IPv4 Subnet CIDR List
Netmask Netmask (binary) CIDR Notes
_____________________________________________________________________________
255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single addr)
255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable
255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C's
255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C's
255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C's
255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C's
255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C's
255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C's
255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C's
255.255.0.0 11111111.11111111.00000000.00000000 /16 "Class B"
255.254.0.0 11111111.11111110.00000000.00000000 /15 2 Class B's
255.252.0.0 11111111.11111100.00000000.00000000 /14 4 Class B's
255.248.0.0 11111111.11111000.00000000.00000000 /13 8 Class B's
255.240.0.0 11111111.11110000.00000000.00000000 /12 16 Class B's
255.224.0.0 11111111.11100000.00000000.00000000 /11 32 Class B's
255.192.0.0 11111111.11000000.00000000.00000000 /10 64 Class B's
255.128.0.0 11111111.10000000.00000000.00000000 /9 128 Class B's
255.0.0.0 11111111.00000000.00000000.00000000 /8 "Class A"
254.0.0.0 11111110.00000000.00000000.00000000 /7
252.0.0.0 11111100.00000000.00000000.00000000 /6
248.0.0.0 11111000.00000000.00000000.00000000 /5
240.0.0.0 11110000.00000000.00000000.00000000 /4
224.0.0.0 11100000.00000000.00000000.00000000 /3
192.0.0.0 11000000.00000000.00000000.00000000 /2
128.0.0.0 10000000.00000000.00000000.00000000 /1
0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space
NMAP Commands
Basic Scan: nmap [target ip]
Scan A Range Of IPs: nmap [target ip - target ip] eg. nmap 192.168.0-4.1-255
Scan Specific Ports: nmap -p[port no.],[port no.] [target ip]
Scan And Get Service Versions: nmap -sV [target ip]
Stealth Scan: nmap -sS [target ip]
Identify The Remote Operating System: nmap -O [target ip]
Of course all of those different flags can be combined or mixed and matched, for example:
nmap -sS -sV -p21,23 192.168.0.10
If Ping is not allowed but host is up then use the belwo mention command
nmap -sS -sV -p 80 -Pn 1.1.1.1
How Network Traffic Flows
To troubleshoot an issue, you need to know how network traffic flows under normal circumstances. This article details what happens when a Web browser is used to access a Web site.
Once the Web site name is entered into a Web browser, a series of communications occurs over various protocols. The table below represents how the network traffic flows:
The ARP Protocol
Before systems can communicate, they need to know each other's hardware addresses. The Address Resolution Protocol (ARP) is used for this purpose. From its configuration, the workstation knows the IP address of the DNS server.
Line # 1
The
workstation broadcasts a request to the devices on its network
asking "who has" the IP address it needs to communicate
with.
Line # 2
The
remote system responds providing its hardware address. Now
that the workstation knows the hardware address of the remote
system, it can communicate with it.
The DNS Protocol
The Domain Name System (DNS) protocol is used to resolve system names to IP addresses. When a Web site name is entered into a browser, the workstation needs to know the corresponding IP address to reach the Web server hosting the site.
Line # 3
The
workstation asks the DNS server to provide the IP address
of the Web server hosting www.cyberguard.com.
Line # 4
The
DNS server responds with the IP address corresponding to
www.cyberguard.com.
The TCP Protocol
The Transmission Control Protocol (TCP) protocol is used to transfer data. These next three lines comprise the TCP three-way handshake:
Line # 5
The
workstation initiates the connection to the Web server (SYN).
SYN is an abbreviation for "synchronize."
Line # 6
The
Web server responds back indicating that it is ready for
transmission (SYN ACK). SYN ACK is an abbreviation for "synchronize
acknowledgement."
Line # 7
The
workstation sends to the Web server indicating that it is
starting to send traffic (ACK). This acknowledgement indicates
that the TCP connection is established and traffic can begin
to flow.
The HTTP Protocol
The Hyper Text Transfer Protocol (HTTP) is used to serve up Web pages. You can see evidence of this from the Web site address in your browser (e.g. http://www.cyberguard.com).
Line # 8
The
browser opens a connection to the Web server.
Line # 9
The
Web server accepts the connection.
Line # 10
The
HTTP Continuation lines represent where the contents of
the html page are sent over. It includes text, links, etc.
