An A-Z Index of Oracle SQL Commands (version 9.2) ANALYZE AUDIT CALL Cluster - CREATE CLUSTER - ALTER CLUSTER - DROP CLUSTER COMMENT COMMIT CONNECT CONSTRAINT - Add / Enable Context - CREATE CONTEXT - DROP CONTEXT Controlfile - CREATE CONTROLFILE Database - CREATE DATABASE - ALTER DATABASE DELETE DESCRIBE Dimension - CREATE DIMENSION - ALTER DIMENSION - DROP DIMENSION Directory - CREATE DIRECTORY - DROP DIRECTORY EXEC EXECUTE IMMEDIATE EXPLAIN PLAN Function - CREATE FUNCTION - ALTER FUNCTION - DROP FUNCTION GRANT Index - CREATE INDEX - ALTER INDEX - DROP INDEX Indextype - CREATE INDEXTYPE - DROP INDEXTYPE INSERT INTERSECT Java - CREATE JAVA - ALTER JAVA
- DROP JAVA Library - CREATE LIBRARY - DROP LIBRARY Link - CREATE DATABASE LINK - DROP DATABASE LINK LOCK TABLE Mview MINUS
CREATE MATERIALIZED VIEW ALTER MATERIALIZED VIEW DROP MATERIALIZED VIEW CREATE MATERIALIZED VIEW LOG ALTER MATERIALIZED VIEW LOG DROP MATERIALIZED VIEW LOG
NOAUDIT Operator - CREATE OPERATOR - DROP OPERATOR Outline - CREATE OUTLINE - ALTER OUTLINE - DROP OUTLINE Package - CREATE PACKAGE/BODY - ALTER PACKAGE - DROP PACKAGE Pfile - CREATE PFILE Procedure - CREATE PROCEDURE - ALTER PROCEDURE - DROP PROCEDURE Profile - CREATE PROFILE - ALTER PROFILE - DROP PROFILE RECOVER RENAME Resource - ALTER RESOURCE COST REVOKE RMAN - Recovery Manager Role - CREATE ROLE - SET ROLE - ALTER ROLE - DROP ROLE ROLLBACK Rollback - CREATE ROLLBACK SEGMENT - ALTER ROLLBACK SEGMENT
- DROP
ROLLBACK SEGMENT
SAVEPOINT Schema - CREATE SCHEMA SELECT Sequence - CREATE SEQUENCE - ALTER SEQUENCE - DROP SEQUENCE Session - ALTER SESSION SHUTDOWN SNAPSHOT SPfile - CREATE SPFILE STARTUP Statistics - ASSOCIATE STATISTICS - DISASSOCIATE STATISTICS Synonym - CREATE SYNONYM - DROP SYNONYM System - ALTER SYSTEM Table - CREATE TABLE - ALTER TABLE - DROP TABLE Tablespace - CREATE TABLESPACE - ALTER TABLESPACE - DROP TABLESPACE - CREATE TEMPORARY TABLESPACE Transaction - SET TRANSACTION Trigger - CREATE TRIGGER - ALTER TRIGGER - DROP TRIGGER TRUNCATE Type - CREATE TYPE - ALTER TYPE - DROP TYPE - CREATE TYPE BODY - DROP TYPE BODY UPDATE UNION User - CREATE USER - ALTER USER - DROP USER View - CREATE VIEW - ALTER VIEW - DROP VIEW
CALL Execute a procedure or function from within SQL (may be used for both stored rocedures/packages and standalone routines). Syntax: CALL [schema.] item_to_call CALL [schema.] [package.] item_to_call [INTO :host_variable [[INDICATOR] :indicator_var] ] CALL [schema.] [type.] item_to_call [INTO :host_variable [[INDICATOR] :indicator_var] ] Key item_to_call:
indicator_var: variable
function [@dblink] (expr,...) procedure [@dblink] (expr,...) method [@dblink] (expr,...) The value or condition of the host
Example CALL place_order(453); "Ever notice that 'What the hell' is always the right decision?" - Marilyn Monroe key: select_list A comma-separated list of table columns (or expressions) eg: column1, column2, column3 table.column1, table.column2 table.column1 Col_1_Alias, table.column2 Col_2_Alias schema.table.column1 Col_1_Alias, schema.table.column2 Col_2_Alias schema.table.* * expr1, expr2 (subquery [WITH READ ONLY | WITH CHECK OPTION [CONSTRAINT constraint]])
In the above, 'table' may be replaced with view or snapshot. Using the * expression will return all columns. If a Column_Alias is specified this will appear as the column heading in SQL*Plus output. DISTINCT Supress duplicate rows - display only the unique values. Duplicate rows have matching values across every column (or expression) in the select_list. FROM table_list Contains a list of the tables from which the result set data is retrieved. [schema.]{table | view | snapshot}[@dblink] [t_alias] When selecting from a table you can also specify Partition and/or Sample clauses e.g. [schema.]table [PARTITION (partition)] [SAMPLE (sample_percent)] If the SELECT statement involves more than one table, the FROM clause can also contain join specifications (SQL1992 standard). Read more about joins. WHERE search_conditions A filter that defines the conditions each row in the source table(s) must meet to qualify for the SELECT. Only rows that meet the conditions will be included in the result set. The WHERE clause can also contain inner and outer join specifications (SQL1989 standard). e.g. WHERE tableA.column = tableB.column WHERE tableA.column = tableB.column(+) WHERE tableA.column(+) = tableB.column GROUP BY group_by_list The GROUP BY clause partitions the result set into groups. The group_by_list may be one or more columns or expressions and may optionally include the CUBE / ROLLUP keywords for creating crosstab results. Heirarchical Queries Any query that does *not* include a GROUP BY clause may include a CONNECT BY heirarchy clause: [START WITH condition] CONNECT BY condition
HAVING search_conditions An additional filter - the HAVING clause acts as an additional filter to the grouped result rows - as opposed to the WHERE clause that applies to individual rows. The HAVING clause is most commonly used in conjunction with a GROUP BY clause. ORDER BY order_list [ ASC | DESC ] [ NULLS { FIRST | LAST } ] The ORDER BY clause defines the order in which the rows in the result set are sorted. order_list specifies the result set columns that make up the sort list. The ASC and DESC keywords are used to specify if the rows are sorted ascending (1...9 a...z) or descending (9...1 z...a). You can sort by any column even if that column is not actually in the main SELECT clause. If you do not include an ORDER BY clause then the order of the result set rows will be unpredictable (random or quasi random). FOR UPDATE options This is often used within SL/SQL routines to lock the selected rows. Oracle will wait for any locks to be released unless you specify NOWAIT FOR UPDATE [OF [ [schema.]{table|view}.] column] [NOWAIT] Undocumented syntax: SELECT... FOR UPDATE SKIP LOCKED Skip Locked will return all the 'non-locked' rows and lock them. While this syntax can be used effectively, it is generally not a good idea to use it within an application as undocumented syntax may be removed or changed in future releases. Writing a SELECT statement The clauses (SELECT ... FROM ... WHERE ... HAVING ... ORDER BY ... ) must be in this order. The position of commas and semicolons is not forgiving. Each expression must be unambiguous. In other words if two columns have the same name, then either prefix the columns with the tablename (or use an alias). SELECT DISTINCT customer_id, oi_ship_date FROM customers,
order_items WHERE customers.customer_id = order_items.customer_id AND order_items.oi_ship_date > '01-may-2001'; Table names may also be qualified with the schema name (if you are working with multiple schema's) e.g. scott.t_customers.customer_id SQL statements can be simplified, and made more readable by assigning a table alias (also known as a range variable or correlation name). With a table alias the fully qualified name has to be specified only in the FROM clause. All other table/view references then use the alias name. e.g. SELECT DISTINCT cst.customer_id, ord.oi_ship_date FROM customers cst, order_items ord WHERE cst.customer_id = ord.customer_id AND ord.oi_ship_date > '01-may-2001'; OWNER Owner of the view VIEW_NAME Name of the view TEXT_LENGTH Length of the view text TEXT View text TYPE_TEXT_LENGTH Length of the type clause of the object view TYPE_TEXT Type clause of the object view OID_TEXT_LENGTH Length of the WITH OBJECT OID clause of the object view OID_TEXT WITH OBJECT OID clause of the object view VIEW_TYPE_OWNER Owner of the type of the view if the view is an object view VIEW_TYPE Type of the view if the view is an object view SUPERVIEW_NAME
