Similar documents
TCP/IP Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.3 Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.4 2

2 1: OSI OSI,,,,,,,,, 4 TCP/IP TCP/IP, TCP, IP 2,, IP, IP. IP, ICMP, TCP, UDP, TELNET, FTP, HTTP TCP IP

ict2-.key

tcp/ip.key

forum.dvi

1 Linux UNIX-PC LAN. UNIX. LAN. UNIX. 1.1 UNIX LAN. 1.2 Linux PC Linux. 1.3 studenta odd kumabari studentb even kumabari studentc odd kumabari student

I j

IP IP DHCP..

dvi

$ cal ) ( cal $ cal cal cal 1. () ( clear) 2. ( cal) 3. ( man) \() ( ) --() +()

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応

untitled

集中講義 インターネットテクノロジー 第5回

Mac OS X Server QuickTime Streaming Server 5.0 の管理(バージョン 10.3 以降用)

1. 2. ( ) Secure Secure Shell ssh 5. (xinetd TCP wrappers) 6. (IPsec) 7. Firewall 2

2 PC [1], [2], [3] 2.1 OS 2.1 ifconfig 2.1 lo ifconfig -a 2.1 enp1s0, enx0090cce7c734, lo 3 enp1s0 enx0090cce7c734 PC 2.1 (eth0, eth1) PC 14

$ ifconfig lo Link encap: inet : : inet6 : ::1/128 : UP LOOPBACK RUNNING MTU:65536 :1 RX :8 :0 :0 :0 :0 TX :8 :0 :0 :0 :0 (Collision

SRT/RTX/RT設定例集

Mac OS X Server Windows NTからの移行

IPv6 トラブルシューティング ホームネットワーク/SOHO編

Teradici Corporation # Canada Way, Burnaby, BC V5G 4X8 Canada p f Teradici Corporation Teradi

ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gat

2004 SYN/ACK SYN Flood G01P014-6

橡sirahasi.PDF

第1回 ネットワークとは

設定例集

Packet Tracer: 拡張 ACL の設定 : シナリオ 1 トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/ N/A G0/

Logitec NAS シリーズ ソフトウェアマニュアル

LAN

Microsoft PowerPoint ppt [互換モード]

Logitec NAS シリーズ ソフトウェアマニュアル

IP L09( Tue) : Time-stamp: Tue 14:52 JST hig TCP/IP. IP,,,. ( ) L09 IP (2017) 1 / 28

2008, 2009 TOSHIBA TEC CORPORATION All rights reserved

LSM-L3-24設定ガイド(初版)

1 IPv6 WG OS SWG PCOSIPv6 Windows Vista 2 3 KAMEUSAGIMacOSX IPv6 2

AirMac ネットワーク for Windows

GA-1190J

第1回 ネットワークとは

AirMac ネットワーク構成の手引き

SRX300 Line of Services Gateways for the Branch

install

ヤマハ ルーター ファイアウォール機能~説明資料~

untitled

tutorial.dvi

MUA (Mail User Agent) MTA (Mail Transfer Agent) DNS (Domain Name System) DNS MUA MTA MTA MUA MB mailbox MB

Microsoft Word - D JP.docx

YMS-VPN1_User_Manual

ohp.mgp

帯域を測ってみよう (適応型QoS/QoS連携/帯域検出機能)

Si-R30取扱説明書

IP.dvi

wide94.dvi

¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ

ヤマハ ルーター ファイアウォール機能~説明資料~

$ ifconfig lo Link encap: inet : : inet6 : ::1/128 : UP LOOPBACK RUNNING MTU:65536 :1 RX :8 :0 :0 :0 :0 TX :8 :0 :0 :0 :0 (Collision

untitled

rzakg.ps

橡c03tcp詳説(3/24修正版).PDF

Cisco 1711/1712セキュリティ アクセス ルータの概要

SR-X526R1 サーバ収容スイッチ ご利用にあたって

Si-R180 ご利用にあたって

RTX830 取扱説明書

Cisco Configuration Professional(CCP)Express 3.3 による Cisco 841M J シリーズ初期設定ガイド

untitled

RT300/140/105シリーズ 取扱説明書

A/B WWW MTA/MSP sendmail POP/IMAP apache WWW 1 1 sendmail uw imap apache WWW host host subnet1: /24 IF1: router & server mail and

2/11 ANNEX HATS HATS

LHD-LAN_E_G_PDF.}.j...A...p65

Epson Print Admin

I TCP 1/2 1

Dynamic VPN Dynamic VPN IPSec VPN PC SRX IPSec VPN SRX PC IPSec 2 Copyright 2010 Juniper Networks, Inc.

RT300i/RT140x/RT105i 取扱説明書


Transcription:

E-mail: kanayama@matsue-ct.jp 2013 4

3 1 PC 1 1.1.............................................. 1 1.2 PC.............................................. 1 1.3 Unix................................................ 2 1.4 FreeBSD.............................................. 3 1.5.......................................... 3 1.5.1.................................. 3 1.5.2 VMplayer..................................... 4 1.6................................ 6 1.7.......................................... 6 1.8................................................ 11 2 TCP/IP 13 2.1................................... 13 2.2 TCP/IP..................................... 14 2.3......................................... 15 2.4......................................... 16 2.5...................................... 19 2.6.......................................... 21 2.6.1 Wireshark..................................... 21 2.6.2 Wireshark.............................. 21 2.6.3 Wireshark................................ 24 2.7.............................................. 26 3 I 27 3.1............................................... 27 3.1.1....................................... 27 3.1.2 UTP5........................................... 28 3.1.3........................................ 32 3.1.4....................................... 34 3.2.......................................... 35 3.2.1 MAC...................................... 35 3.2.2 CSMA/CD........................................ 36 3.2.3................................... 37 3.2.4 ARP............................................ 38 3.3.............................................. 40

4 4 II 41 4.1.......................................... 41 4.1.1..................................... 41 4.1.2 IP........................................ 42 4.1.3 IP.................................... 44 4.1.4 ICMP........................................... 45 4.2......................................... 46 4.2.1.............................. 46 4.2.2................................. 46 4.2.3..................................... 47 4.3....................................... 47 4.4.............................................. 49 5 IP I 51 5.1 IP.................................. 51 5.1.1........................................... 51 5.1.2........................................ 53 5.1.3................................ 57 5.2 Wireshark................................... 57 5.2.1..................................... 57 5.2.2........................................... 58 5.2.3............................................. 59 5.3.............................................. 60 6 IP (2) 61 6.1 CIDR............................ 61 6.2...................................... 62 6.3.............................................. 64 7 65 7.1......................................... 65 7.1.1.......................................... 65 7.1.2.......................................... 65 7.1.3........................................... 67 7.2....................................... 68 7.2.1................................ 68 7.2.2..................................... 70 7.2.3 VLAN........................... 72 7.3...................................... 73 7.3.1................................ 73 7.3.2................................ 75 7.4 VPN........................................ 77 7.4.1 VPN........................................ 77 7.4.2 VPN...................................... 78

5 7.5.............................................. 79 8 ICMP 81 8.1 ICMP............................................... 81 8.1.1..................................... 81 8.1.2 ICMP................................... 83 8.2................................. 84 8.2.1 ping............................................ 84 8.2.2 traceroute......................................... 85 8.3.............................................. 87 9 TCP UDP 89 9.1............................................... 89 9.2 TCP................................................ 91 9.2.1.......................................... 91 9.2.2...................................... 92 9.2.3..................................... 93 9.2.4............................................ 94 9.2.5................................... 94 9.2.6........................................ 94 9.2.7........................................ 95 9.2.8 TCP........................................ 96 9.2.9 PSH,URG..................................... 96 9.2.10 PSH........................................ 96 9.2.11 URG....................................... 97 9.3 UDP................................................ 98 9.4.............................................. 99 10 101 10.1.......................................... 101 10.2 Domain Name Service (DNS).................................. 101 10.3 telnet............................................... 103 10.4 File Transfer Protocol(FTP)................................... 104 10.5 Secure SHell (SSH)........................................ 105 10.5.1 SSH...................................... 106 10.6 Network Time Protocol(NTP).................................. 110 10.7 Hyper Text Transfer Protocol(HTTP)............................. 111 10.8 Simple Mail Transfer Protocol(SMTP)............................. 112 10.9 Post Office Protocol(POP).................................... 113 10.10Internet Message Access Protocol(IMAP)........................... 114 10.11Network News Trasnfer Protocol(NNTP)........................... 114 10.12Dynamic Host Configuration Protocol(DHCP)........................ 114 10.13Common Internet File Service(CIFS).............................. 115 10.14Lightweight Directory Access Protocol(LDAP)........................ 116

