pc support

ICMP Protocol

ICMP

Internet control message protocol

It’s not for data transferring... It really designed for routing. Like to check

“Did I drop any packet’s….”

* It does the error handling in the network

* It debug the errors and show the message

IP protocol had no error reporting or correcting mechanis

Who send who recivee….

ICMP messages use the following format

The most important ICMP message types

Datagram

– no call setup phase

– more flexible

– more reliable in cases of switching node failures

– difficult to control network’s state and provide quality of service

• Virtual circuits

– network can provide sequencing

– traffic engineering can be applied, enabling more practical provision of quality of service (QoS) support

– less reliable in cases of switching node failures

§ The protocol is used to report problems with delivery of IP datagrams within an IP network.

§ It can be sued to show when a particular End system is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc.

§ The protocol is also frequently used by Internet managers to verify correct operations of End Systems and to check that routers are correctly routing packets to the specified destinations.

§ The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected networks called the Catenet.

§ The network connecting devices are called Gateways.

§ These gateways communicate between themselves for control purposes via a Gateway to Gateway Protocol (GGP).

§ Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing.

§ ICMP, uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and must be implemented by every IP module.

ICMP functions

Assist Troubleshooting: ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.

Announce Timeouts: If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

ICMP Applications

Ping

Traceroute

Connectivity Testing with PING

The PING utility is actually an ICMP Echo process.

An ICMP Echo Request packet consists of an Ethernet header, IP header, ICMP header, and some undefined data.

This packet is sent to the target host, which echoes back that data,

The ICMP echo request is a connectionless process with no guarantee of delivery.

Most PING utilities send a series of several echo requests to the target in order to obtain an average response time.

These response times are displayed in milliseconds.

These times should be considered a snapshot of the current round-trip time.

The PING utility included with Windows 2000 sends a series of four ICMP echo requests with a one-second ICMP Echo Reply Timeout value

§ The echo requests consist of 32 bytes of data (an alphabetical pattern)

in a fragmentable IP packet

The command-line parameters used with PING can affect the appearance and functionality of ICMP Echo packets.

Path Discovery with TRACEROUTE

The TRACEROUTE utility identifies a path from the sender to the target host using ICMP echo requests and some manipulation of the TTL value in the IP header.

Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an ICMP Time-Exceeded message to the sender.

Traceroute determines the address of the first hop by examining the source address field of the ICMP Time-Exceeded message.

To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the Time-Exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host or until the maximum TTL is reached.

To determine when a datagram reaches its destination, traceroute sets the UDP destination port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP Port Unreachable error message to the source. The Port Unreachable error message indicates to traceroute that the destination has been reached.

· RouterA prepares an ICMP echo request message, encapsulates it in an IP packet having Source address=172.16.1.1, Destination address=192.168.7.2 with Time-To-Live (TTL) value=1, Destination UDP port= anything not used (usually greater than 30000) and forwards it.

· RouterB, upon receiving this packet, decrements one unit from TTL value, hence TTL becomes 0, which means that it has to drop this packet. It replies back to the sender with an ICMP Time exceeded message, including its source address in the SA field of the IP header (SA=172.16.1.2).

· RouterA receives the response and prints out on the screen the first hop (IP address=172.16.1.2).

· Afterwars, RouterA sends the same echo request message with TTL value=2.

· RouterB decrements it by one and forwards it to RouterC which decrements by one again (TTL=0), forcing it to return an ICMP time exceeded message with SA=192.168.1.2.

RouterA now prints out the second hop on screen (IP address=192.168.1.2).

Finally RouterA sends an ICMP echo request with TTL value=3 which is terminated on RouterD. The latter passes the packet to the transport layer where the wrong UDP port number causes RouterD to issue an ICMP Port Unreachable message.

RouterA upon receiving this message from RouterD knows that it has reached the final hop which prints out on screen and stops sending any more messages.

What is a Ping (ICMP) flood attack

A ping flood is a denial-of-service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. When the attack traffic comes from multiple devices, the attack becomes a DDoS or distributed denial-of-service attack.