Name of the superif view is a subview OWNER
Owner of the table TABLE_NAME Name of the table TABLESPACE_NAME Name of the tablespace containing the table CLUSTER_NAME Name of the cluster,if any,to which the table belongs IOT_NAME Name of the index-only table,if any,to which the overflow or mapping table entry belongs PCT_FREE Minimum percentage of free space in a block PCT_USED Minimum percentage of used space in a block INI_TRANS Initial number of transactions MAX_TRANS Maximum number of transactions INITIAL_EXTENT Size of the initial extent in bytes NEXT_EXTENT Size of secondary extents in bytes MIN_EXTENTS Minimum number of extents allowed in the segment MAX_EXTENTS Maximum number of extents allowed in the segment PCT_INCREASE Percentage increase in extent size FREELISTS Number of process freelists allocated in this segment FREELIST_GROUPS Number of freelist groups allocated in this segment LOGGING Logging attribute BACKED_UP Has table been backed up since last modification? NUM_ROWS The number of rows in the table BLOCKS The number of used blocks in the table EMPTY_BLOCKS The number of empty (never used) blocks in the table AVG_SPACE The average available free space in the table CHAIN_CNT
The number of chained rows in the table AVG_ROW_LEN The average row length,including row overhead AVG_SPACE_FREELIST_BLOCKS The average freespace of all blocks on a freelist NUM_FREELIST_BLOCKS The number of blocks on the freelist DEGREE The number of threads per instance for scanning the table INSTANCES The number of instances across which the table is to be scanned CACHE Whether the table is to be cached in the buffer cache TABLE_LOCK Whether table locking is enabled or disabled SAMPLE_SIZE The sample size used in analyzing this table LAST_ANALYZED The date of the most recent time this table was analyzed PARTITIONED Is this table partitioned? YES or NO IOT_TYPE If index-only table,then IOT_TYPE is IOT or IOT_OVERFLOW or IOT_MAPPING else NULL TEMPORARY Can the current session only see data that it place in this object itself? SECONDARY Is this table object created as part of icreate for domain indexes? NESTED Is the table a nested table? BUFFER_POOL The default buffer pool to be used for table blocks ROW_MOVEMENT Whether partitioned row movement is enabled or disabled GLOBAL_STATS Are the statistics calculated without merging underlying partitions? USER_STATS Were the statistics entered directly by the user? DURATION
If temporary table,then duration is sys$session or sys$transaction else NULL SKIP_CORRUPT Whether skip corrupt blocks is enabled or disabled MONITORING Should we keep track of the amount of modification? CLUSTER_OWNER Owner of the cluster,if any,to which the table belongs DEPENDENCIES Should we keep track of row level dependencies? __ __ ____ ___ _ | \/ |_ _/ ___| / _ \| | | |\/| | | | \___ \| | | | | | | | | |_| |___) | |_| | |___ |_| |_|\__, |____/ \__\_\_____| |___/
Handy MySQL Commands Description
Command
To login (from unix shell) use -h [mysql dir]/bin/mysql -h hostname -u root -p only if needed. Create a database create database [databasename]; on the sql server. List all databases show databases; on the sql server. Switch to a database.
use [db name];
To see all the tables in the db.
show tables;
To see database's describe [table name]; field formats. To delete a db.
drop database [database name];
To delete a table. drop table [table name]; Show all data in a SELECT * FROM [table name]; table. Returns the columns and column information pertaining to the
show columns from [table name];
designated table. Show certain selected rows with the value "whatever".
SELECT * FROM [table name] WHERE [field name] = "whatever";
Show all records containing the SELECT * FROM [table name] WHERE name = "Bob" AND name "Bob" AND phone_number = '3444444'; the phone number '3444444'. Show all records not containing the name "Bob" AND the phone number SELECT * FROM [table name] WHERE name != "Bob" AND '3444444' order phone_number = '3444444' order by phone_number; by the phone_number field. Show all records starting with the SELECT * FROM [table name] WHERE name like "Bob%" AND letters 'bob' AND phone_number = '3444444'; the phone number '3444444'. Use a regular expression to find records. Use "REGEXP SELECT * FROM [table name] WHERE rec RLIKE "^a$"; BINARY" to force casesensitivity. This finds any record beginning with a. Show unique records.
SELECT DISTINCT [column name] FROM [table name];
Show selected records sorted in
SELECT [col1],[col2] FROM [table name] ORDER BY [col2] DESC;
an ascending (asc) or descending (desc). Count rows.
SELECT COUNT(*) FROM [table name];
Join tables on common columns.
select lookup.illustrationid, lookup.personid,person.birthday from lookup left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;
Switch to the INSERT INTO [table name] (Host,User,Password) mysql db. Create VALUES('%','user',PASSWORD('password')); a new user. Change a users password.(from unix shell).
[mysql dir]/bin/mysqladmin -u root -h hostname.blah.org -p password 'new-password'
Change a users SET PASSWORD FOR 'user'@'hostname' = password.(from PASSWORD('passwordhere'); MySQL prompt). Switch to mysql db.Give user privilages for a db.
INSERT INTO [table name] (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Crea te_priv,Drop_priv) VALUES ('%','db','user','Y','Y','Y','Y','Y','N');
To update info UPDATE [table name] SET Select_priv = 'Y',Insert_priv = already in a table. 'Y',Update_priv = 'Y' where [field name] = 'user'; Delete a row(s) from a table.
DELETE from [table name] where [field name] = 'whatever';
Update database permissions/privil FLUSH PRIVILEGES; ages. Delete a column. alter table [table name] drop column [column name]; Add a new column to db.
alter table [table name] add column [new column name] varchar (20);
Change column name.
alter table [table name] change [old column name] [new column name] varchar (50);
Make a unique column so you get no dupes.
alter table [table name] add unique ([column name]);
Make a column bigger.
alter table [table name] modify [column name] VARCHAR(3);
Delete unique
alter table [table name] drop index [colmn name];
from table. Load a CSV file into a table.
LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);
Dump all databases for backup. Backup file is sql commands to recreate all db's.
[mysql dir]/bin/mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql
Dump one database for backup.
[mysql dir]/bin/mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql
Dump a table from a database.
[mysql dir]/bin/mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql
Restore database [mysql dir]/bin/mysql -u username -ppassword databasename < (or database /tmp/databasename.sql table) from backup.
Create Table Example 1.
CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3), officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));
Create Table Example 2.
create table [table name] (personid int(50) not null auto_increment primary key,firstname varchar(35),middlename varchar(50),lastname varchar(50) default 'bato');
Network
IOS Commands Privileged Mode enable - get to privileged mode disable - get to user mode enable password <password_here> - sets privileged mode password enable secret <password_here> - sets encrypted privileged mode password
Setting Passwords enable secret <password_here> - set encrypted password for privileged access enable password <password_here> - set password for privileged access (used when there is no enable secret and when using older software) Set password for console access: (config)#line console 0 (config-line)#login (config-line)#password <password_here> Set password for virtual terminal (telnet) access (password must be set to access router through telnet): (config)#line vty 0 4 (config-line)#login (config-line)#password <password_here> Set password for auxiliary (modem) access: (config)#line aux 0 (config-line)#login (config-line)#password <password_here>
Configuring the Router sh running-config - details the running configuration file (RAM) sh startup-config - displays the configuration stored in NVRAM setup - Will start the the automatic setup; the same as when you first boot the router config t - use to execute configuration commands from the terminal config mem - executes configuration commands stored in NVRAM; copies startup-config to running-config config net - used to retrieve configuration info from a TFTP server copy running-config startup-config - copies saved config in running config (RAM) to NVRAM or "write memory" for IOS under ver.11 copy startup-config running-config - copies from non-volatile (NVRAM) to current running config (RAM) boot system flash
- tells router which IOS file in flash to boot from boot system tftp - tells router which IOS file on the tftp server to boot from boot system rom - tell router to boot from ROM at next boot copy flash tftp - Copies flash to tftp server copy tftp flash - Restores flash from tftp server copy run tftp - Copies the current running-config to tftp server copy tftp run - Restores the running-config from tftp server General Commands no shutdown - (enables the interface) reload - restarts the router sh ver - Cisco IOS version, uptime of router, how the router started, where system was loaded from, the interfaces the POST found, and the configuration register sh clock - shows date and time on router sh history - shows the history of your commands sh debug - shows all debugging that is currently enabled
no debug all - turns off all debugging sh users - shows users connected to router sh protocols - shows which protocols are configured banner motd # Your_message # - Set/change banner hostname - use to configure the hostname of the router clear counters - clear interface counters Processes & Statistics sh processes - shows active processes running on router sh process cpu - shows cpu statistics sh mem - shows memory statistics sh flash - describes the flash memory and displays the size of files and the amount of free flash memory sh buffers - displays statistics for router buffer pools; shows the size of the Small, Middle, Big, Very Big, Large and Huge Buffers sh stacks - shows reason for last reboot, monitors the stack use of processes and interrupts routines CDP Commands (Cisco Discovery Protocol uses layer 2 multicast over a SNAPcapable link to send data): sh cdp neighbor - shows directly connected neighbors sh cdp int - shows which interfaces are running CDP sh cdp int eth 0/0 - show CDP info for specific interface sh cdp entry - shows CDP neighbor detail cdp timer 120 - change how often CDP info is sent (default cdp timer is 60) cp holdtime 240 - how long to wait before removing a CDP neighbor (default CDP holdtime is 180) sh cdp run - shows if CDP turned on no cdp run - turns off CDP for entire router (global config) no cdp enable - turns off CDP on specific interface Miscellaneous Commands sh controller t1 - shows status of T1 lines sh controller serial 1 - use to determine if DCE or DTE device (config-if)#clock rate 6400 - set clock on DCE (bits per second) (config-if)#bandwidth 64 - set bandwidth (kilobits) IP Commands Configure IP on an interface: int serial 0 ip address 157.89.1.3 255.255.0.0 int eth 0 ip address 2008.1.1.4 255.255.255.0 Other IP Commands: sh ip route - view ip routing table ip route <mask> <default_gateway>
[administrative_distance] - configure a static IP route ip route 0.0.0.0 0.0.0.0 - sets default gateway ip classless - use with static routing to allow packets destined for unrecognized subnets to use the best possible route sh arp - view arp cache; shows MAC address of connected routers ip address 2.2.2.2 255.255.255.0 secondary - configure a 2nd ip address on an interface sh ip protocol IPX Commands Enable IPX on router: ipx routing Configure IPX + IPX-RIP on an int: int ser 0 ipx network 4A Other Commands: sh ipx route - shows IPX routing table sh ipx int e0 - shows ipx address on int sh ipx servers - shows SAP table sh ipx traffic - view traffic statistics debug ipx routing activity - debugs IPS RIP packets debug ipx sap - debugs SAP packets Routing Protocols Configure RIP: router rip network 157.89.0.0 network 208.1.1.0 Other RIP Commands: debug ip rip - view RIP debugging info Configure IGRP: router IGRP 200 network 157.89.0.0 network 208.1.1.0 Other IGRP Commands: debug ip igrp events - view IGRP debugging info debug ip igrp transactions - view IGRP debugging info Access Lists (see notes below for details) sh ip int ser 0 - use to view which IP access lists are applies to which int sh ipx int ser 0 - use to view which IPX access lists are applies to which int sh appletalk int ser 0 - use to view which AppleTalk access lists are applies to which int View access lists: sh access-lists sh ip access-lists
sh ipx access-lists sh appletalk access-lists Apply standard IP access list to int eth 0: access-list 1 deny 200.1.1.0 0.0.0.255 access-list 1 permit any int eth 0 ip access-group 1 in Apply Extended IP access list to int eth 0: access-list 100 deny tcp host 1.1.1.1 host 2.2.2.2 eq 23 access-list 100 deny tcp 3.3.3.0 0.0.0.255 any eq 80 int eth 0 ip access-group 100 out Apply Standard IPX access list to int eth 0: access-list 800 deny 7a 8000 access-list 800 permit -1 int eth 0 ipx access-group 800 out Apply Standard IPX access list to int eth 0: access-list 900 deny sap any 3378 -1 access-list 900 permit sap any all -1 int eth 0 ipx access-group 900 out
Wan Configurations (see notes below for more details) PPP Configuration encapsulation ppp ppp authentication ppp chap hostname ppp pap sent-username <username_here> sh int ser 0 - use to view encapsulation on the interface Frame-Relay Configuration encapsulation frame-relay ietf - use IETF when setting up a frame-relay network between a Cisco router and a non-Cisco router frame-relay lmi-type ansi - LMI types are Cisco, ANSI, Q933A; Cisco is the default; LMI type is auto-sensed in IOS v11.2 and up frame-relay map ip 3.3.3.3 100 broadcast - if inverse ARP won't work, map Other IP to Your DLCI # (local) keepalive 10 - use to set keepalive sh int ser 0 - use to show DLCI, LMI, and encapsulation info sh frame-relay pvc - shows the configured DLCI's; shows PVC traffic stats sh frame-relay map - shows route maps sh frame-relay lmi - shows LMI info
Keyboard Shortcuts CTRL-P - show previous command CTRL-N - show next command SHIFT-CTRL-6 - Break
Notes
Static and Dynamic Routing Static Routing - manually assigned by the Admin user entering the routes (Routed Protocols - IP, IPX and AppleTalk) Dynamic Routing - generated/determined by a Routing Protocol (Routing Protocols - RIP I, RIP II, IGRP, EIGRP, OSPF, NLSP, RTMP) Dynamic 1) With Dynamic Routing, routers pass information between each other so that routing tables are regularly maintained. 2) The routers then determine the correct paths packets should take to reach their destinations. 3) Information is passed only between routers. 4) A routing domain is called an Autonomous System, as it is a portion of the Internetwork under common admin authority. 5) Consists of routers that share information over the same protocol. Can be split into routing areas.
