ict.ken.be

Delivering solid user friendly software solutions since the dawn of time.

TCP/IP Notes 

Categories: Network

Snel leren werken met TCP/IP
by Albrecht Becker

RFC 1541 about DHCP replaced by RFC 2131

ipv4 (32bit) vs ipv6 (128bit)

OSI-Model

  1. Physical: electricity, light, radio
  2. Datalink: crc
  3. Network: logic to physical, eg. MAC
  4. Transport: lost, duplicates, error free delivery, ...
  5. Session
  6. Presentation: encoding
  7. Application

Microsoft Stack

TCP:
connected with sequence and no duplicates
Winsock-app
Winsock-interface
connection, segments with sequence number
sender expects confirmation or resend
ports: 65536 (1024 first are well known ports)
20/21 ftp
23 telnet
25 smtp
80 www
110 pop3
139 NetBios

UDP:
without connection
NetBios-app: NetBEUI, IPX/SPX possible
NetBios over tcp/ip: net use \\UNC\...
broadcast, dns, rip, snmp, video, audio
69 TFTP
137 NetBios name service
138 NetBios datagram
161 SNMP

ARP: IP into MAC (Media Access Control - 48bits)

IP:
header: source ip, destination ip, tcp or udp, checksum, ttl

tracert

ICMP:
internet control message protocol (ping)
icmp source quench (when router overloaded, the clients should slow down)

IGMP:
internet group management protocol (multicast)
1-n (224.0.0.0) reduce bandwidth

LAN + WAN: frames

router/default gateway: replace source address with address of router

TTL: time to live, -1 for each router hop, mostly 32 seconds (up to 255 seconds), each router can subtract from it (on average 1-3s)

MAC: ipconfig /all

ARP:

  1. arp-cache: dynamic (max 10min) vs static (unlimited until reboot)
  2. broadcast on local network
  3. computer with ip will reply with it's MAC of the network card that has ip configured.
arp -a
arp -s ip MAC add
arp -d ip

www.internic.net (giving addressblocks to providers)

class A (eg. Apple, HP, IBM)
networkID: w
hostID: x.y.z
/8

class B (eg. M$, Exxon)
networkID: w.x
hostID: y.z
/16

class C
networkID: w.x.y
hostID: z
/24

class D
multicast

class E
testing

127.x.y.z: loopback addresses (16,7 milion)
w.x.y.255: broadcast addresses (eg. arp)
0.0.0.0: whole network (wildcard)
...1: mostly used for routers
subnets local network: 10.0.0.0; 172.16.0.0; 192.168.1.103

NAT: Network Address Translation 1-1 from pool of addresses (internal maps to real outside)
PAT: Port and Address Translation 1-n
Subnetmask decides what part of ip belongs to networkID and which to hostID
CIDR: Classless Interdomain Routing (number of zeroes at end of bitmask /x )
default gateway: local & remote ip different networkID.
peer-to-peer: workgroup network (name for logical grouping)
check if tcp/ip is setup correctly: ping 127.0.0.1
tcp/ip is server service on windows

subnets

254 hosts: 255.255.255.0
62 hosts: 255.255.255.192
14 hosts: 255.255.255.240
6 hosts: 255.255.255.248

routing

bridge allows broadcasts to pass through
router does not pass broadcasts

dynamic:
RIP (routing information protocol)
limited to 15 hops, for 10 to 50 networks
OSPF (open shortest path first)
will store information about neighboor routers

static:
route print
default gateway:
0.0.0.0 / 0.0.0.0 / 10.100.100.1 / IP / Metric (hops needed till destination)
if ip not found in routing table send to gateway
first in the list will be used unless unavailable
move routingtable to computer that is setup as default gateway
route add 10.100.40.0 mask 255.255.255.0 10.100.30.1
persist after reboot: route -p add

DHCP: dynamic host configuration protocol

server:
assigns ip addresses
subnetmasks
params for default gateway
lease
for DHCP initializing ports 67 and 68 need to be open

assigning:

  1. dhcp discover message (sourceip, destip, mac)
  2. dhcp offer message (ip broadcasted until client accepts)
  3. dhcp request (to all dhcp servers with ip of dhcp so other servers can release the ip)
  4. dhcp ack/nack
  5. on reboot only request & ack

lease:
after 50% of the lease, server will try and prolong until 3 misses (actually client is supposed to initiated)

auto addressing without dhcp server:
169.254.0.0 - 169.254.255.255
tries and uses if free
IP autoconfiguration can be enabled with a registry key

dhcp relay agent:
when network with more than 1 segment
will bypass router to the dhcp server
needed because dhcp broadcasts and they do not pass router

