command ifconfig unix

command tuk downkan network

# ifconfig hme0 down && ifconfig -a
lo0: flags=1000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000842 mtu 1500 index 2
inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:93:c9:af

command tuk upkan network

# ifconfig hme0 up
# ifconfig -a
lo0: flags=1000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 mtu 1500 index 2
inet 192.168.30.41 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:93:c9:af
Sending ICMP ECHO_REQUEST Packets
To determine if you can contact another system over the network, enter
the ping command:
# ping sys41
sys41 is alive

installation perl..

salam...bertemu lagi kita dah lama tak update blog ni kerana sibuk.ok lah ni saya tunjukkan cara-cara nak menggunakan software perl...selepas install software perl kita buat satu fail.pl

create satu file notepad.masukkan script seperti dibawah..




kemudian kita save fail notepad ini dgn fail ym.pl.secara automatik fail ini akan berubah berlogo perl.kemuadian masuk cmd



taip dimana fail.pl yg kita letak tadi
cth:
c:cd Desktop
c:Desktop>perl ym.perl
akan terpapar menu ini




taip sahaja id yahoo kawan kita ia akan paparkan sama ada kawan kita online ke offline...

installation sun solaris 10 used vmware

selamat hari raya aidilfitri maaf zahir & batin

install windows7 evolution copy build 7100

kat sini saya nak tunjukkan cara2 nak install windows 7.windows 7 ni asal die windows longhorn sebelum vista.dan apabila microsoft mengetahui kelemahan vista, para engginear die buat penambahbaikan dan terhasillah windows vienna dan nama tersebut di tukar menjadi windows 7

k saya nak tunjuk serba sedikit cmane nak install windows 7.mula masukkan cd dan apabila kuar arahan pada screen hitam enter sahaja.tunggu sampai kuar paparan ini





kemudian klik next



klik install now.lepas tu akan keluar paparan ini




sampai keluar paparan ini


>


klik accept pastu next




pastu klik pada custom advanced.akan keluar paparan ini



installation lebih kurang mcm vista je..papran diatas menunjukkan partition pada pc tersebut.pilih salah satu partition dan klik next.
perhatian
pastikan patition yang di pilih saiz 30gb ke atas,ini kerana windows 7 memerlukan 18gb saiz hard disk dan 10gb free space,




installation bermula











dan akhirnya maka siaplah installation windows 7



selamat mencuba...

How to Downgrade Vista to XP

Downgrading from Windows Vista to Windows XP is almost like installing Windows XP for the first time. You should take all the normal precautions like backing up all your important files and record important passwords in a different place, preferably on a CD. When you downgrade from Windows Vista to XP, note that Windows Vista will be completely removed from your system.

(Note: There is a way to have both Vista and XP in a dual boot configuration, but that's an option for more advanced users. See Dual Booting Vista and XP for more info on that.)

Before you begin the XP installation, make sure that the necessary XP hardware drivers are available, or included on the XP disk provided by your PC vendor. If in doubt, check the vendor's website or poke around with your favorite search engine to see if others have attempted the XP install on the same hardware. You may be able to install XP without all the needed drivers, but some hardware may not work afterwards.

Also, make sure that you have a genuine Windows XP CD before you begin the downgrade. Be sure to read the section earlier in this article to see if you qualify for a low/no cost XP recovery disk from your PC vendor. If not, perhaps you have an XP disc that came with another computer. If you've upgraded an existing computer from XP to Vista, the best choice would be the XP install/recovery disc that came with that computer. One some PC's the vendor doesn't ship a CD, but the recovery CD can be created from disk images on the hard drive. If all else fails, you can always buy a copy of Windows XP on Ebay. Just be sure it's a legal, licensed copy.

Follow these steps to install Windows XP on your Vista machine:

* Insert your Windows XP install/recovery CD and restart your computer.
* Install Windows XP normally, providing either the product key that came with the disk, or the one you got from Microsoft customer support. If the installer warns you that another copy of Windows is already installed, don't worry. Remember, this install will wipe out your existing Vista installation.
* Activate your copy of Windows XP when it prompts you to do so. If you run into the "already activated" problem, you can use the option to activate by phone.
* If you own Vista Business or Vista Ultimate, explain to the rep that you want to use your Downgrade Rights to install XP Pro.
* If you own Vista Home Basic/Premium, or you are installing XP Home Edition, don't mention ANYTHING about Vista. Just give the rep your XP product key (not the Vista key), explain that you are installing XP on a new hard drive, and tell them you need to activate.

Have you successfully downgraded from Vista to XP? Share your experience. Got questions or comments about downgrad

website-website tentang network security

kat sini saya sertakan website-website security network dan post ini akan diupdate dari semasa ke semasa:
http://www.securityfocus.com
http://sectools.org/
http://cybersecurity.org.my
http://mycert.org.my
http://www.iss.net/
http://netsecurity.about.com/
http://www.interhack.net/pubs/network-security/

contoh diagram network

What Is Security?

*

Security is a measurement, not a characteristic.

It is unfortunate that many software projects list security as a simple requirement to be met. Is it secure? This question is as subjective as asking if something is hot.
*

Security must be balanced with expense.

It is easy and relatively inexpensive to provide a sufficient level of security for most applications. However, if your security needs are very demanding, because you're protecting information that is very valuable, then you must achieve a higher level of security at an increased cost. This expense must be included in the budget of the project.
*

Security must be balanced with usability.

It is not uncommon that steps taken to increase the security of a web application also decrease the usability. Passwords, session timeouts, and access control all create obstacles for a legitimate user. Sometimes these are necessary to provide adequate security, but there isn't one solution that is appropriate for every application. It is wise to be mindful of your legitimate users as you implement security measures.
*

Security must be part of the design.

If you do not design your application with security in mind, you are doomed to be constantly addressing new security vulnerabilities. Careful programming cannot make up for a poor design.


labih lanjut layari web ni : http://phpsec.org/projects/guide/1.html#1.1

Securing Apache Web Server with mod_security

he Internet has its share of packet filters and proxy servers in order to increase the security for clients and servers alike. Filtering network traffic is never a bad idea since it provides a basic level of protection. When it comes down to protecting web servers your packet filter will most probably allow HTTP and HTTPS traffic to your server application. Unless you deploy an application proxy that inspects HTTP you can't do more. But you can equip your Apache web server with mod_security which in turns helps you to analyse any request thrown at it.
Application Layer Inspection

When you do any network traffic filtering or inspection you have to keep in mind that usually nothing understand the things that should be inspected better than the application in question. This is one of the reasons why proxy filters are "better" suited for this job. They know the protocol and can normalise fancily encoded requests. mod_security is in a very similar position. It sits right inside the Appache httpd process and inspects the HTTP requests. This is an important advantage over proxies since it can also see compressed or even encrypted content without difficulties.

So, what needs to be inspected? Apache's httpd surely does inspect HTTP requests. What do I need more? Well, there are some things mod_security can do for you.

