Key features of the Cisco Internetwork Operating System (IOS) include the following:
Reliable Adaptive Paths
Cisco IOS software provides protocol and routing support for all major internetworking protocol suites including IP, Novell NetWare, Apple AppleTalk, Banyan VINES, Digital DECNet, OSI, XNS, and Apollo Domain.
Bandwidth Optimization
The Cisco IOS architecture optimizes bandwidth by eliminating unnecessary traffic across wide-area network links and intelligently selecting the most economical WAN links available. The IOS capabilities such as virtual bandwidth reservation and priority queuing give network administrators the ability to reserve bandwidth and prioritize traffic based on the type of application, its source, or its destination.
Resource Allocation Control
Included in the Cisco IOS are priority queuing and custom queuing. Priority output queuing allows network administrators to route certain packets into high-priority queues, while custom queuing gives them the ability to reserve bandwidth or prioritizes traffic over WAN links base on user-defined variables. Cisco is working with other desktop software TCP/IP and computer vendors to put components of the Cisco IOS architecture in servers, allowing bandwidth reservation and queuing technologies to extend from the server all the way to the end-user station.
Management and Security
Cisco IOS software provides network management capabilities and features to reduce network bandwidth and processing overhead, off-load servers, conserve resources, and ease system configuration tasks.
Cisco IOS software provides a security toolkit that enables the partitioning of resources and prohibits access to sensitive or confidential information or processes. Multidimensional filters prevent users from knowing other users or resources are even on the network. Encrypted passwords, dial-in authentication, multilevel configuration permissions, accounting and logging features provide protection from and information about unauthorized access attempts. Robust firewalling and remote access security solution protect corporate information and assets.
Integration and Scalability
Cisco IOS software provides integration of routing, LAN switching and ATM cell switching and offers scalability to arbitrarily connect large numbers of LANs and end stations. IOS also includes scalable routing protocols to avoid needless congestion, overcome inherent protocol limitations and bypass many of the obstacles that arise because of the scope and geographical dispersion of an internetwork.
The implementation of Cisco IOS in Cisco products and solutions.
Sisco IOS: Internetwork Operating System - 1
a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"
Cisco IOS: Internetwork Operating System 1
cisco IOS:INternetworking OPerating system 2
NDIS: Network Driver Interface Specification
Network Driver Interface Specification (NDIS) is a standard API of LAN drivers for "Network Interface Cards" (NIC's) developed by Microsoft. NDIS maybe used on servers or workstations and allows computers to be connected to network with different communication protocols such as TCP/IP, IPX, NetBIOS, AppleTalk, etc.
NDIS perform functions at the Medium Control Layer (MAC) sub-layer of the data link layer (layer 2). The details of a NIC's hardware implementation is wrapped by a "Media Access Controller" (MAC) device driver in such a way that all NIC's for the same media (e.g., Ethernet) can be accessed using a common programming interface. NDIS also provides a library of functions (sometimes called a "wrapper") abstracting the network hardware from network drivers, that can be used by MAC drivers as well as higher level protocol drivers (such as TCP/IP). The wrapper functions serve to make development of both MAC and protocol drivers easier as well as to hide (to some extent) platform dependencies. NDIS also maintains state information and parameters for network drivers, including pointers to functions, handles, and parameter blocks for linkage, and other system values.
NDIS supports the following types of network drivers:
* Miniport drivers
* Intermediate drivers
* Protocol drivers
NDIS: Network Driver Interface Specification
Network Configuration Management
Network configuration management refers to setting, changing, collecting and restoring information about network devices (bridges, routers, workstations, servers, switches and others).
Networks of any size are in a constant state of flux. Any of the engineers responsible for the network can change the configuration of the switches and routers at any time. Configuration changes to live equipment can have devastating effects on the reliability of the network and the services provided by it. The aim of network configuration management is to save you time & reduce errors on your network due to misconfiguration of network devices.A network configuration management system is designed to allow you to take control of network changes, to simplify the job of managing networks and to fix configuration errors quickly.
There are direct correlations between properly configured devices and network security. Today's network configuration management solutions are specifically designed to automate the process of changing, securing and managing devices throughout the network. Whether configuration changes are introduced through malicious attacks, manual update errors, or network product defects, devices can become vulnerable and place the business at risk.
Basically there are two main categories of network configuration tools: tools provided by equipment vendors, and tools by third party companies.
Vendor specific tools, such as CiscoWorks, only work with their respective equipment (Cisco equipments in this case), which is a good choice in homogenous environments where a single vendor's equipment are deployed.
Usually a range of equipment from a number of vendors is deployed in the same network. In such a heterogeneous environments, a tool by a third party which covers multiple vendor equipment would be a better choice.
