ISC got a new Website!

The Internet Systems Consortium or commonly know as ISC has got its new look! ISC is very well-known from its very reliable free Open Source products like the DNS Server BIND and the ISC DHCP Server.

Its new website is super cool now and very well-organized than before thus making it easy for you to navigate and download the latest versions of their products. You can choose from their Current Release versions, Beta Release or Development Release versions and Maintenance Releases.

FreeBSD 101: Creating a Bridge using FreeBSD

The reason why I came across with this application is that I want to sniff and examine packets lurking around the network. I could not use my switch since I only have an unmanageable switch so I cannot configure it to do port mirroring. I tried to look for hubs but could not find either. But I do have a machine that has multiple Network Interface Cards in it so I look for ways to configure these ports to broadcast frames/packets that it received from one port to all of the other ports so I can sniff any of the packets that enter in any of the ports.

I have done this before with the help of a friend but I cannot remember the exact details on how to do it. I'm not that type of guy who takes down notes for every new procedures/configurations I have done. So I spent some time googling around and finally found this link. I am going to summarize the procedures by posting a simple shell script that will create a bridge interface in FreeBSD.

#!/bin/sh
# Filename: createbridge.sh

# load the kernel loadable module
/sbin/kldload /boot/kernel/if_bridge.ko

# create a bridge interface
/sbin/ifconfig bridge0 create

# add the network interfaces you want as member of the bridge
/sbin/ifconfig bridge0 addm em0 addm em1 addm em2

# bring these interfaces up
/sbin/ifconfig em0 up
/sbin/ifconfig em1 up
/sbin/ifconfig em2 up

# then you can assign an ip address to your bridge interface if you want
/sbin/ifconfig bridge0 inet 192.168.1.1/24

Save this script at /usr/local/etc/rc.d so that it will get executed during boot-up process. Then make the script executable and execute it:

# chmod 755 /usr/local/etc/rc.d/createbridge.sh
# /usr/local/etc/rc.d/createbridge.sh

Just as there are many ways to kill a cat, there are also other ways to create a bridge interface in FreeBSD. One of which is to do it using rc.conf. But I think you still need to add "device if_bridge" into your kernel configuration /usr/src/sys/{arch}/conf/GENERIC so that it will be dynamically loaded by the kernel everytime you create a bridge interface.

The Physical Layer

The Physical layer in the OSI model is responsible for binary transmission. This involves electronic circuits, wires, connector, voltages and data rates or speed of transmission. One of the most commonly used device that belongs to this layer is the NIC (Network Interface Card). There are different NICs for different types of networking protocol. There are also different NICs for different types of networking media or wires. For laptops that do not have a built-in network interface card, a special device called PCMCIA (Personal Computer Memory Card International Association) is used.

There are three things that you need to consider in selecting a NIC. Two of which is already mentioned, the type of Protocol your want to use in your network, the type of Media, and lastly the type of System Bus your computer have. It is called Bus because it is a collection of wires on the motherboard which carries data and timing signals from one part of a computer to another.

Types of Protocols you need to consider:

• Ethernet
• Token Ring
• FDDI

 

Types of Media:

• Twisted-pair
• Coaxial
• Wireless
• Fiber-optic

Type of System Bus:

• PCI - Peripheral Component Interconnect
• ISA - Industry Standard Architecture

CCNA Exam tip:

This would possibly come out in the CCNA Exam. Situations that require NIC installation:

• Installation of a NIC on a PC that does not already have one
• Replacement of a malfunction or damaged NIC
• Upgrade from a 10Mbps NIC to a 10/100/1000Mbps NIC
• Change to a different type of NIC, such as wireless
• Installation of secondary, or backup, NIC for network security reasons

Another very common Physical Layer device is the Modem (Modulator - Demodulator). This device provides the computer with connectivity to a telephone line. It converts the data in digital format to analog format and vice versa.

CCNA Exam tip:

This would possibly come out in the CCNA Exam. The ping command is the command used to test network connectivity. It is a basic program that can verity whether the specified IP address exist in the network and is reachable. In checking IPv6 address, you may use the ping6 command. Going deeper inside the ping command, this command will send an ICMP/ICMPv6 ECHO_REQUEST packets to elicit an ICMP/ICMPv6 ECHO_REPLY from a network host/computer.