Distance Vector and Link-State Routing Routing Protocols I) Interior (within an autonomous system - AS - group of routers under the same administrative authority) a) Distance Vector - understands the direction and distance to any network connection on the internetwork. Knows how many hops (the metric) to get there. All routers w/in the internetwork listen for messages from other routers, which are sent every 30 to 90 seconds. They pass their entire routing tables. Uses hop count for measurement. 1) Used in smaller networks that are have fewer than 100 routers. 2) Easy to configure and use. 3) As routers increase in number, you need to consider
CPU utilization, convergence time, and bandwidth utilization. 4) Convergence is due to routing updates at set intervals. 5) When a router recognizes a change it updates the routing table and sends the whole table to all of its neighbors. 1) RIP - 15 hop count max 2) IGRP - 255 hop count max, uses reliability factor (255 optimal), and bandwidth 3) RTMP b) Link State - understands the entire network, and does not use secondhand information. Routers exchange LSP?s (hello packets). Each router builds a topographical view of the network, then uses SPF (shortest path first) algorithm to determine the best route. Changes in topology can be sent out immediately, so convergence can be quicker. Uses Bandwidth, congestion for measurement; Dijkstra's algorithm; 1) Maintains Topology Database. 2) Routers have formal neighbor relationship. 3) Exchanges LSA (Link State Advertisement) or hello packets with directly connected interfaces. 4) These are exchanged at short intervals (typically 10 sec). 5) Only new info is exchanged. 6) Scales well, however link?state protocols are more complex. 7) Requires more processing power, memory, and bandwidth. 1) OSPF - decisions based on cost of route (metric limit of 65,535) 2) EIGRP - hybrid protocol (both Distance-Vector and Link State), Cisco proprietary 3) NLSP 4) IS-IS II) Exterior 1) EGP (Exterior Gateway Protocol) 2) BGP (Border Gateway Protocol) Routing Protocols used for each Routed Protocol IP - RIP, IGRP, OSPF, IS-IS, EIGRP IPX - IPX RIP, NLSP, EIGRP AppleTalk - RTMP, AURP, EIGRP Problems with Routing Protocols 1) Routing Loops - occur when routing tables are not updated fast enough when one of the networks becomes unreachable. Due to the slow convergence (updates of routing table between all routers), some routers will end up with incorrect routing table and will broadcast that routing table to other routers. This incorrect routing tables will cause packets to travel repeatedly in circles. 2) Counting to infinity - occurs when packets end up in a routing loop; hop count increases with every pass through a router on the network Solutions to Problems with Routing Protocols
1) Define the maximum number of hops - When the number of hops reaches this predefined value, the distance is considered infinite, thus the network is considered unreachable. This does stop routing loops, but only limit the time that packet can travel inside the loop. 2) Split horizon - The packets can not be sent back to the same interface that they originally came from. During the updates, one router does not send updates to the router that it received the information from. 3) Route poisoning - The router sets the cost/distance of routes that are unreachable to infinity. Used with hold-down timers 4) Triggered updates - The router sends updates of the routing table as soon as it detects changes in the network. Does not wait for the prescribed time to expire. 5) Hold-Downs - After the router detects unreachable network, the routers waits for a specified time before announcing that a network is unreachable. The router will also wait for a period of time before it updates its routing table after it detects that another router came online (Router keeps an entry for the network possibly down state, allowing time for other routers to re-compute for this topology change). Hold-downs can only partially prevent counting to infinity problem. Prevents routes from changing too rapidly in order to determine if a link has really failed, or is back up Encapsulation Types Encapsulation
802.2 802.3 Ethernet II Snap
sap novell-ether arpa (Internet Standard) snap
Wan Service Providers 1) Customer premises equipment (CPE) - Devices physically located at subscriber?s location; examples: CSU/DSU, modem, wiring on the customer's location 2) Demarcation (or demarc) - The place where the CPE ends and the local loop portion of the service begins. (Usually in the "phone closet"). 3) Local loop - Cabling from the demarc into the WAN service provider?s central office; wiring from customer's location to the nearest CO 4) Central Office switch (CO) - Switching facility that provides the nearest point of presence for the provider?s WAN service; location of telephone company's equipment where the phone line connects to the high speed line (trunk); Regional Telco Office where the local loop terminates (the Telco location nearest you) 5) Toll network - The switches and facilities, (trunks), inside the WAN provider?s
"cloud." DTE - the router side and receive clocking DCE - the CSU/DSU side and provide clocking WAN Devices Routers - Offer both internetwork and WAN interface controls ATM Switches - High-speed cell switching between both LANs and WANs X.25 and Frame-Relay Switches - Connect private data over public circuits using digital signals Modems - Connect private data over public telephone circuits using analog signals CSU/DSU (Channel Service Units/Data Service Units) - Customer Premises Equipment (CPE) which is used to terminate a digital circuit at the customer site Communication Servers - Dial in/out servers that allow dialing in from remote locations and attach to the LAN Multiplexors - Device that allows more than one signal to be sent out simultaneously over one physical circuit ISDN ISDN BRI (Basic Rate Interface) - 2 64K B channels, plus 1 16K D channel ISDN PRI (Primary Rate Interface) - 23 64K B channels, plus 1 64K D channel (North America & Japan), 30 64K B channels, plus 1 64K D channel (Europe & Australia) Classful and Classless Protocols Classful - summarizes routing info by major network numbers; ex. RIP, IGRP Classless - BGP, OSPF Administrative Distances for IP Routes Administrative Distances are configured using ip route command: Example: ip route 154.4.55.0 255.255.255.0 195.23.55.1 85 (where 85 is the administrative distance) IP Route
Administrative Distance
Directly connected 0 interface Static route using 0 connected interface
Static route using IP address
1
EIGRP summary route
5
External BGP route
20
Internal EIGRP route
90
IGRP route
100
OSPF route
110
IS-IS route
115
RIP route
120
EGP route
140
External EIGRP route
170
Internal BGP route
200
Route of unknown origin
255
Switching Terminology Store-and-Forward ? copies entire frame into buffer, checks for CRC errors before forwarding. Higher latency. Cut-Through ? reads only the destination address into buffer, and forwards immediately; Low latency; "wire-speed"
Fragment free ? modified form of cut-through; switch will read into the first 64 bytes before forwarding the frame. Collisions will usually occur within the first 64 bytes. (default for 1900 series). Access Lists 1-99
IP Standard Access List
100-199
IP Extended Access List
200-299
Protocol Type-code Access List
300-399
DECnet Access List
600-699
Appletalk Access List
700-799
48-bit MAC Address Access List
800-899
IPX Standard Access List
900-999
IPX Extended Access List
1000-1099 IPX SAP Access List 1100-1199 Extended 48-bit MAC Address Access List 1200-1299 IPX Summary Address Access List
Access List
Filters
Source IP address Standard field in the IP packet's IP header
Wildcard Masks
Additional Notes
To put simply, when the IP is broken down to binary, the 1's allow everything and the 0's must match exactly.
Wildcard mask examples: 0.0.0.0=entire address must match. 0.255.255.255=only the first octet must match, the rest will allow everything. 255.255.255.255=allow everything
Source IP or Destination Same as Extended IP, or TCP standard IP or UDP Source or Destination
The key word ANY implies any IP value is allowed, the keyword HOST implies the IP exactly has to match
Ports, or Protocol Packets sent by clients and servers, Standard and SAP IPX updates sent by servers and routers
Configured as a -1 means any and all hexadecimal network numbers ( number works like ANY) instead of binary
Source Network or Node, or Destination Network or Extended Node, or IPX IPX Protocol, or IPX Socket, or SAP
Match multiple networks The most practical use with one of the protocol type is statement, for NetBIOS again in hexadecimal
SAP
Sent and received SAP traffic
N/A
Updates its own SAP tables. Again uses -1 to mean "ANY"
Troubleshooting Tools: Ping Results ! ,
success timeout destination U unreachable unknown ? packet type & TTL
exceeded Traceroute Results
!H
P N U ,
router rec'd, but didn't forward because of access-list protocol unreachable network unreachable port unreachable timeout
Accessing Router with Terminal Emulation Using HyperTerminal on a Windows machine adjust the following settings: VT100 Emulation Connection Speed: 9600 Baud Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None On a Linux machine you may use Seyon or Minicom (at least one should come with your distribution).
