152.80.208.in-addr.arpa, and the PTR lookup completes by

querying the wikimedia nameserver for 2.152.80.208.in-addr.arpa, which results in an authoritative

response.


33/46

Protocol details

DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve requests.DNS queries

consist of a single UDP request from the client followed by a single UDP reply from the server. The

Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks

such as zone transfers. Some operating systems, such as HP-UX, are known to have resolver

implementations that use TCP for all queries, even when UDP would suffice.

NAME is the fully qualified domain name of the node in the tree. On the wire, the name may be

shortened using label compression where ends of domain names mentioned earlier in the packet can be

substituted for the end of the current domain name.

TYPE is the record type. It indicates the format of the data and it gives a hint of its intended use. For

example, the A record is used to translate from a domain name to an IPv4 address, the NS record lists

which name servers can answer lookups on a DNS zone, and the MX record specifies the mail server

used to handle mail for a domain specified in an e-mail address (see also List of DNS record types).

RDATA is data of type-specific relevance, such as the IP address for address records, or the priority and

hostname for MX records. Well known record types may use label compression in the RDATA field, but

"unknown" record types must not (RFC 3597).

The CLASS of a record is set to IN (for Internet) for common DNS records involving Internet hostnames,

servers, or IP addresses. In addition, the classes Chaos (CN) and Hesiod (HS) exist.Each class is an

independent name space with potentially different delegations of DNS zones.

In addition to resource records defined in a zone file, the domain name system also defines several

request types that are used only in communication with other DNS nodes (on the wire), such as when

performing zone transfers (AXFR/IXFR) or for EDNS (OPT).


34/46


35/46

IISInternet Information Services

Internet Information Services (IIS) formerly called Internet Information Server is a web server

application and set of feature extension modules created by Microsoft for use with Microsoft Windows.

It is the second most used web server behind Apache HTTP Server.

IIS is not turned on by default when Windows is installed, but it can be selected from the list of optional

features. It is available in all editions of Windows Vista and Windows 7, including Home Basic, but some

features are not supported on client versions of Windows.

Features

IIS 7 is built on a modular architecture. Modules, also called extensions, can be added or removed

individually so that only modules required for specific functionality have to be installed. IIS 7 includes

native modules as part of the full installation. These modules are individual features that the server uses

to process requests and include the following:

HTTP modules Used to perform tasks specific to HTTP in the request-processing pipeline, such as

responding to information and inquiries sent in client headers, returning HTTP errors, and redirecting

requests.


36/46

Security modules Used to perform tasks related to security in the request-processing pipeline, such as

specifying authentication schemes, performing URL authorization, and filtering requests.

Content modules Used to perform tasks related to content in the request-processing pipeline, such as

processing requests for static files, returning a default page when a client does not specify a resource in

a request, and listing the contents of a directory.

Compression modules Used to perform tasks related to compression in the request-processing

pipeline, such as compressing responses, applying Gzip compression transfer coding to responses, and

performing pre-compression of static content.

Caching modules Used to perform tasks related to caching in the request-processing pipeline, such as

storing processed information in memory on the server and using cached content in subsequent

requests for the same resource.

Logging and Diagnostics modules Used to perform tasks related to logging and diagnostics in the

request-processing pipeline, such as passing information and processing status to HTTP.sys for logging,reporting events, and tracking requests currently executing in worker processes.


37/46

Performance MonitorUsing Performance Monitor

Performance Monitor is a simple yet powerful visualization tool for viewing performance data, both in

real time and from log files. With it, you can examine performance data in a graph, histogram, or report.

Membership in the local Performance Log Users group, or equivalent, is the minimum required to

complete this procedure.

To Open Performance Monitor

1. Click on start and then click on control panel then choose Administrative tools.2. Then click on the Performance monitor then new window will appear.3. Then click on another view the new window will appear.4. Thus administrator can monitor the performance of system.

