DOCSLIB.ORG

IP/TCP Tables

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
IP/TCP Tables Network Troubleshooting by Othmar Kyas G IP/TCP Tables An Agilent Technologies Publication Agilent Technologies IP/TCP Tables G G.1 IP Protocol Assignments Code Protocol Description Code Protocol Description 0 Reserved 55-60 Unassigned 1 ICMP Internet Control Message 61 any host internal protocol 2 IGMP Internet Group Management 62 CFTP CFTP 3 GGP Gateway-to-Gateway 63 any local network 4 IP IP in IP (encapsulation) 64 SAT-EXPAK SATNET and Backroom EXPAK 5 ST Stream 65 KRYPTOLAN Kryptolan 6 TCP Transmission Control 66 RVD MIT Remote Virtual Disk Protocol 7 UCL UCL 67 IPPC Internet Pluribus Packet Core 8 EGP Exterior Gateway Protocol 68 any distributed file system 9 IGP any Private Interior Gateway 69 SAT-MON SATNET Monitoring 10 BBN-RCC-MON BBN RCC Monitoring 70 VISA VISA Protocol 11 NVP-II Network Voice Protocol 71 IPCV Internet Packet Core Utility 12 PUP PUP 72 CPNX Computer Protocol Network 13 ARGUS ARGUS Executive 14 EMCON EMCON 73 CPHB Computer Protocol Heart Beat 15 XNET Cross Net Debugger 74 WSN Wang Span Network 16 CHAOS Chaos 75 PVP Packet Video Protocol 17 UDP User Datagram 76 BR-SAT-MON Backroom SATNET Monitoring 18 MUX Multiplexing 77 SUN-ND SUN ND PROTOCOL-Temporary 19 DCN-MEAS DCN Measurement Subsystems 78 WB-MON WIDEBAND Monitoring 20 HMP Host Monitoring 79 WB-EXPAK WIDEBAND EXPAK 21 PRM Packet Radio Measurement 80 ISO-IP ISO Internet Protocol 22 XNS-IDP XEROX NS IDP 81 VMTP VMTP 23 TRUNK-1 Trunk-1 82 SECURE-VMTP SECURE-VMTP 24 TRUNK-2 Trunk-2 83 VINES VINES 25 LEAF-1 Leaf-1 84 TTP TTP 26 LEAF-2 Leaf-2 85 NSFNET-IGP NSFNET-IGP 27 RDP Reliable Data Protocol 86 DGP Dissimilar Gateway Protocol 28 IRTP Internet Reliable Transaction 87 TCF TCF 29 ISO-TP4 ISO Transport Protocol Class 4 88 IGRP IGRP 30 NETBLT Bulk Data Transfer Protocol 89 OSPFIGP OSPFIGP 31 MFE-NSP MFE Network Services Protocol 90 Sprite-RPC Sprite RPC Protocol 32 MERIT-INP MERIT Internodal Protocol 91 LARP Locus Address Resolution Protocol 33 SEP Sequential Exchange Protocol 92 MTP Multicast Transport Protocol 34 3PC Third Party Connect Protocol 93 AX.25 AX.25 Frames 35 IDPR Inter Domain Policy Routing 94 IPIP IP-within-IP Encapsulation Protocol Protocol 95 MICP Mobile Internetworking Control 36 XTP XTP Protocol 37 DDP Datagram Delivery Protocol 96 SCC-SP Semaphore Communications Sec. 38 IDPR-CMTP IDPR Control Message Transport Protocol Protocol 97 ETHERIP Ethernet-within-IP Encapsulation 39 TP++ TP++ Transport Protocol 98 ENCAP Encapsulation Header 40 IL IL Transport Protocol 99 any private encryption scheme 41 SIP Simple Internet Protocol 100 GMTP GMTP 42 SDRP Source Demand Routing Protocol 101 IFMP Ipsilon Flow Management Protocol 43 SIP-SR SIP Source Route 102 PNNI PNNI 44 SIP-FRAG SIP Fragment 103 PIM Protocol Independent Multicast 45 IDRP Inter Domain Routing Protocol 104 ARIS ARIS 46 RSVP Reservation Protocol 105 SCPS SCPS 47 GRE General Routing Encapsulation 106 QNX QNX 48 MHRP Mobile Host Routing Protocol 107 A/N Active Networks 49 BNA BNA 108 IPPCP IP Payload Compression Protocol 50 SIPP-ESP SIPP Encap Security Payload 109 SNP Sitara Networks Protocol 51 SIPP-AH SIPP Authentication Header 110 Compaq-Peer Compaq Peer Protocol 52 I-NLSP Integrated Net Layer Security 111 IPX-in-IP IPX in IP 53 SWIPE IP with Encryption 112 VRRP Virtual Router Redundancy Protocol 54 NHRP NBMA Next Hop Resolution 113-254 Unassigned Protocol 255 Reserved SECTION V APPENDIX 898 IP/TCP TABLES G G.2 Selected ICMP Port Assignments Code Description Code Description 0 Echo Reply 14 Timestamp Reply 1 Unassigned 15 Information Request 2 Unassigned 16 Information Reply 3 Destination Unreachable 17 Address Mask Request 4 Source Quench 18 Address Mask Reply 5 Redirect 19 Reserved (for Security) 6 Alternate Host Address 20 -29 Reserved (for