Back to the TCP Protocol
Line # 11
This
line is actually repeated four times. The workstation is
acknowledging the last packet.
Line # 12 (RST)
The
workstation sends a reset, effectively tearing down the
TCP connection.
(Note: Reference of the post "How Network Traffic Flows" is http://www.gideonrasmussen.com/article-03.html)
Netmask Netmask (binary) CIDR Notes
_____________________________________________________________________________
255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single addr)
255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable
255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C's
255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C's
255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C's
255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C's
255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C's
255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C's
255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C's
255.255.0.0 11111111.11111111.00000000.00000000 /16 "Class B"
255.254.0.0 11111111.11111110.00000000.00000000 /15 2 Class B's
255.252.0.0 11111111.11111100.00000000.00000000 /14 4 Class B's
255.248.0.0 11111111.11111000.00000000.00000000 /13 8 Class B's
255.240.0.0 11111111.11110000.00000000.00000000 /12 16 Class B's
255.224.0.0 11111111.11100000.00000000.00000000 /11 32 Class B's
255.192.0.0 11111111.11000000.00000000.00000000 /10 64 Class B's
255.128.0.0 11111111.10000000.00000000.00000000 /9 128 Class B's
255.0.0.0 11111111.00000000.00000000.00000000 /8 "Class A"
254.0.0.0 11111110.00000000.00000000.00000000 /7
252.0.0.0 11111100.00000000.00000000.00000000 /6
248.0.0.0 11111000.00000000.00000000.00000000 /5
240.0.0.0 11110000.00000000.00000000.00000000 /4
224.0.0.0 11100000.00000000.00000000.00000000 /3
192.0.0.0 11000000.00000000.00000000.00000000 /2
128.0.0.0 10000000.00000000.00000000.00000000 /1
0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space
Common FTP
Commands
?
|
to request help or information about the
FTP commands
|
|
ascii
|
to set the mode of file
transfer to ASCII
(this is the default and transmits seven bits per character) |
|
binary
|
to set the mode of file
transfer to binary
(the binary mode transmits all eight bits per byte and thus provides less chance of a transmission error and must be used to transmit files other than ASCII files) |
|
bye
|
to exit the FTP environment
(same as quit)
|
|
cd
|
to change directory on the
remote machine
|
|
close
|
to terminate a connection
with another computer
|
|
close brubeck
|
closes the current FTP
connection with brubeck,
but still leaves you within the FTP environment. |
|
delete
|
to delete (remove) a file in
the current remote directory (same as rm in UNIX)
|
|
get
|
to copy one file from the
remote machine to the local machine
|
|
get ABC DEF
|
copies file ABC in the current remote
directory to (or on top of) a file named DEF in your current local directory.
|
|
get ABC
|
copies file ABC in the current remote
directory to (or on top of) a file with the same name, ABC, in your current local
directory.
|
|
help
|
to request a list of all
available FTP commands
|
|
lcd
|
to change directory on your
local machine (same as UNIX cd)
|
|
ls
|
to list the names of the
files in the current remote directory
|
|
mkdir
|
to make a new directory
within the current remote directory
|
|
mget
|
to copy multiple files from
the remote machine to the local machine;
you are prompted for a y/n answer before transferring each file |
|
mget *
|
copies all the files in the
current remote directory to your current local directory, using the same
filenames. Notice the use of the wild card character, *.
|
|
mput
|
to copy multiple files from
the local machine to the remote machine;
you are prompted for a y/n answer before transferring each file |
|
open
|
to open a connection with
another computer
|
|
open brubeck
|
opens a new FTP connection with brubeck;
you must enter a username and password for a brubeck account (unless it is to be an anonymous connection). |
|
put
|
to copy one file from the
local machine to the remote machine
|
|
pwd
|
to find out the pathname of
the current directory on the remote machine
|
|
quit
|
to exit the FTP environment
(same as bye)
|
|
rmdir
|
to to remove (delete) a directory
in the current remote directory
|
|
List of FTP commands for the Microsoft command-line FTP client
Command-line options
As
you're starting the program from a DOS prompt:
ftp [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [computer]
ftp [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [computer]
- -v - Suppresses verbose display of remote server responses.
- -n - Suppresses auto-login upon initial connection.
- -i - Turns off interactive prompting during multiple file transfers.
- -d - Enables debugging, displaying all ftp commands passed between the client and server.