Performance Logs and Alerts overview

With Performance Logs and Alerts you can collect performance data automatically from local or remote

computers. You can view logged counter data using System Monitor or export the data to spreadsheet

programs or databases for analysis and report generation. Performance Logs and Alerts offers the

following capabilities:

y Performance Logs and Alerts collects data in a comma-separated or tab-separated format foreasy import to spreadsheet programs. A binary log-file format is also provided for circular

logging or for logging instances such as threads or processes that might begin after the log starts

collecting data. (Circular logging is the process of continuously logging data to a single file,

overwriting previous data with new data.)

y You can also collect data in an SQL database format. This option defines the name of an existingSQL database and log set within the database where the performance data will be read or

written. This file format is useful when collecting and analysing performance data at an

enterprise level rather than a per server basis.


38/46


39/46

Event ViewerDefinition:-

In Windows XP, an event is any significant occurrence in the system or in a program that requires users

to be notified, or an entry added to a log. The Event Log Service records application, security, and

system events in Event Viewer. With the event logs in Event Viewer, you can obtain information about

your hardware, software, and system components, and monitor security events on a local or remote

computer. Event logs can help you identify and diagnose the source of current system problems, or help

you predict potential system problems.

Event Log Types

A Windows XP-based computer records events in the following three logs:

y Application log: - the application log contains events logged by programs. For example, adatabase program may record a file error in the application log.

y Security log: - The security log records events such as valid and invalid logon attempts, as well asevents related to resource use, such as the creating, opening, or deleting of files.

y System log:-the system log contains events logged by Windows XP system componentsStep to View Event Logs

To open Event Viewer, follow these steps:

1. Click Start, and then click Control Panel. Click Performance and Maintenance, then clickAdministrative Tools, and then double-click Computer Management. Or, open the MMC

containing the Event Viewer snap-in.


40/46

2. In the console tree, click Event Viewer.The Application, Security, and System logs are displayed in the Event Viewer window.

3. In the details pane, double-click the event that you want to view.The Event Properties dialog box containing header information and a description of the event is

displayed.

To copy the details of the event, click the Copy button, then open a new document in the

program in which you want to paste the event (for example, Microsoft Word), and then click

Paste on the Edit menu.

To view the description of the previous or next event, click the UP ARROW or DOWN ARROW


41/46

Event Header

The event header contains the following information about the event:

y Date:-The date the event occurred.y Time:-The time the event occurred.y User:-The user name of the user that was logged on when the event occurred.y Computer:-The name of the computer where the event occurred.y Event ID:-An event number that identifies the event type. The Event ID can be used by product

support representatives to help understand what occurred in the system.

y Source:-The source of the event. This can be the name of a program, a system component, or anindividual component of a large program.

y Type:-The type of event. This can be one of the following five types: Error, Warning,Information, Success Audit, or Failure Audit.

y Category:-A classification of the event by the event source. This is primarily used in the securitylog.

Event Types

The description of each event that is logged depends on the type of event. Each event in a log can be

classified into one of the following types:

y Information:-An event that describes the successful operation of a task, such as an application,driver, or service. For example, an Information event is logged when a network driver loads

successfully.

y Warning:-An event that is not necessarily significant, however, may indicate the possibleoccurrence of a future problem. For example, a Warning message is logged when disk space

starts to run low.

y Error:-An event that describes a significant problem, such as the failure of a critical task. Errorevents may involve data loss or loss of functionality. For example, an Error event is logged if a

service fails to load during startup.

y Success Audit (Security log):-An event that describes the successful completion of an auditedsecurity event. For example, a Success Audit event is logged when a user logs on to thecomputer.

y Failure Audit (Security log):-An event that describes an audited security event that did notcomplete successfully. For example, a Failure Audit may be logged when a user cannot access a

network drive.


42/46

DHCP

The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts

(DHCP clients) to retrieve IP address assignments and other configuration information.