Robustness Experiment) 7 Unassigned 30 Traceroute 8 Echo 31 Datagram Conversion Error 9 Router Advertisement 32 Mobile Host Redirect 10 Router Selection 33 IPv6 Where-Are-You 11 Time Exceeded 34 IPv6 I-Am-Here 12 Parameter Problem 35 Mobile Registration Request 13 Timestamp 37-255 Reserved G.3 TCP/UDP Port Assignments Three types of TCP/UDP port numbers can be distinguished: Well Known Ports (0 –1024, controlled by IANA), Registered Ports (1024 – 65535, not controlled by IANA) and Dynamic (Private) Ports (49152 – 65535, subset of Registered Ports). The most recent list of the IANA port assignements is available from: ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers G.3.1 Well Known Port Numbers Keyword Decimal Description Keyword Decimal Description 0/tcp Reserved # 15/tcp Unassigned [was netstat] 0/udp Reserved # 15/udp Unassigned tcpmux 1/tcp TCP Port Service Multiplexer # 16/tcp Unassigned tcpmux 1/udp TCP Port Service Multiplexer # 16/udp Unassigned compressnet 2/tcp Management Utility qotd 17/tcp Quote of the Day compressnet 2/udp Management Utility qotd 17/udp Quote of the Day compressnet 3/tcp Compression Process msp 18/tcp Message Send Protocol compressnet 3/udp Compression Process msp 18/udp Message Send Protocol # 4/tcp Unassigned chargen 19/tcp Character Generator # 4/udp Unassigned chargen 19/udp Character Generator rje 5/tcp Remote Job Entry ftp-data 20/tcp File Transfer [Default Data] rje 5/udp Remote Job Entry ftp-data 20/udp File Transfer [Default Data] # 6/tcp Unassigned ftp 21/tcp File Transfer [Control] # 6/udp Unassigned ftp 21/udp File Transfer [Control] echo 7/tcp Echo ssh 22/tcp SSH Remote Login Protocol echo 7/udp Echo ssh 22/udp SSH Remote Login Protocol # 8/tcp Unassigned telnet 23/tcp Telnet # 8/udp Unassigned telnet 23/udp Telnet discard 9/tcp Discard 24/tcp any private mail system discard 9/udp Discard 24/udp any private mail system # 10/tcp Unassigned smtp 25/tcp Simple Mail Transfer # 10/udp Unassigned smtp 25/udp Simple Mail Transfer systat 11/tcp Active Users # 26/tcp Unassigned systat 11/udp Active Users # 26/udp Unassigned # 12/tcp Unassigned nsw-fe 27/tcp NSW User System FE # 12/udp Unassigned nsw-fe 27/udp NSW User System FE daytime 13/tcp Daytime (RFC 867) # 28/tcp Unassigned daytime 13/udp Daytime (RFC 867) # 28/udp Unassigned # 14/tcp Unassigned msg-icp 29/tcp MSG ICP # 14/udp Unassigned msg-icp 29/udp MSG ICP SECTION V APPENDIX 899 IP/TCP TABLES G Keyword Decimal Description Keyword Decimal Description # 30/tcp Unassigned sql*net 66/tcp Oracle SQL*NET # 30/udp Unassigned sql*net 66/udp Oracle SQL*NET msg-auth 31/tcp MSG Authentication bootps 67/tcp Bootstrap Protocol Server msg-auth 31/udp MSG Authentication bootps 67/udp Bootstrap Protocol Server # 32/tcp Unassigned bootpc68/tcpBootstrap Protocol Client # 32/udp Unassigned bootpc68/udp Bootstrap Protocol Client dsp 33/tcp Display Support Protocol tftp 69/tcp Trivial File Transfer dsp 33/udp Display Support Protocol tftp 69/udp Trivial File Transfer # 34/tcp Unassigned gopher 70/tcp Gopher # 34/udp Unassigned gopher 70/udp Gopher 35/tcp any private printer server netrjs-1 71/tcp Remote Job Service 35/udp any private printer server netrjs-1 71/udp Remote Job Service # 36/tcp Unassigned netrjs-2 72/tcp Remote Job Service # 36/udp Unassigned netrjs-2 72/udp Remote Job Service time 37/tcp Time netrjs-3 73/tcp Remote Job Service time 37/udp Time netrjs-3 73/udp Remote Job Service rap 38/tcp Route Access Protocol netrjs-4 74/tcp Remote Job Service rap 38/udp Route Access Protocol netrjs-4 74/udp Remote Job Service rlp 39/tcp Resource Location Protocol 75/tcp any private dial out service rlp 39/udp Resource Location Protocol 75/udp any private dial out service # 40/tcp Unassigned deos 76/tcp Distributed External Object # 40/udp Unassigned Store graphics 41/tcp Graphics deos 76/udp Distributed External