Network Performance Management
Network performance management is for network capacity planning, providing usage based billing, understanding Quality of Service (QOS) of traffic, providing reports to customers/users to fulfill Service level Agreement (SLA), and for network admin to obtain additional information about the network.
Network Performance management consists of two components: 1) a set of functions that evaluates and reports on the behavior of networking equipment and the effectiveness of the network or network element; 2) a set of various subfunctions that includes gathering statistical information, maintaining and examining historical logs, determining system performance under natural and artificial conditions, and altering system modes of operation.
Basic Measurements:
* Bandwidth utilization
* Packets per second
* Packet delay
* Round trip Time and RTT variance
* Packet loss
* Reachability
* Circuit Performance
An ideal performance management solution must be platform independent and extensible as well as able to provide integrated, total network coverage. The ideal solution must allow network admin to monitor ongoing physical network performance, analyze its data to correlate end-to-end service performance, and finally, to take action based on a complete understanding of network behavior. Complete performance management must drill down through each layer of network technology. With an integrated view of deployed technology, network admin can recognize the impact of performance management on their users.
Network Sniffer
A Sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Network operations and maintenance personnel use a Sniffer to monitor network traffic, analyze packets, watch network resource utilization, conduct forensic analysis of network security breaches and troubleshoot network problems. Unauthorized Sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.
Sniffer as a product was originally created by Network General, which was acquired by Network Associates. Network Associates now has spun off the Sniffer product unit to an independent company, which has been re-named Network General again. Sniffer actually is a trade-marked product brand of Network General. However, due to its popularity among IT professionals, Sniffer is widely used for all products that perform network traffic capture and analysis.
There are many Sniffer-like products on the market. The market size is nearly one billion dollars. There are two basic types of sniffers: Portable and Distributed.
Portable sniffers are stand-alone devices or software that can be installed in a PC. Portable sniffers can perform data capture and both real-time and play back data analysis. The price of portable sniffers range from a few hundred dollars to tens of thousands of dollars, depending on the vendor, the network (Ethernet, Gigabit Ethernet, Optical media, WAN links, etc.) to monitor and the types of data analysis done. A portable sniffer is typically used by small companies or field engineers of larger companies. The core technologies for portable sniffer are well established: packet capture and analysis. Different vendors have their own specialties to conduct the analysis, such as simple protocol analysis, packet re-construction into original messages, Expert Analysis, etc.
Distributed sniffer have two parts: a Monitoring Probe, which is a device or software program deployed at various points in the network; and a Consol, which is a software package installed in the Network Operation Center (NOC) to centrally monitor all Probes. The Distributed sniffer is typically deployed by large enterprises to monitor their networks from a centralized location such as a NOC. The cost of deploying the distributed sniffer ranges from tens of thousands of dollars to millions of dollars. In addition to packet capturing and analysis, the distributed sniffer also retrieves and uses SNMP and RMON data for additional network information.
The leading vendors in the portable sniffer include: Network General, Agilent Technologies, Wildpackets and Javvin Technologies. The leading vendors in the distributed sniffer include Network General and Netscout. There are also open source programs, such as Ethereal, available for public usage. The network sniffer is also called a network protocol analyzer, packet analyzer, network sniffing tool, network analyzer, etc.
ODI: Open Data-Link Interface
Open Data-Link Interface (ODI) is Novell’s standard of LAN driver which allows multiple network protocols and adapters (physical boards) to be used simultaneous on the same client (workstation) or server. ODI provides a flexible, high performance Data Link Layer interface to Network Layer protocol stacks such as TCP/IP, IPX, NetBIOS, AppleTalk, etc. The ODI specification is comprised of the three elements below:
Protocol Stacks: transmit and receive data over a logical or physical network. They also provide routing, connection service and APIs, and provide an interface to allow higher layer protocols or applications to access the services provided by the Protocols Stack’s service.
Link Support Layer (LSL): LSL handles communications between the Protocol Stack and MLIDs and directs various protocols to proper MLIDs.
Multiple Link Interface Drivers (MLIDs): MLIDs are device drivers that handle the sending and receiving of packets to/from logical or physical topology.
Open Data-Link Interface (ODI) Architecture:
Ping: Packet Internet Groper
Ping is a popular TCP/IP network utility using the Internet Control Message Protocol (ICMP) to determine the availability and responsiveness of network hosts. A system administrator uses the Ping tool to see if a computer is operating as wells as if network connections are intact.
