Shashikant shah

Wednesday, 26 December 2012

SVN with Active Directory server 2008


-->
1.Server 2008 Detail :-

IP :- 192.168.0.10
Hostname :- adserver
Domain :- example.com
Full name :- adserver.example.com

2.Linux (SVN) server Detail :-

IP :- 192.168.0.123
Hostname :- svn.server.com

3.SVN Server side :-

b) Configura SVN.

4.We are install SVN in linux Machine.

Download some Packages :-
# cd /opt/svn



4.Install some Packages :-

# yum install httpd php
# yum install gcc glibc glibc-common
# yum install gd gd-devel
# yum install zlib
# yum install neon
# yum install subversion
# yum install enscript
# yum install mod_dav_svn
# yum install php-ldap

5.Go to this Path :-

# cd /opt/svn
# tar -xvf subversion-1.4.6.tar.gz
#
tar -xvzf subversion_deps-1.4.6.tar.gz (Don’t worry for that it is keeping all 
the libraries filesinside subversion-1.4.6)
# tar -xvzf apr-1.2.12.tar.gz
# cd apr-1.2.12 (autoconf and libtool )
# ./buildconf
# ./configure
# make

# tar -xvzf apr-util-1.2.12.tar.gz
# cd apr-util-1.2.12
# ./buildconf - -with-apr=path to apr directory (/usr/lib/svn/apr-1.2.12)
# ./configure - -with-apr=path to apr directory (/usr/lib/svn/apr-1.2.12)
# make

# tar -xvzf db-4.6.21.tar.gz

# cd subversion-1.4.6
# ./autogen.sh
# ./configure –with-berkelay-db=/usr/lib/svn/db-4.6.21 (path of berkelay data base)
# make
# make install

6.Now create one repository with svnadmin command.

# cd /var/www/

# svnadmin create repos

# chown -R apache:apache /var/www/repos

7.Then at the end of the Subversion.conf file you have to add

Error “|rotatelogs /var/log/svn/error-%Y-%m-%d.log 86400”
Customlog “|rotatelogs /var/log/svn/access-%Y-%m-%d.log 86400” common

<Location /var/www/repos>

DAV svn

SVNPath /var/www/repos

AuthzSVNAccessFile /var/www/repos/conf/authz

SVNIndexXSLT /repos-web/view/repos.xsl
AuthBasicProvider ldap

AuthType Basic
AuthzLDAPAuthoritative off

AuthName “Subversion repository”


AuthLDAPBindPassword shashi@123


Require valid-user

</Location>

8.add the folder on repos :-

# mkdir /root/Desktop/unicom

# svn import -m “Initial import” /root/Desktop/unicom file:///var/www/repos/new folder name

9.Only 2 users will be able to view the repos and other users are not able to view for repos.

a) shashi
b) svn

# cd /var/www/repos/conf/

# vim authz

[repos:/]
shashi = rw
svn = r

# service httpd restart
# chkconfig httpd on

10.check link :

username :- shashi
password :- ******

Wednesday, 12 December 2012

AIDE File Integrity Scanner

What is AIDE ?

AIDE is A file integrity scanner is something you need to have.  Imagine a hacker placing a backdoor on your web site, or changing your order form to email him a copy of everyone's credit card while leaving it appear to be functionally normally.

By setting up daily reporting, this notifies you within, at most, 24 hours of when any file was changed, added, or removed.  It also helps establish an audit trail in the event your site is compromised.

These instructions are designed for an end user, where you don't need to have root access, to implement and assumes your server has the aide binary installed.  Most hosts will have this installed already, or will install it for you upon request.

Install AIDE

#zypper in aide

Download A Sample AIDE config file

We will start with a simple one, this will scan your web root directory for md5 hash changes.

To download the file, SSH into your account and run:

#cd /home/testing
#wget http://repository.wowtutorial.org/aide.conf

Example

Our username is : testing and the home directory is /home/testing/public_html

Edit aide.conf
#vi aide.conf

What you will want to change in this file, is replace "username" on the first line, and confirm that is the path to your root directory.
Then on the last line, confirm that public_html is your web root directory.  If your host uses the cPanel control panel, then public_html is your web root.

in this case then change it the username to "testing" and leave the public_html untouch since testing home directory is in /home/testing/public_html

Initialize the AIDE database

The command to initialize the AIDE database is:

#nice -19 aide --init --config=/home/testing/aide.conf

AIDE is not the least resource intensive software in the world so we are running it with a 19 priority using nice.