6 10.15............................................... 116 10.16.............................................. 117 11 119 11.1................................................ 119 11.1.1?...................................... 119 11.1.2................................... 120 11.2................................................ 120 11.2.1....................................... 120 11.2.2...................................... 121 11.2.3...................................... 121 11.3........................................... 123 11.3.1................................... 123 11.3.2 DES............................................ 124 11.3.3................................... 124 11.3.4 Kerberos.................................. 124 11.3.5 One Time Password (OTP)............................... 125 11.3.6 Prety Good Privacy(PGP)............................... 125 11.3.7.................................. 126 11.4.......................................... 126 11.4.1..................................... 126 11.4.2................................... 127 11.5.............................................. 129 12 II 131 12.1 GnuPG.......................................... 131 12.1.1 GnuPG...................................... 131 12.1.2 GnuPG...................................... 131 12.1.3................................... 134 12.1.4............................ 136 12.1.5...................................... 138 12.2.............................................. 139 13 141 13.1.................................... 141 13.2................................... 141 13.2.1........................................ 141 13.2.2...................................... 142 13.2.3..................................... 142 13.3..................................... 143 13.3.1................................... 143 13.3.2 WWW..................................... 144 13.3.3 Mail....................................... 144 13.4................................... 144

13.5....................................... 145 7

1 1 PC 1.1 IP 1.2 PC Windows ( OS ) PC PC VMware, QEMM, Xen, VirtualPC,VirtualBox VMware VMplayer ¼ zpcƒ\ ƒtƒg ƒq ƒxƒgos FreeBSD Windows Linux Windows PC PC OS( Windows) PC OS PC OS( OS ) PC PC OS PC OS OS

2 1 PC 1.3 Unix Unix OS 1970 1980 OS Windows PC OS Unix Unix 1.1: VAX PDF11/40(1970 ) Dennis Richie( ) Ken Thompson (UNIX Thompson B Richie C ) PDP-11 ( Yet another PDF-11 page http://www.psych.usyd.edu.au/pdp-11/real_programmers.html)

1.4. FreeBSD 3 1.4 FreeBSD FreeBSD Unix 20 TCP/IP OS BSD Berkeley Software Distribution (UCB) BSD AT&T Unix AT&T 4.4BSD-Lite 1994 4.4BSD-Lite BSD OS FreeBSD 4.4BSD-Lite Unix Linux Unix OS (Linus Torvalds) 1991 BSD OS 1997 (http://upload.wikimedia.org/wikipedia/commons/5/50/unix history-simple.png ) 1.5 1.5.1 VM

4 1 PC VM j09xx Lhaplus CD-ROM FreeBSD-09.lzh VM/j09xx CD-ROM VM Properties VM/j08xx FreeBSD 1.5.2 VMplayer 1 VM 2 VMplayer FreeBSD OK PC

1.5. 5 FreeBSD 3 PC ( PC Windows Ctrl + ALT Windows ) 4 login: root password freebsd 5 startx Unix X-window GUI MS-Windows fvwm2

6 1 PC 1.6 X-window Firefox, kterm, gedit, Wireshark, thunderbird firefox, thunderbird, gedit fvwm2 Yes, Really Quit X-window ( ) X-window startx X-window 1.7 ( )

1.7. 7 CUI ( 16 ) 2 GUI Windows Unix Windows PC FreeBSD Wireshark Wireshark 6 Wireshark Wireshark OK root Wireshark 7 Capture Options... ( )

8 1 PC Interface: VMplayer lnc0 PC ( 2 ) Caputre Capture Filter: ( ) ( ) 2 Display Options Update list of packets in real time Automatic scrolling in live capture Start 8 Capture Options Start ( ) Source IP IP Mac

1.7. 9 Destination Protocol Info 2 16 9 Capture Stop 2

10 1 PC 10 Capture Options... 80 ( ) 80 80 80 11 Capture Filter: port 80 Start Continue without Saving 12 Continue without Saving 7 Firefox 13 Firefox Firefox Firefox Google Wireshark

1.8. 11 URL Google Frame 2 Etherinet II 3 Internet Protocol IP IP 4 Transmission Control Protocol(TCP) TCP 5 Hypertext Transfer Protocol(HTTP HTTP + 1.8 VMPlayer X VM FreeBSD

12 1 PC 14 VMPlayer X FreeBSD kterm # shutdown -p now FreeBSD VMplayer

13 2 TCP/IP 2.1 (DOD) (DARPA) ARPANET ARPANET DARPA 60 ARPANET ( 68) 61 62, 63 ARPANET (UCLA, UCSB, ) 73 ( ) TCP/IP ( ARPANET CSNET 81 ARPANET ) 82 TCP/IP 83 4.2BSD TCP/IP Unix ( NCP 83 TCP/IP Internet ) Unix TCP/IP IPv6 TCP/IP ARPANET 90 ARPANET ( 89) 10 93 91 CERN WWW 93 Mosaic WWW

14 2 TCP/IP 1957 ARPA 1961 L.Kleinrock, 1962 J.C.R.Licklider & W.Clark, 1963 P.Baran, 1968 ARPANET 1969 ARPANET 50Kbps 1970 ALOHA system( ) 1971 1971 ARPANET mail 1973 1973 PaloAlto, Ethernet (CSMA/CD 3Mbps) 1973 V.Cerf & B.Kahn, TCP 1974 TCP 1978 TCP/IP 1982 TCP/IP Internet 1983 4.2BSD TCP/IP 1983 ARPANET TCP/IP 1984 DNS 1989 100,000 Internet 1991 WWW (CERN) 1992 1,000,000 1993 InterNIC 1993 (Mosaic) WWW 341,634 1995 Java,RealAudio, Internet 2000 2.2 TCP/IP TCP/IP ( )

2.3. 15 i-mode Web IP TCP/IP TCP/IP TCP/IP 1. Transmission Control Protocol (TCP) 2. User Datagram Protocol (UDP) 3. Internet Control Message Protocol (ICMP) 4. Address Resolution Protocol (ARP) 5. Reverse Address Resolution Protocol (RARP) TCP/IP 2.3 TCP/IP ( )

16 2 TCP/IP ( ) IP IPv4 IPv6 ( ) ( ) ( ) ( ) TCP/IP 2.4 PC

2.4. 17 70 80 OSI TCP/IP (ISO) (Open System Interconnect Reference Model: OSI model) OSI 7 OSI OSI TCP/IP OSI OSI TCP/IP OSI OSI TCP/IP OSI TCP/IP OSI TCP/IP TCP/IP OSI OSI TCP/IP OSI OSI (...) TCP/IP OSI TCP/IP ARP RARP TCP/IP OSI

18 2 TCP/IP ( ) TCP/IP TCP/IP OSI 1. ( ) 2. Ethernet( ) MAC ( ) IP ARP IP RARP (ARP RARP IP X IP ) 3. IP (Internet Protocol) IP IP IP IP IP ICMP (Internet Control Message Protocol) 4. ( ) TCP UDP TCP TCP UDP TCP UDP

2.5. 19 5. TCP/IP berkley TCP/IP Web HTTP(Hyper Text Transfer Protocol) SMTP(Simple Mail Transfer Protocol) 2.5 API ( ) aplication ƒf [ƒ^ ƒgƒ ƒ ƒxƒ [ƒg w ƒwƒbƒ_ ƒf [ƒ^ ƒlƒbƒgƒ [ƒn w ƒwƒbƒ_ ƒf [ƒ^ ƒf [ƒ^ƒšƒ ƒn w ƒwƒbƒ_ ƒf [ƒ^ w ƒwƒbƒ_ ƒf [ƒ^ CRCƒ`ƒFƒbƒN ŠK w ƃf [ƒ^ Eƒwƒbƒ_ ÌŠÖŒW (

20 2 TCP/IP ) TCP/IP ƒgƒ ƒ ƒxƒ [ƒg w ƒlƒbƒgƒ [ƒn w TCP UDP IP Apple Talk ƒf [ƒ^ƒšƒ ƒn w Ethernet w ½ d» ÆŠK w ( ) ( ) MPLS (MultiProtocol Label Switching) ƒšƒ ƒn w ƒw ƒb ƒ_ ƒvƒ ƒ ƒxƒ ƒw ƒb ƒ_ IPƒwƒbƒ_ IPƒyƒCƒ [ƒh TCP/IP TCP/IP

2.6. 21 TCP/IP 2.6 2.6.1 Wireshark TCP/IP ( ) 16 MS-Windows ( Unix ) ( ) Unix OS www.wireshark.org GUI Unix tcpdump [ ] Wireshark Ethereal Wireshark ( ) 2.6.2 Wireshark IP Windows NT,2000,XP ipconfig /all

22 2 TCP/IP Unix ( Kterm) ifconfig # ifconfig lnc0: flags=8843<up,broadcast,running,simplex,multicast> metric 0 mtu 1500 options=9b<rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum> ether 00:10:18:01:55:e5 inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049<up,loopback,running,multicast> metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 IP lnc0 3 192.168.1.10 IP IP Wireshark Capture Options

2.6. 23 Start ( Capture Start ) Capture Filter IP host 192.168.0.1 Filter host 192.168.0.1 and host 192.168.0.2 192.168.0.1 192.168.0.2 (and host 192.68.0.1 host 192.168.0.2 ) 192.168.0.1 192.168.0.2 host 192.168.0.1 or host 192.168.0.2 host [my IP] Start ( Stop )