DHCP uses a client-server architecture. The client sends a broadcast request for

configuration information. The DHCP serverreceives the request and responds with configuration

information from its configuration database. In the absence of DHCP, all hosts on a network must be

manually configured individually - a time-consuming and often error-prone undertaking. DHCP is

popular with ISP's because it allows a host to obtain a temporary IP address.

Technical Overview

When a DHCP-configured client connects to a network, the DHCP client sends a

broadcast query requesting necessary information from a DHCP server. The DHCP server manages a pool

of IP addresses and information about client configuration parameters such as default gateway, domain

name, the name servers, other servers such as time servers, and so forth. On receiving a valid request,

the server assigns the computer an IP address, a lease (length of time the allocation is valid), and other

IP configuration parameters, such as the subnet mask and the default gateway. The query is typically

initiated immediately after booting, and must complete before the client can initiate IP-based

communication with other hosts.

Depending on implementation, the DHCP server may have three methods of allocating IP-addresses:

y dynamic allocation: A network administrator assigns a range of IP addresses to DHCP, and eachclient computer on the LAN has its IP software configured to request an IP address from the

DHCP during network initialization. The request-and-grant process uses a lease concept with a

controllable time period, allowing the DHCP server to reclaim (and then reallocate) IP addresses

that are not renewed (dynamic re-use of IP addresses).

y automatic allocation: The DHCP server permanently assigns a free IP address to a requestingclient from the range defined by the administrator. This is like dynamic allocation, but the DHCP

server keeps a table of past IP address assignments, so that it can preferentially assign to a client

the same IP address that the client previously had.

y static allocation: The DHCP server allocates an IP address based on a table with MAC address/IPaddress pairs, which are manually filled in (perhaps by a network administrator). Only

requesting clients with a MAC address listed in this table will be allocated an IP address.


43/46

FTP

File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another

over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes

separate control and data connections between the client and server. FTP users may authenticate

themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to

allow it.

History

The original specification for the File Transfer Protocol was written by Abhay Bhushan and published as

RFC 114 on 16 April 1971 and later replaced by RFC 765 (June 1980) and RFC 959 (October 1985), the

current specification. Several proposed standards amend RFC 959, for example RFC 2228 (June 1997)

proposes security extensions and RFC 2428 (September 1998) adds support for IPv6 and defines a new

type of passive mode.

Protocol overview

A client makes a TCP connection to the server's port 21. This connection, called the control connection,

remains open for the duration of the session, with a second connection, called the data connection,

opened by the server from its port 20 to a client port (specified in the negotiation dialog) as required to

transfer file data. The control connection is used for session administration (i.e., commands,

identification, passwords) exchanged between the client and server using a telnet-like protocol. For

example "RETR filename" would transfer the specified file from the server to the client. Due to this two-

port structure, FTP is considered an out-of-band, as opposed to an in-band protocol such as HTTP.

The server responds on the control connection with three digit status codes in ASCII with an optional

text message, for example "200" (or "200 OK.") means that the last command was successful. The

numbers represent the code number and the optional text represent explanations (e.g., ) or

needed parameters (e.g., ).[1] A file transfer in progress over the data

connection can be aborted using an interrupt message sent over the control connection.

FTP can be run in active or passive mode, which determine how the data connection is established. In

active mode, the client sends the server the IP address and port number on which the client will listen,

and the server initiates the TCP connection. In situations where the client is behind a firewall and unable

to accept incoming TCP connections, passive mode may be used. In this mode the client sends a PASV

command to the server and receives an IP address and port number in return. The client uses these to

open the data connection to the server. Both modes were updated in September 1998 to add support

for IPv6. Other changes were made to passive mode at that time, making it extended passive mode.


44/46

ASCII mode: used for text. Data is converted, if needed, from the sending host's character

representation to "8-bit ASCII" before transmission, and (again, if necessary) to the receiving host's

character representation. As a consequence, this mode is inappropriate for files that contain data other

than plain text.