Object graphics 41/udp Graphics Store name 42/tcp Host Name Server 77/tcp any private RJE service name 42/udp Host Name Server 77/udp any private RJE service nameserver 42/tcp Host Name Server vettcp 78/tcp vettcp nameserver 42/udp Host Name Server vettcp 78/udp vettcp nicname 43/tcp whois finger 79/tcp Finger nicname 43/udp whois finger 79/udp Finger mpm-flags 44/tcp MPM FLAGS Protocol http 80/tcp World Wide Web HTTP mpm-flags 44/udp MPM FLAGS Protocol http 80/udp World Wide Web HTTP mpm 45/tcp Message Processing Module www 80/tcp World Wide Web HTTP [recv] www 80/udp World Wide Web HTTP mpm 45/udp Message Processing Module www-http 80/tcp World Wide Web HTTP [recv] www-http 80/udp World Wide Web HTTP mpm-snd 46/tcp MPM [default send] hosts2-ns 81/tcp HOSTS2 Name Server mpm-snd 46/udp MPM [default send] hosts2-ns 81/udp HOSTS2 Name Server ni-ftp 47/tcp NI FTP xfer 82/tcp XFER Utility ni-ftp 47/udp NI FTP xfer 82/udp XFER Utility auditd 48/tcp Digital Audit Daemon mit-ml-dev 83/tcp MIT ML Device auditd 48/udp Digital Audit Daemon mit-ml-dev 83/udp MIT ML Device tacacs 49/tcp Login Host Protocol ctf 84/tcp Common Trace Facility (TACACS) ctf 84/udp Common Trace Facility tacacs 49/udp Login Host Protocol mit-ml-dev 85/tcp MIT ML Device (TACACS) mit-ml-dev 85/udp MIT ML Device re-mail-ck 50/tcp Remote Mail Checking mfcobol 86/tcp Micro Focus Cobol Protocol mfcobol 86/udp Micro Focus Cobol re-mail-ck 50/udp Remote Mail Checking 87/tcp any private terminal link Protocol 87/udp any private terminal link la-maint 51/tcp IMP Logical Address kerberos 88/tcp Kerberos Maintenance kerberos 88/udp Kerberos la-maint 51/udp IMP Logical Address su-mit-tg 89/tcp SU/MIT Telnet Gateway Maintenance su-mit-tg 89/udp SU/MIT Telnet Gateway xns-time 52/tcp XNS Time Protocol 90 also being used unofficially by xns-time 52/udp XNS Time Protocol Pointcast domain 53/tcp Domain Name Server dnsix 90/tcp DNSIX Security Attribute domain 53/udp Domain Name Server Token Map xns-ch
Load more

Recommended publications
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • Implementation Single Account Pdc Vpn Based on Ldap
    IMPLEMENTATION SINGLE ACCOUNT PDC VPN BASED ON LDAP Gregorius Hendita Artha Kusuma Teknik Informatika, Fakultas Teknik Universitas Pancasila [email protected] Abstrak Data is an important for the company. Centralized data storage to facilitate users for accessing data in the company. Data will be stored centrally with PDC (Primary Domain Controller). Build communicate between head office and branch office requires high cost for each connection is not enough to ensure safety and security of data. Exchange data between head office and branch office should be kept confidential. VPN (Virtual Private Network) makes communication more efficient, not only the cost affordable that connection, security and safety will be the primary facility of VPN (Virtual Private Network). Service were established in the system will be integrated using LDAP (Lightweight Directory Access Protocol) to create a single account in each services such as PDC (Primary Domain Controller) and VPN (Virtual Private Network). The purposes of this final project to design and implementation a system centralized data storage and build communicate between head office and branch office are integrated with LDAP (Lighweight Active Directory Protocol). Hopefully this system can give more advantage to each network users. Keyword: PDC, VPN, LDAP, Single Account. I. Introduction previous workstations. To support the performance of the employees of the company of course has a Centralized data storage makes it easy for users variety of network services are formed in it such as to access data. many companies need a ftp, mail server, file sharing etc. These services of centralized storage system, because the data is course have their respective accounts.