24 2 TCP/IP 2.6.3 Wireshark Wireshark (Source) ( Destination) (Protocol: TCP,UDP HTTP ) 10.16.164.18 211.4.250.170 HTTP( TCP) HTTP GET Frame, Ethernet, IP, TCP, HTTP +

2.6. 25 ( ) Wireshark ( Capture Stop Ctrl + E ) Wireshark Capture Options de Options Capture Filter: IP host www.watch.impress.co.jp ( ) Save capture file before starting a new capture? Continue without Saving ( ) URL http://www.watch.impress.co.jp URL URL Uniform Resource Locator URL (resource= )

26 2 TCP/IP 2.7 2.1 Wireshark Wireshark IP IP www.watch.impress.co.jp IP 192.168.1.1 www.watch.impress.co.jp 202.218.223.133 2.2 Protocol TCP HTTP 2 2.3 (, ) Info [FIN, ACK] Internet Protocol 16 2

27 3 I TCP/IP OSI 3.1 3.1.1 IEEE802.3( ) TCP/IP TCP/IP ( ) ( ) 10Mbps 10BASE-5 10BASE-2 (1cm) (5mm) RG-58 10BASE-T UTP ( ) 10BASE-5 10BASE-2 ( ) ( )

28 3 I UTP (Unshealded Twist Pair cable) UTP 10BASE-T 10Mbps 3 (Cat.3) 100BASE-TP 100Mbps 5 (Cat.5) 1000BASE-T 1000Mbps 5 (enhanced Cat.5) 100Base 3 100Mbps 3.1.2 UTP5 UTP (Cat.5 ) 100BASE 1 1 1000BASE

3.1. 29 ( 50UTP UTP (Unshealded) 5 1 6-5 1-4 10 ( ) UTP ( ) ( ) 12.5mm

30 3 I ( 0.5 ) ( ) UTP UTP ( ) UTP ( AUTO-MDI/MDIX 3 UTP UTP RJ-45 ( ) RJ-45 8 UTP

3.1. 31 8 1 10,100Base (TIA/EIA-568B) 1 (+) White( pair of Orange ) 2 (-) Orange 3 (+) White( pair of Green ) 4 None Blue 5 None White( pair of Blue ) 6 (-) Green 7 None White( pair of Brown ) 8 None Brown 1000BaseT (TIA/EIA-568A Green pair Orange pair ) A B AT&T TIA/EIA-568B ( )

32 3 I 3.1.3 100BASE-FX 100Mbps, 412,2000,20000m 1000BASE-SX 1000Mbps 550m 1000BASE-LX 1000Mbps 5Km 100BaseFX 100BaseTX 1000Base SX LX SX LX SX

3.1. 物理層 33 長が短いために マルチモードと呼ばれる光ファイバーケーブルしか利用出来ません 一方 LX はそれよ りも長い波長の光を用い 原理的にはマルチモード光ファイバーケーブルも使えますが (この場合には最大 伝送距離は 550m になります) あまり意味はないでしょう この光ケーブルの違いは 光が走るコアと呼 ばれる中心にある媒体の径の太さにあります そして 径が太いものは光が屈折のために色々なモードが 混じることが避けられないためにマルチモードと呼ばれており 伝送到達距離は 550m と短くなりますが プラスチックなどを使って作ることが出来るために安価で 折り曲げなどに強いという性質があります 現在ではあまり使われていませんが ステップインデックスというタイプの光ケーブルもありました (音 声やビデオの短距離伝送に使われています) このような光ケーブルでは 図のように光はコアとクラッドの境界部分で 反射することによって伝播 するタイプですが 原理的に直線的に進むものと 反射して進むものでは道のりが異なるために (反射す ると長い距離を走ることになる) 出口で光の位相がずれてしまい (光も波の一種なので 道のりが異なる と 波の山や谷の位置がずれてしまう) 伝送品質が非常に悪くなってしまいます このような問題を解決したのが グレーデッドインデックスと呼ばれる光ファイバーで マルチモード で使われる光ケーブルは現在では全てこれが使われています グレーデッドインデックスでは コアの中心から離れるに従って徐々に屈折率を変えて作ってあり こ のために光は中心から離れていくものはゆっくりと曲げられて 再び中心を通る軌道へと戻るようになっ ています 更に こうした物質中での光の速度は屈折率によって異なるので それを利用して 遠回りし た光は早く進み 中心を直線的に進んだ光が少し遅く進むことで 二つの経路による位相のずれを非常に 小さく抑えています このことによって マルチモードはステップインデックスに対して伝送距離が長く なり 接合など取り扱いが楽なケーブルになっていますが ある程度の損失はやはりあるために 長距離 には利用できません いずれにせよ マルチモードのモードは光が走る経路のことであり 多くのモードが伝送に関与すると いう意味で マルチモードと呼ばれています マルチモードのケーブルとしては ガラス製では コア径が 50µm のものと 62.5µm のものが使われてい ます プラスチック製では コア径 120µm が利用されています 一方 光の波長としては 1000BASE-SX では 850nm の波長の光が利用されています 径の細いシングルモード光ファイバーは物理的に一つのモードの光のみを伝達するために 非常に損失 が少なく 超長距離の伝送が可能になっています これは極微の世界の物理法則について勉強しないと中々 理解しづらいのですが 言わばコアの径の太さが光の粒子の大きさぎりぎりに作ってあるために 反射も

34 3 I 1000BaseLX 5Km 10µm 1310nm (FTTH ) 10G µm 10 6 m = 0.001mm nm 10 9 m = 1000 µm 3.1.4 FDDI 100M 100Base ATM 10G Base 10G

3.2. 35 3.2 3.2.1 MAC MAC (Ethernet ) MAC 48bit(6byte) MAC 24bit(3byte) 24bit http://www.iana.org/assignments/ethernet-numbers 00000C 00000E Cisco Fujitsu 000093 Proteon 00AA00 Intel 080002 3Com (Formerly Bridge) 080009 Hewlett-Packard 080020 Sun Sun machines Intel MAC 3byte http://standards.ieee.org/develop/regauth/oui/public.html : - 00-0a-ed MAC 16 8bit 00:00:39:00:2f:04 Unix ifconfig MAC

36 3 I > ifconfig lnc0: flags=8843<up,broadcast,running,simplex,multicast> mtu 1500 options=3<rxcsum,txcsum> inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 ether 00:90:27:50:fa:1c media: Ethernet autoselect (100baseTX <full-duplex>) status: active Windows ipconfig MAC OS MAC MAC 01:00:5E:00:00:00 01:80:C2:00:00:00 09:00:4E:00:00:02 CF:00:00:00:00:00 FF:FF:FF:FF:FF:FF FF:FF:FF:FF:FF:FF FF:FF:FF:FF:FF:FF Internet Multicast [RFC1112] Spanning tree (for bridges) Novell IPX Ethernet Configuration Test protocol (Loopback) IP (e.g. RWHOD via UDP) as needed ARP (for IP and CHAOS) as needed EtherTalk MAC TYPE field MAC 0 1 MAC bit 1 Ether 3.2.2 CSMA/CD Ethernet Ethernet

3.2. 37 CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Ethernet CSMA/CD (Carrier Sense) Ethernet (Collision Detection) Multiple Access CSMA/CD Ethernet 30% 50% 3.2.3 CSMA/CD TokenRing FDDI CDMA/CD ( ) (

38 3 I CSMA/CD 100M Ether 100M Ether Gigabit Ether 3.2.4 ARP MAC MAC MAC MAC MAC MAC ARP( Address Resolution Protocol) ARP ( ) ARP Ethernet MAC (ARP ) IP IP ARP MAC IP ARP Unix Windows arp

3.2. 39 > arp -a -n? (10.16.164.33) at 00:00:39:0e:08:04 on lnc0 [ethernet]? (10.16.164.110) at 00:90:cc:22:00:3a on lnc0 permanent [ethernet]? (10.16.164.254) at 00:00:0c:04:df:01 on lnc0 [ethernet] -a ARP -n IP Windows -n ARP MAC? (10.16.164.10) at (incomplete) on lnc0 [ethernet] IP IP

40 3 I 3.3 3.1 VMplayer vmx ( ) notepad ethernet0.connectiontype = "nat" ethernet0.connectiontype = "bridged" ( ) VMplayer # ifconfig... inet 10.120.18.200 netmask 0xffff0000 broadcast 10.120.255.255 inet IP 10.120.x.y (x,y ) 3.2 FreeBSD MAC 2 MAC 3.3 4 IP Wireshark ping # ping 10.120.1.1 ( IP ) ping ARP IP ARP MAC MAC

41 4 II 4.1 4.1.1 IP MAC IP Anon IP A,MAC a Blue ( IP B, MAC b ) Anon Blue Router IP: Rx MAC: rx ƒ [ƒ^ IP: Ry MAC: ry Host: Anon IP: A MAC: a Host: Blue IP: B MAC: b Annon IP A IP B IP Annon Router(IP Rx) Annon Router (IP Rx) ( DHCP Router IP Rx IP A