Image mode (commonly called Binary mode): the sending machine sends each file byte for byte, andthe recipient stores the bytestream as it receives it. (Image mode support has been recommended for all

implementations ofFTP).

EBCDIC mode: use for plain text between hosts using the EBCDIC character set. This mode is otherwise

like ASCII mode.

Local mode: Allows two computers with identical setups to send data in a proprietary format without

the need to convert it to ASCII

For text files, different format control and record structure options are provided. These features were

designed to facilitate files containing Telnet or ASA formatting.

Data transfer can be done in any of three modes:

Stream mode: Data is sent as a continuous stream, relieving FTP from doing any processing. Rather, all

processing is left up to TCP. No End-of-file indicator is needed, unless the data is divided into records.

Block mode: FTP breaks the data into several blocks (block header, byte count, and data field) and then

passes it on to TCP.

Compressed mode: Data is compressed using a single algorithm (usually Run-length encoding).

Security

FTP was not designed to be a secure protocolespecially by today's standardsand has many security

weaknesses.

Bounce Attacks

Spoof Attacks

Brute Force Attacks

Packet Capture (Sniffing)

Username Protection

Port Stealing


45/46

FTP was not designed to encrypt its traffic; all transmissions are in clear text, and user names,

passwords, commands and data can be easily read by anyone able to perform packet capture (sniffing)

on the network. This problem is common to many Internet Protocol specifications (such as SMTP,

Telnet, POP and IMAP) designed prior to the creation of encryption mechanisms such as TLS or SSL.[2] A

common solution to this problem is use of the "secure", TLS-protected versions of the insecure

protocols (e.g. FTPS for FTP, TelnetS for Telnet, etc.) or selection of a different, more secure protocol

that can handle the job, such as the SFTP/SCP tools included with most implementations of the Secure

Shell protocol.

Anonymous FTP

A host that provides an FTP service may additionally provide anonymous FTP access. Users typically log

into the service with an 'anonymous' account when prompted for user name. Although users are

commonly asked to send their email address in lieu of a password, no verification is actually performed

on the supplied data;[7] examples of anonymous FTP servers can be found here.

Remote FTP or FTPmail

Where FTP access is restricted, a remote FTP (or FTPmail) service can be used to circumvent the

problem. An e-mail containing the FTP commands to be performed is sent to a remote FTP server, which

is a mail server that parses the incoming e-mail, executes the FTP commands, and sends back an e-mail

with any downloaded files as an attachment. Obviously this is less flexible than an FTP client, as it is not

possible to view directories interactively or to modify commands, and there can also be problems with

large file attachments in the response not getting through mail servers. The service was used when

some users' only internet access was via email through gateways such as a BBS or online service. As

most internet users these days have ready access to FTP, this procedure is no longer in everyday use.

Web browser support

Most common web browsers can retrieve files hosted on FTP servers, although they may not support

protocol extensions such as FTPS.[8] When an FTPrather than HTTPURL is supplied, the accessible

contents of the remote server is presented in a manner similar to that used for other Web content. A

full-featured FTP client can be run within Firefox in the form of an extension called FireFTP.

FTP URL syntax taking the form:

ftp://[[:]@][:]/[9]

NAT and Firewall traversal

FTP normally transfers data by having the server connect back to the client, after the PORT command is

sent by the client. This is problematic for both NATs and firewalls, which do not allow connections from

the Internet towards internal hosts. For NATs, an additional complication is the representation of the IP


46/46

addresses and port number in the PORT command refer to the internal host's IP address and port, rather

than the public IP address and port of the NAT.

There are two approaches to this problem. One is that the FTP client and FTP server use the PASV

command, which causes the data connection to be established from the FTP client to the server. This is

widely used by modern FTP clients. Another approach is for the NAT to alter the values of the PORTcommand, using an application-level gateway for this purpose.

Secure FTP

There are several methods of securely transferring files that have been called "Secure FTP" at one point

or another.

system and network administration

Documents