The basic ping command synopsys:
ping <ip address> - where <ip address> is the address of the host/computer that you want to test connectivity with.

ping 127.0.0.1 - this is an internal loopback test. If your TCP/IP network configuration configuration is working well, then you will get a reply from 127.0.0.1. If you want to try IPv6, its loopback address is ::1 which is a shortcut for 0000:0000:0000:0000:0000:0000:0000:0001.

The OSI Model

In the beginning, when man discovered computer networks and its importance... there was chaos. Different brilliant people created their own brilliant ways of sending data electronically from one computer to another computer. As an end result, computers made from one vendor could not directly communicate with computers made from a different vendor for they do not follow the same communication protocols. A protocol is a set of rules or an agreement that determines the format and transmission of data.

With this the ISO (International Organization for Standardization) passed a standard to different vendors a set of standards that ensure greater compatibility and interoperability of various computer network devices.

This new standard is called the Open System Interconnection Model (or OSI Model or commonly known as the 7 OSI Layers).

The 7 OSI Layers:

1. Physical


2. Data Link


3. Network


4. Transport


5. Session


6. Presentation


7. Application

The benefits of the OSI Model are:

• It reduces complexity of the entire computer network design by slicing it into 7 different areas. You can then set your focus to one area instead of the whole computer network system.


• It standardizes interfaces. You can now clearly determine which type of interface you are going to adopt for your network so that all computers can commuication with each other without problems.


• It facilitates modular engineering for you can now focus your design to one particular layer at a time.


• While one particular vendor focuses only its development or enhancements to a particular layer, others can also enhance other layers. Thus accelerates the evolution of computer networks.


• Lastly, since it reduces the complexity of the design, it also simplifies the teaching and learning of computer networking.

FreeBSD 101 - Ports

This is probably one of the advantage of FreeBSD among other unix like operating systems. Installing or adding software packages is made easy through FreeBSD port collection. You can install a new software package in FreeBSD by going to the ports directory /usr/ports. If for example you want to install perl version 5.8, you go to /usr/ports/lang/perl5.8. Then type the following commands:

# make 
  ...
# make install
  ...

Or you type it in one line:

# make ; make install 

If you happen to install FreeBSD without the port collection, you can install it using portsnap. Follow these easy steps:

# mkdir /usr/ports
# pkg_add -r portsnap
# portsnap fetch
# portsnap extract

Your first step is to create first your ports directory if it does not exist yet, then you install portsnap, next is you download the ports collection and lastly, you install a new ports collection.

There are other ways to install FreeBSD port collection, first you can use sysinstall which is simpler to do than portsnap(oppsss!) or you can use cvsup method.

Configuring IPv6 in CentOS Linux

To configure an IPv6 address manually into your CentOS Linux, there are several files that you can choose to change to:

/etc/sysconfig/networking/profiles/default/ifcfg-eth0
/etc/sysconfig/networking/devices/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth0

Choose only one from those files and add the following lines:

IPV6INIT=yes
IPV6ADDR=2001:db8:1234:5678:0001:0002:dead:beef/64

Then, restart your network interface for changes to take effect:

#/etc/init.d/network restart
or
#service network restart

Check your interface configuration:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:cf:3f:18
          inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
     ---> inet6 addr: 2001:db8:1234:5678:0001:0002:dead:beef/64 Scope:Global
          inet6 addr: fe80::20c:29ff:fecf:3f18/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4344229 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1734857 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2992698082 (2.7 GiB)  TX bytes:102015418 (97.2 MiB)
          Interrupt:217 Base address:0x400

Observe the line pointed by the arrow, you have now a global IPv6 address.

IPv6 Documentation Prefix

The IPv6 prefix 2001:db8::/32 that we used in this article is for documentation or experimentation purposes only. But you can still use this address in your local network if you like. If you want more information about this prefix you can visit APNIC's FAQ about IPv6 Documentation Prefix or read RFC 3849: IPv6 Address Prefix Reserved for Documentation.

