Creating a proxy webserver in python/set 2

Creating a Proxy Webserver in Python | Set 2

Prerequisite: Creating a Proxy Webserver in Python – Set1
In this tutorial, few interesting features are added to make it more useful.

  • Add blacklisting of domains. For Ex., Create a list of BLACKLIST_DOMAINS in our configuration dict. For now, just ignore/drop the requests received for blacklisted domains. (Ideally we must respond with a forbidden response.)

    # Check if the host:port is blacklisted
    for i in range(0, len(config['BLACKLIST_DOMAINS'])):
        if config['BLACKLIST_DOMAINS'][i] in url:
  • To add host blocking: Say, you may need to allow connections from a particular subnet or connection for a particular person. To add this, create a list of all the allowed hosts. Since the hosts can be a subnet as well, add regex for matching the IP addresses, specifically IPV4 addresses.” IPv4 addresses are canonically represented in dot-decimal notation, which consists of four decimal numbers, each ranging from 0 to 255, separated by dots, e.g., Each part represents a group of 8 bits (octet) of the address.”
  • Using regex to match correct IP addresses:
    • Create a new method, _ishostAllowed in Server class, and use fnmatch module to match regexes. Iterate through all the regexes and allow request if it matches any of them. If a client address is not found to be a part of any regex, then send a FORBIDDEN response. Again, for now skip this response creation part.

Note: We would be creating a full fledged custom webserver in upcoming tutorials, there creation of a createResponse function will be done to handle the generic response creation.

def _ishostAllowed(self, host):
""" Check if host is allowed to access
        the content """
    for wildcard in config['HOST_ALLOWED']:
        if fnmatch.fnmatch(host, wildcard):
            return True
    return False

Default host match regex would be ‘*’ to match all the hosts. Though, regex of the form ‘192.168.*’ can also be used. Server currently processes requests but does not show any messages, so we are not aware of the state of the server. Its messages should be logged onto console. For this purpose , use the logging module as it is thread safe. (server is multi-threaded if you remember.)

Import module and setup its initial configuration.

logging.basicConfig(level = logging.DEBUG,
format = '[%(CurrentTime)-10s] (%(ThreadName)-10s) %(message)s',)

  • Create a separate method that logs every message : Pass it as argument, with additional data such as thread-name and current-time to keep track of the logs. Also create a function that colorizes the logs so that the looks pretty on STDOUT.
    To achieve this, add a boolean in configuration, COLORED_LOGGING and create a new function that colorizes every msg passed to it based on the LOG_LEVEL.

def log(self, log_level, client, msg):
""" Log the messages to appropriate place """
    LoggerDict = {
       'CurrentTime' : strftime("%a, %d %b %Y %X", localtime()),
       'ThreadName' : threading.currentThread().getName()
    if client == -1: # Main Thread
        formatedMSG = msg
    else: # Child threads or Request Threads
        formatedMSG = '{0}:{1} {2}'.format(client[0], client[1], msg)
    logging.debug('%s', utils.colorizeLog(config['COLORED_LOGGING'],
    log_level, formatedMSG), extra=LoggerDict)

  • Create a new module, It contains a pycolors class which maintains a list of color codes. Separate this into another module in order to make code modular and to follow PEP8 standards.

class pycolors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m' # End color
BOLD = '\033[1m'
UNDERLINE = '\033[4m'


import ColorizePython


def colorizeLog(shouldColorize, log_level, msg):
    ## Higher is the log_level in the log()
    ## argument, the lower is its priority.
    colorize_log = {
    "NORMAL": ColorizePython.pycolors.ENDC,
    "WARNING": ColorizePython.pycolors.WARNING,
    "SUCCESS": ColorizePython.pycolors.OKGREEN,
    "FAIL": ColorizePython.pycolors.FAIL,
    "RESET": ColorizePython.pycolors.ENDC
if shouldColorize.lower() == "true":
        if log_level in colorize_log:
            return colorize_log[str(log_level)] + msg + colorize_log['RESET']
        return colorize_log["NORMAL"] + msg + colorize_log["RESET"]
    return msg

  • Since the colorizeLog is not a function of a server class, it is created as a separate module named which stores all the utility that make code easier to understand and put this method there. Add appropriate log messages wherever required, especially whenever the state of server changes.
  • Modify shutdown method in server to exit all the running threads before exiting the application.threading.enumerate()iterates over all the running threads, so we do not need to maintain a list of them. The behavior of threading module is unexpected when we try to end the main_thread. The official documentation also states this:

“join() raises a RuntimeError if an attempt is made to join the current thread as that would cause a deadlock. It is also an error to join() a thread before it has been started and attempts to do so raises the same exception.”
So, skip it appropriately. Here’s the code for the same.

def shutdown(self, signum, frame):
    """ Handle the exiting server. Clean all traces """
    self.log("WARNING", -1, 'Shutting down gracefully...')
    main_thread = threading.currentThread() # Wait for all clients to exit
    for t in threading.enumerate():
        if t is main_thread:
            self.log("FAIL", -1, 'joining ' + t.getName())

Directory Structure:1
The full code directory can be downloaded from here.
If you have any comments/suggestions/queries then feel free to ask. 🙂

About the Author:

Pinkesh Badjatiya hails from IIIT Hyderabad .He is a geek at heart with ample projects worth looking for. His project work can be seen here.

If you also wish to showcase your blog here, please see GBlogfor guest blog writing on GeeksforGeeks.


troubleshooting network


Troubleshooting is the process of identifying, locating and correcting problems that occur. Experienced individuals often rely on instinct to troubleshoot.

Approach to Troubleshooting

There are several different structured troubleshooting techniques available, including:

Top-down:Top-down starts with the application layer and works down. It looks at the problem from the point of view of the user and the application.

Bottom-up:Bottom-up starts with the physical layer and works up. The physical layer is concerned with hardware and wire connections.

