wow… DNS is not mentioned in the ccie blueprint.. it is however listed in topics for CCNA..

DNS mechanics


and here is a great link on DNS

5.0 Infrastructure Services


Hide Details

5.1 Describe DNS lookup operation

5.2 Troubleshoot client connectivity issues involving DNS

5.3 Configure and verify DHCP on a router (excluding static reservations)

5.3.a Server
5.3.b Relay
5.3.c Client
5.3.d TFTP, DNS, and gateway options

1.1.e Explain TCP operations

i was actually asked this once in a phone interview. name four of the six flags in a tcp stream…

syn, ack, fin, right?

then radio silence. dammit.

one might argue this is almost trivia but that would be dismissive. of course he was reading from a cheat sheet while i was relying on my early onset alzhiemer’s. the cobwebs pile up.

and rust never sleeps. to review, thanks to the wonderful site:


Let’s take a look at the TCP flags field to begin our analysis:


You can see the 2 flags that are used during the 3-way handshake (SYN, ACK) and data transfers.

As with all flags, a value of ‘1’ means that a particular flag is ‘set’ or, if you like, is ‘on’. In this example, only the “SYN” flag is set, indicating that this is the first segment of a new TCP connection.

In addition to this, each flag is one bit long, and since there are 6 flags, this makes the Flags section 6 bits in total.

You would have to agree that the most popular flags are the “SYN”, “ACK” and “FIN”, used to establish connections, acknowledge successful segment transfers and, lastly, terminate connections. While the rest of the flags are not as well known, their role and purpose makes them, in some cases, equally important.

We will begin our analysis by examining all six flags, starting from the top, that is, the Urgent Pointer:

1st Flag – Urgent Pointer

The first flag is the Urgent Pointer flag, as shown in the previous screen shot. This flag is used to identify incoming data as ‘urgent’. Such incoming segments do not have to wait until the previous segments are consumed by the receiving end but are sent directly and processed immediately.

An Urgent Pointer could be used during a stream of data transfer where a host is sending data to an application running on a remote machine. If a problem appears, the host machine needs to abort the data transfer and stop the data processing on the other end. Under normal circumstances, the abort signal will be sent and queued at the remote machine until all previously sent data is processed, however, in this case, we need the abort signal to be processed immediately.

By setting the abort signal’s segment Urgent Pointer flag to ‘1’, the remote machine will not wait till all queued data is processed and then execute the abort. Instead, it will give that specific segment priority, processing it immediately and stopping all further data processing.

If you’re finding it hard to understand, consider this real-life example:

At your local post office, hundreds of trucks are unloading bags of letters from all over the world. Because the amount of trucks entering the post office building are abundant, they line up one behind the other, waiting for their turn to unload their bags.

As a result, the queue ends up being quite long. However, a truck with a big red flag suddenly joins the queue and the security officer, whose job it is to make sure no truck skips the queue, sees the red flag and knows it’s carrying very important letters that need to get to their destination urgently. By following the normal procedures, the security officer signals to the truck to skip the queue and go all the way up to the front, giving it priority over the other the trucks.

In this example, the trucks represent the segments that arrive at their destination and are queued in the buffer waiting to be processed, while the truck with the red flag is the segment with the Urgent Pointer flag set.

A further point to note is the existence of theUrgent Pointer field. This field is covered in section 5, but we can briefly mention that when the Urgent Pointer flag is set to ‘1’ (that’s the one we are analysing here), then the Urgent Pointer field specifies the position in the segment where urgent data ends.

2nd Flag – ACKnowledgement

The ACKnowledgement flag is used to acknowledge the successful receipt of packets.

If you run a packet sniffer while transferring data using the TCP, you will notice that, in most cases, for every packet you send or receive, an ACKnowledgement follows. So if you received a packet from a remote host, then your workstation will most probably send one back with the ACK field set to “1”.

In some cases where the sender requires one ACKnowledgement for every 3 packets sent, the receiving end will send the ACK expected once (the 3rd sequential packet is received). This is also called Windowing and is covered extensively in the pages that follow.

3rd Flag – PUSH

The Push flag, like the Urgent flag, exists to ensure that the data is given the priority (that it deserves) and is processed at the sending or receiving end. This particular flag is used quite frequently at the beginning and end of a data transfer, affecting the way the data is handled at both ends.

When developers create new applications, they must make sure they follow specific guidelines given by the RFC’s to ensure that their applications work properly and manage the flow of data in and out of the application layer of the OSI model flawlessly. When used, the Push bit makes sure the data segment is handled correctly and given the appropriate priority at both ends of a virtual connection.