- -g - Disables filename globbing, which permits the use of wildcard chracters in local file and path names.
- -s:filename - Specifies a text file containing ftp commands; the commands will automatically run after ftp starts. No spaces are allowed in this parameter. Use this switch instead of redirection (>).
- -a - Use any local interface when binding data connection.
- -w:windowsize - Overrides the default transfer buffer size of 4096.
- computer - Specifies the computer name or IP address of the remote computer to connect to. The computer, if specified, must be the last parameter on the line.
Client commands
- ! - Runs the
specified command on the local computer
- ? - Displays
descriptions for ftp commands
- append -
Appends a local file to a file on the remote computer
- ascii - Sets
the file transfer type to ASCII, the default
- bell - Toggles
a bell to ring after each file transfer command is completed (default =
OFF)
- binary -
Sets the file transfer type to binary
- bye - Ends the
FTP session and exits ftp
- cd - Changes the
working directory on the remote computer
- close - Ends
the FTP session and returns to the command interpreter
- debug -
Toggles debugging (default = OFF)
- delete -
Deletes a single file on a remote computer
- dir - Displays a
list of a remote directory's files and subdirectories
- disconnect
- Disconnects from the remote computer, retaining the ftp prompt
- get - Copies a
single remote file to the local computer
- glob - Toggles
filename globbing (wildcard characters) (default = ON)
- hash - Toggles
hash-sign (#) printing for each data block transferred (default = OFF)
- help -
Displays descriptions for ftp commands
- lcd - Changes
the working directory on the local computer
- literal
- Sends arguments, verbatim, to the remote FTP server
- ls - Displays an
abbreviated list of a remote directory's files and subdirectories
- mdelete
- Deletes one or more files on a remote computer
- mdir -
Displays a list of a remote directory's files and subdirectories
- mget - Copies
one or more remote files to the local computer
- mkdir -
Creates a remote directory
- mls - Displays
an abbreviated list of a remote directory's files and subdirectories
- mput - Copies
one or more local files to the remote computer
- open -
Connects to the specified FTP server
- prompt -
Toggles prompting (default = ON)
- put - Copies a
single local file to the remote computer
- pwd - Displays
the current directory on the remote computer (literally, "print
working directory")
- quit - Ends
the FTP session with the remote computer and exits ftp (same as
"bye")
- quote -
Sends arguments, verbatim, to the remote FTP server (same as
"literal")
- recv - Copies
a remote file to the local computer
- remotehelp
- Displays help for remote commands
- rename -
Renames remote files
- rmdir -
Deletes a remote directory
- send - Copies
a local file to the remote computer (same as "put")
- status -
Displays the current status of FTP connections
- trace -
Toggles packet tracing (default = OFF)
- type - Sets or
displays the file transfer type (default = ASCII)
- user -
Specifes a user to the remote computer
- verbose
- Toggles verbose mode (default = ON)
NMAP Commands
Basic Scan: nmap [target ip]
Scan A Range Of IPs: nmap [target ip - target ip] eg. nmap 192.168.0-4.1-255
Scan Specific Ports: nmap -p[port no.],[port no.] [target ip]
Scan And Get Service Versions: nmap -sV [target ip]
Stealth Scan: nmap -sS [target ip]
Identify The Remote Operating System: nmap -O [target ip]
Of course all of those different flags can be combined or mixed and matched, for example:
nmap -sS -sV -p21,23 192.168.0.10
If Ping is not allowed but host is up then use the belwo mention command
nmap -sS -sV -p 80 -Pn 1.1.1.1
How Network Traffic Flows
To troubleshoot an issue, you need to know how network traffic flows under normal circumstances. This article details what happens when a Web browser is used to access a Web site.