NetBios & WINS

before windows 2000
NETBEUI protocol (no routing)
convert computername into ip address

net use

name is 15 characters + peer byte

  • x00 workstation
  • x03 messaging
  • x20 server
  • x1b group
  • x?? user

return netbios name:

nbtstat -n
  1. local netbios cache
  2. nb nameserver
  3. broadcast
  4. lmhosts file
  5. hosts file
  6. dns

local netbios cache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
default 10min timeout
small: 16 names
large: 128 names

reload lmhosts:

nbstat -R
nbstat -a <remotecomputername>
ipconfig /all

LMHOSTS:
%systemroot%\System32\drivers\etc\LMHOSTS.SAM
#PRE puts into cache
#MH multihoned (computers with multiple network cards)

Hostname

max 255 alphanumeric tokens
ip / full qualified name / alias / alias / ...

DNS-Servers have partial database
Reverse dns lookup turns ip into hostnames
in-addr.arpa

Domain Name Space
Root .
TLD .edu, .org, .com (assign by icann.com)
Second Level Domain .microsoft (internic.net), .nl (denic.nl)
Subdomains or hostname .europe www
Hostname server01
FQDN: computername.[subdomain].secondleveldomain.topleveldomain
Nameserver:
gives ip to client for name through zone-file
primary vs secundary
cache-nameserver: does not contain zone-file

name conversion:

  • recursive: between client and local nameservers
  • iterative: client gets ip of another nameserver
  • inverse: in-addr.arpa (eg. 12.201.99.50.in-addr.arpa for ip 12.201.99.50)

zonedatabase:

  • a-record or host record: ip of host (select ptr record to allow reverse lookups)
  • ptr-record: pointer resource record
  • soa-record: start of authority to specify the primary name server, serienumber is to know if zonetransfer is needed, increase number by 1 for each change
  • ns-record: at least one (the soa-record), but can have additional name servers
  • cname-record: canonical name, alias for a-record
  • srv-record: location of services/protocols (eg. msdcs, _sites, _tcp, _udp)

you can configure multiple dns server for one network (fault tolerance)

nslookup <hostname>

Active Directory

users, computers, printers, release, ...
PDC: primary domain controller
BDC: backup domain controller
object + attributes
OU: organisational unit
The global catalog of a domain controller can be installed multiple times in the forest.

TCP/IP Troubleshoot

ping 127.0.0.1
ping local ip
ping gateway
ping host other network
ping netbios/hostname
tracert

To SSL or not to SSL 

Categories: IIS mojoPortal Security

To SSL or not to SSL, that is the question.
We are not running a bank, so my business doesn't need that. Does it?

Ano 2013, still millions of sites on the internet are running insecurely over http port 80 and who can blame them. Switching your site to https puts more pressure on your web server, makes your ranking in the SERP drop and on top of that it is a pain to get a good certificate working. Or so they say...

Graph of website hits after switching to ssl

So, let's check this out.

  1. yes, you will lose money while transfering serp ranking, it takes on average around one and a half month to transfer it. More of an issue is the fact that adsense doens't support https... yes dumb very dumb... you can change the protocol but then you do not comply with the agreement... yes, can't understand this one either. 
  2. difference in speed is only a few miliseconds, so no problem there
  3. yes, it is not easy to set up correctly when it is your first time

And last but not least, yes you should put your whole site on ssl. Well actually tls. And this means everything, not just parts of it or your users will get sslstripped away... so educate your users.

And then my checklist, the reason I am posting it here.

Testing with a self-signed certificate

Types:

  • Basic : one ip, one domain
  • Wildcard : one ip, one domain + subdomains
  • SAN aka UCC : one ip, multiple domains
  • SNI : multiple certificates on one ip (eg. not supported on IE for XP)

Requesting a certificate

  • Lot of personal details + calls
  • DNS records should match your personal details 

Import certificate and trust intermediate certificates

  • Especially Firefox doesn't like it, if you forget to trust the intermediates

IIS Settings

  • Bindings
  • Use an astriks * in front of the friendly name, so you can use the GUI to set the hostnames 
  • OR use appcmd set site /site.name:"<IISSiteName>" /+bindings. [protocol='https',bindingInformation='*:443:<hostHeaderValue>']
  • Rewrite with 301 (do not use 302)
  • Add strict security headers for HTST, and use chrome://net-internals to check if they are correct. (Strict-Transport-Security / max-age=16070400; includeSubDomains)

Additional settings for mojoPortal

  • SSLAvailable on true
  • SSLIsRequiredByWebserver (web.config) & Require SSL on All Pages (admin ui -> will update cannonical)
  • SSLCookies in two places + different cookie name
  • Robots file for ssl, you probably need same as default one
  • Test also for page that doesn't exists
  • If using paypal, make sure your update your url protocols

Update your content

  • <link rel='canonical' href='https...
  • using // for img and javascript
  • update your own links to https where posible
  • hopefully you don't use third party that doesn't support https
  • recommend and social links: point an og:url meta tag for both URLs to the https one

Update your webmaster tools

  • http and https are seen as different sites

more on https:

update (aug 2014)

Today google announced to take https into account for their search ranking. I hope they also do something about the adsense, but at least it is a step in the right direction. Read more at http://googlewebmastercentral.blogspot.be/2014/08/https-as-ranking-signal.html.

