Name : S.

Manikandan
Role : System Administrator
Company : Roamsoft Technologies
Place : Chennai
Purpose : Network and System administration asics
!asic Router Concepts
"arge amounts of andwidth can e pro#ided easily and relati#ely ine$pensi#ely in a local area
network %"AN&. 'owe#er( pro#iding high andwidth etween a local network and the )nternet can
e #ery e$pensi#e. !ecause of this e$pense( )nternet access is usually pro#ided y a slower*speed
wide*area network %+AN& link such as a cale or ,S" modem. -or the +AN link to work on the
)nternet( the data traffic meant for the )nternet needs to e separated from other +AN data and
forwarded. A router usually performs the tasks of selecting and forwarding this data.
+hat is a Router.
A router is a de#ice that forwards traffic etween networks ased on network layer information in
the data and on routing tales maintained y the router. )n these routing tales( a router uilds up a
logical picture of the o#erall network y gathering and e$changing information with other routers
in the network. /sing this information( the router chooses the est path for forwarding network
traffic.
Routers #ary in performance and scale( numer of routing protocols supported( and types of
physical +AN connection they support.
Routing )nformation Protocol
0ne of the protocols used y a router to uild and maintain a picture of the network is the Routing
)nformation Protocol %R)P&. /sing R)P( routers periodically update one another and check for
changes to add to the routing tale. R)P*1 supports sunet and multicast protocols. R)P is not
re2uired for most home applications.
)nternet Protocol %)P& Addresses
!ecause TCP3)P networks are interconnected across the world( each computer on the )nternet must
ha#e a uni2ue address %called an )P address& to make sure that transmitted data reaches the correct
destination. !locks of addresses are assigned to organi4ations y the )nternet Assigned Numers
Authority %)ANA&. )ndi#idual users and small organi4ations may otain their addresses either from
the )ANA or from an )nternet ser#ice pro#ider %)SP&. 5ou can contact )ANA at http:33
www.iana.org.
The )nternet Protocol %)P& uses a 61*it address structure. The address is usually written in dot
notation %also called dotted*decimal notation&( in which each group of eight its is written in
decimal form( separated y decimal points.
-or e$ample( the following inary address:
77888877 88788878
is normally written as:
79:.6;.71.<
The latter #ersion is easier to rememer and easier to enter into your computer.
)n addition( the 61 its of the address are sudi#ided into two parts. The first part of the address
identifies the network( and the second part identifies the host node or station on the network. The
di#iding point may #ary depending on the address range and the application.
There are fi#e standard classes of )P addresses. These address classes ha#e different ways of
determining the network and host sections of the address( allowing for different numers of hosts
on a network. =ach address type egins with a uni2ue it pattern( which is used y the TCP3)P
software to identify the address class. After the address class has een determined( the software
can correctly identify the host section of the address. The figure elow shows the three main
address classes( including network and host sections of the address for each address type.
The fi#e address classes are:
lass A addresses can ha#e up to 7>(<<<(17; hosts on a single network. They use an ?*it
network numer and a 1;*it node numer. Class A addresses are in this range:
7.$.$.$ to 71>.$.$.$.
lass ! addresses can ha#e up to >:(6:; hosts on a network. A Class ! address uses a 7>*it
network numer and a 7>*it node numer. Class ! addresses are in this range:
71?.7.$.$ to 797.1:;.$.$.
lass C addresses can ha#e up to 1:; hosts on a network. A Class C address uses a 1;*it
network numer and an ?*it node numer. Class C addresses are in this range:
791.8.7.$ to 116.1::.1:;.$.
lass , addresses are used for multicasts %messages sent to many hosts&. Class , addresses are
in this range:
11;.8.8.8 to 169.1::.1::.1::.
lass =
Class = addresses are for e$perimental use.
This addressing structure allows )P addresses to uni2uely identify each physical network and each
node on each physical network.
the top address of the range %host address of all ones& is not assigned( ut is used as the roadcast
address for simultaneously sending a packet to all hosts with the same network address.