* Better logging
The module can log the content of HTTP POST requests. Apache usually doesn't log that. Furthermore you can log complete HTTP transactions. This makes the job of a potential attacker harder. In addition to that you have a very fine control on what and when to log.
* Real time operation
mod_security sees the requests directly and can act immediately.
* Anomalies
The security module can act on anomalies in the web server operation by looking at request rates, IP addresses, HTTP sessions and user account.
* Black-/whitelisting
You can use a signature-based approach and define what you want to allow and what you want to block.
* Protects other web servers
You can even protect other web server software by combining it with mod_proxy. The Apache server can act as reverse proxy thus seeing all HTTP requests and applying rule sets.

nak lebih lanjut layari : http://linuxgazette.net/143/pfeiffer.html

Trojan Horse

Trojan horse is a destructive program that hides themselves as an ordinary harmless programs. A trojan program installed successfully in a PC, can permit an intruder to access or modify any information available in the PC and worst still the software configuration of a computer can be changed to permit subsequent intrusions. Examples of Trojan horse activities are erasing files and directories, collecting passwords and sending sensitive personal information to other users.

Antivirus Sites

Updating Virus Definition / Signature File

Update your Virus Definition to protect your computer from the latest viruses, worms or trojans. Below are the direct links to the update sites of some popular anti-virus software.

* Armour Anti-Virus
* Avast! Anti-Virus
* AVG Anti-Virus
* Command AntiVirus
* eTrust Antivirus
* F-Secure
* Hauri ViRobot
* Kaspersky Lab
* McAfee
* Norton AntiVirus
* Sophos Anti-Virus
* Trend Micro

Virus Information Center

Information on the current malicious code threats can be found here.

* CA's Security Advisor
* F-Secure Virus Description Database
* Hauri Virus Search
* NOD32 Virus Encyclopedia
* McAfee Threat Center
* Sophos Threat Analyses
* Symantec Threat Explorer
* Trend Micro Virus Information
* Virus Bulletin

Malicious Software

Malicious software also known as malware is a computer program created with malicious intents. It performs some malicious tasks such as stealing your identity, key logging, disrupt system, damage data or may attack other computers. It may be installed unintentionally when users open unsolicited emails, visit pornography and warez sites or just simply attacked by unknown source while being online. Usually unpatched systems or systems with vulnerable applications will easily become target to malware.

Malicious software includes

* Trojan horse
* Virus
* Worms

Interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, but they are time consuming and costly to handle. Read about Internet Hoax if you receive an unvalidated warning about viruses or trojans.

Please regularly check the below sites whenever you receive a virus alert.

* Antivirus sites
* Hoax database sites

If you suspect that your computer has been infected by malicious software, you may need to run a freeware tool called HijackThis and investigate its output. If you are unable to do so, you can email us at mycert [at] mycert.org.my with the attachment of the output. Another tool that could be used to remove malicious software is SUPERAntiSpyware.

Please read our brief guide on how to use these two software and how to obtain logs as below.

* HijackThis
* SUPERAntiSpyware

SMURF Attack

Problem:

As explained at http://www.quadrunner.com/~chuegen/smurf.cgi:

The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of them having a spoofed source address of a victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function noted below, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could be potentially hundreds of machines reply to each packet.

The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it is a simple re-write of "smurf".

Currently, the providers/machines most commonly hit are IRC servers and their providers.

There are two parties whom are hurt by this attack... the intermediary (broadcast) devices--let's call them "amplifiers", and the spoofed address target, or the "victim". The victim is the target of a large amount of traffic that the amplifiers generate.

Let's look at the scenario to paint a picture of the dangerous nature of this attack. Assume a co-location switched network with 100 hosts, and that the attacker has a T1. The attacker sends, say, a 768kb/s stream of ICMP echo (ping) packets, with a spoofed source address of the victim, to the broadcast address of the "bounce site". These ping packets hit the bounce site's broadcast network of 100 hosts; each of them takes the packet and responds to it, creating 100 ping replies out-bound. If you multiply the bandwidth, you'll see that 76.8 Mbps is used outbound from the "bounce site" after the traffic is multiplied. This is then sent to the victim (the spoofed source of the originating packets).

Solutions:

*

Apply filtering rules at your border router.

Filter out ICMP/UDP packets directed for broadcast addresses. To filter out ICMP directed broadcast, please use this vendor specific information (for others please refer to http://www.quadrunner.com/~chuegen/smurf.cgi):
o

Cisco - as of IOS version 12.0, a feature called no ip directed-broadcast" is now the default configuration. For previous versions of IOS, use the interface configuration command to enable this.
o

Bay Networks - You can use this command

[1:1]$bcc
bcc> config
hostname# ip
ip# directed-bcast disabled
ip# exit
o

3Com NetBuilder - To disable 3Com routers from forwarding directed broadcast, you can enter this command

SETDefault -IP CONTrol = NoFwdSubnetBcast

*

Apply patches for hosts to discard ICMP directed broadcast

Here is the relevant information for specific platforms:
o

IBM AIX 4.x - use this command

no -o bcastping=0 Â Â Â Â # disable bcast ping responses (default)
o

Solaris - add this command into /etc/rc2.d/S69inet

ndd -set /dev/ip ip_respond_to_echo_broadcast 0
o

FreeBSD - as of version 2.2.5, FreeBSD does not respond to echo request directed for broadcast addresses. The relevant sysctl parameter is

net.inet.icmp.bmcastecho
o

NetBSD/OpenBSD - use this parameter for sysctl

sysctl -w net.inet.ip.directed-broadcast=0
o

Linux - in Linux you can completely deny echo request by compiling this option in the kernel, i.e. CONFIG_IP_IGNORE_ECHO_REQUESTS.

However, this violates RFC 1122. To protect Linux hosts from this attack, one can make use of Linux's in-kernel firewall capability. This can be done with

ipfwadm -I -a deny -P icmp -D 123.123.123.0 -S 0/0 0 8
ipfwadm -I -a deny -P icmp -D 123.123.123.255 -S 0/0 0 8

(replace 123.123.123.0 and 123.123.123.255 with your base network number and broadcast address, respectively).

SYSLOG and SNMP Bombs

Problem:

This issue is more like the MAIL BOMB ATTACK.

Unauthorized users can send large amounts of large log messages to your logging server, often filling up disk space on you system, denying collection of additional logging data.

These attacks usually involve the unauthorized user(s) sending thousands of large log messages to your server.

Once the disk fills up, additional messages are rejected by the server.

Solutions:

*

Deploy monitoring systems

Ensure your monitoring systems monitor the number of log messages coming into your server, and reporting sudden spikes in traffic.

In addition, monitoring systems should check for active disk space on your systems, and reporting when your partitions are in jeopardy.
*

Ensure log directories are on dedicated disk partitions

Ensure that your mail spool and log directories would not affect other aspects of the system if they where filled.