Divide-and-conquer:Divide-and-Conquer typically begins trouble shooting at one of the middle layers and works up or down from there. For example, the troubleshooter may begin at the network layer, by verifying IP configuration information.

Software utlilities for troubleshooting connectivity

A number of software utility programs are available that can help identify network problems.

  • ipconfig – Displays IP configuration information
  • ping – Tests connections to other IP hosts
  • tracert – Displays route taken to destination

Troubleshooting using

Ipconfig:Ipconfig is used to display the current IP configuration information for a host. Issuing this command from the command prompt will display the basic configuration infor mation including: IP address, subnet mask and default gateway.

Ping:If the IP configuration appears to be correctly configured on the local host, next, test network connectivity by using ping. Ping is used to test if a destination host is reachable. The ping commandcan be followed by either an IP address or the name of a destination host.

Tracert:The ping utility can verify end-to-end connectivity. However, if a problem exists and the device cannot ping the destination, the ping utility does not indicate where the connection was actually dropped. To accomplish this, another utility known as tracert must be used.

Nslookup:When accessing applications or services across the network, individuals usually rely on the DNS name instead of the IP address. When a request is sent to that name, the host must first contact the DNS server to resolve the name to the corresponding IP. The host then uses IP to package the information for delivery.

Connectivity issues

Connectivity problems occur on wireless networks, wired networks and networks that use both. When troubleshooting a network with both wired and wireless connections , it is often best to troubleshoot using a divide-and -conquer technique to isolate the problem to either the wired or wireless network. The easiest way to determine if the problem is with the wired or the wireless network is to:

1. Ping from a wireless client to the default gateway – this verifies if the wireless client is connecting as expected.

2. Ping from a wired client to the default gateway – this verifies if the wired client is connecting as expected.

Network security:-2

Why insider attacks are more dangerous ?

Insider attacks are, by definition, conducted by people who have legitimate access to your network and systems. They may be disgruntled employees with a grudge against the company, money-motivated workers who use the system to steal from the company, contractors doing work for you on a temporary basis who are there to engage in corporate espionage, or anyone else who abuses his/her privileges on your network to use it in an unauthorized way. Some attackers are infiltrators who get a job at the company for the express purpose of penetrating its security. Some insiders may be threatened, coerced or bribed by outsiders to steal company information or plant a virus or malware that will bring down or disrupt the network.

Some scenarios include:

  • Deliberately infecting the company computers and network with malware or viruses that disrupt work and result in lost productivity
  • Introducing spyware, key loggers and similar software to get information about what co-workers or others within the company are doing
  • Stealing passwords to log on to the company network under the guise of someone else, in effect stealing the co-worker’s identity
  • Copying confidential company information to take or send outside the company without authorization

Why most company security strategies focus on outsiders ?

The primary reason is because it’s simply more difficult to defend against insiders. Company employees often need access to sensitive information to do their jobs, rendering it vulnerable to theft. They have legitimate credentials to log onto the network, making it easier for them to exploit any security holes to disrupt network services. Some folks argue that it can’t be done at all. They make a good point: If you give someone the keys to the kingdom, it’s going to be extremely difficult to prevent him from misusing them if he really wants to. Nonetheless, there are steps that you can take to make it more difficult for insiders to do extensive damage. Developing a security strategy to protect against insider attacks.

Implement a dedicated DLP appliance or software.

DLP appliances or software allow you to track the travel of your company’s data, either in real time or by collecting information and summarizing it in daily or weekly reports. You’ll want a DLP system that can intercept and read SSL or other encrypted messages, or users will be able to defeat its purpose simply by encrypting the data they send outside the network. Note that a drawback of DLP is that it may negatively impact network performance.

Configure your firewall to address traffic going both ways.

Most modern firewalls are capable of filtering both inbound and outbound traffic, but many are configured to only control the former. Set up outbound rules on your firewall to explicitly block or explicitly allow the network traffic that matches the criteria you set. For example, you could block outbound traffic that uses a specific port number.

Use packet inspection within the network.

DLP appliances and firewalls focus on traffic being sent outside the network. You can use packet inspection tools such as Network Analysis and Visibility (NAV) products to inspect the contents of packets moving within the internal network, for example when a user downloads a file from the server to his computer that he shouldn’t have access to or doesn’t need to do his work. NAV tools can examine the contents in great depth and look for particular words or types of data (such as social security numbers or account numbers) within a document or file. NAV has the same problem as DLP in that it can slow down network performance.

Use mail security products with content filtering.

You can use the content filtering feature on your email security products to, for example, block outbound messages that contain certain keywords, or block users from sending attachments, to prevent insiders from sending confidential information outside the network.

Data encryption.

Encrypting sensitive data will make it more difficult for those inside the network (as well as outsiders) to be able to access and read the information even if they do manage to intercept it and take it outside.

Least privilege policy.

For best security and protection against insider threats, always follow a policy of giving users the most restrictive set of privileges that will still allow them to do the work they need to do. Apply this same policy when configuring your DLP product or your firewall’s outbound rules , by starting off by blocking everything and then allowing those things that are needed, rather than the opposite method of starting off by allowing everything and then restricting things selectively. Likewise, the keys to access encrypted data should be available only to those whose jobs require that they access that data, and not to all employees or all employees who happen to work in a specific department or hold a particular position.

File access auditing.

Implementing auditing of access to file system objects will help you detect when insiders are accessing information for which they don’t have a need in order to do their jobs.

Area of responsibility or segregation of duties.

This is a policy that ensures that no one person can process an important transaction (such as transfer of monetary funds) alone. One person may be able to initiate the process but it can’t be completed without the authorization of one or more other individuals. This provides a set of checks and balances to protect against a lone rogue employee or infiltrator.

Control USB devices.