42 4 II Router Blue ARP Router MAC rx IP Blue B MAC Router MAC rx Router MAC Router Blue (IP B) Router ( ) Blue ( ) ARP MAC b Blue Annon Unix Windows ( Windows2000 XP IP (IP forwarding) ( ) Router ( ) Unix Windows ( ) > netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.16.164.254 UGSc 4 68 nge0 10.16.164/24 link#1 UC 3 0 nge0 10.16.164.33 00:00:39:00:00:01 UHLW 1 25675 nge0 1121 10.16.164.110 00:90:cc:01:c0:11 UHLW 6 402346 lo0 10.16.164.254 00:00:0c:02:d0:21 UHLW 5 3 nge0 418 127.0.0.1 127.0.0.1 UH 5 448 lo0 Unix default 10.16.164.254 4.1.2 IP IP IPv4 32bit IPv4 IP 8bit

4.1. 43 0 255 256 IPv4 0 255.0 255.0 255.0 255 202.11.100.1 32bit 00,01,10,11 ( ) 2 2 32bit 2 2 32 = 2 2 (2 10 ) 3 4 1000 3 = 4 10 9 = 40 ( 2 10 = 1024 1000 ) IP IP IPv4 IP 256 IP IPv4 (2003 4 7 ) CC IP 1 US 1,246,274,560 66.90% 2 JP 103,830,016 5.57% 3 CA 62,013,952 3.33% 4 GB 50,894,080 2.73% 5 DE 48,699,648 2.61% 6 FR 37,210,112 2.00% 7 CN 30,719,744 1.65% 169 SR 1,024 0.00% 173 BZ 256 0.00% 173 GD 256 0.00% 173 NE 256 0.00% 173 SZ 256 0.00% 173 TO 256 0.00% 345,088 0.02% 1,858,318,336 100.00%

44 4 II 5 2008 10 1 NIC IPv4 (2008 10 1 ) 1 US 1,445,547,776 52.24% 2 167,045,888 6.15% 3 149,272,064 5.49% 4 EU 120,298,556 4.43% 5 86,213,976 3.17% 6 78,563,888 2.89% 7 73,655,552 2.71% 1 IP IT 7 JPNIC(IP ) IPv4 IPv6 2011 2 ICANN IP 4 APNIC(JPNIC ) ISP IP IPv4 IPv6 IP 128bit IPv4 2 128 = (2 32 ) 4 (4 10 9 ) 4 = 256 10 36 IPv4 1000 1024 256 340 0 36 ( 340 ( ) ) 1m 2 IP IP AV IP ID(RFID) IP 4.1.3 IP IP

4.1. 45 OS DNS IP IPv4 IP 202.11.100.1 202.11.100 8bit 1 bit 4.1.4 ICMP ICMP(Internet Control Messaging Protocol) ICMP

46 4 II 4.2 4.2.1 ( ) ( ) ( ) ( IE Netscape) 1. P2P (P2P) P2P P2P 4.2.2 2 IP 2 IP IP ( ) 0 IP IP IP IP Well-Known port address Unix /etc/services /etc/services

4.3. 47 ftp-data 20/tcp #File Transfer [Default Data] ftp-data 20/udp #File Transfer [Default Data] ftp 21/tcp #File Transfer [Control] ftp 21/udp #File Transfer [Control] ssh 22/tcp #Secure Shell Login telnet 23/tcp smtp 25/tcp mail #Simple Mail Transfer... http 80/tcp www www-http #World Wide Web HTTP /etc/services http 80 IP 80 OS IP 4.2.3 ICMP TCP(Transmission Control Protocol) TCP UDP(User Datagram Protocol) UDP TCP,UDP 4.3 TCP/IP TCP/IP

48 4 II HTTP (Hyper Text Transfer Protocol) SMTP (Simple Mail Transfer Protocol)

4.4. 49 4.4 4.1 Wireshark Wireshark Capture Options Filter port 80 MAC MAC IP arp -a 4.2 FreeBSD Capture Options Filter IP 5 URL IP DNS ( ) DNS (query) (response) DNS IP ( IP ) IP DNS IP DNS www.google.co.jp 199.23.33.1 10.0.0.1 33...

51 5 IP I TCP/IP 5.1 IP ARP MAC ARP IP IP IP ( ) (ID ) IP IPv4( ) IP IP IPv6 IPv6 IP IPv6 IPv4 5.1.1 IPv4 ( ) IP ( ). ( ) ( ) A 8 bit (1byte) 24 bit (3byte) B 16bit (2byte) 16 bit (2byte) C 24bit (3byte) 8 bit (1byte) IPv4 32bit 8bit 24bit IP

52 5 IP I ( ) IPv4 IP IP 0 A 10 B 110 C 1110 D 1111 E ( ) 4bit IP 0 1 IP 0 A 8 256 1600 B 16 16 65,536 10 B C IP ( ) A C IP

5.1. IP 53 A A 0 0.0.0.0 127.255.255.255 A B B (10) 128.0.0.0 191.255.255.255 B C C (110) 192.0.0.0 223.255.255.255 C C 256 IP 0 254 IP 192.168.0.255 192.168.0.0 D D (1110) 224.0.0.0 239.255.255.255 D 5.1.2 A B ( ) IP

54 5 IP I ( ).{ ( ). ( ) } 172.16.0.0 B B C 24bit 8bit 8bit 24bit 172.16.0.0/24 IP ( ) 172.16.0 B 172.16.0.0 256 ( 256 ) 172.16.0.0/24 172.16.1.0/24 172.16.2.0/24... 172.16.254.0/24 172.16.255.0/24 8bit 192.168.0.0/24 8bit 8 2 3 3bit 5bit ( 32 )

5.1. IP 55 192.168.0.0/27 192.168.0.32/27 192.168.0.64/27 192.168.0.96/27 192.168.0.128/27 192.168.0.160/27 192.168.0.192/27 192.168.0.224/27 4byte 4byte 3bit (000), (001), (010), (011), (100), (101), (110), (111) ( ) 5bit (000) + (0 0000) = (0000 0000) = 0 (001) + (0 0000) = (0010 0000) = 32 (010) + (0 0000) = (0100 0000) = 64 (011) + (0 0000) = (0110 0000) = 96 (100) + (0 0000) = (1000 0000) = 128 (101) + (0 0000) = (1010 0000) = 160 (110) + (0 0000) = (1100 0000) = 192 (111) + (0 0000) = (1110 0000) = 224 1 2 1 2 2 n 2 n 1 (1110 0000) 2 7 + 2 6 + 2 5 = 128 + 64 + 32 = 224 IPv4 192.168.0.0/27 /27 Unix B 256 netmask 255.255.255.0 /24 (netmask OS ) 172.16.0.0 netmask 255.255.255.0 172.16.1.0 netmask 255.255.255.0... 172.16.255.0 netmask 255.255.255.0

56 5 IP I (netmask) IP ( 172.16.4.18 ) IP ( 172.16.4.0 ) /24 24bit IP & & 1 & 1 = 1, 1 & 0 = 0, 0 & 1 = 0, 0 & 0 = 0 1 1 0 (1010) (1010) & (1100) = (1000) IP 2byte 4.18 8bit ( 4.0 4.18 & (1111 1111).(0000 0000) = 4.0 (1111 1111) 8bit 255 4.18 & 255.0 = 4.0 IP 172.16.4.18 3byte(24bit) 172.16.4.18 & 255.255.255.0 = 172.16.4.0 8bit /27 27bit 24 + 3 bit 24bit 255.255.255 3bit ( 1110 0000 ) (224 ) 192.168.0.48 27bit 192.168.0.48 & 255.255.255.224 = 192.168.0.32 192.168.0.32/27 192.168.0.32 netmask 255.255.255.224

5.2. Wireshark 57 (netmask OS ) 192.168.0.0 192.168.0.0 netmask 255.255.255.224 192.168.0.32 netmask 255.255.255.224... 192.168.0.192 netmask 255.255.255.224 192.168.0.224 netmask 255.255.255.224 5.1.3 IP ( ) IP (IP crisis) IP ( ) RIP,OSPF BGP 5.2 Wireshark Wireshark Capture Options Capture Filter 5.2.1 DNS IP dst host src host host host ip, arp, rarp

58 5 IP I gateway gateway dst net 202.11.100.1 202.11.100 src net net dst port TCP/UDP src port TCP/UDP port TCP/UDP ether broadcast ether ip broadcast IP all 1 all 0 5.2.2! not && and AND or OR ( ) (

5.2. Wireshark 59 5.2.3 src host pca1 and src port 23 pca1 src host pca1 or src host pcb1 pca1 pcb1 src host pca1 and dst host pcb1 pca1 pcb1 host pca1 and host pcb1 pca1 pcb1 not ( host pca1 and host pcb1 ) pca1 pcb1

60 5 IP I 5.3 5.1 IP 126.0.0.1 128.0.0.1, 190.255.0.255, 192.0.0.1, 223.255.255.255 5.2 IP (1) 10.3.4.2 (2) 127.16.3.20 (3) 192.168.30.22 5.3 http://www.watch.impress.co.jp 3 IP 3 ( ) port 80