The Internet Control Message Protocol (ICMP) Echo function used by the Ping tools is detailed in RFC 792. A small packet is sent through the network to a particular IP address. This packet contains 64 bytes - 56 data bytes and 8 bytes of protocol reader information. The computer that sent the packet then waits/listens for a return packet. If the connections are good and the target computer is up, a good return packet will be received. PING can also tell the user the number of hops that lie between two computers and the amount of time it takes for a packet to make the complete trip. In addition, an administrator can use Ping to test out name resolution. If the packet bounces back when sent to the IP address but not when sent to the name, then the system is having a problem matching the name to the IP address.
Ping is a part of all Linux distributions, FreeBSD, NetBSD, OpenBSD, Solaris, all Unix variants and Windows 95/98/NT/2000/XP operating systems. FreeBSD also has a Ping command that uses the ICMP6 ECHO_REQUEST datagram (as opposed to standard ICMP ECHO_REQUEST packets) that is called Ping6.
Protocol Analysis and Protocol Analyzer
Network protocol analysis is a process for a program or a device to decode network protocol headers and trailers to understand the data and information inside the packet encapsulated by the protocol.To conduct protocol analysis, packets must be captured in real time for line speed analysis or later analysis. Such a program or device is called a Protocol Analyzer.
In the typical network architecture, a layered approach is used to design network protocols and communications. The most popular network architecture reference model is called the OSI model. The protocols at one layer should communicate with protocols at the same layer. The key function of a protocol analyzer is to decode the protocol at each layer. Protocol information of multiple layers may be used by the protocol analyzer to identify possible problems in the network communication. This protocol analysis is called Expert Analysis and is deployed by many leading protocol analyzer products, such as Network General Sniffer Pro, for advanced network troubleshooting. Some other protocol analyzers decode multiple layer protocols and packets to re-construct lower level packets (such as IP or TCP level) into higher level (such as application level) messages to make network traffic easy to view and understand. This technique is used in protocol analyzers when network traffic monitoring for user surveillance is the primary goal. The Javvin Packet Analyzer is an example of this type of tool.
Protocol Analyzers can be used both for legitimate network management functions and for stealing information off a network. Network operations and maintenance personnel use Protocol Analyzers to monitor network traffic, analyze packets, watch network resource utilization, conduct forensic analysis of network security breaches and troubleshoot network problems. Unauthorized protocol analyzers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.
There are many protocol analyzer products on the market. The market size for this is nearly one billion dollars. There are two basic types of protocol analyzers: portable and distributed.
Portable protocol analyzers are stand-alone devices or software that can be installed in a PC. Portable protocol analyzers can perform data capture and have both real-time and play-back data analysis functions. The price of portable protocol analyzers ranges from a few hundred dollars to tens of thousands of dollars, depending on the vendor, the network (Ethernet, Gigabit Ethernet, Optical media WAN links, etc.) to monitor and the types of data analysis that are done. A portable protocol analyzer is typically used by small companies or field engineers of larger companies.
Distributed protocol analyzers have two parts: a Monitoring Probe, which is a device or software program deployed at various points in the network; and a Consol, which is a software package installed in the Network Operation Center (NOC) to centrally monitor all Probes. The Distributed protocol analyzer is typically deployed by large enterprises to monitor their networks from a centralized location such as a NOC. The cost of deploying the distributed protocol analyzer ranges from tens of thousands of dollars to millions of dollars. In addition to packet capturing and analysis, the distributed protocol analyzer also retrieves and uses SNMP and RMON data for additional network information.
The leading vendors in the portable protocol analyzer include: Network General, Agilent Technologies, Wildpackets and Javvin Technologies. The leading vendors in the distributed protocol analyzer include Network General and Netscout. There are also open source programs, such as Ethereal, available for public usage.
The network protocol analyzer is also called a network sniffer, packet analyzer, network sniffing tool, network analyzer, etc.
TCPDUMP: TCP/IP Packet Analysis Utility
Tcpdump is a popular computer network debugging and security tool which allows the user to intercept and display TCP/IP packets being transmitted or received over a network to which the computer is attached. Tcpdump allows us to precisely see all the traffic and enables us to create statistical monitoring scripts.
At an ethernet segment, tcpdump operates by putting the network card into promiscuous mode in order to capture all the packets going through the wire. Using tcpdump we have a view on any TCP/UDP connection establishment and termination and we can measure the response time and the packet loss percentages. It can also tell us about lack of reachability for some distant server. Common Uses of tcpdump are as follows:
* to debug applications one is writing which utilize the network for communications
* to debug the network setup itself, by determining whether all necessary routing is or is not occurring properly
* to intercept and display the communications of another user or computer. Some protocols, such as telnet and HTTP, transmit information unencrypted over the network. A user with control of a router or gateway through which other computers' unencrypted traffic passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other information.
tcpdump is a command line, text mode only program. One major drawback to tcpdump is the size of the flat file containing the text output. Ethereal is a similar program with a GUI frontend, and many additional formatting, sorting, and display facilities. There are many commercial software tools perform similar and enhanced functions. Javvin's Packet Analyzer is one of the leading software in this category.