    [Show full text]
  • Enabling TPM Based System Security Features
    Enabling TPM based system security features Andreas Fuchs <[email protected]> Who am I ? ● 13 year on/off TPMs ● Fraunhofer SIT: Trustworthy Platforms ● TCG-member: TPM Software Stack WG ● Maintainer – tpm2-tss: The libraries – tpm2-tss-engine: The openssl engine – tpm2-totp: Computer-to-user attestation (mjg’s tpm-totp reimplemented for 2.0) 2 The hardware stack ● Trusted Platform Module (TPM) 2.0 – Smartcard-like capabilities but soldered in – Remote Attestation capabilities – As separate chip (LPC, SPI, I²C) – In Southbridge / Firmware – Via TEEs/TrustZone, etc – Thanks to Windows-Logos in every PC ● CPU – OS, TSS 2.0, where the fun is... 3 The TPM Software Stack 2.0 ● Kernel exposes /dev/tpm0 with byte buffers ● tpm2-tss is like the mesa of TCG specs ● TCG specifications: – TPM spec for functionality – TSS spec for software API ● tpm2-tss implements the glue ● Then comes core module / application integration – Think GDK, but OpenSSL – Think godot, but pkcs11 – Think wayland, but cryptsetup 4 The TSS APIs System API (sys) Enhanced SYS (esys) Feature API (FAPI) • 1:1 to TPM2 cmds • Automate crypto for • Spec in draft form HMAC / encrypted • TBimplemented • Cmd / Rsp sessions • No custom typedefs U serialization • Dynamic TCTI • JSON interfaces s • No file I/O loading • Provides Policy e • No crypto • Memory allocations language r • No heap / malloc • No file I/O • Provides keystore S p TPM Command Transmission Interface (tss2-tcti) p a Abstract command / response mechanism, • No crypto, heap, file I/O a Decouple APIs
    [Show full text]
  • Ipv6-Ipsec And
    IPSec and SSL Virtual Private Networks ITU/APNIC/MICT IPv6 Security Workshop 23rd – 27th May 2016 Bangkok Last updated 29 June 2014 1 Acknowledgment p Content sourced from n Merike Kaeo of Double Shot Security n Contact: [email protected] Virtual Private Networks p Creates a secure tunnel over a public network p Any VPN is not automagically secure n You need to add security functionality to create secure VPNs n That means using firewalls for access control n And probably IPsec or SSL/TLS for confidentiality and data origin authentication 3 VPN Protocols p IPsec (Internet Protocol Security) n Open standard for VPN implementation n Operates on the network layer Other VPN Implementations p MPLS VPN n Used for large and small enterprises n Pseudowire, VPLS, VPRN p GRE Tunnel n Packet encapsulation protocol developed by Cisco n Not encrypted n Implemented with IPsec p L2TP IPsec n Uses L2TP protocol n Usually implemented along with IPsec n IPsec provides the secure channel, while L2TP provides the tunnel What is IPSec? Internet IPSec p IETF standard that enables encrypted communication between peers: n Consists of open standards for securing private communications n Network layer encryption ensuring data confidentiality, integrity, and authentication n Scales from small to very large networks What Does IPsec Provide ? p Confidentiality….many algorithms to choose from p Data integrity and source authentication n Data “signed” by sender and “signature” verified by the recipient n Modification of data can be detected by signature “verification”
    [Show full text]
  • Microsoft Free Download Vpn Connect to Servers from 79+ Countries
    microsoft free download vpn Connect to servers from 79+ countries. ZenMate Ultimate has about 3500 servers from over 79 different countries for you to choose from. Select the country you want and stay 100% anonymous online. No-Logs Policy. ZenMate VPN never records any of our users' online activity. Make sure you're truly anonymous when you're surfing the web with our free browser extension. Stay Protected on Multiple Devices. 1 ZenMate Ultimate subscription covers an unlimited number of devices. This way you can keep all your gadgets safe when surfing the web. Military-Grade Encryption. ZenMate uses AES-256 encryption, the military standard. This way your data and connection are impossible to hack. Unblock Websites. Bypass governmental restrictions and unblock websites that aren't available in your location by connecting to one of our remote servers. Trusted by Over 47 Million Users. Over 47 million people choose ZenMate VPN to keep all their sensitive information private and to bypass geo-restrictions. Here’s What Our Users Have to Say. Choose the Plan That's Right for You. 1 Month. 1 Year. 6 Months. Frequently Asked Questions. To use ZenMate VPN on Microsoft Edge, simply add the extension from the Microsoft Edge Store. Create and verify your account. Then you'll see the ZenMate icon next to your search bar. Click on it and in the lower left corner of the pop-up window you'll see a button to turn ZenMate on. To download the best Edge VPN available simply visit the Microsoft Edge Store and add ZenMate VPN to your browser.