61 6 IP (2) 6.1 CIDR IPv4 Classless InterDomain Routing(CIDR) CIDR IP 4 C (202.11.103.1) 202.11.96.0 -> 202.11.103.1 202.11.97.0 -> 202.11.103.1 202.11.98.0 -> 202.11.103.1 202.11.99.0 -> 202.11.103.1 3byte 96,97,98,99 96 = ( 0110 0000 ) 97 = ( 0110 0001 ) 98 = ( 0110 0010 ) 99 = ( 0110 0011 ) 96 = 64 + 32 = 2 6 + 2 5 6bit ( 0110 00 ) 2bit 4 96/6 ( (0110 0000) 96 ) 4 ( 16bit 6bit ) 202.11.96.0/22 -> 202.11.103.1

62 6 IP (2) CIDR IP A B CIDR 192.168.0.0/24 192.168.0.0/25 128 192.168.0.128/26 64 192.168.0.192/27 32 192.168.0.224/27 32 4byte 192.168.0.(0000 0000)/25 192.168.0.(1000 0000)/26 192.168.0.(1100 0000)/27 192.168.0.(1110 0000)/27 /32 /0 IP 0.0.0.0 /27 24 + 3 bit 4byte 3bit (110) (111) ( IP (000) (101) ) 192.168.0.128/27 192.168.0.160/27 192.168.0.128/26 192.168.0.0/27, 192.168.0.32/27, 192.168.0.64/27, 192.168.0.96/27 192.168.0.0/25 192.168.0.0/27, 192.168.0.32/27, 192.168.0.64/27 192.168.0.96/27 IP IP NAT (Network Address Translation) NAPT (Network Address and Port Translation) 6.2 IP

6.2. 63 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 NAT(NAPT)

64 6 IP (2) 6.3 6.1 10.0.0.0/24 8 6.2 172.16.0.0/12 IP 6.3 202.11.97.48/28 202.11.97.0

65 7 TCP/IP 7.1 7.1.1 100m 4 4 4 100BaseTX 100BaseFX( ) 100m B 100BaseTX 7.1.2 MAC MAC

66 7 ƒu ƒšƒbƒw ( ) ASIC ASIC Application Specific Integrated Circuit CPU DSP LSI ASIC ASIC ƒxƒcƒbƒ` A B C D A,BŠÔ Ì Ê M ÆC,DŠÔ Í Æ

7.1. 67 ( FDDI ATM ) Ethernet Ethernet L2 SNMP (Simple Network Management Protocol) L2 VLAN(Virtual LAN: ) L2 (Layer2) ASIC L2 7.1.3 IP CPU ASIC L2 L3

68 7 IPv6 7.2 7.2.1

7.2. 69 FDDI FDDI Ethernet ( ) ( )

70 7 s Ê L3 L3 L3 7.2.2

7.2. 71 192.168.0.0/24 A B C D L2 L3 ƒ [ƒ^ 192.168.0.0/24 A B C D 192.168.1.0/24 E F G H

72 7 L2 VLAN L2 PC ( ) L3 20 7.2.3 VLAN VLAN (Virtual LAN) A B C D E F G H 192.168.0.0/24 192.168.1.0/24 A E C G B F 192.168.2.0/24

7.3. 73 VLAN Layer2 ( tagging VLAN ) VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN L3 L2 VLAN L 3 (Link Aggregation ) L3 L2 VLAN L3 L2 VLAN 7.3 7.3.1 A B C D E F G H

74 7 ( ) ( ) (STP) STP STP ( ) STP A B C D E F G H STP Å Ø f ášq A B C D E F G H STP Å Ø f µ È

7.3. 75 STP (RSTP: Rapid STP) STP VLAN STP MSTP(Multiple STP) (MSTP VLAN ) MSTP Cisco PVST(Per VLAN STp) 7.3.2 ( ) ( RIP(Routing Information Protocol),OSPF(Open Shortest Path Fast), BGP4(Border Gateway Protocol v4) RIP OSPF RIP RIP RIP ( 15 ) RIP RIP OS OSPF RIP OSPF ( ) OSPF

76 7 RIP 15 CPU RIP OSPF BGP4 BGP RIP OSPF BGP RIP RIP RIP BGP RIP BGP OSPF BGP RIP IP IP IP IP IP IP IP VRRP(Virtual Router Redundancy Protocol) Cisco HSRP(Hot Standby Routing Protocol)

7.4. VPN 77 192.168.0.252 192.168.0.253 192.168.0.254 ð ¼ æ é 192.168.0.252 ̃ [ƒ^ ªŒÌ á 192.168.0.252 192.168.0.253 192.168.0.254 ð ¼ æ é 7.4 VPN VPN (Virtual Private Network) VPN B 7.4.1 VPN VPN TCP/IP SSL/TLS SSL/TSL SSL/TSL IPsec OpenVPN IP in IP

78 7 VPN VPN OpenVPN, SoftEther, PacketiX L2 VPN 7.4.2 VPN VPN ( L3VPN L2VPN ) L3VPN IP L3VPN L2VPN L3VPN IP L2VPN MAC MAC

7.5. 79 7.5 7.1 3 3 30 1000BaseTX 30 1000BaseTX L2 L3 10GBASE- LR(10GigabitEther ) A,B,C D A,B,C,D 150m ( ) L3 2 10G 4 Gigabit 12 24 L2 10G 2 Gigabit 24 L3,L2 10G PowerPoint 10G Gigabit Ethernet L3 L3SW12 4 12 1,000,000 L3 L3SW24 4 24 1,800,000 L2 L2SW24 2 24 400,000 150m 1,000,000 150m 50,000

81 8 ICMP ICMP TCP/IP IP ( ICMP(Internet Control Message Protocol) 8.1 ICMP IP TCP ICMP (Internet Control Message Protocol) ICMP ( ) ICMP ICMP ICMP 8.1.1 ICMP 1byte type message 0 Echo Reply 3 Host Unreacheable 4 Source Quench 5 Redirect 8 Echo 9 Router Advertisement 10 Router Solicitation 11 Time Exceeded 12 Parameter Problem 13 Time Stamp 14 Time Stamp Reply 15 Information Request 16 Information Reply 17 Address Mask Request 18 Address Mask Reply

82 8 ICMP Echo, Echo Reply Echo Reply Host Unreachable Source Quench Redirect Router Solicitation, Router Advertisement Time Exceeded TTL(Time To Live) 0 Fragmentation ( TTL 64 64 ) Parameter Problem Time Stamp, Time Stamp Reply Information Request, Information Reply IP Information Reply Address Mask Request, Address Mask Reply ( ) type 3(Host Unreachable), type 11(Time Exceeded) TTL(Time To Live) IP 1 0 ICMP type 11 3 Host Unreacheable IP Host Unreachable ( ICMP 2byte )

8.1. ICMP 83 0 1 2 3 4 5 code 0 code 3 type 11 type 3 ICMP IP 64bit ( TCP UDP ) ICMP ICMP RFC792 RFC RFC Request For Comments RFC RFC IETF(Internet Engineering Task Force : http://www.ietf.org) TCP UDP IP IDS( ) MTU MTU MTU ICMP unreachable Type4 ICMP MTU ( ICMP MTU ) MTU TCP MSS( ) 8.1.2 ICMP ICMP icmp Filter: icmp Apply( ) Filter option ( Display Filter Wireshark )

84 8 ICMP 8.2 8.2.1 ping ping Unix Windows ping ICMP Echo Request Echo reply Echo Request ping 20% ( ) IP ping 0% > ping 10.20.8.4 PING 10.20.8.4 (10.0.0.10): 56 data bytes 64 bytes from 10.20.8.4: icmp_seq=0 ttl=254 time=0.270 ms 64 bytes from 10.20.8.4: icmp_seq=1 ttl=254 time=0.201 ms 64 bytes from 10.20.8.4: icmp_seq=2 ttl=254 time=0.189 ms 64 bytes from 10.20.8.4: icmp_seq=3 ttl=254 time=0.192 ms 64 bytes from 10.20.8.4: icmp_seq=4 ttl=254 time=0.173 ms 64 bytes from 10.20.8.4: icmp_seq=5 ttl=254 time=0.188 ms 64 bytes from 10.20.8.4: icmp_seq=6 ttl=254 time=0.202 ms 64 bytes from 10.20.8.4: icmp_seq=7 ttl=254 time=0.194 ms ^C --- 10.20.8.4 ping statistics --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.173/0.201/0.270/0.027 ms ping