Now copy your AIDE output database file to the input file:

#cp aide.db.out aide.db.in

You can test aide by doing:

#nice -19 aide -C --config=/home/testing/aide.conf

Go ahead and run that now, it will say all files match, then make a change to a file and add a file, rerun it and see what the report says.

Daily Reporting with Cronjob


There are a few ways to get the aide reports, a common one is to have it email you the reports, for this you can set a cronjob to run aide everyday, or even more frequently if you'd like.

Open up the crontab editor and paste in:

#crontab -e

0 1 * * * nice -19 /usr/local/bin/aide --config=/home/testing/aide.conf -C| mail you@domain.com -saide\ domain

The reports can get rather lengthy overtime, so if you want to reset the database, say weekly, you can add this to the crontab:

#0 2 * * 0  nice -19 /usr/local/bin/aide --config=/home/testing/aide.conf --init;mv -f /home/testing/aide.db.out /home/testing/aide.db.in

Extras

We have covered the basics, and that is actually only the tip of the iceberg of what you can do with AIDE.


And you might want to exclude certain files, for example if you have a forum or gallery and a lot of images are added regularly you can exclude those from the report. For example to exclude all jpg files in images/ you would put the following in the config file:

#vi /home/testing/aide.conf
....
....
!@@{TOPDIR}/public_html/images/.*\.jpg$
...

And that would go right above this line:
@@{TOPDIR}/public_html MD

Another thing you can do for extra security is, have your host chown your in database file, and your config file to another user, this way if your user is compromised, the hacker could not compromise your AIDE database, without also gaining access to the second user.

To be even more secure, you can download your AIDE database after creating it, and then upload it before you run a scan.

I hope this Howto lets you see the need for a file integrity checker, and makes it easy to setup, no matter what your user level is.

Simple Bash Script to Monitor Services in Linux Server

Here is a sample or simple shell script to monitor every services in your server such as http, ssh, mail, dns, mysql, etc..
Feel free to modify it for your own use.
---------------------------------------------------------------------
#!/bin/bash
# Simple shell script to monitor every services such as http, ssh, mail, dns, etc
# Shell script to monitor running services such as web/http, ssh, mail etc.
# If service fails it will send an Email to ADMIN user
# -------------------------------------------------------------------------
# Copyright (c) 2011 wowtutorial <http://www.wowtutorial.org>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
ports="22 53 80 25 3306"

# service names as per above ports
service="SSH DNS WEB MAIL MYSQL"

#Email id to send alert
ADMINEMAIL="admin@wowtutorial.org"

#Bin paths, set them according to your Linux distro
NETSTAT=/bin/netstat
MAIL=/usr/bin/mail
LOGGER=/usr/bin/logger
ID=/usr/bin/id

# Red hat usr uncomment
MAIL=/bin/mail
LOGGER=/bin/logger

#Counters, set defaults
c=1
status=""
sendmail=0

# set the following to 1, if you want message in /var/log/messages via a SYSLOG
logtosyslog=0

# Log file used to send an email
LOG="/tmp/services.log.$$"

# log message to screen and a log file
log(){
    echo "$@"
    echo "$@" >> $LOG
}

# log message and stop script
die(){
    echo "$@"
    exit 999
}

# Make sure only root can run it
is_root(){
    local id=$($ID -u)
    [ $id -ne 0 ]  && die "You must be root to run $0."
}
# Look out for all bins and create a log file
init_script(){
    [ ! -x $MAIL ] && die "$MAIL command not found."
    [ ! -x $NETSTAT ] && die "$NETSTAT command not found."
    [ ! -x $LOGGER ] && die "$LOGGER command not found."
    [ ! -x $ID ] && die "$ID command not found."
    is_root
    >$LOG
}

# check for all running services and shoot an email if service is not running
chk_services(){
    log "-------------------------------------------------------------"
    log "Running services status @ $(hostname) [ $(date) ]"
    log "-------------------------------------------------------------"

    # get open ports
    RPORTS=$($NETSTAT -tulpn -A inet | grep -vE '^Active|Proto' | grep 'LISTEN' | awk '{ print $4}' | cut -d: -f2 | sed '/^$/d' | sort  -u)