Enabling IPv6 in CentOS Linux

Usually, IPv6 is enabled by default during installation. But there are times that we want to take control of things manually... just like enabling or disabling IPv6 support in CentOS Linux. Some folks out there may feel that they don't need IPv6 yet and so they turn it off. Some have disabled IPv6 by default during installation but suddenly become curious about IPv6 and want to explore it, I hope this article could be of help.

The IPv6 knob in CentOS can be found at:

/etc/sysconfig/network

If you open it and your system supports IPv6 then it will look like this:

NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=localhost.localdomain

If you don't see the "NETWORKING_IPV6=yes" in your "/etc/sysconfig/network" file, that means you have not enabled IPv6 yet. Or, if you have an IPv6 support and you want to turn it off, you just change "NETWORKING_IPV6" to "no".

You then need to restart your system for changes to take effect.

CCNA Exam Tips

In taking CCNA exams, there are about 60+ questions and you are to answer them within 90 minutes. Doing a quick math, it means that you have 90 seconds to answer each question. There are simple questions where you can answer them in just 10 to 15 seconds, and there are those that would probably take you more than 90 seconds to answer. Most of these questions involve conversion from decimal to binary or from binary to decimal.

This is what I want to focus in this article. Please forgive me if this post is so elementary, I just want to share my techniques in doing decimal to binary conversions and vice-versa in order for you to possibly save time in answering CCNA questions.

Decimal to Binary Conversion

This is what I do, in a scratch pad, I wrote the following place values:

____ ____ ____ ___ ___ ___ __ __ __ _ _ _ _ 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 1

Okay, so now I will show you how to use these values. Suppose you want to convert 202 decimal to binary, how are we going to do it? Doing it the conventional way is to divide 202 by 2 then get the answer and the remainder, then divide the answer by 2 again and so on...

I am not a math wizard, so for me, I can solve faster in addition or subtraction than in division. So let me show you how to convert 202 decimal to binary using subtraction and using the values presented in Figure 1.

First, look for the HIGHEST value in Figure 1 that we can subtract to 202 that will not result to a negative answer. So what will it be? It will be 128 right? And the answer to 202-128 is 74. So write 1 above 128 in Figure 1.

____ ____ ____ ___ ___ _1_ __ __ __ _ _ _ _ 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 2

So instead of doing a repetitive division, we will be doing a repetitive subtraction. Next, look for the HIGHEST value in Figure 1 that we can subtract to 74 that will not result to a negative answer. This time, it will be 64 right? And 74-64 is 10. So write 1 above 64 in Figure 2.

____ ____ ____ ___ ___ _1_ _1 __ __ _ _ _ _ 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 3

Next, look for the HIGHEST value in Figure 1 that we can subtract to 10 that will not result to a negative answer. It's 8 right? And 10-8 is 2. So write 1 above 8 in Figure 3.

____ ____ ____ ___ ___ _1_ _1 __ __ 1 _ _ _ 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 4

Next, look for the HIGHEST value in Figure 1 that we can subtract to 2 that will not result to a negative answer. It will be 2! And 2-2 is ... So write 1 above 2 in Figure 3.

____ ____ ____ ___ ___ _1_ _1 __ __ 1 _ 1 _ 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 4

Since our previous answer was 0, let's now stop and fill in the remaining blanks with 0, and that's the binary equivalent of 202 decimal.

__0_ __0_ __0_ _0_ _0_ _1_ _1 _0 _0 1 0 1 0 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 5

The answer is 0000011001010 or simply 11001010. That's it! very elementary right? :)

Binary to Decimal Conversion

Now, let's do the reverse. Suppose we want to convert 11101011011 binary to decimal, how will we do it using Figure 1? This is so elementary again, just place the binary bits to our Figure 1 starting from the rightmost bit.

____ ____ __1_ _1_ _1_ _0_ _1 _0 _1 1 0 1 1 
4096 2048 1024 512 256 128 64 32 16 8 4 2 1
               Figure 6

Then add all the values that carries a 1 on top. That will be:

   1024
  + 512
  -----
   1536
  + 256
  -----
   1792
  +  64
  -----
   1856
  +  16
  -----
   1872 
  +   8
  -----
   1880
  +   2
  -----
   1882
  +   1
  -----
  =1883
               Figure 7

That's it! The answer is 1883.