8.2. 85 > ping www.impress.co.jp PING www.impress.co.jp (210.173.173.19): 56 data bytes 64 bytes from 210.173.173.19: icmp_seq=0 ttl=245 time=36.784 ms 64 bytes from 210.173.173.19: icmp_seq=1 ttl=245 time=34.016 ms 64 bytes from 210.173.173.19: icmp_seq=2 ttl=245 time=33.972 ms 64 bytes from 210.173.173.19: icmp_seq=3 ttl=245 time=43.940 ms 64 bytes from 210.173.173.19: icmp_seq=4 ttl=245 time=33.899 ms 64 bytes from 210.173.173.19: icmp_seq=5 ttl=245 time=33.860 ms 64 bytes from 210.173.173.19: icmp_seq=6 ttl=245 time=33.821 ms 64 bytes from 210.173.173.19: icmp_seq=7 ttl=245 time=33.783 ms 64 bytes from 210.173.173.19: icmp_seq=8 ttl=245 time=33.751 ms 64 bytes from 210.173.173.19: icmp_seq=9 ttl=245 time=43.827 ms 64 bytes from 210.173.173.19: icmp_seq=10 ttl=245 time=33.669 ms 64 bytes from 210.173.173.19: icmp_seq=11 ttl=245 time=143.658 ms ^C --- www.impress.co.jp ping statistics --- 12 packets transmitted, 12 packets received, 0% packet loss round-trip min/avg/max/stddev = 33.669/44.915/143.658/29.998 ms ICMP ICMP ICMP ECHO(,Reply) ICMP 8.2.2 traceroute ping traceroute Windows tracert traceroute IP TTL(Time To Live) TTL 64 1 0 ( ICMP ) TTL 1 TTL 0 ICMP type 11(Time Exceeded) ICMP IP TTL traceroute

86 8 ICMP > traceroute -n www.jp.freebsd.org traceroute to www.jp.freebsd.org (211.14.6.244), 64 hops max, 44 byte packets 1 10.16.164.253 0.559 ms 0.368 ms 0.503 ms 2 10.0.1.x 0.225 ms 0.202 ms 0.342 ms 3 10.x.0.x 5.528 ms 5.462 ms 5.519 ms 4 211.13.x.x 8.052 ms 11.174 ms 8.351 ms 5 211.13.x.x 8.365 ms 9.200 ms 8.527 ms 6 202.224.36.1 25.765 ms 25.424 ms 26.145 ms 7 202.224.32.50 26.136 ms 27.332 ms 26.371 ms 8 210.171.224.205 32.763 ms 27.245 ms 26.489 ms 9 211.14.3.196 30.780 ms 30.760 ms 39.290 ms 10 211.14.4.105 29.777 ms 28.668 ms 26.974 ms 11 211.14.6.244 27.333 ms 26.072 ms 25.666 ms ( -n IP ) traceroute ( ) traceroute TTL traceroute traceroute traceroute Unix traceroute UDP Windows tracert ICMP Echo

8.3. 87 8.3 8.1 guru.it.matsue-ct.jp (10.50.18.200) ping Wireshark ping echo request Sequence number ( ) ID(Identifier) Echo request 10 Sequence number ID 8.2 traceroute 10.50.18.200 traceroute UDP 8.3 ICMP 10.50.18.200 traceroute ICMP type code

89 9 TCP UDP 9.1 TCP,UDP IP TCP/UDP IP Well Known( : ) IANA (Internet Assigned Numbers Authority) ( RFC ) 0-1023 well known port ( ) 1024-49151 registered port ( ) 49151-65535 private port ( ) well known port IETF 1024 well known root http://www.iana.org/assignments/port-numbers Unix /etc/services

90 9 TCP UDP ftp-data 20/tcp #File Transfer [Default Data] ftp-data 20/udp #File Transfer [Default Data] ftp 21/tcp #File Transfer [Control] ftp 21/udp #File Transfer [Control] ssh 22/tcp #Secure Shell Login ssh 22/udp #Secure Shell Login telnet telnet 23/tcp 23/udp # 24/tcp any private mail system # 24/udp any private mail system smtp 25/tcp mail #Simple Mail Transfer smtp 25/udp mail #Simple Mail Transfer # FTP 21 20 (TCP,UDP TCP ) SSH(Secure SHell) 22 telnet 23 SMTP(Simple Mail Transfer Protocol) 25 UDP UDP domain 53/tcp #Domain Name Server bootps 67/udp dhcps #Bootstrap Protocol Server bootpc 68/udp dhcpc #Bootstrap Protocol Client http 80/tcp www www-http #World Wide Web HTTP pop3 110/tcp #Post Office Protocol - Version 3 nntp 119/tcp usenet #Network News Transfer Protocol ntp 123/tcp #Network Time Protocol netbios-ns 137/tcp #NETBIOS Name Service netbios-dgm 138/tcp #NETBIOS Datagram Service netbios-ssn 139/tcp #NETBIOS Session Service imap 143/tcp imap2 imap4 #Interim Mail Access Protocol v2 snmp 161/tcp snmptrap 162/tcp snmp-trap ldap 389/tcp #Lightweight Directory Access Protocol https 443/tcp smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp) rtsp 554/tcp #Real Time Stream Control Protocol ldaps 636/tcp sldap #ldap protocol over TLS/SSL imaps 993/tcp # imap4 protocol over TLS/SSL pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL IANA /etc/services 443 https HTTP(Hyper Text Trasnfer Protocol: WWW )

9.2. TCP 91 HTTP over TLS/SSL TLS/SSL well known registered port private IP, TCP,UDP TCP UDP ( ) IP A Port X TCP IP B Port Y IP A Port X UDP IP B Port Y 9.2 TCP TCP (Transmission Control Protocl) TCP TCP 9.2.1 Ethereal

92 9 TCP UDP 9.2.2 TCP ( IP ) TCP sequence number( ) 1byte 50byte 1000 1049 1049 ( )

9.2. TCP 93 Wireshark (relative sequence number) 0 16 (93a7 976c) Wireshark 0 Wireshark 16 9.2.3 ack(acknowlegement: )

94 9 TCP UDP ack ( ) 1099 ack 1100 9.2.4 ACK ACK 9.2.5 TCP 9.2.6 TCP 3 3 3 ( ) SYN SYN,ACK ACK 3 2 2 (2 SYN,ACK ) 3 SYN SYN,ACK ACK TCP

9.2. TCP 95 SYN ACK FIN PSH URG RST 1 SYN RST SYN 6bit 8bit TCP 2bit ( ) OS 9.2.7 2 2 ACK FIN,ACK FIN,ACK ACK FIN ACK ACK TCP SYN ACK Web

96 9 TCP UDP 9.2.8 TCP TCP TCP ( 20byte ) 0 31 Mƒ [ƒg Ô ˆ æƒ [ƒg Ô Ô Žó MŠm F Ô ƒiƒt ƒzƒbƒg \ ñ Œä ƒeƒbƒ ƒhƒe ƒ`ƒfƒbƒnƒt ƒ ƒiƒv ƒvƒ ƒ UR Gƒ ƒc ƒ ƒ^ ƒpƒf ƒbƒ ƒo (2byte) (2byte) (2byte) (4byte) TCP (4byte ) (4bit) URG (4byte) ( 0) (6bit) URG,ACK,PSH,RST,SYN,FIN (6bit) ACK (2byte) 0 (2byte) URG (2byte) ( 1byte, 1byte, ) 4byte 0 9.2.9 PSH,URG TCP SYN,FIN,ACK RST PSH URG 9.2.10 PSH TCP/IP (

9.2. TCP 97 ) 1byte telnet telnet PSH(push) k a n a y a m 9.2.11 URG URG(Urgent: ) Break URG ƒf [ƒ^ ò Ñ z

98 9 TCP UDP 9.3 UDP UDP (User Datagram Protocol) TCP (connectionless) TCP UDP UDP ( ) DNS IPv4 NAT TCP UDP 0 31 Mƒ [ƒg Ô ƒf [ƒ^ ˆ æƒ [ƒg Ô ƒ`ƒfƒbƒnƒtƒ

9.4. 99 9.4 9.1 Wireshark Web 3-way handshake ( ) ( (relative sequence number) ack 3-way handshake 3 1

101 10 10.1 DNS telnet SSH FTP WWW POP IMAP NTP NNTP DHCP CIFS NFS LDAP IP (HTTP) IP TCP 10.2 Domain Name Service (DNS) IP IP ( ) DNS DNS IP

102 10.( ) matsue-ct.ac.jp matsue-ct.ac.jp..( ) jp ac matsue-ct DNS DNS DNS jp. com. DNS www.matsue-ct.ac.jp. jp. ac.jp. matsue-ct.ac.jp. www.matsue-ct.ac.jp. IP DNS DNS ( www.matsue-ct.ac.jp) FQDN (Full Qualified Domain Name) DNS DNS DNS IP DNS DHCP IPv6.( ピリオッド ) com. jp. fr. ne.jp. ac.jp. co.jp. go.jp. matsue-ct.ac.jp. shimane.ac.jp. DNS IP DNS ( CIDR ) DNS 53 DNS (query ) UDP

10.3. telnet 103 10.3 telnet telnet telnet telnet SSH telnet telnet telnet 23 telnet telnet 80 (HTTP) HTTP GET

104 10 telnet www.matsue-ct.ac.jp 80 Trying 10.100.1.3... Connected to www.matsue-ct.ac.jp. Escape character is ^]. GET /index.html <?xml version="1.0" encoding="shift_jis"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja">... ( ) Unix ( ) inetd inetd /etc/inetd.conf Unix DNS inetd inetd inetd telnet telnetd ftpd 10.4 File Transfer Protocol(FTP) FTP FTP 21 20 FTP WWW ftp:// FTP FTP 21 ( ) NAT NAT NAT NAT FTP