    # okay let us compare them
    for t in $ports
    do
        sname=$(echo $service | cut -d' ' -f$c)
        echo -en " $sname\t\t\t : "
        echo -en " $sname\t\t\t : " >> $LOG
        for r in $RPORTS
        do
            if [ "$r" == "$t" ]
            then
                status="YES"
                sendmail=1
                break
            fi
        done
        echo -n "$status"
        echo ""
        echo -n "$status" >>$LOG
        echo "" >>$LOG
        # Log to a syslog /var/log/messages?
        # This is useful if you have a dedicated syslog server
        [ $logtosyslog -eq 1  ] && $LOGGER "$sname service running : $status"

        # Update counters for next round
        c=$( expr $c + 1 )
        status="NO"
    done
    log "-------------------------------------------------------------"
    log "This is an automatically generated $(uname) service status notification by $0 script."

    if [ $sendmail -eq 1 ];
    then
        $MAIL -s "Service Down @ $(hostname)" $ADMINEMAIL < $LOG
    fi
}

### main ###
init_script
chk_services

### remove a log file ###
[ -f $LOG ] && /bin/rm -f $LOG

Detect Rootkits in Your Linux Server

First, we need to know what is rootkits.Rootkits is a program to control your unix terminals usually root access,in Windows usually Administrator access without any authorization from the server owner.

So to securing your linux server 
We can using some software : Zeppoo , Chkrootkit or rkhunter

Zeppoo Software

Zeppo will detect rootkits on i386 and x86_64 architecture in linux using /dev/kmem and /dev/mem
this software also able to detect a hidden task, system call etc..

Chkrootkit Software

Chkrootkit will locally check for sign of any rootkits in your server.
To install it we can using repository in your linux distribution

#yum install chkrootkit
or
#apt-get install chkrootkit

To checking any suspected files/strings we can using

#chkrootkit -x | less

Note : we need to have root access to do above command

rkhunter software

1.rkhunter is a tools that able to scan your linux server something like backdoors, rootkits and other exploits.

2.rkhunter is a shell script that able to check your local sistem and detect known rootkits.

To install it we can using repository in your linux distribution


#yum install rkhunter or #apt-get install rkhunter

To checking we can using this command below

#rkhunter --check


Note For Chkrootkit and rkhunter we need to mount some external command such as awk, grep and others

#chkrootkit -p /mnt/safe
for chkrootkit

#rkhunter --check --bindir /mnt/safe
for rkhunter

Friday, 7 December 2012

Bind configuration on RHEL-5.5


Server :- shashi.example.com
IP :- 192.168.0.254
Sub :- 255.255.255.0
DNS :- 192.168.0.254

Client :- client.unicom.com
IP :- 192.168.0.2
Sub :- 255.255.255.0
DNS :- 192.168.0.254

1.Required RPM

#bind-libs-9.3.3-10.el5
#bind-chroot-9.3.3-10.el5
#bind-devel-9.3.3-10.el5
#bind-utils-9.3.3-10.el5
#bind-libbind-devel-9.3.3-10.el5
#bind-9.3.3-10.el5
#bind-sdb-9.3.3-10.el5
#caching-nameserver-9.3.3-10.el5

2.Some file check

# vim /etc/hosts
# vim /etc/sysconfig/network
# vim /etc/resolv.conf

3.Configure

# cp -p /etc/named/caching-nameserver.conf /var/named/chroot/etc/named.conf

4.Soft link

# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

5.Check Permission

# ll -ld /etc/named.conf
root named named.conf

6.Create named.conf

#vim /etc/named.conf

listen-on Port 53 { 127.0.0.1; Server IP; } ;

allow-query { localhost; any; } ;
allow-query-cache { localhost; any; } ;

match-clients { localhost; any; } ;
match-destinations { localhost; any; } ;

recursion yes;
zone “example.com” {
type master;
file “example.com.zone”;
};
zone “0.168.192.in-addr.arpa” {
type master;
file “rev-example.com.zone”;
};

7.Test named.conf

# named-checkconf

cd /var/named/chroot/var/named/

# cp -p localdomain.zone example.com.zone

# vim example.com.zone


$TTL 86400

@ SOA example.com. root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS shashi.example.com.

shashi IN A 192.168.0.254
client IN A 192.168.0.2

# cd /var/named/chroot/var/named/

# cp -p named.local rev-example.com.zone

# vim rev-example.com.zone

$TTL 86400

@ IN SOA example.com. root.shashi.example.com. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS shashi.example.com
254 IN PTR shashi.
2 IN PTR client.