Tcpdump is the most popular sniffer/packet analysis tool on Unix systems. On Unix and most other operating systems, a user must have the equivalent of root or system administrator privileges to use tcpdump due to its use of promiscuous mode.
WinDump is the porting to the Windows platform of tcpdump. WinDump is fully compatible with tcpdump and can be used to watch and diagnose network traffic according to various complex rules. It can run under Windows 95/98/ME, and under Windows NT/2000/XP.
TCPdump Usage
tcpdump [-aenStvx] [-F file] [-i int] [-r file] [-s snaplen] [-w file] [‘filter_expression’]
* -e Display data link header
* -F Filter expression in file
* -i Listen on int interface
* -n Don’t resolve IP addresses
* -r Read packets from file
* -s Get snaplen bytes from each packet
* -t Don’t print timestamp
* -v Verbose mode
* -w Write packets to file
* -x Display in hex
* -X Display in hex and ASCII
Traceroute: A TCP/IP Packet Route Tracing Tool
Traceroute, originally written by Van Jacobson in 1988, is a TCP/IP utility which allows the user to determine the route packets take to reach a particular host. The term traceroute now refers both to a utility and the output of the utility. Traceroute shows you the address and how long it takes to get to each hop in the path. It can be very useful for locating and detecting network congestion, failures, and other various other troubleshooting issues.
Traceroute works by increasing the "time to live" value of each successive packet sent. The first packet has a TTL value of one, the second two, and so on. When a packet passes through a host, the host decrements the TTL value by one and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination.
You can run your own traceroute software with a PPP or net connection. In Microsoft Windows, traceroute is named tracert. A similar tool, pathping, was introduced with Windows NT, combining ping and traceroute functionality. To run the traceroute tool in Windows environment, first type command to call a DOS window. Then type the command tracert delphiforums.com (or any other address). traceroute utility, which will trace only from Delphi back to your provider.--> NetLab is an excellent freeware program for Windows that includes traceroute and other utilities. NetLab is a freeware program for Windows that includes traceroute and other utilities. WS-FTP Pro, a popular shareware FTP program, also provides traceroute and other utilities in its package.
On Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with a port number of 33434. The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead. The Windows utility uses ICMP echo request, better known as ping packets. Some firewalls on the path being investigated may block UDP probes but allow the ICMP echo request traffic to pass through.
Traceroute does not provide any information regarding the physical location of each node along the route, which makes it difficult to effectively identify geographically circuitous unicast routing. Indeed, there are examples of paths between hosts just a few miles apart that cross the entire United States and back, phenomena not immediately evident from the textual output of traceroute. While such path information may not be of much interest to many end users, it can provide valuable insight to system administrators, network engineers, operators and analysts.
Traceroute: A TCP/IP Packet Route Tracing Tool
Traceroute, originally written by Van Jacobson in 1988, is a TCP/IP utility which allows the user to determine the route packets take to reach a particular host. The term traceroute now refers both to a utility and the output of the utility. Traceroute shows you the address and how long it takes to get to each hop in the path. It can be very useful for locating and detecting network congestion, failures, and other various other troubleshooting issues.
Traceroute works by increasing the "time to live" value of each successive packet sent. The first packet has a TTL value of one, the second two, and so on. When a packet passes through a host, the host decrements the TTL value by one and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination.
You can run your own traceroute software with a PPP or net connection. In Microsoft Windows, traceroute is named tracert. A similar tool, pathping, was introduced with Windows NT, combining ping and traceroute functionality. To run the traceroute tool in Windows environment, first type command to call a DOS window. Then type the command tracert delphiforums.com (or any other address). traceroute utility, which will trace only from Delphi back to your provider.--> NetLab is an excellent freeware program for Windows that includes traceroute and other utilities. NetLab is a freeware program for Windows that includes traceroute and other utilities. WS-FTP Pro, a popular shareware FTP program, also provides traceroute and other utilities in its package.
On Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with a port number of 33434. The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead. The Windows utility uses ICMP echo request, better known as ping packets. Some firewalls on the path being investigated may block UDP probes but allow the ICMP echo request traffic to pass through.
Traceroute does not provide any information regarding the physical location of each node along the route, which makes it difficult to effectively identify geographically circuitous unicast routing. Indeed, there are examples of paths between hosts just a few miles apart that cross the entire United States and back, phenomena not immediately evident from the textual output of traceroute. While such path information may not be of much interest to many end users, it can provide valuable insight to system administrators, network engineers, operators and analysts.
No comments:
Post a Comment