Drop all the tables, stored procedures, triggers, constraints and all the dependencies 

Categories: SQL Server

/* Drop all non-system stored procs */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'P' AND category = 0 ORDER BY [name])
WHILE @name is not null
BEGIN
SELECT @SQL = 'DROP PROCEDURE [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped Procedure: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'P' AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

/* Drop all views */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'V' AND category = 0 ORDER BY [name])
WHILE @name IS NOT NULL
BEGIN
SELECT @SQL = 'DROP VIEW [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped View: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'V' AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

/* Drop all functions */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] IN (N'FN', N'IF', N'TF', N'FS', N'FT') AND category = 0 ORDER BY [name])
WHILE @name IS NOT NULL
BEGIN
SELECT @SQL = 'DROP FUNCTION [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped Function: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] IN (N'FN', N'IF', N'TF', N'FS', N'FT') AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

/* Drop all Foreign Key constraints */
DECLARE @name VARCHAR(128)
DECLARE @constraint VARCHAR(254)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' ORDER BY TABLE_NAME)
WHILE @name is not null
BEGIN
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
WHILE @constraint IS NOT NULL
BEGIN
SELECT @SQL = 'ALTER TABLE [dbo].[' + RTRIM(@name) +'] DROP CONSTRAINT [' + RTRIM(@constraint) +']'
EXEC (@SQL)
PRINT 'Dropped FK Constraint: ' + @constraint + ' on ' + @name
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' AND CONSTRAINT_NAME <> @constraint AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
END
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'FOREIGN KEY' ORDER BY TABLE_NAME)
END
GO

/* Drop all Primary Key constraints */
DECLARE @name VARCHAR(128)
DECLARE @constraint VARCHAR(254)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' ORDER BY TABLE_NAME)
WHILE @name IS NOT NULL
BEGIN
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
WHILE @constraint is not null
BEGIN
SELECT @SQL = 'ALTER TABLE [dbo].[' + RTRIM(@name) +'] DROP CONSTRAINT [' + RTRIM(@constraint)+']'
EXEC (@SQL)
PRINT 'Dropped PK Constraint: ' + @constraint + ' on ' + @name
SELECT @constraint = (SELECT TOP 1 CONSTRAINT_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' AND CONSTRAINT_NAME <> @constraint AND TABLE_NAME = @name ORDER BY CONSTRAINT_NAME)
END
SELECT @name = (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE constraint_catalog=DB_NAME() AND CONSTRAINT_TYPE = 'PRIMARY KEY' ORDER BY TABLE_NAME)
END
GO

/* Drop all tables */
DECLARE @name VARCHAR(128)
DECLARE @SQL VARCHAR(254)
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'U' AND category = 0 ORDER BY [name])
WHILE @name IS NOT NULL
BEGIN
SELECT @SQL = 'DROP TABLE [dbo].[' + RTRIM(@name) +']'
EXEC (@SQL)
PRINT 'Dropped Table: ' + @name
SELECT @name = (SELECT TOP 1 [name] FROM sysobjects WHERE [type] = 'U' AND category = 0 AND [name] > @name ORDER BY [name])
END
GO

The Joel Test 

Categories: Testing
  1. Do you use source control?
  2. Can you make a build in one step?
  3. Do you make daily builds?
  4. Do you have a bug database?
  5. Do you fix bugs before writing new code?
  6. Do you have an up-to-date schedule?
  7. Do you have a spec?
  8. Do programmers have quiet working conditions?
  9. Do you use the best tools money can buy?
  10. Do you have testers?
  11. Do new candidates write code during their interview?
  12. Do you do hallway usability testing?

Read more at JoelOnSoftware or get the book Smart and Gets Things Done by Joel Spolsky

Which Windows folder is 64 bit 

Categories: Windows
Folder name Bits Folder path Description
System32 64 C:\Windows\System32 Windows System folder (system directory) for 64-bit files
SysWOW64 32 C:\Windows\SysWOW64 Windows System folder (system directory) for 32-bit files
Program Files 64 C:\Program Files Folder for 64-bit program files
Program Files (x86) 32 C:\Program Files (x86) Folder for 32-bit program files
Page 9 of 40 << < 1 2 3 4 5 6 7 8 9 10 20 > >>