For example, having a log message directory on a Unix ROOT file system may effect the availability of the system itself if the system was subject to a successfull Denial Of Service Attack.
*

Report abuse to your Internet Service Provider

When a Denial Of Service attack is detected on your systems, contact the Security Department of your Internet Service Provider to have them assist in tracking down the source of the active attack.

Mail Bomb

Problem:

Unauthorized users can send large amounts of large email messages to and through your email server, often filling up disk space on your mail system, denying email services to other users.

These attacks usually involve the unauthorized user(s) sending thousands of large binary attachments to a single or multiple valid users on your server (or spooling through your server in attack against someone else, using your server to hide his tracks).

Once the disk fills up, the server rejects additional messages.

Solutions:

*

Deploy monitoring systems

Ensure your monitoring systems monitor the number of messages coming into your server, and reporting sudden spikes in traffic.

In addition, monitoring systems should check for active disk space on your systems, and reporting when your partitions are in jeopardy.
*

Ensure mail spool areas are on large, dedicated disk partitions

Ensure that your mail spool and log directories would not affect other aspects of the system if they were filled.

For example, having the mail spool, queue and/or users mail directories on a Unix ROOT file system may affect the availability of the system itself if the system was subject to a successful Denial Of Service Attack.
*

Report abuse to your Internet Service Provider

When a Denial Of Service attack is detected on your systems, contact the Security Department of your Internet Service Provider to have them assist in tracking down the source of the active attack.

ICMP or PING Flood Attack

Problem:

Unauthorized users can disrupt your service or consume your available network bandwidth by sending a constant stream of forged ICMP packets to your system(s).

Known as a "Ping Flood" attack, computer hackers send a steady stream of PING packets (known as "echo request" packets) to your system(s). In many cases, this flood of traffic can consume system resources, and even consume significant amounts of bandwidth on mid to low speed connections (eg; T1 and below).

Solutions:

*

Block Traffic

In most cases, you can simply deny ICMP packets on your network firewalls to prevent the traffic from affecting your systems. However, since the traffic is still traversing your access line, you need to ensure your Internet Service Providor is involved.
*

Report abuse to your Internet Service Provider

When a Denial Of Service attack is detected on your systems, contact the Security Department of your Internet Service Providor to have them assist in tracking down the source of the active attack.

SYN Attack

SYN Attack

Problem:

All systems on the Internet which accept TCP connections are susceptible to a SYN attack.

From CERT Alert CA-96.21:

"When a system (called the client) attempts to establish a TCP connection to a system providing a service (the server), the client and server exchange a set sequence of messages. This connection technique applies to all TCP connections--telnet, Web, email, etc.

The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message. The connection between the client and the server is then open, and the service-specific data can be exchanged between the client and the server. Here is a view of this message flow:

Client Server
------ ------
SYN-------------------->
<--------------------SYN-ACK
ACK-------------------->


Client and server can now send service-specific data.

The potential for abuse arises at the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message. This is what we mean by half-open connection. The server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections.

Creating half-open connections is easily accomplished with IP spoofing. The attacking system sends SYN messages to the victim server system; these appear to be legitimate but in fact reference a client system that is unable to respond to the SYN-ACK messages. This means that the final ACK message will never be sent to the victim server system.

The half-open connections data structure on the victim server system will eventually fill; then the system will be unable to accept any new incoming connections until the table is emptied out. Normally there is a timeout associated with a pending connection, so the half-open connections will eventually expire and the victim server system will recover. However, the attacking system can simply continue sending IP -spoofed packets requesting new connections faster than the victim system can expire the pending connections.

In most cases, the victim of such an attack will have difficulty in accepting any new incoming network connection. In these cases, the attack does not affect existing incoming connections nor the ability to originate outgoing network connections.

However, in some cases, the system may exhaust memory, crash, or be rendered otherwise inoperative.

The location of the attacking system is obscured because the source addresses in the SYN packets are often implausible. When the packet arrives at the victim server system, there is no way to determine its true source. Since the network forwards packets based on destination address, the only way to validate the source of a packet is to use input source filtering..."

Solutions:

The SYN Attack rests at the very core of identified weakness of the TCP/IP protocal, and are difficult, if not impossible in some cases, to correct.

Denial Of Services

Denial Of service attack is giving dramatic effects on the service and stability of its victims.

Although this is not something new, the increased accessability of the Internet and the ever decreasing age and sophistication of the average computer hacker, is resulting in an enourmous surge in the type of attack which is specifically and solely intended to deny service to the system or application. In many cases, the exploit code to conduct these attacks are freely available on the Internet, and it can affect the stability of the system only by a few keystrokes and by mere click of the mouse.

These attacks take advantage of the deficiencies in the TCP/IP protocal which is used as the baseline for communications on the Internet, and they are difficult, if not impossible, to trace their source since the packets can be "spoofed" or "forged" as they come from any source on the Internet

Virus alert about the Win32/Conficker.B worm

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

* Account lockout policies are being tripped.
* Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
* Domain controllers respond slowly to client requests.
* The network is congested.
* Various security-related Web sites cannot be accessed.


Win32/Conficker.B has multiple propagation methods. These include the following:

* Exploitation of the vulnerability that is patched by security update 958644 (MS08-067)
* The use of network shares
* The use of AutoPlay functionality

Therefore, you must be careful when you clean a network so that the threat is not reintroduced to systems that have previously been cleaned.



Stop Conficker from spreading by using Group Policy
Notes

* This procedure does not remove the Conficker malware from the system. This procedure only stops the spread of the malware. You should use an antivirus product to remove the Conficker malware from the system. Or, follow the steps in the "Manual steps to remove the Conficker.b variant" section of this Knowledge Base article to manually remove the malware from the system.
* Please carefully read and understand the note in step 4 of this procedure.

Create a new policy that applies to all computers in a specific organizational unit (OU), site, or domain, as required in your environment.

To do this, follow these steps:

1. Set the policy to remove write permissions to the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
This prevents the random named malware service from being created in the netsvcs registry value.

To do this, follow these steps:
1. Open the Group Policy Management Console (GPMC).
2. Create a new Group Policy object (GPO). Give it any name that you want.
3. Open the new GPO, and then move to the following folder:
Computer Configuration\Windows Settings\Security Settings\Registry
4. Right-click Registry, and then click Add Key.
5. In the Select Registry Key dialog box, expand Machine, and then move to the following folder:
Software\Microsoft\Windows NT\CurrentVersion\Svchost
6. Click OK.
7. In the dialog box that opens, click to clear the Full Control check box for both Administrators and System.
8. Click OK.
9. In the Add Object dialog box, click Replace existing permissions on all subkeys with inheritable permissions.
10. Click OK.
2. Set the policy to remove write permissions to the %windir%\tasks folder. This prevents the Conficker malware from creating the Scheduled Tasks that can re-infect the system.