Router Startup Sequence POST Bootstrap program loaded from ROM IOS is loaded from either flash (default), TFTP, or ROM IOS image loaded into low-addressed memory; hardware and software is determined Config file is load from NVRAM; if no configuration exists in NVRAM, the initial configuration dialog will begin
Miscellaneous Notes Multiple Loop Problems ? complex topology can cause multiple loops to occur. Layer 2 has no mechanism to stop the loop. This is the main reason for Spanning ? Tree Protocol. Spanning-Tree Protocol (STP) IEEE 802.1d. ? developed to prevent routing loops; uses STA (Spanning-Tree Algorithm) to calculate a loop-free network topology; allows redundant paths without suffering the effects of loops in the network Virtual LAN?s (VLAN's) ? sets different ports on a switch to be part of different sub-networks. Some benefits: simplify moves, adds, changes; reduce administrative costs; have better control of broadcasts; tighten security; and distribute load. Relocate the server into a secured location. HDLC (High-Level Data Link Control) - Link layer protocol for Serial links. Cisco Default. Supports the following modes: Normal Response Mode ? as per Secondary under SDLC; Asynchronous Response Mode allows secondary to communicate without permission; Asynchronous Balanced mode combines the two stations. Has lower overhead than LAPB but less error checking. Modular Switch/VIP Syntax type slot/port (example: e 2/1) type slot/port-adapter/port (example: e 2/0/1) _____ ____ ____ _____ ____ |_ _/ ___| _ \ / /_ _| _ \ | || | | |_) / / | || |_) | | || |___| __/ / | || __/ |_| \____|_| /_/ |___|_|
Common Ports This file was taken from the IANA website. It is a list of the well known port numbers. # /etc/services: # $Id: services,v 1.4 1997/05/20 19:41:21 tobias Exp $ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single wellknown # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). ports # are included, only the more common ones. tcpmux 1/tcp multiplexer echo 7/tcp echo 7/udp discard 9/tcp discard 9/udp systat 11/tcp daytime 13/tcp daytime 13/udp netstat 15/tcp qotd 17/tcp msp 18/tcp msp 18/udp chargen 19/tcp chargen 19/udp ftp-data 20/tcp ftp 21/tcp fsp 21/udp ssh 22/tcp Protocol ssh 22/udp Protocol telnet 23/tcp # 24 - private smtp 25/tcp # 26 - unassigned time 37/tcp time 37/udp rlp 39/udp nameserver 42/tcp whois 43/tcp re-mail-ck 50/tcp Protocol re-mail-ck 50/udp Protocol domain 53/tcp domain 53/udp mtp 57/tcp bootps 67/tcp bootps 67/udp bootpc 68/tcp bootpc 68/udp tftp 69/udp gopher 70/tcp gopher 70/udp rje 77/tcp finger 79/tcp www 80/tcp www 80/udp Protocol link 87/tcp kerberos 88/tcp
Not all
# TCP port service
sink null sink null users
quote ttytst source ttytst source fspd
# message send protocol # message send protocol
# SSH Remote Login # SSH Remote Login
mail timserver timserver resource name nicname
# resource location # IEN 116 # Remote Mail Checking # Remote Mail Checking
nameserver nameserver
# name-domain server # deprecated # BOOTP server # BOOTP client # Internet Gopher
netrjs http
# WorldWideWeb HTTP # HyperText Transfer
ttylink kerberos5 krb5 kerberos-sec
# Kerberos
v5 kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5 supdup 95/tcp # 100 - reserved hostnames 101/tcp hostname # usually from sri-nic iso-tsap 102/tcp tsap # part of ISODE. csnet-ns 105/tcp cso-ns # also used by CSO name server csnet-ns 105/udp cso-ns # unfortunately the poppassd (Eudora) uses a port which has already # been assigned to a different service. We list the poppassd as an # alias here. This should work for programs asking for this service. # (due to a bug in inetd the 3com-tsmux line is disabled) #3com-tsmux 106/tcp poppassd #3com-tsmux 106/udp poppassd rtelnet 107/tcp # Remote Telnet rtelnet 107/udp pop2 109/tcp postoffice pop-2 # POP version 2 pop2 109/udp pop-2 pop3 110/tcp pop-3 # POP version 3 pop3 110/udp pop-3 sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP auth 113/tcp authentication tap ident sftp 115/tcp uucp-path 117/tcp nntp 119/tcp readnews untp # USENET News Transfer Protocol ntp 123/tcp ntp 123/udp # Network Time Protocol pwdgen 129/tcp # PWDGEN service pwdgen 129/udp # PWDGEN service netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp imap2 143/tcp imap # Interim Mail Access Proto v2 imap2 143/udp imap snmp 161/udp # Simple Net Mgmt Proto snmp-trap 162/udp snmptrap # Traps for SNMP cmip-man 163/tcp # ISO mgmt over IP (CMOT) cmip-man 163/udp cmip-agent 164/tcp cmip-agent 164/udp mailq 174/tcp # Mailer transport queue for Zmailer mailq 174/udp # Mailer transport queue for Zmailer xdmcp 177/tcp # X Display Mgr. Control Proto xdmcp 177/udp nextstep 178/tcp NeXTStep NextStep # NeXTStep window
nextstep 178/udp bgp 179/tcp bgp 179/udp prospero 191/tcp prospero 191/udp irc 194/tcp irc 194/udp smux 199/tcp smux 199/udp at-rtmp 201/tcp at-rtmp 201/udp at-nbp 202/tcp at-nbp 202/udp at-echo 204/tcp at-echo 204/udp at-zis 206/tcp information at-zis 206/udp qmtp 209/tcp Protocol qmtp 209/udp Protocol z3950 210/tcp z3950 210/udp ipx 213/tcp ipx 213/udp imap3 220/tcp imap3 220/udp rpc2portmap 369/tcp rpc2portmap 369/udp codaauth2 370/tcp codaauth2 370/udp server ulistserv 372/tcp ulistserv 372/udp ldap 389/tcp Access Protocol ldap 389/udp Access Protocol https 443/tcp https 443/udp snpp 444/tcp Protocol snpp 444/udp Protocol saft 487/tcp Transfer saft 487/udp Transfer npmp-local 610/tcp npmp-local 610/udp npmp-gui 611/tcp npmp-gui 611/udp hmmp-ind 612/tcp hmmp-ind 612/udp ipp 631/tcp
NeXTStep NextStep # server # Border Gateway Proto. # Cliff Neuman's Prospero # Internet Relay Chat # SNMP Unix Multiplexer # AppleTalk routing # AppleTalk name binding # AppleTalk echo # AppleTalk zone # The Quick Mail Transfer # The Quick Mail Transfer wais wais
# NISO Z39.50 database # IPX # Interactive Mail Access # Protocol v3 # Coda portmapper # Coda authentication # UNIX Listserv # Lightweight Directory # Lightweight Directory # MCom # MCom # Simple Network Paging # Simple Network Paging # Simple Asynchronous File # Simple Asynchronous File
dqs313_qmaster # npmp-local / DQS dqs313_qmaster # npmp-local / DQS dqs313_execd # npmp-gui / DQS dqs313_execd # npmp-gui / DQS dqs313_intercell# HMMP Indication / DQS dqs313_intercell# HMMP Indication / DQS # Internet Printing
Protocol ipp 631/udp Protocol # # UNIX specific services # exec 512/tcp biff 512/udp login 513/tcp who 513/udp shell 514/tcp syslog 514/udp printer 515/tcp talk 517/udp ntalk 518/udp route 520/udp timed 525/udp tempo 526/tcp courier 530/tcp conference 531/tcp netnews 532/tcp netwall 533/udp broadcasts gdomap 538/tcp objects gdomap 538/udp objects uucp 540/tcp afpovertcp 548/tcp afpovertcp 548/udp remotefs 556/tcp filesystem klogin 543/tcp kshell 544/tcp nntps 563/tcp nntps 563/udp ldaps 636/tcp ldaps 636/udp tinc 655/tcp tinc 655/udp kerberos-adm 749/tcp # webster 765/tcp webster 765/udp rsync 873/tcp rsync 873/udp ftps-data 989/tcp ftps 990/tcp telnets 992/tcp telnets 992/udp imaps 993/tcp imaps 993/udp ircs 994/tcp ircs 994/udp pop3s 995/tcp pop3s 995/udp
# Internet Printing
comsat whod cmd
# no passwords used
spooler
# line printer spooler
router routed timeserver newdate rpc chat readnews
# RIP
# -for emergency # GNUstep distributed # GNUstep distributed
uucpd