Netmask
)n each of the address classes pre#iously descried( the si4e of the two parts %network address and
host address& is implied y the class. This partitioning scheme can also e e$pressed y a netmask
associated with the )P address. A netmask is a 61*it 2uantity that( when logically comined %using
an AN, operator& with an )P address( yields the network address. -or instance( the netmasks for
Class A( !( and C addresses are 1::.8.8.8( 1::.1::.8.8( and 1::.1::.1::.8( respecti#ely.
-or e$ample( the address 791.7>?.7<8.16< is a Class C )P address whose network portion is the
upper 1; its. +hen comined %using an AN, operator& with the Class C netmask( as shown here(
only the network portion of the address remains:
77888888
comined with:
77777777
e2uals:
77888888
As a shorter alternati#e to dotted*decimal notation( the netmask may also e e$pressed in terms of
the numer of ones from the left. This numer is appended to the )P address( following a ackward
slash %3&( as n.)n the e$ample( the address could e written as 791.7>?.7<8.16<31;( indicating
that the netmask is 1; ones followed y ? 4eros.
Sunet Addressing
!y looking at the addressing structures( you can see that e#en with a Class C address( there are a
large numer of hosts per network. Such a structure is an inefficient use of addresses if each end of
a routed link re2uires a different network numer. )t is unlikely that the smaller office "ANs would
ha#e that many de#ices. 5ou can resol#e this prolem y using a techni2ue known as sunet
addressing.
Media Access Control %MAC& Addresses and Address Resolution
An )P address alone cannot e used to deli#er data from one "AN de#ice to another. To send data
etween "AN de#ices( you must con#ert the )P address of the destination de#ice to its MAC
address. =ach de#ice on an =thernet network has a uni2ue MAC address( which is a ;?*it numer
assigned to each de#ice y the manufacturer. The techni2ue that associates the )P address with a
MAC address is known as address resolution. )nternet Protocol uses the Address Resolution
Protocol %ARP& to resol#e MAC addresses.
)f a de#ice sends data to another station on the network and the destination MAC address is not yet
recorded( ARP is used. An ARP re2uest is roadcast onto the network. All stations %computers( for
e$ample& on the network recei#e and read the re2uest. The destination )P address for the chosen
station is included as part of the message so that only the station with this )P address responds to
the ARP re2uest. All other stations discard the re2uest.
,omain Name System %,NS& Ser#er
Many of the resources on the )nternet can e addressed y simple descripti#e names such as
http:33www.google.com. This addressing is #ery helpful at the application le#el( ut the
descripti#e name must e translated to an )P address in order for a user to actually contact the
resource. @ust as a telephone directory maps names to phone numers( or as an ARP tale maps )P
addresses to MAC addresses( a ,NS ser#er maps descripti#e names of network resources to )P
addresses.
+hen a computer accesses a resource y its descripti#e name( it first contacts a ,NS ser#er to
otain the )P address of the resource. The computer sends the desired message using the )P
address. Many large organi4ations( such as )SPs( maintain their own ,NS ser#ers and allow their
customers to use the ser#ers to look up addresses.
)P Configuration y ,'CP
+hen an )P*ased local area network is installed( each computer must e configured with an
)P address. )f the computers need to access the )nternet( they should also e configured with a
gateway address and one or more ,NS ser#er addresses. As an alternati#e to manual
configuration( ,ynamic 'ost Configuration Protocol %,'CP& is a method y which each
computer on the network can automatically otain this configuration information. A de#ice on the
network may act as a ,'CP ser#er. The ,'CP ser#er stores a list or pool of )P addresses( along
with other information %such as gateway and ,NS addresses& that it may assign to the other
de#ices on the network. Some N=TA=AR products can act as ,'CP ser#ers.
Some N=TA=AR products also function as ,'CP clients when connecting to the )SP. Such
N=TA=AR products can automatically otain an )P address( sunet mask( ,NS ser#er addresses(
and a gateway address if the )SP pro#ides this information y ,'CP.
)nternet Security and -irewalls
+hen your "AN connects to the )nternet through a router( an opportunity is created for outsiders
to access or disrupt your network. A NAT router pro#ides some protection ecause y the #ery
nature of the process( the network ehind the router is shielded from access y outsiders on the
)nternet. 'owe#er( there are methods y which a determined hacker can possily otain
information aout your network or at the least can disrupt your )nternet access. A greater degree of
protection is pro#ided y a firewall router.