10.5. Secure SHell (SSH) 105 ƒnƒ ƒcƒaƒ ƒg ƒt [ƒo FTP control 21 FTP data 20 FTP ftp 10.5 Secure SHell (SSH) SSH Unix telnet FTP sftp(secure FTP) VPN (Virtual Private Network)

106 10 telnet telnetd mail imap client ˆÃ ñ ü sendmail imapd server SSH SMTP POP,IMAP telnet SSH VPN VPN VPN SoftEther TCP,UDP SSH VPN IPsec IPsec 10.5.1 SSH SSH(Secure SHell) FreeBSD Fsecure SSH OpenSSH SSH

10.5. Secure SHell (SSH) 107 > ssh kanayama@stu.cc.matsue-ct.jp Enter passphrase for key /home/kanayama/.ssh/id_rsa : Password: Last login: Thu May 27 13:34:55 2010 from 10.164.4.199 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 7.1-RELEASE-p9 (GENERIC) #0: Tue Dec 8 18:09:12 JST 2009... > ( passphrase ) (Password) 3 > ssh kanayama@stu.cc.matsue-ct.jp Enter passphrase for key /home/kanayama/.ssh/id_rsa : Password: Password: Password: Permission denied (publickey,keyboard-interactive). SSH SSH % mkdir ~/.ssh % ls -ld ~/.ssh drwxr-xr-x 2 kanayama staff 512 6 16 20:04 /home/kanayama/.ssh/ FreeBSD ssh-keygen

108 10 %ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/kanayama/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/kanayama/.ssh/id_rsa. Your public key has been saved in /home/kanayama/.ssh/id_rsa.pub. The key fingerprint is: d5:7e:39:97:18:a1:dd:ea:5f:f7:2c:ff:90:2a:bd:47 kanayama@guru.it.matsue-ct.jp ~/.ssh/id_rsa.pub (RSA2 ) ~/.ssh/id_rsa (RSA2) 2 ( ) (16 ) passphrase too short: have 4 byetes, need > 4 Saving the key failed: /home/kanayama/id_rsa ~/.ssh/authorized_keys sftp(ssh ftp) ~/.ssh id_rsa.pub authorized_keys

10.5. Secure SHell (SSH) 109 > cd ~/.ssh > sftp kanayama@stu.cc.matsue-ct.jp... sftp> mkdir.ssh sftp> cd.ssh sftp> put id_rsa.pub authorized_keys sftp> ls -l -rw-r--r-- 1 kanayama j-staff 6021 Jun 21 14:03 authrized_keys sftp> sftp> quit (pathphrase) > ssh kanayama@stu.cc.matsue-ct.jp The authenticity of host stu can t be established. RSA key fingerprint is 0a:c0:43:fe:4f:ab:72:b4:51:e1:f0:08:81:f6:4c:a7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added stu (RSA) to the list of known hosts. Enter passphrase for RSA key /home/kanayama/.ssh/id_rsa : SSH rsh yes telnet ~/.ssh/known_hosts ( @ ) > ssh -2 kanayama@stu.cc.matsue-ct.jp DNS SSH ~/.ssh/known_hosts known hosts

110 10 stu.cc.matsue-ct.jp ssh-rsa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXX XXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX== 10.6 Network Time Protocol(NTP) NTP GPS stratum 1 stratum 2 ( ) NTP NTP stratum1,2 http://www.ntp.org/ DNS pool.ntp.org NTP NTP NiCT( ) (http://www2.nict.go.jp/w/w114/stsi/pubntp/) # NICT # ntp.nict.jp(133.243.238.164) server 133.243.238.164 NiCT server 133.243.238.163 server 133.243.238.164 server 133.243.238.243 server 133.243.238.244 ( ntp.nict.jp DNS IP ) NTP NTP (stratum2,3) stratum1 GPS NTP 1 123

10.7. Hyper Text Transfer Protocol(HTTP) 111 10.7 Hyper Text Transfer Protocol(HTTP) HTTP cgi URL(Unified Resource Location) URL http://www.matsue-ct.ac.jp/ HTTP www.matsue-ct.ac.jp / telnet > telnet www.matsue-ct.ac.jp 80 Trying 10.100.1.3... Connected to www.matsue-ct.ac.jp Escape character is ^]. GET / HTML (Hyper Text Markup Language ) HTTP GET / HTTP/1.1\r\n HOST: www.matsue-ct.ac.jp\r\n USER-Agent: Mozilla/5.x (Windows; U; Windows NT 5.0; ja-jp;...)...\r\n Accept: application/x-shockwave-flash,text/xml,application/xml,...\r\n Accept-Language: ja,en-us;q=0.7,en;q=0.3\r\n Accept-Encodeing: gzip,deflate,compress;q=0.9\r\n Accept-Charset: EUC-JP,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 300\r\n Connection: keep-alive\r\n HTTP 80 8080 URL http://www.matsue-ct.ac.jp:8080/ www.matsue-ct.ac.jp 8080

112 10 10.8 Simple Mail Transfer Protocol(SMTP) SMTP SMTP SMTP POP IMAP SMTP SMTP > telnet stu.cc.matsue-ct.ac.jp 25 Trying 10.120.10.50... Connected to stu.cc.matsue-ct.ac.jp Escape character is ^]. 220 stu.cc.matsue-ct.ac.jp ESMTP Sendmail; Mon, 7 Jun 2004 20:41:24 +0900 (JST) helo mastue-ct.ac.jp 250 stu.cc.matsue-ct.ac.jp mail from:<kanayama@mastue-ct.jp> 250 <kanayama@matsue-ct.jp>... Sender ok rcpt to:<hoge@virtual.domain.jp> 250 <hoge@virtual.domain.jp>... Recipient ok data 354 Enter mail, end with. on a line by itself subject: test this is a test mail.. 250 UAA18096 Message accepted for delivery quit 221 stu.cc.matsue-ct.ac.jp closing connection Connection closed by foreign host. SMTP kanayama@matsue-ct.jp hoge@virtual.domain.jp (subject:) test this is a mail. From To subject (body) ( )

10.9. Post Office Protocol(POP) 113 Received: from stu.cc.matsue-ct.ac.jp ([192.168.0.1]) by pc2f002.dum.matsue-ct.ac.jp (R8/cf1.0) with ESMTP id f6u9c8k89707 for <noriyo@matsue-ct.jp>; Mon, 30 Jul 2001 18:38:08 +0900 (JST) (envelope-from kanayama@inner-root.matsue-ct.jp) Received: from mytest@localhost) by pc2f001.dum.matsue-ct.ac.jp (R8/cf1.0) with ESMTP id RAA01100 for <noriyo@matsue-ct.jp>; Mon, 30 Jul 2001 18:38:07 +0900 (JST) Date: Mon, 30 Jul 2001 18:38:05 +0900 (JST) From: mytest <mytest@dum.matsue-ct.ac.jp> Message-Id: <200008010820.RAA01100@pc2f001.dum.matsue-ct.ac.jp> To: mytest@matsue-ct.ac.jp Subject: test [ ] From To SMTP mail from rcpt to ( ) From To SMTP SMTP Received (Received SMTP 3 Received 3 SMTP ) 2 SMTP Received SMTP Received SMTP (Received ) Received (envelope-from) (for ) ( SMTP ) From To SMTP 10.9 Post Office Protocol(POP) SMTP Unix Unix POP POP

114 10 POP POP POP POP POP version3 110 TCP 10.10 Internet Message Access Protocol(IMAP) POP IMAP IMAP POP ( ) IMAP CPU IMAP 143 10.11 Network News Trasnfer Protocol(NNTP) NNTP ( blog ) NNTP SMTP 119 10.12 Dynamic Host Configuration Protocol(DHCP) DHCP IP ( ) DNS DHCP DHCP IP DHCP (IP ) 0.0.0.0 IP 255.255.255.255 IP

10.13. Common Internet File Service(CIFS) 115 DHCP ( ) DHCP IP DHCP 68 67 DHCP BOOTP BOOTP BOOTP DHCP IP MAC IP PC DHCP DHCP TCP/IP DHCP IP IPv6 IP DNS DHCP IPv6 DHCP IP ISC(Internet Software Consortium:DNS BIND ) DHCP DNS 10.13 Common Internet File Service(CIFS) CIFS Microsoft ( ) Unix NFS(Network File System) CIFS Unix Samba Unix CIFS Sharity

116 10 CIFS NFS NFS Unix Samba Windows 10.14 Lightweight Directory Access Protocol(LDAP) LDAP LDAP DNS HTTP API LDAP ( OpenLDAP SQL ) ( Unix NIS(Network Information Service)) LDAP MS-Windows ActiveDirectory LDAP LDAP LDAP 389 SSL/TLS 636 10.15 RPC(Remote Procedure Call) Unix Windows 80 80 HTTP WebDAV HTTP 80

10.16. 117 10.16 10.1 Wireshark telnet stu (stu.matsue-ct.jp) FreeBSD -y # telnet -y stu.matsue-ct.jp telnet X-Window ( - ) 10.2 Wireshark ssh stu (stu.cc.matsue-ct.jp) ( ) 10.3 stu ssh ssh