When a host sends its data, it is temporarily queued in the TCP buffer, a special area in the memory, until the segment has reached a certain size and is then sent to the receiver. This design guarantees that the data transfer is as efficient as possible, without waisting time and bandwidth by creating multiple segments, but combining them into one or more larger ones.

When the segment arrives at the receiving end, it is placed in the TCP incoming buffer before it is passed onto the application layer. The data queued in the incoming buffer will remain there until the other segments arrive and, once this is complete, the data is passed to the application layer that’s waiting for it.

While this procedure works well in most cases, there are a lot of instances where this ‘queueing’ of data is undesirable because any delay during queuing can cause problems to the waiting application. A simple example would be a TCP stream, e.g real player, where data must be sent and processed (by the receiver) immediately to ensure a smooth stream without any cut offs.

A final point to mention here is that the Push flag is usually set on the last segment of a file to prevent buffer deadlocks. It is also seen when used to send HTTP or other types of requests through a proxy – ensuring the request is handled appropriately and effectively.

4th Flag – Reset (RST) Flag

The reset flag is used when a segment arrives that is not intended for the current connection. In other words, if you were to send a packet to a host in order to establish a connection, and there was no such service waiting to answer at the remote host, then the host would automatically reject your request and then send you a reply with the RST flag set. This indicates that the remote host has reset the connection.

While this might prove very simple and logical, the truth is that in most cases this ‘feature’ is used by most hackers in order to scan hosts for ‘open’ ports. All modern port scanners are able to detect ‘open’ or ‘listening’ ports thanks to the ‘reset’ function.

The method used to detect these ports is very simple: When attempting to scan a remote host, a valid TCP segment is constructed with the SYN flag set (1) and sent to the target host. If there is no service listening for incoming connections on the specific port, then the remote host will reply with ACK and RST flag set (1). If, on the other hand, there is a service listening on the port, the remote host will construct a TCP segment with the ACK flag set (1). This is, of course, part of the standard 3-way handshake we have covered.

Once the host scanning for open ports receives this segment, it will complete the 3-way handshake and then terminate it using the FIN (see below) flag, and mark the specific port as “active”.

5th Flag – SYNchronisation Flag

The fifth flag contained in the TCP Flag options is perhaps the most well know flag used in TCP communications. As you might be aware, the SYN flag is initialy sent when establishing the classical 3-way handshake between two hosts:


In the above diagram, Host A needs to download data from Host B using TCP as its transport protocol. The protocol requires the 3-way handshake to take place so a virtual connection can be established by both ends in order to exchange data.

During the 3-way handshake we are able to count a total of 2 SYN flags transmitted, one by each host. As files are exchanged and new connections created, we will see more SYN flags being sent and received.

6th Flag – FIN Flag

The final flag available is the FIN flag, standing for the word FINished. This flag is used to tear down the virtual connections created using the previous flag (SYN), so because of this reason, the FIN flag always appears when the last packets are exchanged between a connection.

It is important to note that when a host sends a FIN flag to close a connection, it may continue to receive data until the remote host has also closed the connection, although this occurs only under certain circumstances. Once the connection is teared down by both sides, the buffers set aside on each end for the connection are released.

EVE-NG on win vmware without win

i stopped liking windows a long time ago. In fact i detest it. This morning I realized I was wasting time accessing eve while being hobbled by winblows. With a little research I realized that this:

4.9.40-eve-ng-ukms-2+ GNU/Linux

is actually:

4.9.x LTS

which means it’s actually ubuntu 16.04, and i was happy.

i decided to roll the dice and slap ubuntu desktop on it.

for info on installing and configuring eve-ng, images, client-pack, etc, there is eve-ng.net, youtube, and younameit… this is about using winblows as a silent host to the eve vm. basically, getting it out of the picture.

installing the desktop gui takes quite a while. first i expanded the disk space in vmware for eve from 40 to 100G.

shut down the vm, go to vm–settings, select hard disk, click expand, get coffee.

install ubuntu desktop:

apt-get install-ubuntu-desktop, get coffee, have a smoke; this takes quite a while.

after apt-get, you will boot into the unity desktop. not for me. set up gnome flashback:

apt-get install gnome-session-flashback.

at some point you’ll want to run apt-get update and get more coffee.

reboot, select gnome at login and kiss unity goodbye.

by this time i was already accessing eve-ng from within ubuntu vm without using winblows, on firefox from gnome desktop.

you will need to install the linux-client pack from eve-ng.net to use terminal, telnet, etc.

so far the only downside here is that i’m a zoc user and zoc does not support nix.

first real problem i encountered was native terminal from the gnome gui would not launch. xterm and uxterm would, but not plain terminal with ctrl-alt-t or by clicking it from applications.

the terminal fix is:

$ dpkg-reconfigure locales

You’ll see a long list of locales, and you can navigate that list with the up/down arrow keys. Pressing the space bar toggles the locale under the cursor. Make sure to select at least one UTF-8 locale, for example en_US-UTF-8 is usually supported very well. (The first part of the locale name stands for the language, the second for the country or dialect, and the third for the character encoding).