To do this, follow these steps:
1. In the same GPO that you created earlier, move to the following folder:
Computer Configuration\Windows Settings\Security Settings\File System
2. Right-click File System, and then click Add File.
3. In the Add a file or folder dialog box, browse to the %windir%\Tasks folder. Make sure that Tasks is highlighted and listed in the Folder: dialog box.
4. Click OK.
5. In the dialog box that opens, click to clear the check boxes for Full Control, Modify and Write for both Administrators and System.
6. Click OK.
7. In the Add Object dialog box, click Replace existing permissions on all subkeys with inheritable permissions.
8. Click OK.
3. Set AutoPlay (Autorun) features to disabled. This keeps the Conficker malware from spreading by using the AutoPlay features that are built into Windows.

To do this, follow these steps:
1. In the same GPO that you created earlier, move to one of the following folders:
* For a Windows Server 2003 domain, move to the following folder:
Computer Configuration\Administrative Templates\System
* For a Windows 2008 domain, move to the following folder:
Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies
2. Open the Turn off Autoplay policy.
3. In the Turn off Autoplay dialog box, click Enabled.
4. In the drop-down menu, click All drives.
5. Click OK.
4. Disable the local administrator account. This blocks the Conficker malware from using the brute force password attack against the administrator account on the system.

Note Do not follow this step if you link the GPO to the domain controller's OU because you could disable the domain administrator account. If you have to do this on the domain controllers, create a separate GPO that does not link the GPO to the domain controller's OU, and then link the new separate GPO to the domain controller's OU.

To do this, follow these steps:
1. In the same GPO that you created earlier, move to the following folder:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
2. Open Accounts: Administrator account status.
3. In the Accounts: Administrator account status dialog box, click to select the Define this policy check box.
4. Click Disabled.
5. Click OK.
5. Close the Group Policy Management Console.
6. Link the newly created GPO to the location that you want it to apply to.
7. Allow for enough time for Group Policy to update to all computers. Generally, Group Policy replication takes five minutes to replicate to each domain controller, and then 90 minutes to replicate to the rest of the systems. A couple hours should be enough. However, more time may be required, depending on the environment.
8. After the Group Policy has propagated, clean the systems of malware.

Run the Malicious Software Removal tool

The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family.

You can download the MSRT from either of the following Microsoft Web sites:
http://www.update.microsoft.com (http://www.update.microsoft.com)
http://support.microsoft.com/kb/890830 (http://support.microsoft.com/kb/890830)

For more information about specific deployment details for the MSRT, click the following article number to view the article in the Microsoft Knowledge Base:
891716 (http://support.microsoft.com/kb/891716/ ) Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment
Note The Stand-Alone System Sweeper tool will also remove this infection. This tool is available as a component of the Microsoft Desktop Optimization Pack 6.0 or through Customer Service and Support. To obtain the Microsoft Desktop Optimization Pack, visit the following Microsoft Web site:
http://www.microsoft.com/windows/enterprise/technologies/mdop.aspx (http://www.microsoft.com/windows/enterprise/technologies/mdop.aspx)
If Windows Live OneCare or Microsoft Forefront Client Security is running on the system, these programs also block the threat before it is installed.

mengenali tentang VLAN

Understanding VLANs

A VLAN is a switched network that is logically segmented by function, project team, or application,without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router or a switch supporting fallback bridging,. Because a VLAN is considered a separate logical network, it contains its own bridge Management Information Base (MIB) information and can support its own implementation of spanning tree.

Win XP Tweaks

Windows Prefetcher
******************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory Management \ PrefetchParameters]

Under this key there is a setting called EnablePrefetcher, the default setting of which is 3. Increasing this number to 5 gives the prefetcher system more system resources to prefetch application data for faster load times. Depending on the number of boot processes you run on your computer, you may get benefits from settings up to 9. However, I do not have any substantive research data on settings above 5 so I cannot verify the benefits of a higher setting. This setting also may effect the loading times of your most frequently launched applications. This setting will not take effect until after you reboot your system.


Master File Table Zone Reservation
**********************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem]

Under this key there is a setting called NtfsMftZoneReservation, the default setting of which is 1. The range of this value is from 1 to 4. The default setting reserves one-eighth of the volume for the MFT. A setting of 2 reserves one-quarter of the volume for the MFT. A setting of 3 for NtfsMftZoneReservation reserves three-eighths of the volume for the MFT and setting it to 4 reserves half of the volume for the MFT. Most users will never exceed one-quarter of the volume. I recommend a setting of 2 for most users. This allows for a "moderate number of files" commensurate with the number of small files included in most computer games and applications. Reboot after applying this tweak.


Optimize Boot Files
*******************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Dfrg \ BootOptimizeFunction]

Under this key is a text value named Enable. A value of Y for this setting enables the boot files defragmenter. This setting defragments the boot files and may move the boot files to the beginning (fastest) part of the partition, but that last statement is unverified. Reboot after applying this tweak.

Optimizing Startup Programs [msconfig]
**************************************

MSConfig, similar to the application included in Win9x of the same name, allows the user to fine tune the applications that are launched at startup without forcing the user to delve deep into the registry. To disable some of the applications launched, load msconfig.exe from the run command line, and go to the Startup tab. From there, un-ticking the checkbox next to a startup item will stop it from launching. There are a few application that you will never want to disable (ctfmon comes to mind), but for the most part the best settings vary greatly from system to system.

As a good rule of thumb, though, it is unlikely that you will want to disable anything in the Windows directory (unless it's a third-party program that was incorrectly installed into the Windows directory), nor will you want to disable anything directly relating to your system hardware. The only exception to this is when you are dealing with software, which does not give you any added benefits (some OEM dealers load your system up with software you do not need). The nice part of msconfig is that it does not delete any of the settings, it simply disables them, and so you can go back and restart a startup application if you find that you need it. This optimization won't take effect until after a reboot.

Bootvis Application
*******************
The program was designed by Microsoft to enable Windows XP to cold boot in 30 seconds, return from hibernation in 20 seconds, and return from standby in 10 seconds. Bootvis has two extremely useful features. First, it can be used to optimize the boot process on your computer automatically. Second, it can be used to analyze the boot process for specific subsystems that are having difficulty loading. The first process specifically targets the prefetching subsystem, as well as the layout of boot files on the disk. When both of these systems are optimized, it can result in a significant reduction in the time it takes for the computer to boot.

Before attempting to use Bootvis to analyze or optimize the boot performance of your system, make sure that the task scheduler service has been enabled – the program requires the service to run properly. Also, close all open programs as well – using the software requires a reboot.