DLP, firewalls, and mail content filtering will help prevent insiders from sending sensitive company information outside the network via the Internet. However, removable USB drives, especially easily concealed “thumb drives” (flash memory drives), are often used by insiders to copy sensitive company information and manually carry it outside the company. To prevent this, you can disable USB ports on systems of those who don’t absolutely need them. You can use Windows Group Policy or third party software to restrict or block the installation of USB devices. Software such as GFI Endpoint Security can be used to manage user access and log the activities of USB drives, flash memory cards, CDs, floppy disks, iPods and other MP3 players, smart phones and PDAs and anything else that connects to computers via USB.

Rights management services.

Rights management allows you to give users access to data, but helps prevent them from sharing that data with others who aren’t authorized to have it. Windows Rights Management Services (RMS) allows you to block copying or printing of documents, block forwarding or copying of email messages, and so forth. Windows also blocks taking a screenshot of protected documents or messages. While there are always ways around this for a determined person (for example, the user could take a photo of the screen with a cell phone camera), it makes it more difficult for insiders to misappropriate the protected information.

Change management.

Configuration and Change Management tools help you to identify when changes are made to the configurations of systems that may be done by employees to gain access to information they shouldn’t have. There are many products on the market that can be used to track changes on the network.

Identity management

Because access privileges are granted based on the identity of the user, it is imperative that you have in place a good identity management system. This becomes even more important in today’s network environment, where company mergers and the moving of some or all data into the cloud complicates things even more.

Network security:1

Network Security

What is Network Security ?

Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secureenvironment.

What Is Network Security and How Does It Protect You?

After asking What is network security?, you should ask, What are the threats to my network? Many network security threats today are spread over the Internet. The most common include:

  • Viruses, worms, and Trojan horses
  • Spyware and adware
  • Zero-day attacks, also called zero-hour attacks
  • Hacker attacks
  • Denial of service attacks
  • Data interception and theft
  • Identity theft

How Does Network Security Work?

To understand What is network security?, it helps to understand that no single solution protects you from a variety of threats. You need multiple layers of security. If one fails, others still stand. Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats. A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.Network security components often include:

  • Anti-virus and anti-spyware
  • Firewall, to block unauthorized access to your network
  • Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks
  • Virtual Private Networks (VPNs), to provide secure remote access

What are the types of Network Security attacks?

Types of attack are as follows:

Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur. There are five types of attack:

Passive Attack

A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.

Active Attack

In an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth , viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.

Distributed Attack

A distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a “trusted” component or software that will later be distributed to many other companies and users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.

Insider Attack

An insider attack involves someone from the inside, such as a disgruntled employee, attacking the network Insider attacks can be malicious or no malicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task.

Close-in Attack

A close-in attack involves someone attempting to get physically close to network components, data, and systems in order to learn more about a network Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both.

Phishing Attack

In phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or paypal. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.

Hijack attack

Hijack attack In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker by accident.

Spoof attack

Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.

Buffer overflow

Buffer overflow A buffer overflow attack is when the attacker sends more data to an application than is expected. A buffer overflow attack usually results in the attacker gaining administrative access to the system in a ommand prompt or shell.

Exploit attack

Exploit attack In this type of attack, the attacker knows of a security problem within an operating system or a piece of software and leverages that knowledge by exploiting the vulnerability.

Password attack

Password attack An attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters.

What Are The Methods Of Attack ?

Following are the methods of attacks :-


A piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

Boot Sector Virus:

Boot sector virus infects the boot sector on floppy disks, hard disks and other bootable media like DVD or CD. The examples of boot sector viruses are – Form, Michelangelo, and Stoned.

Macro Virus:

A macro virus is an original individual amongst the types of computer virus, and contaminates the macros inside a pattern. As soon as you release a spreadsheet or word processing text, the macro virus gets into typical pattern. The examples of Macro viruses are – Relax, Babbles, and Melissa.

Companion Viruses:

Companion viruses are as same as direct action types or resident types. They are companion viruses as because sometimes they get into the method and accompany the other existing files. The example of accompany viruses are – Asimov.1539, Terax.1069.


First developed by John Shoch and Jon Hupp at Xerox PARC in 1978, a worm is a destructive self replicating program containing code capable of gaining access to computers or networks. Once within the computer or network, the worm causes harm by deleting, modifying, distributing, or otherwise manipulating data.


A trojan horse is a program that appears to be something safe, but in is performing tasks such as giving access to your computer or sending personal information to other computers. Trojan horses are one of the most common methods a criminal uses to infect your computer and collect personal information from your computer. Below are some basic examples of how your computer could become infected with a trojan horse.


Short for Denial of Service, a DoS attack is a method of attacking a networked computer by sending it an abnormally high number of requests, causing its network to slow down or fail. Since a single individual cannot generate enough traffic for a DoS attack, these attacks are usually run from multiple computers infected by worms or zombie computers for a DDoS.


A term used to describe a software program that has been designed to secretly gather information about a user’s activity. Spyware programs are often used to track users’ habits to better target them with advertisements. Spyware is usually installed onto a user’s machine without their knowledge when downloading free music sharing programs, visiting adult oriented web pages, and through other downloads and plug-ins on the Internet.


Alternatively referred to as malware, sneakware, or spyware, adware is a program installed without a user consent or knowledge during the install of another program. Much like spyware, adware tracks individuals Internet activities and habits to help companies advertise more efficiently.


Wide area network

  • A wide area network (WAN) is a telecommunications network or computer network that extends over a large geographical distance. Wide area networks are often established with leased telecommunication circuits.

  • Business, education and government entities use wide area networks to relay data among staff, students, clients, buyers, and suppliers from various geographical locations.

  • In essence, this mode of telecommunication allows a business to effectively carry out its daily function regardless of location.

The Internet may be considered a WAN. Related terms for other types of networks are personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area net works (MANs) which are usually limited to a room, building, campus or specific me tropolitan area respectively.