-->
# service named start
# service named restart
# chkconfig named on

12.check DNS

# nslookup
# dig server.example.com

Sunday, 4 November 2012

LSOF (List Open File)


It is a command line utility which is used to list the information about the files that are opened by various processes. In linux, everything is a file, ( pipes, sockets, directories, devices, etc.). So by using lsof, you can get the information about any opened files.

COMMAND - process name.

PID - process ID

USER - Username

FD – Represents the file descriptor

  1. cwd – Current Working Directory
  2. txt – Text file
  3. mem – Memory mapped file
  4. mmap – Memory mapped device
  5. NUMBER – Represent the actual file descriptor. The character after the number i.e ’1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write
TYPE – Specifies the type of the file.
  1. REG – Regular File
  2. DIR – Directory
  3. FIFO – First In First Out
  4. CHR – Character special file
DEVICE - device number

SIZE - file size

NODE - node number

NAME - full path of the name

  1. /proc/PID/cmdline : process arguments
  2. /proc/PID/cwd : process current working directory (symlink)
  3. /proc/PID/exe : path to actual process executable file (symlink)
  4. /proc/PID/environ : environment used by process
  5. /proc/PID/root : the root path as seen by the process. For most processes this will be a link to / unless the process is running in a chroot jail.
  6. /proc/PID/status : basic information about a process including its run state and memory usage.
  7. /proc/PID/task : hard links to any tasks that have been started by this (the parent) process.


Install lsof service.

Yum install lsof*

1.List processes which opened a specific file

# lsof /var/log/syslog


2.List opened files under a directory

# lsof +D /var/log/

3.List opened files based on process names starting with

# lsof -c ssh -c init

4.List processes using a mount point

# lsof /home

5.List files opened by a specific user

# lsof -u username

6.Sometimes you may want to list files opened by all users, expect some 1 or 2. In that case you can use the ‘^’ to exclude only the particular user as follows

# lsof -u ^username

7.List all open files by a specific process

# lsof -p PID

8.List all the users who are using a particular file

# lsof /bin/vi

9.Lists all processes that use the bash shell

# lsof /bin/bash

10.Lists all opened files that are not opened by the given user

# lsof -u ^user

11.Process list a la ps aux

# lsof -d txt

12.Lists all deleted files,that are still opened and use up disk space(files with less than one link)
# lsof +L1

Finding Network Connection


1.List all network connections (You can also use ‘-i4′ or ‘-i6′ to list only)

# lsof -i

2.List all network files in use by a specific process

# lsof -i -a -p 234
OR
# lsof -i -a -c ssh

3.List processes which are listening on a particular port

# lsof -i :25

4.List all TCP or UDP connections

# lsof -i tcp; lsof -i udp;

5.List all Network File System ( NFS ) files

# lsof -N -u username -a

6.Lists all network files opened by the user www-data (boolean and with -a)

# lsof -a -i -u www-data

7.Lists all active connections

# lsof -i|grep '\->'





Install NMAP (Network Mapper) and Zenmap




Mmap is a powerfull scanner available in Linux system. We can findout, all the ways a computer communicates with other computers on a network.

Features of Nmap :-

1. Flexible :- advanced techniques for mapping out networks filled with IP filters, firewalls, routers.
This includes many port scanning TCP and UDP, and OS detection, version detection.

2. Powerful :- Nmap has been used to scan huge networks of literally hundreds of thousands of
machines.

3. Portable :- Most operating systems are supported, including Linux, Microsoft Windows,
FreeBSD, OpenBSD, Solaris, Mac OS X, HP-UX, NetBSD, Sun OS.

4. Easy :- Easy to operting Nmap .E.g – <nmap – A -V target>. You can used Zenmap is a GUI.

5. free :- It is a free Nmap.

6. Popular :- Thousands of people download Nmap every day. and it is included with many
operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc).


Advantage of Nmap :-

1. Find computers on a network.

2. Find open ports on those computers.

3. Find out, what services are using those ports.

4. Find out, what operating system is on the computers.

5. Find out, detection application name and version number.

6. Raw Socket (sending) :- The system API for sending custom packets is called raw sockets.
Unfortunately this sockets can't be used to listen for raw packets on the wire.

7. NSE :- Let a programmer choose what to do with the services it finds. The programmer can write
Nmap Scripting Engine programs in the Lua Programming language.