I hope that in a little way, you have gained something from this article. If you are not planning to take the CCNA exam, perhaps you can use this to teach your 3 year old child to do conversion from decimal to binary and binary to decimal.

First IPv6 Summit in the Philippines

2008 IPv6 Summit: Philippines Moving Forward To IPv6

At last an IPv6 Summit will be held here in the Philippines! Thanks to the sponsors and organizers of this event, I hope that this event will increase the number of IPv6 ministers here in the Philippines. The event will be on May 21 to 22, 2008 at the Sofitel Philippine Plaza Manila, CCP Complex Roxas Blvd, Pasay City.

You can register online at http://ipv6summit.phnog.org

FreeBSD 101 - Adding New User

adduser command

In system adminstration, one of the first thing that you need to know is how to create or add a new user. It is a good practice not to use the 'root' account especially when you access your system remotely. We need to create a new user account with basic privilages and just allow this user to switch to 'superuser' whenever it is needed.

To add a new user in freebsd you just execute the 'adduser' command at the prompt but make sure you are using your root account when doing this.


# adduser (press enter)
Username: obispo (type the username to be added and press enter)

Full name: ark obispo (type the full name of the user account or you just press enter)

Uid (Leave empty for default): (just press enter)

Login group [obispo]: (just press enter)

Login group is obispo. Invite obispo into other groups? []: wheel (if you allow this account to be able to switch to 'superuser', type wheel then press enter or else, just press enter)

Login class [default]: (just press enter)

Shell (sh csh tcsh nologin) [sh]: (choose the shell you want to use or just press enter)

Home directory [/home/obispo]: (just press enter)

Use password-based authentication? [yes]: (just press enter)

Use an empty password? (yes/no) [no]: (just press enter)

Use a random password? (yes/no) [no]: (just press enter)

Enter password: (type in the password for obispo then press enter)

Enter password again: (retype the password for obispo the press enter)

Lock out the account after creation? [no]: (just press enter)

Username : obispo
Password : **************
Full Name : ark obispo
Uid : 1007
Class :
Groups : obispo wheel
Home : /home/obispo
Shell : /bin/sh
Locked : no
OK? (yes/no): yes (type 'yes' then press enter)

adduser: INFO: Successfully added (obispo) to the user database.
Add another user? (yes/no): no (type 'yes' if you want to add another user, otherwise, type 'no' then then press enter)

Goodbye!

#

Adding a new user to a group

If it so happen that you already have added a new user into your system and you want this user to be able to switched to 'superuser' mode, edit the file /etc/group using favorite unix text editor and append the username at the wheel group like the one shown below:


wheel:*:0:root,obispo


To switch from your newly created account to superuser, just type the command 'su' and supply your superuser(or root) password.

IPv6

Counting the days of IPv4

Who said that the world won't need 4,294,967,296 ip addresses? Well, this might be what they thought when they designed the first Internet Protocol which is commonly known as IPv4 (RFC 791). But today, the use of IPv4 address has grown exponentially which led to a rapid decrease of available ip address. JPNIC or Japan Network Information Center has released a statement about IPv4 consumption that the pool of IPv4 address is expected to run out this coming 2010
(http://www.apnic.net/news/2007/0626.html). It may not exactly fall on 2010 but truth about IPv4 address exhaustion is presistent and it will happen 2 to 4 years from now.

Why an exponential growth? Aside from the rapid growth of Internet users, you can find IPv4 address almost anywhere now. Your GPRS enabled mobile phone has an ip address and in some part of world even automobiles and home appliances can be connected and be monitored and controlled over the internet (http://www.pcmag.com/article2/0,1759,110893,00.asp).

So what if the IPv4 reaches its end? There is no need to panic, the Internet Engineering Task Force (IETF) has already designed the Next Generation Internet Protocol 10 or 12 years ago. They call it Internet Protocol Version 6 or IPv6.