Connection technology

Many technologies are available for wide area network links. Examples include circuit switched telephone lines, radio wave transmission, and optic fiber. New developments in technologies have successively increased transmission rates.

In ca. 1960, a 110 bit/s (bits per second) line was normal on the edge of the WAN, while core links of 56 kbit/s to 64 kbit/s were considered fast. As of 2014, households are connected to the Internet with ADSL, Cable, Wimax, 4G or fiber at speeds ranging from 1 Mbit/s to 1 Gbit/s and the connections in the core of a WAN can range from 1 Gbit/s to 100 Gbit/s.

Design options

The textbook definition of a WAN is a computer network spanning regions, countries, or even the world. However, in terms of the application of computer networ king protocols and concepts, it may be best to view WANs as computer networking techno logies used to transmit data over long distances, and between different LANs, MANs and other localised computer networking architectures.

This distinction stems from the fact that common LAN technologies operating at Layer 1/2 (such as the forms of Ethernet or Wifi) are often designe d for physically proximal networks, and thus cannot transmit data over tens, hundred s or even thousands of miles or kilometres.

WANs do not just necessarily connect physically disparate LANs. A CAN, for example, may have a localised backbone of a WAN technology, which connects different LANs within a campus. This could be to facilitate higher bandwidth applications, or provide better functionality for users in the CAN.

List of WAN types

  • ATM
  • Cable modem
  • Dial-up
  • DSL
  • Frame relay
  • ISDN
  • Leased line
  • X.25

Application services

Application Protocol and Services

DNS(Domain Name Services)

  • The Domain Name System (DNS) provides a way for hosts to use this name to request the IP address of a specific server.
  • DNS names are registered and organized on the Internet within specific high level groups, or domains. Some of the most common high level domains on the Internet are .com, .edu, and .net.
  • A DNS server contains a table that associates hostnames in a domain with corresponding IP addresses. When a client has the name of server, such as a web server, but needs to find the IP address, it sends a request to the DNS server on port 53. The client uses the IP address of the DNS server configured in the DNS settings of the host’s IP configuration.

Web Clients and Servers

  • When a web client receives the IP address of a web server, the client browser uses that IP address and port 80 to request web services. This request is sent to the server using the Hypertext Transfer Protocol (HTTP).
  • When the server receives a port 80 request, the server responds to the client request and sends the web page to the client. The information content of a web page is encoded using specialized ‘mark-up’ languages. HTML (Hypertext Mark-up Language) is the most commonly used but others, such as XML and XHTML, are gaining popularity.
  • The HTTP protocol is not a secure protocol; information could easily be intercepted by other users as it is sent over the network. In order to provide security for the data, HTTP can be used with secure transport protocols. Requests for secure HTTP are sent to port 443. These requests require the use of https: in the site address in the browser, rather than http:.

FTP Client and Services

  • The File Transfer Protocol (FTP) provides an easy method to transfer files from one computer to another. A host running FTP client software can access an FTP server to perform various file management functions including file uploads and downloads.
  • The FTP server enables a client to exchange files between devices. It also enables clients to manage files remotely by sending file management commands such as delete or rename. To accomplish this, the FTP service uses two different ports to communicate between client and server.
  • Requests to begin an FTP session are sent to the server using destination port 21. Once the session is opened, the server will change to port 20 to transfer the data files.
  • FTP client software is built into computer operating systems and into most web browsers. Stand-alone FTP clients offer many options in an easy-to-use GUI-based interface.

Email Client and Servers

  • Email is one of the most popular client/server applications on the Internet. Email servers run server software that enables them to interact with clients and with other email servers over the network.
  • Mail servers are also used to send mail addressed to local mailboxes or mailboxes located on other email servers.
  • Various application protocols used in processing email include SMTP, POP3, IMAP4.

IM Client and Servers

  • Instant Messaging (IM) is one of the most popular communication tools in use today. IM software is run locally on each computer and allows users to communicate or chat over the Internet in real-time
  • Each instant messaging service can use a different protocol and destination port, so two hosts must have compatible IM software installed for them to communicate.
  • IM applications require minimal configuration to operate. Once the client is downloaded all that is required is to enter username and password information. This allows the IM client to authenticate to the IM network.
  • IM client software can be downloaded and used on all types of hosts, including: computers, PDAs and cell phones.

Voice Client and Servers

  • IP telephony makes use of Voice over IP (VoIP) technology which uses IP packets to carry digitized voice as data.
  • To start using Internet telephone, download the client software from one of the companies that provides the service. Rates for Internet telephone services can vary greatly between regions and providers.
  • Calls are made to other users of the same service on the Internet, by selecting the username from a list. A call to a regular telephone (land line or cell phone) requires the use of a gateway to access the Public Switched Telephone Network (PSTN).

Port Number

DNS, Web, Email, FTP, IM and VoIP are just some of the many services provided by client/server systems over the Internet. These services may be provided by a single server or by several servers.

  • Well-Known Ports
  • Destination ports that are associated with common network applications are identified as well-known ports. These ports are in the range of 1 to 1023.

  • Registered Ports
  • Ports 1024 through 49151 can be used as either source or destination ports. These can be used by organizations to register specific applications such as IM applications.

  • Private Ports
  • Ports 49152 through 65535, often used as source ports. These ports can be used by any application.


wireless technologies

Wireless Technologies

Wireless Technologies and Devices

  • In addition to the wired network, various technologies exist that allow the transmission of information between hosts without cables. These are known as wireless technologies.

  • Wireless technologies use electromagnetic waves to carry information between devices. An electromagnetic wave is the same medium that carries radio signals through the air.

  • The electromagnetic spectrum includes such things as radio and television broadcast bands, visible light, x-rays and gamma-rays. Each of these has a specific range of wavelengths and associated energies as shown in the diagram.