To use the software to optimize your system startup, first start with a full analysis of a fresh boot. Start Bootvis, go to the Tools menu, and select next boot. Set the Trace Repetition Settings to 2 repetitions, Start at 1, and Reboot automatically. Then set the trace into motion. The system will fully reboot twice, and then reopen bootvis and open the second trace file (should have _2 in the name). Analyze the graphs and make any changes that you think are necessary (this is a great tool for determining which startup programs you want to kill using msconfig). Once you have made your optimizations go to the Trace menu, and select the Optimize System item. This will cause the system to reboot and will then make some changes to the file structure on the hard drive (this includes a defragmentation of boot files and a shifting of their location to the fastest portion of the hard disk, as well as some other optimizations). After this is done, once again run a Trace analysis as above, except change the starting number to 3. Once the system has rebooted both times, compare the charts from the second trace to the charts for the fourth trace to show you the time improvement of the system's boot up.

The standard defragmenter included with Windows XP will not undo the boot optimizations performed by this application.



-----------------------------------
General Performance Tweaks
-----------------------------------


IRQ Priority Tweak
******************
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ PriorityControl]

You will need to create a new DWORD: IRQ#Priority (where # is the number of the IRQ you want to prioritize) and give it a setting of 1. This setting gives the requisite IRQ channel priority over the other IRQs on a software level. This can be extremely important for functions and hardware subsystems that need real-time access to other parts of the system. There are several different subsystems that might benefit from this tweak. Generally, I recommend giving either the System CMOS or the video card priority. The System CMOS generally has an IRQ setting of 8, and giving it priority enhances the I/O performance of the system. Giving priority to the video card can increase frame rates and make AGP more effective.

You can give several IRQs priority, but I am not entirely certain how the system interacts when several IRQs are given priority – it may cause random instabilities in the system, although it is more likely that there's a parsing system built into Windows XP to handle such an occurrence. Either way, I would not recommend it.

QoS tweak
*********
QoS (Quality of Service) is a networking subsystem which is supposed to insure that the network runs properly. The problem with the system is that it eats up 20% of the total bandwidth of any networking service on the computer (including your internet connection). If you are running XP Professional, you can disable the bandwidth quota reserved for the system using the Group Policy Editor [gpedit.msc].

You can run the group policy editor from the Run command line. To find the setting, expand "Local Computer Policy" and go to "Administrative Templates" under "Computer Configuration." Then find the "Network" branch and select "QoS Packet Scheduler." In the right hand box, double click on the "Limit Reservable Bandwidth." From within the Settings tab, enable the setting and then go into the "Bandwidth Limit %" and set it to 0%. The reason for this is that if you disable this setting, the computer defaults to 20%. This is true even when you aren't using QoS.

Free Idle Tasks Tweak
*********************

This tweak will free up processing time from any idle processes and allow it to be used by the foreground application. It is useful particularly if you are running a game or other 3D application. Create a new shortcut to "Rundll32.exe advapi32.dll,ProcessIdleTasks" and place it on your desktop. Double-click on it anytime you need all of your processing power, before opening the application.

Windows Indexing Services
Windows Indexing Services creates a searchable database that makes system searches for words and files progress much faster – however, it takes an enormous amount of hard drive space as well as a significant amount of extra CPU cycles to maintain the system. Most users will want to disable this service to release the resources for use by the system. To turn off indexing, open My Computer and right click on the drive on which you wish to disable the Indexing Service. Enter the drive's properties and under the general tab, untick the box for "Allow the Indexing Service to index this disk for fast file searching."

Priority Tweak
**************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl]

This setting effectively runs each instance of an application in its own process for significantly faster application performance and greater stability. This is extremely useful for users with stability problems, as it can isolate specific instances of a program so as not to bring down the entire application. And, it is particularly useful for users of Internet Explorer, for if a rogue web page crashes your browser window, it does not bring the other browser windows down with it. It has a similar effect on any software package where multiple instances might be running at once, such as Microsoft Word. The only problem is that this takes up significantly more memory, because such instances of a program cannot share information that is in active memory (many DLLs and such will have to be loaded into memory multiple times). Because of this, it is not recommended for anyone with less than 512 MB of RAM, unless they are running beta software (or have some other reason for needing the added stability).

There are two parts to this tweak. First is to optimize XP's priority control for the processes. Browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl and set the "Win32PrioritySeparation" DWORD to 38. Next, go into My Computer and under Tools, open the Folder Options menu. Select the View tab and check the "Launch folder windows in separate process" box. This setting actually forces each window into its own memory tread and gives it a separate process priority.

Powertweak application
**********************
xxx.powertweak.com

Powertweak is an application, which acts much like a driver for our chipsets. It optimizes the communication between the chipset and the CPU, and unlocks several "hidden" features of the chipset that can increase the speed of the system. Specifically, it tweaks the internal registers of the chipset and processor that the BIOS does not for better communication performance between subsystems. Supported CPUs and chipsets can see a significant increase in I/O bandwidth, increasing the speed of the entire system. Currently the application supports most popular CPUs and chipsets, although you will need to check the website for your specific processor/chipset combo – the programmer is working on integrating even more chipsets and CPUs into the software.

Offload Network Task Processing onto the Network Card
*****************************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters]

Many newer network cards have the ability of taking some of the network processing load off of the processor and performing it right on the card (much like Hardware T&L on most new video cards). This can significantly lower the CPU processes needed to maintain a network connection, freeing up that processor time for other tasks. This does not work on all cards, and it can cause network connectivity problems on systems where the service is enabled but unsupported, so please check with your NIC manufacturer prior to enabling this tweak. Find the DWORD "DisableTaskOffload" and set the value to 0 (the default value is 1). If the key is not already available, create it.

Force XP to Unload DLLs
***********************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer]
"AlwaysUnloadDLL"=dword:00000001

XP has a bad habit of keeping dynamic link libraries that are no longer in use resident in memory. Not only do the DLLs use up precious memory space, but they also tend to cause stability problems in some systems. To force XP to unload any DLLs in memory when the application that called them is no longer in memory, browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer and find the DWORD "AlwaysUnloadDLL". You may need to create this key. Set the value to 1 to force the operating system to unload DLLs.

Give 16-bit apps their own separate processes
*********************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW]
"DefaultSeparateVDM"="Yes"

By default, Windows XP will only open one 16-bit process and cram all 16-bit apps running on the system at a given time into that process. This simulates how MS-DOS based systems viewed systems and is necessary for some older applications that run together and share resources. However, most 16-bit applications work perfectly well by themselves and would benefit from the added performance and stability of their own dedicated resources. To force Windows XP to give each 16-bit application it's own resources, browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW and find the String "DefaultSeparateVDM". If it is not there, you may need to create it. Set the value of this to Yes to give each 16-bit application its own process, and No to have the 16-bit application all run in the same memory space.

Disable User Tracking
*********************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
"NoInstrumentation"=dword:00000001

The user tracking system built into Windows XP is useless to 99% of users (there are very few uses for the information collected other than for a very nosy system admin), and it uses up precious resources to boot, so it makes sense to disable this "feature" of Windows XP. To do so, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer and find the DWORD "NoInstrumentation". You may need to create this key if it is not there. The default setting is 0, but setting it to 1 will disable most of the user tracking features of the system.