# # # rfs_server rfs # krcmd snntp snntp
# # # # # # # # #
uucp daemon AFP over TCP AFP over TCP Brunhoff remote Kerberized `rlogin' (v5) Kerberized `rsh' (v5) NNTP over SSL NNTP over SSL LDAP over SSL LDAP over SSL tinc control port tinc packet port Kerberos `kadmin' (v5)
# Network dictionary # # # # # # # # # # # #
rsync rsync FTP over SSL (data) FTP over SSL Telnet over SSL Telnet over SSL IMAP over SSL IMAP over SSL IRC over SSL IRC over SSL POP-3 over SSL POP-3 over SSL
# # From ``Assigned Numbers'': # #> The Registered Ports are not controlled by the IANA and on most systems #> can be used by ordinary user processes or programs executed by ordinary #> users. # #> Ports are used in the TCP [45,106] to name the ends of logical #> connections which carry long term conversations. For the purpose of #> providing services to unknown callers, a service contact port is #> defined. This list specifies the port used by the server process as its #> contact port. While the IANA can not control uses of these ports it #> does register or list uses of these ports as a convienence to the #> community. # socks 1080/tcp # socks proxy server socks 1080/udp # socks proxy server lotusnote 1352/tcp lotusnotes # Lotus Note lotusnote 1352/udp lotusnotes # Lotus Note ingreslock 1524/tcp ingreslock 1524/udp prospero-np 1525/tcp # Prospero non-privileged prospero-np 1525/udp datametrics 1645/tcp old-radius # datametrics / old radius entry datametrics 1645/udp old-radius # datametrics / old radius entry sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry radius 1812/tcp # Radius radius 1812/udp # Radius radius-acct 1813/tcp radacct # Radius Accounting radius-acct 1813/udp radacct # Radius Accounting rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99 rtcm-sc104 2101/udp # RTCM SC-104 IANA 1/29/99 cvspserver 2401/tcp # CVS client/server operations cvspserver 2401/udp # CVS client/server operations venus 2430/tcp # codacon port venus 2430/udp # Venus callback/wbc interface venus-se 2431/tcp # tcp side effects venus-se 2431/udp # udp sftp side effect codasrv 2432/tcp # not used codasrv 2432/udp # server port codasrv-se 2433/tcp # tcp side effects codasrv-se 2433/udp # udp sftp side effect mon 2583/tcp # MON mon 2583/udp # MON dict 2628/tcp # Dictionary server
dict 2628/udp gds_db 3050/tcp gds_db 3050/udp icpv2 3130/tcp (Squid) icpv2 3130/udp (Squid) mysql 3306/tcp mysql 3306/udp rfe 5002/tcp rfe 5002/udp cfengine 5308/tcp cfengine 5308/udp x11 6000/tcp x11 6000/udp x11-1 6001/tcp x11-1 6001/udp x11-2 6002/tcp x11-2 6002/udp x11-3 6003/tcp x11-3 6003/udp x11-4 6004/tcp x11-4 6004/udp x11-5 6005/tcp x11-5 6005/udp x11-6 6006/tcp x11-6 6006/udp x11-7 6007/tcp x11-7 6007/udp afs3-fileserver 7000/tcp afs3-fileserver 7000/udp afs3-callback 7001/tcp managers afs3-callback 7001/udp managers afs3-prserver 7002/tcp afs3-prserver 7002/udp afs3-vlserver 7003/tcp afs3-vlserver 7003/udp afs3-kaserver 7004/tcp authentication afs3-kaserver 7004/udp authentication afs3-volser 7005/tcp afs3-volser 7005/udp afs3-errors 7006/tcp service afs3-errors 7006/udp service afs3-bos 7007/tcp afs3-bos 7007/udp afs3-update 7008/tcp afs3-update 7008/udp afs3-rmtsys 7009/tcp service afs3-rmtsys 7009/udp
icp
# Dictionary server # InterBase server # InterBase server # Internet Cache Protocol
icp
# Internet Cache Protocol
x11-0 x11-0
bbs bbs
# # # # # # # # # # # # # # # # # # # # # # # # #
MySQL MySQL Radio Free Ethernet Actually uses UDP only CFengine CFengine X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system X windows system file server itself file server itself callbacks to cache
# callbacks to cache # # # # #
users & groups database users & groups database volume location database volume location database AFS/Kerberos
# AFS/Kerberos # volume managment server # volume managment server # error interpretation # error interpretation # # # # #
basic overseer process basic overseer process server-to-server updater server-to-server updater remote cache manager
# remote cache manager
service font-service font-service wnn6 wnn6
7100/tcp 7100/udp 22273/tcp 22273/udp
xfs xfs
# # # #
X Font Service X Font Service wnn6 wnn6
#====================================================================== === # The remaining port numbers are not as allocated by IANA. # # Kerberos (Project Athena/MIT) services # Note that these are for Kerberos v4, and are unofficial. Sites running # v4 should uncomment these and comment out the v5 entries above. # kerberos4 750/udp kerberos-iv kdc # Kerberos (server) udp kerberos4 750/tcp kerberos-iv kdc # Kerberos (server) tcp kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication passwd_server 752/udp # Kerberos passwd server krb_prop 754/tcp # Kerberos slave propagation krbupdate 760/tcp kreg # Kerberos registration kpasswd 761/tcp kpwd # Kerberos "passwd" swat 901/tcp # swat kpop 1109/tcp # Pop with Kerberos knetd 2053/tcp # Kerberos de-multiplexor zephyr-srv 2102/udp # Zephyr server zephyr-clt 2103/udp # Zephyr serv-hm connection zephyr-hm 2104/udp # Zephyr hostmanager eklogin 2105/tcp # Kerberos encrypted rlogin # Hmmm. Are we using Kv4 or Kv5 now? Worrying. # The following is probably Kerberos v5 --- [email protected] (11/02/2000) kx 2111/tcp # X over Kerberos # # Unofficial but necessary (for NetBSD) services # supfilesrv 871/tcp # SUP server supfiledbg 1127/tcp # SUP debugging # # Datagram Delivery Protocol services # rtmp 1/ddp # Routing Table Maintenance Protocol nbp 2/ddp # Name Binding Protocol echo 4/ddp # AppleTalk Echo Protocol zip 6/ddp # Zone Information Protocol # # Services added for the Debian GNU/Linux distribution # linuxconf 98/tcp # LinuxConf poppassd 106/tcp # Eudora
poppassd 106/udp imsp 406/tcp Protocol imsp 406/udp Protocol ssmtp 465/tcp nqs 607/tcp moira_db 775/tcp moira_update 777/tcp moira_ureg 779/udp omirr 808/tcp omirr 808/udp customs 1001/tcp customs 1001/udp rmiregistry 1099/tcp skkserv 1178/tcp predict 1210/udp tracking rmtcfg 1236/tcp config server xtel 1313/tcp xtelw 1314/tcp support 1529/tcp sieve 2000/tcp cfinger 2003/tcp Transfer Protocol ndtp 2010/tcp transfer protocol ninstall 2150/tcp ninstall 2150/udp zebrasrv 2600/tcp zebra 2601/tcp ripd 2602/tcp ripngd 2603/tcp ospfd 2604/tcp bgpd 2605/tcp ospf6d 2606/tcp afbackup 2988/tcp afbackup 2988/udp afmbackup 2989/tcp afmbackup 2989/udp xtell 4224/tcp fax 4557/tcp (old) hylafax 4559/tcp protocol (new) pcrd 5151/tcp noclog 5354/tcp noclog 5354/udp hostmon 5355/tcp hostmon 5355/udp postgres 5432/tcp postgres 5432/udp mrtd 5674/tcp bgpsim 5675/tcp canna 5680/tcp
# Eudora # Interactive Mail Support # Interactive Mail Support smtps
omirrd omirrd
# # # # # # # # # #
SMTP over SSL Network Queuing system Moira database Moira update protocol. Moira user registration. online mirror online mirror pmake customs server pmake customs server Java RMI Registry # skk jisho server port # predict -- satellite # Gracilis Packeten remote
lmtp
# # # # #
french minitel french minitel GNATS Sieve mail filter daemon GNU Finger / Local Mail
# Network dictionary # # # # # # # # # # # # # # #
ninstall service ninstall service zebra service zebra vty RIPd vty RIPngd vty OSPFd vty BGPd vty OSPF6d vty Afbackup system Afbackup system Afmbackup system Afmbackup system xtell server FAX transmission service