  • Some types of electromagnetic waves are not suitable for carrying data. Other parts of the spectrum are regulated by governments and licensed to various organizations for specific applications. Certain areas of the spectrum have been set aside to allow public use without the restriction of having to apply for special permits. The most common wavelengths used for public wireless communications include the Infrared and part of the Radio Frequency (RF) band.


  • Infrared (IR) is relatively low energy and cannot penetrate through walls or other obstacles. However, it is commonly used to connect and move data between devices such as Personal Digital Assistants (PDAs) and PCs.

  • A specialized communication port known as an Infrared Direct Access (IrDA) port uses IR to exchange information between devices. IR only allows a one-to-one type of connection.

  • IR is also used for remote control devices, wireless mice, and wireless keyboards. It is generally used for short-range, line-of-sight, communications.

Radio Frequency (RF)

  • RF waves can penetrate through walls and other obstacles, allowing a much greater range than IR. Certain areas of the RF bands have been set aside for use by unlicensed devices such as wireless LANs, cordless phones and computer peripherals. This includes the 900 MHz, 2.4 GHz, and the 5 GHz frequency ranges. These ranges are known as the Industrial Scientific and Medical (ISM) bands and can be used with very few restrictions.

  • Bluetooth is a technology that makes use of the 2.4 GHz band. It is limited to low-speed, short-range communications, but has the advantage of communicating with many devices at the same time. This one-to-many communications has made Bluetooth technology the preferred method over IR for connecting computer peripherals such as mice, keyboards and printers.

Benifits of Wireless Technology

  • One of the main advantages is the ability to provide anytime, anywhere connectivity. The widespread implementation of wireless in public locations, known as hotspots, allows people to easily connect to the Internet to download information and exchange emails and files.

  • Wireless technology is fairly easy and inexpensive to install. The cost of home and business wireless devices continues to decrease.

  • Wireless technology enables networks to be easily expanded, without the limitations of cabled connections. New and visiting users can join the network quickly and easily.

Limitations of Wireless Technology

  • First, Wireless LAN (WLAN) technologies make use of the unlicensed regions of the RF spectrum. Since these regions are unregulated, many different devices make use of them. As a result, these regions are congested and signals from different devices often interfere with each other.

  • Second, a major concern with wireless is security. Wireless provides ease of access. It does this by broadcasting data in a manner that allows anyone the ability to access it. However, this same feature also limits the amount of protection wireless can provide for the data. It allows anyone to intercept the communication stream, even unintended recipients.

Types of Wireless Networks

Wireless networks are grouped into three major categories: Wireless Personal Area networks (WPAN), Wireless Local Area networks (WLAN), and Wireless Wide Area networks (WWAN).

  • WPAN

    This is the smallest wireless network used to connect various peripheral devices such as mice, keyboards and PDAs to a computer. All of these devices are dedicated to a single host with usually use IR or Bluetooth technology.

  • WLAN

    WLAN is typically used to extend the boundaries of the local wired network (LAN). WLANs use RF technology and conform to the IEEE 802.11 standards. They allow many users to connect to a wired network through a device known as an Access Point (AP). An Access Point provides a connection between wireless hosts and hosts on an Ethernet wired network.

  • WMAN

    A metropolitan area network (MAN) is a computer network larger than a local area network, covering an area of a few city blocks to the area of an entire city, possibly also including the surrounding areas.

  • WWAN

    WWAN networks provide coverage over extremely large areas. A good example of a WWAN is the cell phone network. These networks use technologies such as Code Division Multiple Access (CDMA) or Global System for Mobile Communication (GSM) and are often regulated by government agencies.


When building a wireless network, it is important that the wireless components connect to the appropriate WLAN. This is done using a Service Set Identifier (SSID).

The SSID is a case-sensitive, alpha-numeric string that is up to 32-characters. It is sent in the header of all frames transmitted over the WLAN. The SSID is used to tell wireless devices which WLAN they belong to and with which other devices they can communicate.

Regardless of the type of WLAN installation, all wireless devices in a WLAN must be configured with the same SSID in order to communicate.


  • The simplest form of a wireless network is created by connecting two or more wireless clients together in a peer-to-peer network. A wireless network established in this manner is known as an ad-hoc network and does not include an AP.

  • All clients within an ad-hoc network are equal. The area covered by this network is known as an Independent Basic Service Set (IBSS). A simple ad-hoc network can be used to exchange files and information between devices without the expense and complexity of purchasing and configuring an AP.

  • Static assignment of addressing information can provide increased control of network resources, but it can be time consuming to enter the information on each host. When entering IP addresses statically, the host only performs basic error checks on the IP address. Therefore, errors are more likely to occur.

Infrastructure Mode

  • Although an ad-hoc arrangement may be good for small networks, larger networks require a single device that controls communications in the wireless cell. If present, an AP will take over this role and control who can talk and when. This is known as infrastructure mode.

  • networking services

    Network Services

    Client Server Relationship

    The key characteristic of client/server systems is that the client sends a request to a server, and the server responds by carrying out a function, such as sending information back to the client.

    The term server refers to a host running a software application that provides information or services to other hosts connected to the network. A well-known example of an application is a web server

    There are millions of servers connected to the Internet, providing services such as web sites, email, financial transactions, music downloads, etc. A factor that is crucial to enabling these complex interactions to function is that they all use agreed standards and protocols.

    To request and view a web page, a person uses a device that is running web client software. A client is the name given to a computer application that someone uses to access information held on a server. A web browser is a good example of a client.

    Role of Protocol in Client Server Communication

    A web server and a web client use specific protocols and standards in the process of exchanging information to ensure that the messages are received and understood.

    Types of protocol

    Application Protocol

    Hypertext Transfer Protocol (HTTP) governs the way that a web server and a web client interact. HTTP defines the format of the requests and responses exchanged between the client and server. HTTP relies on other protocols to govern how the messages are transported between client and server

    Transport Protocol

    Transmission Control Protocol (TCP) is the transport protocol that manages the individual conversations between web servers and web clients. TCP formats the HTTP messages into segments to be sent to the destination host. It also provides flow control and acknowledgement of packets exchanged between hosts.