Thumbnail Cache
***************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"DisableThumbnailCache"=dword:00000001

Windows XP has a neat feature for graphic and video files that creates a "thumbnail" of the image or first frame of the video and makes it into an oversized icon for the file. There are two ways that Explorer can do this, it can create them fresh each time you access the folder or it can load them from a thumbnail cache. The thumbnail caches on systems with a large number of image and video files can become staggeringly large. To disable the Thumbnail Cache, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced and find the DWORD "DisableThumbnailCache". You may need to create this key. A setting of 1 is recommended for systems where the number of graphic and video files is large, and a setting of 0 is recommended for systems not concerned about hard drive space, as loading the files from the cache is significantly quicker than creating them from scratch each time a folder is accessed.

How to install and use the Windows XP Recovery Console

the Recovery Console is a special boot up method that can be used to help fix problems that are preventing your Windows installation from properly booting up into Windows. This method allows you to access the files, format drives, disable and enable services, and other tasks from a console prompt while the operating system is not loaded. It is suggested that the Recovery Console is to only be used only after Safe mode and the other standard startup options do not work. I feel that the Recovery Console is also useful in other situations such as removing malware files that start in both Safe mode and Standard Mode and thus not allowing you to delete the infection.

This tutorial will guide you through the installation of the Recovery Console and how to use it. For those who are familiar with DOS or the command prompt, you will find the Recovery Console to be very familiar. For those who are not comfortable with this type of environment, I suggest you read through this primer in order to get familiar with this type of interface:

How to install the Recovery Console to your hard drive

I recommend that you install the Recovery Console directly onto your computer so that if you need it in the future, it is readily available. The Recovery Console only takes up approximately 7 megabytes so there is no reason why you should not have it installed in case you need it.

To install the Recovery Console on your hard drive, follow these steps:

1. Insert the Windows XP CD into your CD-ROM drive.

2. Click the Start button.

3. Click the Run menu option.

4 In the Open: field type X:\i386\winnt32.exe /cmdcons , where X is the drive letter for your CD reader, and press the OK button. An image of this step can be found below:




5 After pressing the OK button a setup window will appear similar to the one below



6. Simply press the Yes button to continue with the installation of the Recovery Console. The setup program will then attempt to do a Dynamic Update to make sure you have the latest files as shown below.



7. Simply allow it to continue and then when it is finished, you will be presented with a screen similar to the one below telling you so.



6. Press the OK button and remove the CD from your computer.

Now when you start your computer you will have an option to start the Recovery Console.



How to start the Recovery Console

o start the Recovery Console when it is installed on your hard drive you would do the following:

1. Reboot your computer and as Windows starts it will present you with your startup options as shown in the figure below.




2. With the arrows keys on your keyboard select the option listed as Microsoft Windows Recovery Console and press the enter key on your keyboard.

3. The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

4. It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.

5. If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.

6. Proceed to How to use the Recovery Console.

To start the Recovery Console directly from the Windows XP CD you would do the following:

1. Insert the Windows XP cd in your computer.

2. Restart your computer so you are booting off of the CD.

3. When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.

4. The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

5. It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.

6. If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.

7. Proceed to How to use the Recovery Console.


Remove the prompting of a password

When the Recovery Console starts it will ask for your Administrator password before continuing. In many cases when you have XP pre installed on your computer the Recovery Console will not recognize your Administrator's password. In these situations it is possible to edit a registry setting so that the Recovery Console does not ask for a password. This setting works on both Windows XP Home and Pro editions.

To change this setting do the following:

1. Click on the Start button.

2. Click on the Run option

3. Type regedit.exe in the open field and press the OK button.

4. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole

5. Change the value of SecurityLevel value to 1

6. Close regedit

7. Reboot your computer.

Now the Recovery Console will no longer ask for a password.


How to use the Recovery Console

Though the Recovery Console looks similar to a standard command prompt it is not the same. Certain commands work, while others do not, and there are new commands available to you. There is no graphical interface, and all commands must be entered by typing them into the console prompt with your keyboard and pressing enter. This may be confusing for those who are not familiar with this type of interface, but after doing a few commands it does becomes easier.

The following is a list of the available commands that you can use in the Recovery Console. When using the recovery console you can type help followed by the command to see a more detailed explanation. For example: help attrib.
Command

Description

Attrib Changes attributes on a file or directory.
Batch
Executes commands that you specify in the text file, Inputfile. Outputfile holds the output of the commands. If you omit the Outputfile parameter, output appears on the screen.
Bootcfg Allows you to modify the Boot.ini file for boot configuration and recovery.
CD (Chdir) Change directory. Operates only in the system directories of the current Windows installation, removable media, the root directory of any hard disk partition, or the local installation sources.
Chkdsk Checks a disk for drive problems or errors. The /p switch runs Chkdsk even if the drive is not flagged as dirty. The /r switch locates bad sectors and recovers readable information. This switch implies /p. Chkdsk requires Autochk. Chkdsk automatically looks for Autochk.exe in the startup folder. If Chkdsk cannot find the file in the startup folder, it looks for the Windows 2000 Setup CD-ROM. If Chkdsk cannot find the installation CD-ROM, Chkdsk prompts the user for the location of Autochk.exe.
Cls Clears the screen
Copy Copies one file to a target location. By default, the target cannot be removable media, and you cannot use wildcard characters. Copying a compressed file from the Windows 2000 Setup CD-ROM automatically decompresses the file.
Del (Delete) Deletes one file. Operates within the system directories of the current Windows installation, removable media, the root directory of any hard disk partition, or the local installation sources. By default, you cannot use wildcard characters.
Dir Displays a list of all files, including hidden and system files.
Disable Disables a Windows system service or driver. The variable service_or_driver is the name of the service or driver that you want to disable. When you use this command to disable a service, the command displays the service's original startup type before it changes the type to SERVICE_DISABLED. Note the original startup type so that you can use the enable command to restart the service.
Diskpart Manages partitions on hard disk volumes. The /add option creates a new partition. The /delete option deletes an existing partition. The variable device is the device name for a new partition (such as \device\harddisk0). The variable drive is the drive letter for a partition that you are deleting (for example, D). Partition is the partition-based name for a partition that you are deleting, (for example: \device\harddisk0\partition1) and can be used instead of the drive variable. The variable size is the size, in megabytes, of a new partition.
Enable Enables a Windows system service or driver. The variable service_or_driver is the name of the service or driver that you want to enable, and start_type is the startup type for an enabled service. The startup type uses one of the following formats:
SERVICE_BOOT_START
SERVICE_SYSTEM_START
SERVICE_AUTO_START
SERVICE_DEMAND_START
Exit Quits the Recovery Console, and then restarts the computer.
Expand Expands a compressed file. The variable source is the file that you want to expand. By default, you cannot use wildcard characters. The variable destination is the directory for the new file. By default, the destination cannot be removable media and cannot be read-only. You can use the attrib command to remove the read-only attribute from the destination directory. The option /f:filespec is required if the source contains more than one file. This option permits wildcard characters. The /y switch disables the overwrite confirmation prompt. The /d switch specifies that the files will not be expanded and displays a directory of the files in the source.
Fixboot Writes a new startup sector on the system partition
Fixmbr Repairs the startup partition's master boot code. The variable device is an optional name that specifies the device that requires a new Master Boot Record. Omit this variable when the target is the startup device.
Format Formats a disk. The /q switch performs a quick format. The /fs switch specifies the file system.
Help If you do not use the command variable to specify a command, help lists all the commands that the Recovery Console supports.
Listsvc Displays all available services and drivers on the computer.
Logon Displays detected installations of Windows and requests the local Administrator password for those installations. Use this command to move to another installation or subdirectory.
Map Displays currently active device mappings. Include the arc option to specify the use of Advanced RISC Computing (ARC) paths (the format for Boot.ini) instead of Windows device paths.
MD (Mkdir) Creates a directory. Operates only within the system directories of the current Windows installation, removable media, the root directory of any hard disk partition, or the local installation sources.
More/Type Displays the specified text file on screen. More will display a text file one page at a time, while Type displays the entire text file at once.
Rd (Rmdir) Removes a directory. Operates only within the system directories of the current Windows installation, removable media, the root directory of any hard disk partition, or the local installation sources.
Ren (Rename) Rename a file or directory. Operates only within the system directories of the current Windows installation, removable media, the root directory of any hard disk partition, or the local installation sources. You cannot specify a new drive or path as the target.
Set Displays and sets the Recovery Console environment variables.
Systemroot Sets the current directory to %SystemRoot%.