Once the Web site name is entered into a Web browser, a series of communications occurs over various protocols. The table below represents how the network traffic flows:
|
Line:
|
Protocol:
|
Source:
|
Destination:
|
Data:
|
|
1
|
ARP
|
10.0.1.13
|
Broadcast
|
Who has 10.0.1.1? Tell
10.0.1.13
|
|
2
|
ARP
|
10.0.1.1
|
10.0.1.13
|
10.0.1.1 is at 00:80:c8:57:d3:aa
|
|
3
|
DNS
|
10.0.1.13
|
10.0.1.1
|
Standard query A http://www.cyberguard.com
|
|
4
|
DNS
|
10.0.1.1
|
10.0.1.13
|
Standard query response
CNAME cyberguard.com A 64.94.50.88
|
|
5
|
TCP
|
10.0.1.13
|
64.94.50.88
|
1939 > http [SYN]
|
|
6
|
TCP
|
64.94.50.88
|
10.0.1.13
|
http > 1939 [SYN, ACK]
|
|
7
|
TCP
|
10.0.1.13
|
64.94.50.88
|
1939 > http [ACK]
|
|
8
|
HTTP
|
10.0.1.13
|
64.94.50.88
|
GET / HTTP/1.1
|
|
9
|
HTTP
|
64.94.50.88
|
10.0.1.13
|
HTTP/1.1 200 OK
|
|
10
|
HTTP
|
64.94.50.88
|
10.0.1.13
|
HTTP Continuation
|
|
11
|
TCP
|
10.0.1.13
|
64.94.50.88
|
2577 > http [ACK] Seq=388864
Ack=37076821 Win=8241 Len=0
|
|
12
|
TCP
|
10.0.1.13
|
64.94.50.88
|
2577 > http [RST] Seq=388864
Ack=37077089 Win=0 Len=0
|
The ARP Protocol
Before systems can communicate, they need to know each other's hardware addresses. The Address Resolution Protocol (ARP) is used for this purpose. From its configuration, the workstation knows the IP address of the DNS server.
Line # 1
| Protocol: | Source: | Destination: | Data: |
| ARP | 10.0.1.13 | Broadcast | Who has 10.0.1.1? Tell 10.0.1.13 |
Line # 2
| Protocol: | Source: | Destination: | Data: |
| ARP | 10.0.1.1 | 10.0.1.13 | 10.0.1.1 is at 00:80:c8:57:d3:aa |
The DNS Protocol
The Domain Name System (DNS) protocol is used to resolve system names to IP addresses. When a Web site name is entered into a browser, the workstation needs to know the corresponding IP address to reach the Web server hosting the site.
Line # 3
| Protocol: | Source: | Destination: | Data: |
| DNS | 10.0.1.13 | 10.0.1.1 | Standard query A http://www.cyberguard.com |
Line # 4
| Protocol: | Source: | Destination: | Data: |
| DNS | 10.0.1.1 | 10.0.1.13 | Standard query response CNAME cyberguard.com A 64.94.50.88 |
The TCP Protocol
The Transmission Control Protocol (TCP) protocol is used to transfer data. These next three lines comprise the TCP three-way handshake:
Line # 5
| Protocol: | Source: | Destination: | Data: |
| TCP | 10.0.1.13 | 64.94.50.88 | 1939 > http [SYN] |
Line # 6
| Protocol: | Source: | Destination: | Data: |
| TCP | 64.94.50.88 | 10.0.1.13 | http > 1939 [SYN, ACK] |
Line # 7
| Protocol: | Source: | Destination: | Data: |
| TCP | 10.0.1.13 | 64.94.50.88 | 1939 > http [ACK] |
The HTTP Protocol
The Hyper Text Transfer Protocol (HTTP) is used to serve up Web pages. You can see evidence of this from the Web site address in your browser (e.g. http://www.cyberguard.com).
Line # 8
| Protocol: | Source: | Destination: | Data: |
| HTTP | 10.0.1.13 | 64.94.50.88 | GET / HTTP/1.1 |
Line # 9
| Protocol: | Source: | Destination: | Data: |
| HTTP | 64.94.50.88 | 10.0.1.13 | HTTP/1.1 200 OK |
Line # 10
| Protocol: | Source: | Destination: | Data: |
| HTTP | 64.94.50.88 | 10.0.1.13 | HTTP Continuation |
Back to the TCP Protocol
Line # 11
| Protocol: | Source: | Destination: | Data: |
| TCP | 10.0.1.13 | 64.94.50.88 | 2577 > http [ACK] Seq=388864 Ack=37076821 Win=8241 Len=0 |
Line # 12 (RST)
| Protocol: | Source: | Destination: | Data: |
| TCP | 10.0.1.13 | 64.94.50.88 | 2577 > http [RST] Seq=388864 Ack=37077089 Win=0 Len=0 |
(Note: Reference of the post "How Network Traffic Flows" is http://www.gideonrasmussen.com/article-03.html)
No comments:
Post a Comment