    Internetwork Protocol

    The most common internetwork protocol is Internet Protocol (IP). IP is responsible for taking the formatted segments from TCP, assigning the logical addressing, and encapsulating them into packets for routing to the destination host.

    Network Access Protocols

    Ethernet is the most commonly used protocol for local networks. Network access protocols perform two primary functions, data link management and physical network transmissions.

    Data link management protocols take the packets from IP and encapsulate them into the appropriate frame format for the local network. These protocols assign the physical addresses to the frames and prepare them to be transmitted over the network.

    The standards and protocols for the physical media govern how the bits are represented on the media, how the signals are sent over the media, and how they are interpreted by the receiving hosts.

    TCP and UDP Transport Protocol

    Each service available over the network has its own application protocols that are implemented in the server and client software. In addition to the application protocols, all of the common Internet services use Internet Protocol (IP), to address and route messages between source and destination hosts.

    Transmission Control Protocol

    When an application requires acknowledgment that a message is delivered, it uses TCP. This is similar to sending a registered letter through the postal system, where the recipient must sign for the letter to acknowledge its receipt

    TCP breaks up a message into small pieces known as segments. The segments are numbered in sequence and passed to IP process for assembly into packets

    FTP and HTTP are examples of applications that use TCP to ensure delivery of data.

    User Datagram Protocol

    UDP is a ‘best effort’ delivery system that does not require acknowledgment of receipt. This is similar to sending a standard letter through the postal system. It is not guaranteed that the letter is received, but the chances are good.

    UDP is preferable with applications such as streaming audio, video and voice over IP (VoIP). An example of an application that uses UDP is Internet radio.

    TCP/IP Port Number

    An example of an application that uses UDP is Internet radio.>When a message is delivered using either TCP or UDP, the protocols and services requested are identified by a port number. A port is a numeric identifier within each segment that is used to keep track of specific conversations and destination services requested

    Destination Port

    The client places a destination port number in the segment to tell the destination server what service is being requested.

    When a client specifies Port 80 in the destination port, the server that receives the message knows that web services are being requested. A server can offer more than one service simultaneously.

    A server can offer web services on Port 80 at the same time that it offers FTP connection establishment on Port 21.

    Source Port

    The source port number is randomly generated by the sending device to identify a conversation between two devices. This allows multiple conversations to occur simultaneously.

    multiple devices can request HTTP service from a web server at the s ame time. The separate conversations are tracked based on the source ports. .

    The source and destination ports are placed within the segment. The segments are t hen encapsulated within an IP packet. The IP packet contains the IP address of the source and destination

    Network addressing

    Network Addressing

    IP address Structure

    • An IP address is simply a series of 32 binary bits. The 32 bits are grouped into four 8-bit bytes called octets. To make the IP address easier to understand, each octet is presented as its decimal value, separated by a decimal point or period.

    • When a host is configured with an IP address, it is entered as a dotted decimal number such as Imagine if you had to enter the 32-bit binary equivalent of this – 11000000101010000000000100000101. If just one bit was mistyped, the address would be different and the host may not be able to communicate on the network.

    • The 32-bit IP address is defined with IP version 4 (IPv4) and is currently the most common form of IP address on the Internet. There are over 4 billion possible IP addresses using a 32-bit addressing scheme.

    Parts of IP address

    • The logical 32-bit IP address is hierarchical and is made up of two parts. The first part identifies the network and the second part identifies a host on that network. Both parts are required in an IP address.

    • As an example, if a host has IP address the first three octets, (192.168.18), identify the network portion of the address, and the last octet, (57) identifies the host. This is known as hierarchical addressing because the network portion indicates the network on which each unique host address is located. Routers only need to know how to reach each network, rather than needing to know the location of each individual host.

    Relation b/w IP Address and Subnet Mask

    • There are two parts to every IP address. When an IP host is configured, a subnet mask is assigned along with an IP address. Like the IP address, the subnet mask is 32 bits long. The subnet mask signifies which part of the IP address is network and which part is host.

    • The subnet mask is compared to the IP address from left to right, bit for bit. The 1s in the subnet mask represent the network portion; the 0s represent the host portion

    • When a host sends a packet, it compares its subnet mask to its own IP address and the destination IP address. If the network bits match, both the source and destination host are on the same network and the packet can be delivered locally. If they do not match, the sending host forwards the packet to the local router interface to be sent on to the other network.

    Types of IP Address

    Public and Private Addresses

    All hosts that connect directly to the Internet require a unique public IP address. Because of the finite number of 32-bit addresses available, there is a risk of running out of IP addresses. One solution to this problem was to reserve some private addresses for use exclusively inside an organization. This allows hosts within an organization to communicate with one another without the need of a unique public IP address.

    Static and Dynamic Address Assignment

    IP addresses can be assigned either statically or dynamically.


    • With a static assignment, the network administrator must manually configure the network information for a host. At a minimum, this includes the host IP address, subnet mask and default gateway.

    • Static addresses have some advantages. For instance, they are useful for printers, servers and other networking devices that need to be accessible to clients on the network. If hosts normally access a server at a particular IP address, it would not be good if that address changed.

    • Static assignment of addressing information can provide increased control of network resources, but it can be time consuming to enter the information on each host. When entering IP addresses statically, the host only performs basic error checks on the IP address. Therefore, errors are more likely to occur.


    • On local networks it is often the case that the user population changes frequently. New users arrive with laptops and need a connection. Others have new workstations that need to be connected. Rather than have the network administrator assign IP addresses for each workstation, it is easier to have IP addresses assigned automatically. This is done using a protocol known as Dynamic Host Configuration Protocol (DHCP).

    • DHCP provides a mechanism for the automatic assignment of addressing information such as IP address, subnet mask, default gateway, and other configuration information.