+hat is a -irewall.
A firewall is a de#ice that protects one network from another while allowing communication
etween the two. A firewall incorporates the functions of the NAT router( while adding features for
dealing with a hacker intrusion or attack. Se#eral known types of intrusion or attack can e
recogni4ed when they occur. +hen an incident is detected( the firewall can log details of the
attempt( and it can optionally send e*mail to an administrator to report the incident. /sing
information from the log( the administrator can take action with the )SP of the hacker. )n some
types of intrusions( the firewall can fend off the hacker y discarding all further packets from the
hacker )P address for a period of time.
"AMP
"inu$ "AMP ser#ers are also popular( fle$ile and reliale as +AMP ser#er. The installation of oth ser#ers
are #ery easy and differ from each other. "AMP means "inu$ Apache Mys2l Php( and +AMP is for +indows. +AMP
ser#er installs automatically%installer&(you are ale to use ser#er without touching setting files. +hile "AMP ser#er installs
with commands. 'ere(
"AMP )nstallation:
To install "AMP ser#er( open up a Terminal window%CtrlBAltBt&( and do the following
)nstall Apache:
*Now to confirm the installation of Apache1 open http:3371<.8.8.7 in your we rowser( you will see )t +orksC default page
of Apache.
)nstall Mys2l:
*At the installation you e will asked to pro#ide a root password for Mys2l.
)nstall php:
*After this installation restart Apache
Now make a phpinfo.php file and sa#e that in 3#ar3www to do this use Dsudo gedit 3#ar3www3phpinfo.phpE write a code in
this file
)nstall phpmyadmin:
Now open http:3371<.8.8.73phpmyadmin
****************************************
Apache configuration:*
F,irectory G3usr3share3apache13default*site3htdocsGH
I
I Possile #alues for the 0ptions directi#e are GNoneG( GAllG(
I or any comination of:
I )nde$es )ncludes -ollowSym"inks Sym"inksif0wnerMatch =$ecCA) MultiJiews
I
I Note that GMultiJiewsG must e named Ke$plicitlyK *** G0ptions AllG
I doesnLt gi#e it to you.
I
I The 0ptions directi#e is oth complicated and important. Please see
I http:33httpd.apache.org3docs31.13mod3core.htmlIoptions
I for more information.
I
0ptions )nde$es -ollowSym"inks
I
I Allow0#erride controls what directi#es may e placed in .htaccess files.
I )t can e GAllG( GNoneG( or any comination of the keywords:
I 0ptions -ile)nfo AuthConfig "imit
I
Allow0#erride None
I Controls who can get stuff from this ser#er.
I
0rder allow(deny
Allow from all
F3,irectoryH

I Some e$amples:
I=rror,ocument :88 GThe ser#er made a oo oo.G
I=rror,ocument ;8; 3missing.html
I=rror,ocument ;8; G3cgi*in3missingMhandler.plG
I=rror,ocument ;81 http:33www.e$ample.com3suscriptionMinfo.html
"amp )nstallation through Tasks
'ow to e$ecute php file:
NAM=
php * P'P Command "ine )nterface LC")L
S5N0PS)S
php DoptionsE D *f E file DD**E args...E
php DoptionsE *r code DD**E args...E
php DoptionsE *a
,=SCR)PT)0N
P'P is a widely*used general*purpose scripting language that is espe*
cially suited for +e de#elopment and can e emedded into 'TM". This
is the command line interface that enales you to do the following:
5ou can parse and e$ecute files y using parameter *f followed y the
name of the file to e e$ecuted.
/sing parameter *r you can directly e$ecute P'P code simply as you
would do inside a .php file when using the e#al%& function.
)t is also possile to process the standard input line y line using
either the parameter *R or *-. )n this mode each separate input line
causes the code specified y *R or the file specified y *- to e e$e*
cuted. 5ou can access the input line y Nargn. +hile processing the
input lines Nargi contains the numer of the actual line eing pro*
cessed. -urther more the parameters *! and *= can e used to e$ecute
P'P =OT=NS)0N
,irectory in which the loadale e$tensions %modules&
**********************************************
S'AR=
*********************************************
security %A&
This option affects how clients respond to Sama and is one of the
most important settings in the
sm.conf file.