IPv6 to the rescue

This is the number of available IPv6 address the world can have 2^128. This is about 3x10^38 (340,282,366,920,938,463,463,374,607,431,768,211,456) ip addresses. Still it is a finite value though, but IPv6 architects said that this number should be enough for you to have your own PAN (Personal Area Network) in which even your underware is assigned with an IPv6 address.

How is this next generation address represented? If the IPv4 address which is 32-bit long was simplified by grouping it into octets(8-bits) separated with a dot(.) and represent each octet with its equivalent value in decimal, IPv6 address which is a 128-bit address is divided into 8 16-bit fields. The separator used in IPv6 is a colon(:) and represent each 16-bit number into a 4 digit hexadecimal value. A sample IPv6 address representation is 2001:0db8:abcd:00ef:0000:0000:0000:0001.

An IPv6 address has three categories just as we have IPv4 classes. The three categories are, IPv6 Unicast Address, IPv6 Multicast Address and IPv6 Anycast Address. An IPv6 unicast address can be used as an identifier for a single interface, an IPv6 anycast address can be used as an identifier for a set of interfaces, while an IPv6 multicast address can be used as an identifier for a group of nodes.

IPv6 Advantage over IPv4

Looking at the figures, we can directly identify that IPv6 offers a much larger IP address space than IPv4. With this, it is certain that IPv6 can be the solution of the IPv4 address depletion problem. The IPv6 address architecture is also more efficient and hierarchical than the IPv4 address. This will solve the currently increasing backbone routing table size. Lastly, IPv6 address was designed with some built-in features such as security, stateless address autoconfiguration, multicast, QoS (Quality of Service) and more.

Subnetting 101

IPv4 Overview

This is intented to give a brief review on IPv4 and discover the magic of Routing IPv4 packets then unravel the secrets of Subnetting.

Basically, the Internet Protocol Address Version 4(IPv4) has 3 different usable classes, namely:Class A, Class B and Class C. There is also a group of addresses used for multicast called Class D and another group of reserved addresses used for research called, Class E. This document will focus only on Class A, B, and C.

IPV4 Review

In order to start unraveling the mystery of subnetting, let us try first to review the characteristics of an IPv4 address. An IPv4 address as we all know is 32-bits in size which is divided into 4 groups called octets. Each octet represents 8-bits of data(4 groups x 8-bits per group equals 32, right?). In writing this 32-bit IP address, each octet is separated with a dot(.) and the leftmost octet is the most significant octet and the rightmost octet is the least significant octet.

IPv4 Address Binary Representation:

In order to be able to identify to which class does an IPv4 address belong, we look at its most significant bits(the leftmost bits) of the most signifacant octet of an IPv4 address.


In Figure 2, if you try to examine a Class A address, you will find that its most significant bit is equal to 0. The first two most significant of a Class B address is 10 and Class C address starts with 110. The x's found in Figure 2 represents either 0 or 1.

Simplifying the IP address:

Suppose we have an IP address in binary: 11000011101010100101010100001111 (32 bits)
It will be divided into 4 octets separated with a dot: 11000011.10101010.01010101.00001111

But binary numbers are hard to memorize, so an IPv4 address is commonly represented in decimal formats.
11000011.10101010.01010101.00001111 is now represented as 195.170.85.15

Binary to decimal conversion:
11000011 = 195
10101010 = 170
01010101 = 85
00001111 = 15

CCNA Practice Problems:

Q1: The IPv4 address 195.170.85.15 belongs to what class?
Q2: What could be the minimum and maximum value for the first octet of a Class A address?
Q3: What could be the minimum and maximum value for the first octet of a Class B address?
Q4: What could be the minimum and maximum value for the first octet of a Class C address?

Answers will be posted in the next blog related to this article.


To be continued...
Next topic: The Magic of Routing

neuron-dump-001

I am so glad to welcome myself in the world of blogging.

A human brain has around 10 billion neurons and every bit of information we acquire or gain in each clock tick is stored in our brain in a form of neuron charges and structures. This blog will be a dump site for some of my selected neuron structures which were formed in my day to day quest for knowlege.

I hope that while you are exploring this vast virtual universe, you will find some of my dumps as one of your significant discoveries and will bookmark this site for future and further exploration.