    • Benefit of DHCP is that an address is not permanently assigned to a host but is only leased for a period of time. If the host is powered down or taken off the network, the address is returned to the pool for reuse. This is especially helpful with mobile users that come and go on a network.

    Configuring DHCP

    transport layer


    Next Layer in OSI Model is recognized as Transport Layer (Layer-4). All modules and procedures pertaining to transportation of data or data stream categorized into this layer. As all other layers, this layer speaks to its peer Transport layer of the remote host.

    Transport layer offers peer-to-peer and end-to-end connection between two processes on remote hosts. Transport layer takes data from upper layer (i.e. Application layer) and then breaks it into smaller size segments numbers each byte and hands over to lower layer (Network Layer) for delivery.



    ·        This Layer is the first one which breaks the information data, supplied by Application layer in to smaller units called segments. It numbers every byte in the segment and maintains their accounting.

    ·        This layer ensures that data must be received in the same sequence in which it was sent.

    ·        This layer provides end-to-end delivery of data between host which may or may not belong to the same subnet.

    ·        All server processes intend to communicate over the network are equipped with well-known TSAPs (Transport Service Access Point) also known as port numbers.


    End-to-end communication

    A process on one host identifies its peer host on remote host by means of Transport Service Access Points, also known as Port numbers. TSAPs (Ports) are very well defined and a process which is trying to communicate with its peer knows this in advance.[Image: Transport Layer | TSAP]

    For example, when a DHCP client wants to communicate with remote DHCP server, it always request on port number 67. When a DNS client wants to communicate with remote DNS server it always requests on port number 53 (UDP).

    Two main Transport layer protocols are:


    ·        Transmission Control Protocol

    Provides reliable communication between two hosts.

    ·        User Datagram Protocol

    Provides unreliable communication between two hosts.


    Transmission Control Protocol

    TCP is one of the most important protocols of Internet Protocols suite. It is most widely used protocol for data transmission in communication network such as Internet.


    ·        TCP is reliable protocol, that is, the receiver sends an acknowledgement back to the sender, of each packet it receives. Sender is now confirmed that packet has been received and can process further packets in its queue.

    ·        TCP ensures that data has been received in the order it was sent.

    ·        TCP is connection oriented. TCP requires that connection between two remote points be established before sending actual data.

    ·        TCP provides error-checking and recovery mechanism.

    ·        TCP provides end-to-end communication.

    ·        TCP provides flow control and quality of service.

    ·        TCP operates in Client/Server point-to-point mode.

    ·        TCP provides full duplex server, i.e. it can act like receiver and sender.


    TCP header at minimum is 20 bytes long and maximum 60 bytes.[Image: TCP Header]

    ·        Source Port (16-bits):  Identifies source port of the application process on the sending device.

    ·        Destination Port (16-bits):  Identifies destination port of the application process on the receiving device.

    ·        Sequence Number (32-bits):  Sequence number of data bytes of a segment in a session.

    ·        Acknowledgement Number (32-bits):  When ACK flag is set, this number contains the next sequence number of the data byte expect and works as acknowledgement of the previous data received.

    ·        Data Offset (4-bits):  This field contains two meaning. First, it tells the size of TCP header (32-bit words) Secondly, it indicates the offset of data in current packet in the whole TCP segment.

    ·        Reserved (3-bits):  Reserved for future use and all are set zero by default.

    ·        Flags (1-bit each):

    o   NS: Nonce Sum bit is used by Explicit Congestion Notificationsignaling process.

    o   CWR: When a host receives packet with ECE bit set, it sets Congestion Windows Reduced to acknowledge that ECE received.

    o   ECE: has two meaning:

    §  If SYN bit is clear to 0, then ECE means that the IP packet has its CE (congestion experience) bit set.

    §  If SYN bit is set to 1, ECE means that the device is ECT capable

    o   URG: indicates that Urgent Pointer field has significant data and should be processed.

    o   ACK: indicates that Acknowledgement field has significance. If ACK is cleared to 0, it indicates that packet does not contain any acknowledgement.

    o   PSH: when set, it is a request to the receiving station to PUSH data (as soon as it comes) to the receiving application without buffering it.

    o   RST: Reset flag has many features:

    §  It is used to refuse an incoming connection.

    §  It is used to reject a segment.

    §  It is used to restart a connection.

    o   SYN: this flag is used to set up a connection between hosts.

    o   FIN: this flag is used to release a connection and no more data is exchanged thereafter. Because packets with SYN and FIN flags have sequence numbers, they are processed in correct order.

    ·        Windows Size:  This field is used for flow control between two stations and indicates the amount of buffer (in bytes) the receiver has allocated for a segment, i.e. how much data is the receiver expecting.

    ·        Checksum:  this field contains the checksum of Header, Data and Pseudo Headers.

    ·        Urgent Pointer:  Points to the urgent data byte if URG flag is set to 1.

    ·        Options:  Facilitates additional options which are not covered by the regular header. Option field is always described in 32-bit words. If this field contains data less than 32-bit, padding is used to cover the remaining bits to reach 32-bit boundary.


    TCP communication between two remote hosts is done by means of port numbers (Transport Service Access Points). Ports numbers can range from 0 – 65535 which are known as:

    ·        System Ports (0 – 1023)

    ·        User Ports ( 1024 – 49151)

    ·        Private/Dynamic Ports (49152 – 65535)

    Connection Management:

    TCP communication works in Server/Client model. The client initiates the connection and the server either accept or rejects it. Three-way handshaking is used for connection management.[Image: Three-way handshake]


    Client initiates the connection and sends the segment with a Sequence number. Server acknowledges it back with its own Sequence number and ACK of client’s segment (client’s Sequence number+1). Client after receiving ACK of its segment sends an acknowledgement of Server’s response.


    Either of server and client can send TCP segment with FIN flag set to 1. When the receiving end responds it back by ACKnowledging FIN, that direction of TCP communication is closed and connection is released.