    [Show full text]
  • Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns
    NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel Karen Scarfone Paul Wouters This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 C O M P U T E R S E C U R I T Y NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel* Computer Security Division Information Technology Laboratory Karen Scarfone Scarfone Cybersecurity Clifton, VA Paul Wouters Red Hat Toronto, ON, Canada *Former employee; all work for this publication was done while at NIST This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 June 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Configuration Parameters
    Good news, everyone! User Documentation Version: 2020-01-01 M. Brutman ([email protected]) http://www.brutman.com/mTCP/ Table of Contents Introduction and Setup Introduction..............................................................................................................................................................8 What is mTCP?...................................................................................................................................................8 Features...............................................................................................................................................................8 Tested machines/environments...........................................................................................................................9 Licensing...........................................................................................................................................................10 Packaging..........................................................................................................................................................10 Binaries.....................................................................................................................................................................10 Documentation..........................................................................................................................................................11 Support and contact information.......................................................................................................................11
    [Show full text]
  • Wireguard Port 53
    Wireguard Port 53 IKEv2: UDP 500 et 4500. alias_neo on Feb 20, 2019 I ran some tests with the guys in WireGuard IRC which seemed to confirm that the issue is specifically EE limiting UDP whether by QoS or otherwise. 254/24' set interfaces ethernet eth1 policy route 'PBR' set interfaces wireguard wg0 address '10. Mullvad är en VPN-tjänst som hjälper till att hålla dina onlineaktiviteter, din identitet och plats privat. Filter by Port Number. 53 страницы « wg. com It is a relatively new VPN. 10 security =0 1. ListenPort = 55000: The port on which the VPN will listen for incoming traffic. Port details: tailscale Mesh VPN that makes it easy to connect your devices 1. By using a raw socket the client is able to spoof the source port used by WireGuard when communicating with the server. 2 port 5201 [ 9] local 10. 10/32' set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-172. I can't say for sure though since I don't have a S8 FD variant amongst my testers yet, but it should. conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127. Go to Network > Interfaces and Click the Edit button next to WIREGUARD 59. Step 4 – Configuring Nginx HTTPS. WireGuard is super awesome and easy to setup. Support for other platforms (macOS, Android, iOS, BSD, and Windows) is provided by a cross-platform wireguard-go implementation. IP address Port Country Type Checked (ago) Check; 103. Why are the three responses in this downvoted, using port 53 and tunneling UDP thru TCP would have helped this situation.