8. Three way handshake on tcp/ip.

a) SYN (Synchronous) :- The active open is performed by the client sending a SYN to the server.
the client sets the segment's sequence number to a random value A.

b) SYN-ACK (acknowledgment) :- In response, the server replies with a SYN-ACK. The
acknowledgment number is set to one more than the received sequence
number (A + 1), and the sequence number that the server chooses for the
packet is another random number, B.

c) ACK (acknowledgment) :- Finally, the client sends an ACK back to the server. The sequence
number is set to the received acknowledgement value i.e. A + 1, and the
acknowledgement number is set to one more than the received sequence
number i.e. B + 1.

9. Graphical interface Nmap.

Zenmap used.

Syntax :-
 
nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
-iL
Input from list of hosts/networks
-iR
Choose random targets
--exclude <host1[,host2][,host3],...>
Exclude hosts/networks
--excludefile <exclude_file>
Exclude list from file

HOST DISCOVERY:
-sL
List Scan - list targets to scan
-sP
Ping Scan - go no further than determining if host is online
-P0
Treat all hosts as online -- skip host discovery
-PS/PA/PU [portlist]
TCP SYN/ACK or UDP discovery to given ports
-PE/PP/PM
ICMP echo, timestamp, and netmask request discovery probes
-n/-R
Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>
Specify custom DNS servers
--system-dns
Use OS's DNS resolver


SCAN TECHNIQUES:
-sS/sT/sA/sW/sM
TCP SYN/Connect()/ACK/Window/Maimon scans
-sN/sF/sX
TCP Null, FIN, and Xmas scans
--scanflags <flags>
Customize TCP scan flags
-sI <zombie host[:probeport]>
Idlescan
-sO
IP protocol scan
-b <ftp relay host>
FTP bounce scan


PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>
Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-F
Fast - Scan only the ports listed in the nmap-services file)
-r
Scan ports consecutively - don't randomize


SERVICE/VERSION DETECTION:
-sV
Probe open ports to determine service/version info
--version-intensity <level>
Set from 0 (light) to 9 (try all probes)
--version-light
Limit to most likely probes (intensity 2)
--version-all
Try every single probe (intensity 9)
--version-trace
Show detailed version scan activity (for debugging)


OS DETECTION:
-O
Enable OS detection
--osscan-limit
Limit OS detection to promising targets
--osscan-guess
Guess OS more aggressively


TIMING AND PERFORMANCE:
Options which take <time> are in milliseconds, unless you append 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T[0-5]
Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>
Parallel host scan group sizes
--min-parallelism/max-parallelism <time>
Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>
Specifies probe round trip time.
--max-retries <tries>
Caps number of port scan probe retransmissions.
--host-timeout <time>
Give up on target after this long
--scan-delay/--max-scan-delay <time>
Adjust delay between probes


FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>
fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>
Cloak a scan with decoys
-S <IP_Address>
Spoof source address
-e <iface>
Use specified interface
-g/--source-port <portnum>
Use given port number
--data-length <num>
Append random data to sent packets
--ttl <val>
Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>
Spoof your MAC address
--badsum
Send packets with a bogus TCP/UDP checksum


OUTPUT:
-oN/-oX/-oS/-oG <file>
Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename.
-oA <basename>
Output in the three major formats at once
-v
Increase verbosity level (use twice for more effect)
-d[level]
Set or increase debugging level (Up to 9 is meaningful)
--packet-trace
Show all packets sent and received
--iflist
Print host interfaces and routes (for debugging)
--log-errors
Log errors/warnings to the normal-format output file
--append-output
Append to rather than clobber specified output files
--resume <filename>
Resume an aborted scan
--stylesheet <path/URL>
XSL stylesheet to transform XML output to HTML
--webxml
Reference stylesheet from Insecure.Org for more portable XML
--no-stylesheet
Prevent associating of XSL stylesheet w/XML output

MISC:
-6
Enable IPv6 scanning
-A
Enables OS detection and Version detection
--datadir <dirname>
Specify custom Nmap data file location
--send-eth/--send-ip
Send using raw ethernet frames or IP packets
--privileged
Assume that the user is fully privileged
-V
Print version number