In the next step you have the option to make one of the previously selected locales the default. Picking a default UTF-8 locale as default is usually a good idea.

next was resolution not holding up between reboots. vm auto-fit, auto size did not help. changing resolution in gnome from the default 800×600 and apply wouldn’t stick between reboots. bash script in startup-applications also did not work.


write a bash script and save it to an accessible folder:

xrandr –output Virtual1 –mode 1360×768

a couple of key points

must contain #! (sha-bang)
filename must end in .sh
replace Virtual1 (the name gnome gave to my display) with your display name found with xrandr -q

$ xrandr -q
Screen 0: minimum 1 x 1, current 1360 x 768, maximum 4096 x 4096
Virtual1 connected primary 1360×768+0+0 (normal left inverted right x axis y axis) 0mm x 0mm
800×600 60.00 + 60.32
1360×768 60.02*
1280×800 59.81
1152×864 75.00
1280×768 59.87
1024×768 60.00
640×480 59.94

you can use xrandr to add a resolution not in the list but since 1360×768 was available, i didn’t bother. have fun with that.

be sure to chmod u+x to make it executable

you can execute the script from terminal and it will change the resolution but will revert across reboots.



more later…


i like it, i use it…

i use it with vmware workstation on win 7…

sets up very easily…



for windows wireshark was tricky… download the eve-ng windows client pack. my experience is that since i had wirehark already installed it wouldn’t capture properly with eve… i uninstalled wireshark, rebooted, then reinstalled the client pack and capturing is now correct…

also with vpcs dhcp is a little funky with ip helper. i still haven’t found a workaround to the option 125 error when relaying off net. however dhcp works fine on a local subnet.

How to Transfer Data or Files From Computer to Computer

Have to easily connect to another laptop wirelessly to help you move some data with no switch or Internet connection? Lacking any Internet connection, you can’t use syncing companies like Dropbox to talk about information between devices quickly. For those who have a network system just like a hub, hub or transition, you may get the computers to speak with eachother, but it requires a great deal of additional function (filesharing, permissions, firewall configurations, etc).

However, if you have a laptop or computer that’s an invisible card and thus does your friend, you can use the cards to create a wireless connection between your two computers. When they are connected wirelessly (also called a peer-to-peer ad hoc wireless network), you can easily share knowledge between your computers. best laptops below 1000

You can make an ad hoc network in Windows or in OS X as well as in this report I’ll explain the measures for producing the network for every OS. It’s important to observe that ad-hoc networks in general have certain constraints which make them only ideal for certain conditions. Firstly, the pace of an adhoc network is normally less than that of a standard infrastructure network. Ad-hoc network features just require a max-speed of 11Mbps, that is way slower than b/h/n/ac max speeds.

Secondly, you can’t check signal strength of ad-hoc networks, so that you must ensure the computers are reasonably close to eachother and don’t move alot. Finally, adhoc networks don’t help all of the safety attributes of normal infrastructure networks, to allow them to become more easily compromised.

Establishing an ad hoc Network:

This guide will be published for Windows 7, however you can follow the exact same instructions for Windows-8 and Windows Vista. To begin with, start the Control Panel and click System and Sharing Center.

  1. network sharing center
  2. Around the next dialogue, click the Setup a fresh link or system link towards the underside.
  3. setup new connection
  4. In the new connection dialog, scroll down until you see the Setup a radio random (computer-to-computer) network option.
  5. setup wireless ad hoc

To the next screen, it’ll describe exactly what a ad hoc wireless network is and will inform you that when you’re currently attached to a radio system, you’ll probably get disconnected. Go on and click Next.

  • new random network:

Now you’ve to provide the system a title, select a security type and provides it a security key. For your security key, you may select from just three alternatives: no certification, WEP or WPA2-Personal. The standard is WPA2-Personal, which can be the strongest. Press next after which you’ll get a screen showing you that the community has been setup. Observe that should you don’t check the Save this network pack, as soon as you remove in the ad hoc network, it will simply disappear. If you prefer to use it again, you’ll need to start from scratch.

  • network setup

Congrats, you’ve finished the primary part! Go ahead and start your set of wireless networks and you should see your newly created one listed along with the rest of the wireless networks. Click it to connect.