    Bandwidth Management:

    TCP uses the concept of window size to accommodate the need of Bandwidth management. Window size tells the sender (the remote end), how much data byte segment the receiver (this end) can receive. TCP uses slow start phase by using window size 1 increases the window size exponentially after each successful communication.

    For example: Client uses windows size 2 and sends 2 bytes of data. When the acknowledgement of this segment received the windows size is doubled to 4 and next segment will be sent of 4 data bytes. When the acknowledgement of 4-byte data segment is received client sets windows size to 8 and so on.

    If an acknowledgement is missed, i.e. data lost in transit network or it receives NACK the window size is reduced to half and slow start phase starts again.

    Error Control & Flow Control:

    TCP uses port numbers to know what application process it needs to handover the data segment. Along with that it uses sequence numbers to synchronize itself with the remote host. All data segments are sent and received with sequence numbers. The Sender knows which last data segment was received by the Receiver when it gets ACK. The Receiver knows what last segment was sent by the Sender looking at the sequence number of recently received packet.

    If the sequence number of a segment recently received does not match with the sequence number the receiver was expecting it is discarded and NACK is sent back. If two segments arrives with same sequence number, the TCP timestamp value is compared to make a decision.


    The technique to combine two or more data stream in one session is called Multiplexing. When a TCP client initializes a connection with Server, it always refers to a well-defined port number which indicates the application process. The client itself uses a randomly generated port number from private port number pools.

    Using TCP Multiplexing, a client can communicate with a number of different application process in a single session. For example, a client requests a web page which in turn contains different type of data (HTTP, SMTP, FTP etc.) the TCP session timeout is increased and the session is kept open for longer time so that the three-way handshake overhead can be avoided.

    This enables the client system to receive multiple connection over single virtual connection. These virtual connections are not good for Servers if the timeout is too long.

    Congestion Control:

    When large amount of data is fed to system which is not capable of handling such amount of data, congestion occurs. TCP controls congestion by means of Window mechanism. TCP sets a window size telling the other end how much data segment to send. TCP may use three algorithms for congestion control:

    ·        Additive increase, Multiplicative Decrease

    ·        Slow Start

    ·        Timeout React

    Timer Management:

    TCP uses different types of timer to control and management different type of tasks:


    ·        This timer is used to check the integrity and validity of a connection.

    ·        When keep-alive time expires, the host sends a probe to check if the connection still exists.


    ·        This timer maintains stateful session of data sent.

    ·        If the acknowledgement of sent data does not receive within the Retransmission time, the data segment is sent again.


    ·        TCP session can be paused by either host by sending Window Size 0.

    ·        To resume the session a host needs to send Window Size with some larger value.

    ·        If this segment never reaches the other end, both end may wait for each other for infinite time.

    ·        When the Persist timer expires, the host re-send its window size to let the other end know.

    ·        Persist Timer helps avoid deadlocks in communication.


    ·        After releasing a connection, either host waits for a Timed-Wait time to terminate the connection completely.

    ·        This is in order to make sure that the other end has received the acknowledgement of its connection termination request.

    ·        Timed-out can be a maximum of 240 seconds (4 minutes).

    Crash Recovery:

    TCP is very reliable protocol. It provides sequence number to each of byte sent in segment. It provides the feedback mechanism i.e. when a host receives a packet it is bound to ACK that packet having the next sequence number expected (if it is not the last segment).

    When a TCP Server crashes mid-way communication and re-starts its process it sends TPDU broadcast to all its hosts. The hosts can then send the lasts data segment which was never unacknowledged and carry onwards.


    User Datagram Protocol

    UDP is simplest Transport Layer communication protocol available of the TCP/IP protocol suite. It involves minimum amount of communication mechanism. UDP is said to be an unreliable transport protocol but it uses IP services which provides best effort delivery mechanism.

    In UDP, the receiver does not generate an acknowledgement of packet received and in turn, the sender does not wait for any acknowledgement of packet sent. This feature makes this unreliable as well as easier on processing.


    Why do we need an unreliable protocol to transport data? We deploy UDP where the acknowledgement packets share significant amount of bandwidth with the actual data. Say for example, in Video streaming thousands of packets are forwarded towards its users. Acknowledging all the packets is troublesome and may contain huge amount of bandwidth wastage. The best delivery mechanism of underlying IP protocol ensures best efforts to deliver its packets, but even if some packets in video streaming get lost, the impact is not huge and can be ignored easily. Loss of few packets in video and voice traffic sometime goes unnoticed.


    ·        UDP is used when acknowledgement of data does not hold any significance.

    ·        UDP is good protocol for data flowing in one direction.

    ·        UDP is simple and suitable for query based communications.

    ·        UDP is not connection oriented.

    ·        UDP does not provide congestion control mechanism.

    ·        UDP does not guarantee ordered delivery of data.

    ·        UDP is stateless.

    ·        UDP is suitable protocol for streaming applications such as VoIP, multimedia streaming.

    UDP Header:

    UDP header is as simple as its function[Image: UDP Header]

    UDP header contains four main parameters:


    ·        Source Port:  This 16 bits information is used to identify the source port of the packet.

    ·        Destination Port:  This is also 16 bits information, which is used identify application level service on destination machine.

    ·        Length:  Length field specifies the entire length of UDP packet (including header). It is 16-bits field and minimum value is 8-byte, i.e. the size of UDP header itself.

    ·        Checksum:  This field stores the checksum value generated by the sender before sending. IPv4 has this field as optional so when checksum field does not contain any value is made 0 and all its bits are set to zero.

    UDP application:

    Here are few applications as example, which uses UDP to transmit data:


    ·        Domain Name Services

    ·        Simple Network Management Protocol

    ·        Trivial File Transfer Protocol

    ·        Routing Information Protocol

    ·        Kerberos