# HylaFAX client-server # # # # # # # # # #
PCR-1000 Daemon noclogd with TCP (nocol) noclogd with UDP (nocol) hostmon uses TCP (nocol) hostmon uses UDP (nocol) POSTGRES POSTGRES MRT Routing Daemon MRT Routing Simulator cannaserver
sane daemon ircd ircd ircd-dalnet ircd-dalnet webcache webcache tproxy tproxy omniorb omniorb mandelspawn amanda kamanda (Kerberos) kamanda (Kerberos) amandaidx amidxtape smsqp smsqp xpilot xpilot isdnlog isdnlog vboxd vboxd binkp binkp asp asp dircproxy tfido tfido fido fido
6566/tcp 6667/tcp 6667/udp 7000/tcp 7000/udp 8080/tcp 8080/udp 8081/tcp 8081/udp 8088/tcp 8088/udp 9359/udp 10080/udp 10081/tcp
saned
mandelbrot
# SANE network scanner # # # # # # # # # # # # #
Internet Relay Chat Internet Relay Chat IRC - Dalnet IRC - Dalnet WWW caching service WWW caching service Transparent Proxy Transparent Proxy OmniORB OmniORB network mandelbrot amanda backup services amanda backup services
10081/udp
# amanda backup services
10082/tcp 10083/tcp 11201/tcp 11201/udp 15345/tcp 15345/udp 20011/tcp 20011/udp 20012/tcp 20012/udp 24554/tcp 24554/udp 27374/tcp 27374/udp 57000/tcp 60177/tcp 60177/udp 60179/tcp 60179/udp
# # # # # # # # # # # # # # # # # # #
amanda backup services amanda backup services Alamin SMS gateway Alamin SMS gateway XPilot Contact Port XPilot Contact Port isdn logging system isdn logging system voice box system voice box system Binkley Binkley Address Search Protocol Address Search Protocol Detachable IRC Proxy Ifmail Ifmail Ifmail Ifmail
|_ _/ ___| _ \ / /_ _| _ \ | || | | |_) / / | || |_) | | || |___| __/ / | || __/ |_| \____|_| /_/ |___|_|
Internet Protocol (IPv4) Subnet Chart For more information on subnetting, see RFC 1817 and RFC 1812. Class address ranges:
• • •
Class A = 1.0.0.0 to 126.0.0.0 Class B = 128.0.0.0 to 191.255.0.0 Class C = 192.0.1.0 to 223.255.255.0
Reserved address ranges for private (non-routed) use (see RFC 1918): • • •
10.0.0.0 -> 10.255.255.255 172.16.0.0 -> 172.31.255.255 192.168.0.0 -> 192.168.255.255
Other reserved addresses: • •
127.0.0.0 is reserved for loopback and IPC on the local host 224.0.0.0 -> 239.255.255.255 is reserved for multicast addresses
Chart notes: •
•
Number of Subnets - "( )" Refers to the number of effective subnets, since the use of subnet numbers of all 0s or all 1s is highly frowned upon and RFC noncompliant. Number of Hosts - Refers to the number of effective hosts, excluding the network and broadcast address.
Class A Network Bits Subnet Mask
Number of Subnets Number of Hosts
/8
255.0.0.0
0
16777214
/9
255.128.0.0
2 (0)
8388606
/10
255.192.0.0
4 (2)
4194302
/11
255.224.0.0
8 (6)
2097150
/12
255.240.0.0
16 (14)
1048574
/13
255.248.0.0
32 (30)
524286
/14
255.252.0.0
64 (62)
262142
/15
255.254.0.0
128 (126)
131070
/16
255.255.0.0
256 (254)
65534
/17
255.255.128.0
512 (510)
32766
/18
255.255.192.0
1024 (1022)
16382
/19
255.255.224.0
2048 (2046)
8190
/20
255.255.240.0
4096 (4094)
4094
/21
255.255.248.0
8192 (8190)
2046
/22
255.255.252.0
16384 (16382)
1022
/23
255.255.254.0
32768 (32766)
510
/24
255.255.255.0
65536 (65534)
254
/25
255.255.255.128 131072 (131070)
126
/26
255.255.255.192 262144 (262142)
62
/27
255.255.255.224 524288 (524286)
30
/28
255.255.255.240 1048576 (1048574)
14
/29
255.255.255.248 2097152 (2097150)
6
/30
255.255.255.252 4194304 (4194302)
2
Class B Network Bits Subnet Mask
Number of Subnets Number of Hosts
/16
255.255.0.0
0
65534
/17
255.255.128.0
2 (0)
32766
/18
255.255.192.0
4 (2)
16382
/19
255.255.224.0
8 (6)
8190
/20
255.255.240.0
16 (14)
4094
/21
255.255.248.0
32 (30)
2046
/22
255.255.252.0
64 (62)
1022
/23
255.255.254.0
128 (126)
510
/24
255.255.255.0
256 (254)
254
/25
255.255.255.128 512 (510)
126
/26
255.255.255.192 1024 (1022)
62
/27
255.255.255.224 2048 (2046)
30
/28
255.255.255.240 4096 (4094)
14
/29
255.255.255.248 8192 (8190)
6
/30
255.255.255.252 16384 (16382)
2
Class C Network Bits Subnet Mask
Number of Subnets Number of Hosts
/24
255.255.255.0
0
/25
255.255.255.128 2 (0)
126
/26
255.255.255.192 4 (2)
62
/27
255.255.255.224 8 (6)
30
/28
255.255.255.240 16 (14)
14
/29
255.255.255.248 32 (30)
6
/30
255.255.255.252 64 (62)
2
254
Supernetting (CIDR) Chart • •
CIDR - Classless Inter-Domain Routing. Note: The Number of Class C networks must be contiguous. For example, 192.169.1.0/22 represents the following block of addresses: 192.169.1.0, 192.169.2.0, 192.169.3.0 and 192.169.4.0. Class C
CIDR Block Supernet Mask Number of Class C Addresses Number of Hosts /14
255.252.0.0
1024
262144
/15
255.254.0.0
512
131072
/16
255.255.0.0
256
65536
/17
255.255.128.0
128
32768
/18
255.255.192.0
64
16384
/19
255.255.224.0
32
8192
/20
255.255.240.0
16
4096
/21
255.255.248.0
8
2048
/22
255.255.252.0
4
1024
/23
255.255.254.0
2
512
Quick Subnetting How-To (Thanks to Jason@ GeekVenue.)
[Understanding decimal - Base 10] The first thing you must know is that the common number system used world wide is the decimal system (otherwise known as base 10). What makes the decimal system a base 10 system is that it is based on grouping numbers by 10's. It is believed that the system evolved because we have ten fingers and ten toes which over the years we have used for counting. I use mine all the time (grin). We name the ten digits: zero, one, two, three, four, five, six, seven, eight and nine. The decimal system has a 1's place, a 10's place, a 100's place, a 1000's place and so on. We say the number places are grouped by 10's because multiplying each number place by 10 gives you the next number place. So: 1x10=10 (the 10's place), 10x10=100 (the 100's place), 100x10=1000 (the 1000's place) etc. Let's look at the decimal number 103 by place. 103 <- read from right to left We have a 3 in the 1's place We have a 0in the 10's place We have a 1 in the 100's place Thus: 100+0+3=103
By now you probably feel like you have attended Kindergarten for the second time in your life? Sorry about that but it is very important that you understand the concept of what a number system is, and what it is based on before we look at binary. [Understanding binary - base 2] Binary is a base 2 system, and thus groups numbers by 2's and not by 10's like the decimal system. We name the two digits: zero and one. The binary system has a 1's place, a 2's place, a 4's place, an 8's place, a 16's place and so on. We say the number places are grouped by 2's because multiplying each number place by 2 gives you the next number place. So: 1x2=2 (the 2's place), 2x2=4 (the 4's place), 4x2=8 (the 8's place), 8x2=16 (the 16's place) etc. Let's look at the decimal number Let's look at the decimal number 103 in binary format: 01100111 <- read from right to left We have a 1 in the 1's place We have a 1 in the 2's place We have a 1 in the 4's place We have a 0 in the 8's place We have a 0 in the 16's place We have a 1 in the 32's place We have a 1 in the 64's place We have a 0 in the 128's place Thus: 0+64+32+0+0+4+2+1=103 Okay, Let's test your skills. Here is a list of binary numbers, try converting them to decimal and check your answers at the end of this post. 10000000 11000000 11100000 01000000 10000011 10010001 11111111 If you were able to convert these numbers to decimal then congratulations! You're ready to move on to the next section.