Fortigate Firewall - How To get Email alerts

with predefined log settings

Installing and Configuring Fortinet VM in VMware Workstation

For excrement I was try to paly with office firewall but I felt it is risky then I found the vm version of the firewall

So I have tried to install it on VM and I am sharing it here now.

Firstly, install VMweare workstation

Then I have downloaded the firewall image from Fortinet web site, if you need it I can share it with you.

After open the VM get the image OS to it

And select only one Ethernet interface for it

Also verify the Ip address of the VMware interface to adding the IP to firewall image

User name is admin and use blank for for password

So we can configure the port now

Show system interface

Config system interface

Edit port1

Setip 192.168.12.200/255.255.255.0

Set allowaccess http https ssh ping fgfm telnet

End

Then open your browser and tyrp the Ip

You can log to your firewall VM now

Short cut virus

Go to the Start Button
right-click on the corner and then point to Command Prompt (Admin).

Or else, open the CMD as Admin method

    Now, use this PC or My computer to check the Pen or USB Drive.
I will take the "I"

    Now click on the CMD and type in the letter ":"
    So, the pen changes to the CMD.

    Now, if you do not have the "del * .lnk" option above

    Now, just do this without having to change anything and paste it in CMD

    attrib -s -r -h *. * / s / d / l

    Now Enter. Then the virus has disappeared from the pen

Backuppc Runing Fine

backuppc-installation-and-configurations.html

How to enable SMB Windows

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.

Although its main purpose is file sharing, additional Microsoft SMB Protocol functionality includes the following:

    Dialect negotiation
    Determining other Microsoft SMB Protocol servers on the network, or network browsing
    Printing over a network
    File, directory, and share access authentication
    File and record locking
    File and directory change notification
    Extended file attribute handling
    Unicode support
    Opportunistic locks

For security reasons, Microsoft recommends that you disable SMB1 immediately.

to enable on windows 10

go to control panel > programs and features > turn windows features on or off

and Scroll down to SMB 1.0/CIFS File Sharing Support

BACKUPPC INSTALLATION AND CONFIGURATIONS

BACKUPPC INSTALLATION AND CONFIGURATIONS

BackupPC is a backup solution that can be configured to back up remote Linux and Windows systems. It can use a variety of different protocols and has a flexible scheduler to coordinate full and incremental backups.

I have installed this on ubutnu 14.04 LTS and its running fine for me for a long time since the installation

Open a terminal and enter the following commands:

sudo apt-get update
sudo apt-get install backuppc

During the installation, you will be asked what kind of mail server configuration is needed. We can select the "Local only" option, because we will not be configuring internet-aware mail

                ???????? Postfix Configuration ?????????
                ? General type of mail configuration:  ? 
                ?                                      ? 
                ?       No configuration               ? 
                ?       Internet Site                  ? 
                ?       Internet with smarthost        ? 
                ?       Satellite system               ? 
                ?       Local only                     ? 
                ?                                      ? 
                ?                                      ? 
                ?                          ? 
                ?                                      ? 
                ????????????????????????????????????????

On the next page, we can leave the Sytem mail name as "localhost":

 ??????????????????????????? Postfix Configuration ???????????????????????????
 ? The "mail name" is the domain name used to "qualify" _ALL_ mail           ? 
 ? addresses without a domain name. This includes mail to and from :   ? 
 ? please do not make your machine send out mail from root@example.org       ? 
 ? unless root@example.org has told you to.                                  ? 
 ?                                                                           ? 
 ? This name will also be used by other programs. It should be the single,   ? 
 ? fully qualified domain name (FQDN).                                       ? 
 ?                                                                           ? 
 ? Thus, if a mail address on the local host is foo@example.org, the         ? 
 ? correct value for this option would be example.org.                       ? 
 ?                                                                           ? 
 ? System mail name:                                                         ? 
 ?                                                                           ? 
 ? localhost________________________________________________________________ ? 
 ?                                                                           ? 
 ?