Deleting the Recovery Console

Warning: To remove the Recovery Console you need to modify the Boot.ini file. Modifying this file incorrectly can prevent your computer from starting properly. Please only attempt this step if you feel comfortable doing this.

To remove the Recovery Console from your hard drive follow these steps:

1. Double-click on My Computer and then double-click on the drive you installed the Recovery Console (usually the C: drive).

2. Click on the Tools menu and select Folder Options.

3. Click on the View tab.

4. Select Show hidden files and folders and uncheck Hide protected operating system files.

5. Press the OK button.

6. Now at the root folder delete the Cmdcons folder and the Cmldr file.

7. At the root folder, right-click the Boot.ini file, and then click Properties.

8. Click to clear the Read-only check box, and then click the OK button.

9. Click on Start, then Run and type Notepad.exe c:\boot.ini in the Open: field and press the OK button.

10. Remove the entry for the Recovery Console. It will look similar to this:
C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

Make sure you only delete that one entry.

11. When you are done, close the notepad and save when it asks.

12. Right click again on the boot.ini file and select Properties.

13. Put a checkmark back in the Read-only checkbox and then press the OK button.

The recovery console should now be removed from your system.

--
Lawrence Abrams
Bleeping Computer Advanced Microsoft Tutorials
BleepingComputer.com: Computer Help & Tutorials for the beginning computer user.

CP/UDP Ports Explained

Introduction

In this tutorial we will discuss the concept of Ports and how they work with IP addresses. If you have not read our article on IP addresses and need a brush up, you can find the article here. If you understand the concepts of IP addresses, then lets move on to TCP and UDP ports and how they work.

The devices and comptuers connected to the Internet use a protocol called TCP/IP to communicate with each other. When a computer in New York wants to send a piece of data to a computer in England, it must know the destination IP address that it woud like to send the information to. That information is sent most often via two methods, UDP and TCP.

The two Internet workhorses: UDP and TCP

UDP? TCP? I know you are getting confused, but I promise I will explain this in very basic terms so that you can understand this concept.

TCP stands for Transmission Control Protocol. Using this method, the computer sending the data connects directly to the computer it is sending the data it to, and stay connected for the duration of the transfer. With this method, the two computers can guarantee that the data has arrived safely and correctly, and then they disconnect the connection. This method of transferring data tends to be quicker and more reliable, but puts a higher load on the computer as it has to monitor the connection and the data going across it. A real life comparison to this method would be to pick up the phone and call a friend. You have a conversation and when it is over, you both hang up, releasing the connection.

UDP stands for User Datagram Protocol. Using this method, the computer sending the data packages the information into a nice little package and releases it into the network with the hopes that it will get to the right place. What this means is that UDP does not connect directly to the receiving computer like TCP does, but rather sends the data out and relies on the devices in between the sending computer and the receiving computer to get the data where it is supposed to go properly. This method of transmission does not provide any guarantee that the data you send will ever reach its destination. On the other hand, this method of transmission has a very low overhead and is therefore very popular to use for services that are not that important to work on the first try. A comparison you can use for this method is the plain old US Postal Service. You place your mail in the mailbox and hope the Postal Service will get it to the proper location. Most of the time they do, but sometimes it gets lost along the way.

Now that you understand what TCP and UDP are, we can start discussing TCP and UDP ports in detail. Lets move on to the next section where we can describe the concept of ports better.

TCP and UDP Ports

As you know every computer or device on the Internet must have a unique number assigned to it called the IP address. This IP address is used to recognize your particular computer out of the millions of other computers connected to the Internet. When information is sent over the Internet to your computer how does your computer accept that information? It accepts that information by using TCP or UDP ports.

An easy way to understand ports is to imagine your IP address is a cable box and the ports are the different channels on that cable box. The cable company knows how to send cable to your cable box based upon a unique serial number associated with that box (IP Address), and then you receive the individual shows on different channels (Ports).

Ports work the same way. You have an IP address, and then many ports on that IP address. When I say many, I mean many. You can have a total of 65,535 TCP Ports and another 65,535 UDP ports. When a program on your computer sends or receives data over the Internet it sends that data to an ip address and a specific port on the remote computer, and receives the data on a usually random port on its own computer. If it uses the TCP protocol to send and receive the data then it will connect and bind itself to a TCP port. If it uses the UDP protocol to send and receive data, it will use a UDP port. Figure 1, below, is a represenation of an IP address split into its many TCP and UDP ports. Note that once an application binds itself to a particular port, that port can not be used by any other application. It is first come, first served.

<-------------------- 192.168.1.10 -------------------->
0 1 2 3 4 5 .. .. .. .. .. .. .. .. 65531 65532 65533 65534 65535
Figure 1. IP address with Ports

This all probably still feels confusing to you, and there is nothing wrong with that, as this is a complicated concept to grasp. Therefore, I will give you an example of how this works in real life so you can have a better understanding. We will use web servers in our example as you all know that a web server is a computer running an application that allows other computers to connect to it and retrieve the web pages stored there.

In order for a web server to accept connections from remote computers, such as yourself, it must bind the web server application to a local port. It will then use this port to listen for and accept connections from remote computers. Web servers typically bind to the TCP port 80, which is what the http protocol uses by default, and then will wait and listen for connections from remote devices. Once a device is connected, it will send the requested web pages to the remote device, and when done disconnect the connection.