[Understanding a subnet mask] Now that you understand what binary is, let's have a look at our two subnet masks from the beginning of my post: 192.168.1.0 / 255.255.255.0 192.168.1.0/24 The concept of a subnet mask is simple. You have a network and you have hosts on the network (anything with an IP address is a host). The subnet mask determines what portion of the TCP/IP address represents your network and what portion can be used for your hosts. Because I am a simple person, I think of it like this; The network number represents the street I live on, and the host portion is used for the numbers on all the houses on my street. A subnet mask of 255.255.255.0 means that the first three octets of the address will be used for the network, and thus our network number is 192.168.1. This means we can have 254 computers on this network, because the fourth octet is not being used by the network portion of the address. We know this because of the 0 in the subnet mask (255.255.255.0). We call each of the number sections an octet because we think of them in binary, and there are eight possible bits in each section. Eight bits is an octet. 11111111 in binary is 255 in decimal (did you do the conversions?). So our decimal subnet mask 255.255.255.0 displayed in binary is going to be: 11111111.11111111.11111111.00000000 If you count all the ones, you will find that there are 24 of them. Now look at the subnet mask examples again. 192.168.1.0/255.255.255.0 192.168.1.0/24 Do you see why both subnet masks are the same? The number 24 is the number of bits used in the network portion of the address, and is short-hand for writing the address/subnet mask combination. It becomes important to understand this when you start dividing your network into multiple sub networks.
[Understanding Subnetting] Before reading this section, you should have a good understanding of what a subnet mask is and how binary bits represent the subnet mask. Simply put, subnetting is dividing your network into multiple sub networks. To go back to my silly example about houses and streets, subnetting gives you multiple streets in your neighborhood. There are two methods for dividing your network into multiple sub networks; One is to simply change your network numbers keeping the same subnet mask. The other is to subnet your network into smaller sub networks. Keeping the same mask: Your network could be divided into two or more networks by changing the network portion of the address such as 192.168.1 and 192.168.2 and keeping the same subnet mask. Example: 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 Doing this would give you two separate networks with 254 hosts per network. This is a very common method of dealing with multiple networks. However, back in the good old days you had to pay for every IP address you used, and if you had 25 computers on your network you probably would not want to pay for 254 addresses! The answer to the problem is...subnetting. Subnetting a network: Subnetting is when you use bits from the host portion of your address as part of your network number. This let's you subdivide your network at the cost of host addresses, which is great if you're paying for every host IP address. It will save you money because you pay for fewer TCP/IP addresses. Confused? Here is where understanding binary is important. Lets look at a new subnet mask: 255.255.255.224 As you can see in the fourth octet, some of the host portion of this subnet mask is now being used for part of the network address. Which means we are now using some of the binary bits in the
fourth octet for our network numbers, and that gives us fewer hosts than our old mask (which gave us 254), but gives us more networks (which is why we call it subnetting). How can we tell how many networks and hosts per network this new subnet mask will give us? Well... we shall have to use some of our newly acquired binary skills. The first task is to find out how many bits in the fourth octet are being used? The decimal number is 224, what is the decimal number 224 as represented in binary? The decimal number 224 in binary is: 11100000 We have a 0 in the 1's place We have a 0 in the 2's place We have a 0 in the 4's place We have a 0 in the 8's place We have a 0 in the 16's place We have a 1 in the 32's place We have a 1 in the 64's place We have a 1 in the 128's place Thus: 128+64+32+0+0+0+0+0=224 So our complete subnet mask in binary is: 1111111.11111111.11111111.11100000 We now know that three bits from the fourth octet are used. How can we tell how many sub networks we're going to have? This requires some math- sorry. The formula is: 2n-2, where n is the number of bits being used from the host portion of our subnet mask. Note: We subtract 2 from the total because you do not count all 0's or all 1's. The formula for three bits is: 23-2=6 In simpler terms: (2x2x2)-2=6 So our network is sub divided into 6 networks. Next, we want to know what the network numbers are, and how many hosts we can
have on each of the 6 networks? What is the first subnet? Let's have a look at the bits in our fourth octet again. The bit that gives us the answer is the (1) closest to the first zero, and in this case it is the 3rd bit from the left. 11100000 The 3rd bit will start our first network, and the 3rd bit is in the 32's place (remember binary). Start adding the value 32 to itself six times to get the six network numbers. Note: A quicker way to find our starting network number is to subtract our mask from 256. 256-224=32 Here are our network numbers: 32 64 96 128 160 192 A better way to display this is: 192.168.1.32 192.168.1.64 192.168.1.96 192.168.1.128 192.168.1.160 192.168.1.192 The host addresses will fall between the network numbers, so we will have 30 hosts per network. You're probably wondering why it's not 31? The answer is that the last address of each subnet is used as the broadcast address for that subnet. Example: Subnet:192.168.1.32 / 255.255.255.224 Address Range: 192.168.1.33 through 192.168.1.62 (30 hosts) Subnet Broadcast Address:192.168.1.63 Quiz: Let's test your skills- write the address range and broadcast
address for the following subnet. You will find the answer at the end of this post. Subnet: 192.168.1.128 / 255.255.255.224 Address Range? Subnet Broadcast Address? If we we're paying for our TCP/IP addresses, we would only pay for one network and host combination, thus paying for 30 hosts and not 254. It could mean some real savings, it also frees up the remaining addresses for other organizations to use. Let's look at another subnet mask: 255.255.255.240 How many bits are used from the host portion? To find this out, we need to know how the decimal number 240 is represented in binary. The answer is: 11110000 So four bits are taken from the host portion of our mask. We do the same math as before: 24-2=14 In simpler terms: (2x2x2x2)-2=14 We will have 14 sub networks, and what will the network numbers be? Look at the fourth bit, it's in the 16's place: 11110000 Note: A quicker way to find our starting network number is to subtract the value of our mask from 256. So: 256-240=16 Start adding 16 to itself- fourteen times to get all 14 network numbers: 16 32 48 64 80 96
112 128 144 160 176 192 208 224 A better way to display our subnets is: 192.168.1.16 192.168.1.32 192.168.1.48 192.168.1.64 192.168.1.80 192.168.1.96 192.168.1.112 192.168.1.128 192.168.1.144 192.168.1.160 192.168.1.176 192.168.1.192 192.168.1.208 192.168.1.224 The host addresses fall between the network numbers. So we will have 14 host addresses on each of our 14 sub networks (remember: the last or 15th address is the broadcast address for that subnet). If you had a small company with 10 hosts and needed to have a static IP address for all of your hosts, you would be assigned a network/subnet mask and a valid IP address range. Here is an example of what that might look like: Network: 205.112.10.16/.255.255.255.240 Address Range: 205.112.10.17 through 205.112.10.30 Subnet Broadcast Address: 205.112.10.31 [Answers to Binary Conversions] 10000000 = 128 11000000 = 192
11100000 = 224 01000000 = 64 10000011 = 131 10010001 = 145 11111111 = 255 [Answer to Subnet Question] Subnet:192.168.1.128 / 255.255.255.224 Address Range: 192.168.1.129 through 192.168.1.158 Subnet Broadcast Address: 192.168.1.159