1.IP Scanning with range

# nmap -sP 192.168.0.0/24

# nmap -sP 192.168.0.1-254

2.Port Scanning with range port 100 – port 200

# nmap 192.168.0.11 -p100-200

# nmap -p21,22,80 192.168.0.123

3.Scanning Operating system on target IP

# nmap -O 192.168.0.11

4.nmap Faster Execution faster scan, use -T4

# nmap -A -T4 192.168.0.11

5.Version detection

# nmap -A -T4 -F 192.168.0.123

# nmap -A -T4 192.168.0.123

6.Choose between TCP and UDP protocol

# nmap -p T:3000-4000 192.168.0.123

7.Chek Only UDP

# nmap -sU 192.168.0.123

8.check Only TCP SYN (half-open) scanning

# nmap -sS 192.168.0.123
# nmap -sS 192.168.0.0/24


9.nmap TCP FIN scanning

# nmap -v -sF 192.168.0.0/24

10.nmap TCP Xmas tree scanning
Useful to see if firewall protecting against this kind of attack or not:

# nmap -v -sX 192.168.0.0/24

11.nmap TCP Windows scanning

# nmap -v -sW 192.168.0.0/24

12.nmap TCP RPC scanning

# nmap -v -sR 192.168.0.0/24

13.nmap remote software version scanning

# nmap -v -sV 192.168.0.0/24


-: Graphical interface :-

Application -> SystemTools -> NmapFE

OR

Same version nmap and zenmap.

# wget nmap.org/dist/zenmap-6.01-1.noarch.rpm

rpm -ivh zenamp-6.01-1.noarch.rpm



Tuesday, 30 October 2012

Different between TCP and UDP


TCP (Transmission Control Protocol) is the most commonly used protocol on the Internet. The reason for this is because TCP offers error correction. When the TCP protocol is used there is a "guaranteed delivery." This is due largely in part to a method called "flow control." Flow control determines when data needs to be re-sent, and stops the flow of data until previous packets are successfully transferred. This works because if a packet of data is sent, a collision may occur. When this happens, the client re-requests the packet from the server until the whole packet is complete and is identical to its original. 


UDP (User Datagram Protocol) is anther commonly used protocol on the Internet. However, UDP is never used to send important data such as webpages, database information, etc; UDP is commonly used for streaming audio and video. Streaming media such as Windows Media audio files (.WMA) , Real Player (.RM), and others use UDP because it offers speed! The reason UDP is faster than TCP is because there is no form of flow control or error correction. The data sent over the Internet is affected by collisions, and errors will be present. Remember that UDP is only concerned with speed. This is the main reason why streaming media is not high quality.


 Frame Structure

 As data moves along a network, various attributes are added to the file to create a frame. This process is called encapsulation. There are different methods of encapsulation depending on which protocol and topology are being used. As a result, the frame structure of these packets differ as well. The images below show both the TCP and UDP frame structures.

                                         
                                     TCP FRAME STRUCTURE

                                    UDP FRAME STRUCTURE

 

The payload field contains the actually data. Notice that TCP has a more complex frame structure. This is largely due to the fact the TCP is a connection-oriented protocol. The extra fields are need to ensure the "guaranteed delivery" offered by TCP.

Friday, 19 October 2012

How to Email Works

Using email is very easy, but setting up your own email server is not. This article describes how email works to give you an introduction on the various components needed to implement your own mail server.


1. The sender uses a Mail User Agent (MUA) to compose an email. An MUA,  
    often referred to as a mail client, is a program that allows a user to compose,
    send and receive email.

2. The mail is sent to a Mail Transfer Agent (MTA) which is responsible for
    sending the email to the receipient’s MTA. An MTA transfers mail messages  
    between computers via the SMTP protocol. Postfix, Sendmail, Exim and
    Qmail are examples of an MTA.

3. The recipient’s MTA receives the email and passes it on to a Mail Delivery   
   Agent (MDA). An MDA manages the user’s mailbox and handles mails for
   delivery to the MUA using either the POP or IMAP protocol.

  • POP (Post Office Protocol)
    Although most mail clients have an option to Leave a copy on the server, POP is generally used to download all messages from the mailbox, store them on the user’s PC as new messages and delete them from the server.
  • IMAP (Internet Message Access Protocol)
    Allows users to view their mailboxes on the server and to delete mail only when told to do so.

    Mbox and Maildir are two common mailbox formats used in Unix. Dovecot, Cyrus and Courier are examples of an MDA.

    4. The recipient uses an MUA to check and retrieve messages from the MDA.