The option sets the Gsecurity mode itG in replies to protocol
negotiations with smd%?& to turn share le#el security on or off.
Clients decide ased on this it whether %and how& to transfer user
and password information to the ser#er.
The default is security P user( as this is the most common setting
needed when talking to +indows 9? and +indows NT.
The alternati#es are security P share( security P ser#er or
security P domain .
)n #ersions of Sama prior to 1.8.8( the default was security P
share mainly ecause that was the only option at one stage.
There is a ug in +f+g that has rele#ance to this setting. +hen in
user or ser#er le#el security a +f+g client will totally ignore the
username and password you type in the Gconnect dri#eG dialog o$.
This makes it #ery difficult %if not impossile& to connect to a
Sama ser#ice as anyone e$cept the user that you are logged into
+f+g as.
)f your PCs use usernames that are the same as their usernames on
the /N)O machine then you will want to use security P user. )f you
mostly use usernames that don t e$ist on the /N)O o$ then use
security P share.
5ou should also use security P share if you want to mainly setup
shares without a password %guest shares&. This is commonly used for
a shared printer ser#er. )t is more difficult to setup guest shares
with security P user( see the map to guest parameter for details.
)t is possile to use smd in a
hyrid mode where it is offers oth user and share le#el security
under different Net!)0S aliases.
The different settings will now e e$plained.
S=C/R)T5 P S'AR=
+hen clients connect to a share le#el security ser#er( they need
not log onto the ser#er with a #alid username and password efore
attempting to connect to a shared resource %although modern clients
such as +indows 9:39? and +indows NT will send a logon re2uest with
a username ut no password when talking to a security P share
ser#er&. )nstead( the clients send authentication information
%passwords& on a per*share asis( at the time they attempt to
connect to that share.
Note that smd A"+A5S uses a #alid /N)O user to act on ehalf of
the client( e#en in security P share le#el security.
As clients are not re2uired to send a username to the ser#er in
share le#el security( smd uses se#eral techni2ues to determine the
correct /N)O user to use on ehalf of the client.
A list of possile /N)O usernames to match with the gi#en client
password is constructed using the following methods :
)f the guest only parameter is set( then all the other stages
are missed and only the guest account username is checked.
)s a username is sent with the share connection re2uest( then
this username %after mapping * see username map&( is added as a
potential username.
)f the client did a pre#ious logon re2uest %the SessionSetup
SM! call& then the username sent in this SM! will e added as a
potential username.
The name of the ser#ice the client re2uested is added as a
potential username.

The Net!)0S name of the client is added to the list as a
potential username.
Any users on the user list are added as potential usernames.
)f the guest only parameter is not set( then this list is then
tried with the supplied password. The first user for whom the
password matches will e used as the /N)O user.
)f the guest only parameter is set( or no username can e
determined then if the share is marked as a#ailale to the guest
account( then this guest user will e used( otherwise access is
denied.
Note that it can e #ery confusing in share*le#el security as to
which /N)O username will e#entually e used in granting access.
)s a username is sent with the share connection re2uest( then
this username %after mapping * see username map&( is added as a
potential username.
)f the client did a pre#ious logon re2uest %the SessionSetup
SM! call& then the username sent in this SM! will e added as a
potential username.
The name of the ser#ice the client re2uested is added as a
potential username.
The Net!)0S name of the client is added to the list as a
potential username.
Any users on the user list are added as potential usernames.
)f the guest only parameter is not set( then this list is then
tried with the supplied password. The first user for whom the
password matches will e used as the /N)O user.
)f the guest only parameter is set( or no username can e
determined then if the share is marked as a#ailale to the guest
account( then this guest user will e used( otherwise access is
denied.
Note that it can e #ery confusing in share*le#el security as to
which /N)O username will e#entually e used in granting access.
****************************************************************
note: content in this document is for study purpose only( creator is not responsile for anything.