    [Show full text]
  • Imperial College of Science and Technology, University of London, Department of Computing
    Imperial College of Science and Technology, University of London, Department of Computing. HIGH EFFICIENCY, CHARACTER-ORIENTED, LOCAL AREA NETWORKS by Martin Cripps This thesis is submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy and the Diploma of Imperial College of Science and Technology, January 1988. For Clare Attempt the end His reasons are as two grains of wheat but never stand to doubt hid in two bushels of chaff. nothing's so hard You shall seek all day ere you find them but search and when you have found them will find it out they are not worth the search. Robert Herrick (1591-1674) William Shakespeare (1564-1616) 1 ABSTRACT This thesis explores the problem of interconnecting character-oriented devices over local area networks by investigating significant aspects of hardware, software, protocol and operational factors. It proposes effective and efficient solutions which were tested during a full-scale experiment The results of that experiment demonstrate convenient, cost-effective and reliable operation. The novelty of this investigation arises from its character-oriented approach. Much work has been carried out by others on local area networks which transfer blocks of data efficiently, however, a large majority of installed devices operate on a character-by-character basis and will continue so to do for some considerable time. This study is approached through analysis of the low efficiency of international standard networks for this class of device which defines the scope of this work. An original analysis of the potential mechanisms which can be used to give high efficiency and low delay for this class of transfer is then derived.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • AF KTLS a Linux Kernel TLS/DTLS Module
    AF_KTLS A Linux kernel TLS/DTLS module Fridolín Pokorný [email protected] fridex What is TLS/DTLS? ● (Datagram) Transport Layer Security ○ Secured Sockets Layer (SSL) ● version 1.2, draft 1.3 ● GnuTLS, OpenSSL TLS/DTLS Protocols ● Control layer and Record layer ● TLS ○ reliable underlying protocol (e.g. TCP) ● DTLS ○ unreliable underlying protocol (e.g. UDP) ○ additional information about state TLS/DTLS Usage ● HTTPS, e-mail ● HAProxy ● SSL based VPNs ○ OpenConnect ○ CISCO AnyConnect LAN OpenConnect VPN Server WAN Client LAN OpenConnect VPN Server WAN Client LAN OpenConnect VPN Server WAN Client encrypt() LAN OpenConnect VPN Server WAN Client encrypt() kernel write() kernel LAN OpenConnect VPN Server decrypt() read() WAN Client encrypt() kernel write() kernel LAN OpenConnect VPN Server decrypt() write() read() WAN Client encrypt() kernel write() kernel LAN OpenConnect VPN Server decrypt() write() read() WAN Client encrypt() kernel write() kernel LAN OpenConnect VPN Server WAN Client encrypt() decrypt()kernel write() kernel Optimization ● saved 2 context switches, 2 copies Server Server decrypt() write() read() Vs. decrypt()kernel kernel AF_KTLS LAN OpenConnect VPN Server WAN Client encrypt() decrypt()kernel write() kernel AF_KTLS ● new socket type AF_KTLS ● TLS/DTLS record layer ● handshake in user space ● AES GCM ● socket operations ○ socket(2), bind(2), send(2), recv(2), ... Optimization ● 2 context switch ○ ideally, not possible ○ sendfile(2), splice(2) ? ■ data in a pipe (kernel) ● 2 copies ○ data only in kernel space ● issues with padding TLS Record - AEAD ciphers DTLS Record - AEAD ciphers Optimization Results AF_KTLS usages ● OpenConnect VPN - TUN/TAP device support ● KCM ● Access raw data in kernel ○ Linux Socket Filtering ○ BCC ● NIC offloading TLS in kernel ● Solaris ○ ktls ● Netflix ○ BSD’s sendfile(2) optimization ● Red Hat/Facebook ○ AF_KTLS AF_KTLS https://github.com/ktls AF_KTLS Questions? ● https://github.com/ktls ● http://tinyurl.com/af-ktls ● http://netdevconf.org/1.2/session.html?dave-watson.
    [Show full text]
  • TPM2 Software Community (Slides)
    TPM2 Software Community https://github.com/tpm2-software Philip Tricca (Intel) Andreas Fuchs (Fraunhofer SIT) Agenda Intro & Architecture boot: tcti-uefi verify system: tpm2-totp decrypt disk: cryptsetup/clevis vpn: strongswan / openconnect server: openssl learning, experimenting, prototyping develop: Join us TSS2 Design Use-case driven – Support for constrained environments to full OS: Layered design – Separate transport layer from APIs – Both synchronous and async: event-driven programming – Details exposed if needed, “sane defaults” otherwise Lower layers provide data transport & direct access to TPM2 commands – “Expert” applications in constrained environments – Minimal dependencies (c99, libc) Upper layers provide convenience functions & abstractions – Crypto for sessions, dynamic memory allocation, transport layer configuration – More features → more dependencies TSS2 Design System API (tss2-sys) Enhanced SYS (tss2- Feature API (FAPI) • 1:1 to TPM2 cmds esys) • Spec in draft form • Automate crypto for • No implementation yet • Command / Response HMAC / encrypted • File I/O U serialization sessions • Requires heap s • No file I/O • Dynamic TCTI loading • Automate retries e • No crypto • Memory allocations • Context based state r • No heap / malloc • No file I/O • Must support static linking S p TPM Command Transmission Interface (tss2-tcti) a • Abstract command / response mechanism, No crypto, heap, file I/O c • Dynamic loading / dlopen API Decouple APIs from command transport / IPC e K TPM Access Broker and Resource Manager
    [Show full text]