???????????????????? Configuring backuppc ???????????????????????????
  ? BackupPC supports any web server with CGI enabled, but this automatic   ? 
  ? configuration process only supports Apache.                             ? 
  ?                                                                         ? 
  ? Which web server would you like to reconfigure automatically:           ? 
  ?                                                                         ? 
  ?    [*] apache2                                                          ? 
  ?                                                                         ? 
  ?                                                                         ? 
  ?                                                                     ? 
  ?                                                                         ? 
  ???????????????????????????????????????????????????????????????????????????

Now change the password for backuppc

htpasswd /etc/backuppc/htpasswd backuppc
Enter the password when prompted.

create an SSH key pair for BackupPC user called backuppc and then transfer this key to the client computers.

Type

sudo su – backuppc

Generate an SSH key pair:

ssh-keygen

You will be prompted for three questions. Just press Enter to accept the default values.

Now we have the key pair, we need to transfer the public key.

Transferring the SSH Public Key

On the client computer, make sure you have the following configured:
We need to enable root account for SSH access. To do that, edit the file /etc/ssh/sshd_config and comment the line:

#PermitRootLogin without password
Add the line:

PermitRootLogin yes
Then restart SSH:

service ssh restart.
Note: you do not need the following user configured, but for my convenience, I have added a login for my own testing later. Ignore the italic text below.

useradd chuong
passwd chuong
mkdir /home/chuong
chown chuong:chuong /home/chuong
Now copy the key to the client computer:

ssh-copy-id root@10.0.0.10 (note that 10.0.0.10 is another Linux system I want to work as a client machine).

SSH to root@10.0.0.10, you should be able to directly SSH to the client without having to supply a password for the user root. Verify that is the case.

Now type exit to close the connection to 10.0.0.10. Type exit again to exit the user backuppc and go back to the default currently logged in user.

Launch your browser and go to this URL:
http://10.0.0.12/backuppc.

Note: If for any reasons, the web page does not show up but it asks you to download a file that contains garbage characters in it (most probably happens in Ubuntu 14.04.1), you need to perform the followings to fix it:

rm /etc/apache2/conf-enabled/backuppc.conf
sudo ln /etc/backuppc/apache.conf /etc/apache2/conf-enabled/backuppc.conf
service apache2 restart

Then try again. When prompted for a credentials, use backuppc as the user name and the password you changed earlier.
Shown below is the main interface of BackupPC.

At this point /var/lib/backuppc is the default backuppc storage location and also the home directory of user backuppc.

Configure Client for Backup
We need to setup the client computer for backup. On the left hand side, click Edit Hosts.

Now click Add to add the client host.

Enter the IP address of the client computer, the user name should be backuppc. Click Add when done.

Configure Transfer Method

We will use rsync to transfer. Now we will configure this setting.
Click Xfer tab. Under XferMethod, choose rsync. Under RsyncShareName, click Add to choose a directory to backup. You can leave it as “/” to backto the entire the computer if you want.

I add /etc/ppp to backup. Note that if you choose to backup the entire computer (using /), you have to exclude the /proc and the /sys directories. For now, remove the / so that the entire system is not backed up. We just want to backup /etc/ppp. Click Save.

CLick Schedule to check the backup schedules. As you can see, by default, full backup happens every 6.97 days and incremental backup happens every 0.97 days. We can keep these settings as is.

Run backup Manually

Let’s run the backup manually instead of waiting for 7 days.
Click the Hosts tab and then click the Select a Host drop down list.

Click Start Full Backup

Click Start Full Backup to confirm.

The backup will happen and it

The backup should finish shortly as there are only a few files in our demonstration. The backup is stored at: /var/lib/backuppc/pc/10.0.0.10/#_of_backup.

In the Web interface, click the link to go back to the home page.

Click on the backup job to see backed up files.

As you can see, the directory /etc/ppp has been successfully backed up and the contents is stored on the backup server.

pc support

Click