On the other hand, if you are the remote user connecting to a web server it would work in reverse. Your web browser would pick a random TCP port from a certain range of port numbers, and attempt to connect to port 80 on the IP address of the web server. When the connection is established, the web browser will send the request for a particular web page and receive it from the web server. Then both computers will disconnect the connection.

Now, what if you wanted to run an FTP server, which is a server that allows you to transfer and receive files from remote computers, on the same web server. FTP servers use TCP ports 20 and 21 to send and receive information, so you won't have any conflicts with the web server running on TCP port 80. Therefore, the FTP server application when it starts will bind itself to TCP ports 20 and 21, and wait for connections in order to send and receive data.

Most major applications have a specific port that they listen on and they register this information with an organization called IANA. You can see a list of applications and the ports they use at the IANA Registry. With developers registering the ports their applications use with IANA, the chances of two programs attempting to use the same port, and therefore causing a conflict, will be diminished.

Configure GPRS and WAP Settings for an i-mate / O2 XDA II / MDA II (Updated)

sesapo yg nak pakai pda mcm eden ni caro nak setting gprs yg guno windows mobile

In Windows Mobile 2003 Phone Edition you can switch the GPRS Setting method you use when you make a GPRS connection.

In the GPRS setting utility there are two choices to select from. The first choice is PAP authentication. PAP stands for Password Authentication Protocol. This is a less sophisticated authentication process that uses clear text passwords.

The second choice is CHAP authentication. CHAP stands for Challenge Handshake Authentication Protocol. CHAP negotiates a secure form of encrypted authentication between the server and the client.

AT&T wireless used CHAP authentication for connecting to the internet via GPRS.

Windows Mobile 2003 has a simplified wizard for setting up your connection that eliminates a lot of the guess work that existed in the previous version. You can use the wizard to configure and connect your XDA II to the internet for web and WAP browsing.

In this tutorial I will be using the i-Mate from www.Expansys.us with an AT&T Wireless SIM chip installed.

Configure GPRS Access on the AT&T Wireless Network

image image


1 Tap Start
2 Tap Settings
3 Tap Connections
4 Tap GPRS Setting
5 Select the CHAP authentication radio button
6 Optional: Tap the GPRS – Setting tab
* Select the time slot you wish to use:
Class 8 (4R1T) indicates 4 receive slots and 1 transmit slot
Class 10 (3R2T) indicates 3 receive slots and 2 transmit slots
If your primary use is to download content from the internet, email, and other data heavy information Class 8 will provide you with better performance. Class 10 takes away 1 of the receive slots and gives you an extra transmit slot, this will be helpful if you send a lot of email, MMS pictures, transmission of large files or data.
7 Tap OK
* Your device is now ready to make connections.

Configure Device for Internet Web Browsing

1 Tap Connections
2 Under My ISP, select (Add a new modem connection)
3 Enter a name for your connection; I used (GPRS Connection)
4 From the Select a modem drop down box choose Cellular Line (GPRS)
5 Tap Next
6 In the text box labelled (Access point name) type in (proxy) with out the parenthesis
7 Tap Next
8 Leave the User name, Password, and Domain fields blank
9 Tap Finish
10 Tap OK
* Your device is now ready to browse the internet.

image image


Configure Device for WAP Access

1 Under My Work Network, select (Add a new modem connection)
2 Enter a name for your connection; I used (WAP)
3 From the Select a modem drop down choose Cellular Line (GPRS)
4 Tap Next
5 In the text box labelled (Access point name) type in (proxy) with out the parenthesis
6 Tap Next
7 Leave the User name, Password, and Domain fields blank
8 Tap Finish
9 Tap the Proxy Settings tab
10 Place a check in both boxes
11 Leave (Proxy server) blank
12 Tap Advanced
13 Leave HTTP and Socks Server fields blank.
14 Enter 10.250.250.250 for your WAP server. Ensure your port number is 9201
15 Enter 10.250.250.250 for your Secure WAP server. Ensure your port number is 9203
16 Tap OK twice
* Your device is now ready to browse WAP sites. To view the AT&T Wireless WAP site enter wsp://home in the address bar in Internet Explorer.

image image


Your XDAII will now switch between WAP sites and Internet sites on the fly. The connection change takes only a few seconds. Windows Mobile Phone Edition does not have an intuitive way to disconnect your GPRS connection. To manually disconnect you can depress the “end call” button on the device for a couple of seconds and that will end your GPRS session.

Additionally you can start a GPRS connection by accessing an application that uses the internet like internet explorer or by tapping the radio icon on the today screen and selecting your GPRS connection type.

image




Cingular Account Settings

Brian Pepin of UrbanPotato.net has sent me the following setttings for Cingular customers:

Order Wireless Internet Express from Cingular. Online you can order the 1MB/month option, but no more. That's a good starting point, but you're going to chew through a meg very quickly so call them and ask for more. Try to deal: their unlimited plan is over twice as expensive as T-Mobile. I opted for the online because it was about 11:00 PM when I started this project. After about half an hour GPRS was working on my account.

Creating a Cingular Data Connection

Your next order of business is to create a data connection.

1 Tap Start->Settings->Connections and under My ISP tap Add a new modem connection.
2 Name it and choose a modem type of Cellular Line (GPRS)
3 Set the access point name to isp.cingular
4 Set the user name to WIXDC001@W5.MYCINGULAR.COM (case sensitive)
5 Set the password to ZXY203DC9K0402 (case sensitive)
6 Tap Finish to create the connection.

Next, ensure that your GPRS settings are correct.

1 Under Connections ensure that the CSD Line Type is set to 9600 bps(v.32).
2 Ensure that the connection element set to non-transparent.
3 Under GPRS Setting ensure that authentication is set to PAP and the class is 8.

Creating a Cingular WAP Connection

1 Tap Start->Settings->Connections and under My Work Network tap Add a new modem connection.
2 Name it and choose a modem type of Cellular Line (GPRS)
3 Set the access point name to wap.cingular
4 Set the user name to WAP@CINGULAR.COM (case sensitive)
5 Set the password to CINGULAR1 (case sensitive)
6 Tap Finish to create the connection.
7 Next, tap Set up my proxy server
8 Check both "This network connects to the internet" and "This network uses a proxy server". Don't provide a proxy server. Click Advanced.
9 Under WAP and Secure WAP set the following IP address: 66.209.11.61

Finally, in Internet Explorer navigate to http://device.home This takes you to the WAP portal of Cingular's My Wireless Window. You can get a free account there and setup the portal to your liking. It's low budget, but also low bandwidth.



That's it for now, I will make changes as needed to this tutorial. If you use another wireless carrier and would like to share your connection settings we will be happy to post them to help our non AT&T Wireless readers.

P.S.: If this tutorial was helpfull, please visit a couple of our ad sponsors to help support our site.