119 11 11.1 11.1.1? (authentication) ID ( ) 2

120 11 11.1.2 11.2 2 1 2 ( ) 11.2.1 K( ) K 1 ( ) K K 1 K 1 K K 1 K 1 ( ) K( )

11.2. 121 K K 1 ( ) 11.2.2 ( ) K = K 1 ( ) K( ) K( ) Unix DES (Deta Encryption Standard) AES(Adbanced Encryption Standard) Free Blowfish ( AES Rijndael (J.Daeman and V.Rijmen) ) 11.2.3 20 K K 1 2 2

122 11 MŽÒ Žó MŽÒ ŒöŠJŒ BK ˆÃ» é Œ BP œ» A B BK B BP B A AK 2 RSA RSA ( Ronald Rivest, Adi Shamir, Len Adleman) RSA Rivest ( ) 2 429 RSA 17 1993 1600 8 RSA 2 1024 10 1 5 ( 1024bit 2048bit ) RSA AES ( VPN DES DES 3 3DES DES

11.3. 123 VPN AES ) 11.3 11.3.1 Unix ƒvƒxƒe ƒ ƒ [ƒu ½ ƒpƒxƒ [ƒh ç µ ½ ˆÃ»ƒpƒXƒ [ƒh ½ ƒpƒxƒ [ƒh ˆÃ»ƒpƒXƒ [ƒh ˆê v µ ½ È ç Î { l 3

124 11 11.3.2 DES DES 78 90 DES DES 56bit 1bit DES DES Unix NIS 11.3.3 ( ) 10 MD5 (Message Digest 5) SHA (Secure Hash Algorism) MD5 FreeBSD OpenBSD 11.3.4 Kerberos Kerberos MIT( ) Athena Kerberos Windows Kerbros ( Kerberos ) Kerberos Kerberos (KDC) KDC

11.3. 125 Kerberos version4 DES version5 Kerberos KDC KDC KDC KDC Kerberos Kerberos Kerberos 11.3.5 One Time Password (OTP) OTP OTP OTP OTP OTP S/KEY, OPIE 11.3.6 Prety Good Privacy(PGP) PGP PGP PGP PGP OpenPGP IDEA GNU GnuPG IDEA AES 3DES

126 11 11.3.7 ( ) ATM 11.4 TCP/IP ( ) VPN(Virtual Private Network) VPN 11.4.1 A B X Y

11.4. 127 Y Internet X private net B private net A A B P X X Y A B P X,Y X Y Y (A B ) B VPN 11.4.2 IPsec IPsec(IP Securyt Protocol) VPN IPsec ( AH:Authentication Header) ( ESP: Encapsulating Security Payload) DES 3DES,IDEA Blowfish ( )

128 11 SSL SSL(Secure Socket Layer) SSL SSL SSL Netscape TLS/SSL SSL3.0 RFC2246 TLS1.0 TLS/SSL (SSL start TLS TLS ) SSH SSH(Secure SHell) 1000 SSH SSH

11.5. 129 11.5 11.1 8 Score 85 ( HTTPS ) Hide http://www.passwordmeter.com/ 11.2 9 100 Score 11.3 100byte MD5 SHA1 % ls -l test.txt -rw-r--r-- 1 kanayama staff 1839 7 3 19:42 test.txt ls -l 1838byte 1byte (4 ) MD5 md5 SHA1 sha1 % md5 test.txt MD5 (test.txt) = 4a6be328f465b7d607a77413ad5868e4 % sha1 test.txt SHA1 (test.txt) = 622bb6d81b2de3082746c27ef9ca95d304ba3504 =

131 12 II 12.1 GnuPG GnuPG 12.1.1 GnuPG GnuPG FreeBSD # setenv PACKAGEROOT ftp://10.50.18.200 # pkg_add -r gnupg... # pkg_add -r pinentry... # rehash GnuPG 12.1.2 GnuPG GnuPG GnuPG # rehash # gpg Warning: using insecure memory! gpg: directory /home/test/.gnupg created gpg: new configuration file /home/test/.gnupg/gpg.conf created gpg: WARNING: options in /home/test/.gnupg/gpg.conf are not yet active during this run gpg: keyring /home/test/.gnupg/secring.gpg created gpg: keyring /home/test/.gnupg/pubring.gpg created gpg: Go ahead and type your message... Ctrl+C ^C gpg: signal Interrupt caught... exiting

132 12 II gpg:. gpg # gpg --gen-key GnuPG RSA 1 DSA and Elgamal 1 gpg (GnuPG) 2.0.11; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Warning: using insecure memory! Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? DSA 1024bit Elgamal 1024 4096bit 2048bit DSA keypair will have 1024 bits. ELG keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) ( ) Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0)

12.1. GnuPG 133 Key does not expire at all Is this correct? (y/n) y GnuPG needs to construct a user ID to identify your key. Real name: Noriyo Kanayama Noriyo Kanayama E-mail Email address: kanayama@matsue-ct.jp Comment: Prof. N.Kanayama USER-ID You selected this USER-ID: "Noriyo Kanayama (Prof. N.Kanayama) <kanayama@matsue-ct.jp>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? OpenPGP Real Name E-mail USER-ID USER-ID kanayama@matsuect.jp USER o ( :Okay ) SSH X-Window 2 Enter passphrase Passphrase <OK> <Cancel>

134 12 II We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/test/.gnupg/trustdb.gpg: trustdb created gpg: key 58AC4D3D marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/58AC4D3D 2010-07-10 uid Key fingerprint = 5459 7055 310B CE97 57EB 7384 E845 30D6 58AC 4D3D sub 2048g/257A3239 2010-07-10 Noriyo Kanayama (Prof. N.Kanayama) <kanayama@matsue-ct.jp> 12.1.3 ( JPNIC http://pgp.nic.ad.jp/ ) http://guru.it.matsue-ct.jp:11371 ( kanayama@matsue-ct.jp ) # gpg -a --export kanayama@matsue-ct.jp

12.1. GnuPG 135 Warning: using insecure memory! -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.11 (FreeBSD) mqgibew4u2qrbacjxzjicxtefkizzozijbhiz+kj/kpbuoq4z7u/dbsl1arnfd1m m9tjof4dnzxfvfuayqvoue0v+vyhozonnjt0tux+aq9x2cypqk63cduactqnbbrk 5/G32Eoek+Guo0KkEDkgo5aFlvFBh0TnvjniAc0VgjlafIJ6VbQ6Tm9yaXlvIEth bmf5yw1hichqcm9mlibolkthbmf5yw1hksa8a2fuyxlhbwfabwf0c3vllwn0lmpw PohgBBMRAgAgBQJMOFNkAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ6EUw 1lisTT00IACfaDjf/izVspmshUse0phrHANgQXcAoIt3EU0n6vBkie8l43VJsPir hrccqzgppy8mps2p4vorb/zf7zcs6mt2wxftmhqr8ihqdd5y3ql5zuwr/xufrwl1 E+0UiEkEGBECAAkFAkw4U2QCGwwACgkQ6EUw1lisTT3eSACfWMJOLkI4VPhqHu2f zt7ann1oczean0pt3tadw2jn8qwe0mjby7rbejzi =LMS2 -----END PGP PUBLIC KEY BLOCK----- BEGIN END Enter ASCII-armord PGP key here: Submit this key to the keyserver! URL USER-ID ( ) Index: Verbose Index: Search String: kanayama Show OpenPGP "fingerprints" for keys Only return exact matches Do the search! Public Key Server Index kanayama Type bits /keyid Date User ID pub 1024D/A1802BF 0 2010/07/10 Noriyo Kanayama (Prof. N.Kanayama) <kanayama@matsue-ct.jp> A1802BF0 ( )

136 12 II BEGIN END kanayama.pub # gpg --import kanayama.pub Warning: using insecure memory! gpg: key A1802BF0: public key "Noriyo Kanayama (Prof. N.Kanayama) <kanayama@matsue-ct.jp>" imported gpg: Total number processed: 1 gpg: imported: 1 kanayama %gpg --list-keys Warning: using insecure memory! /home/test/.gnupg/pubring.gpg ----------------------------- pub 1024D/58AC4D3D 2010-07-10 uid sub 2048g/257A3239 2010-07-10 Noriyo Kanayama (Prof. N.Kanayama) <kanayama@matsue-ct.jp> pub 1024D/A1802BF0 2010-07-10 uid test hogehoge (test User) <hogehoge@matsue-ct.jp> sub 2048g/E2E30DF5 2010-07-10 12.1.4 ( ) # gpg -sa test test test.asc

12.1. GnuPG 137 -----BEGIN PGP MESSAGE----- Version: GnuPG v2.0.11 (FreeBSD) owgbwmvmwctiexijvrbb+wpjmrykzuluvbqjvzkkeh8ln+sqjmxibsbkvchjls5r SMvMSVVIyy9SyE0tLk5MT1UozyzJUCjOTM9LLCktSlXIz1NwzysNcNfj4orML1XI LQXqKS5NKs3NLFEoARkF01eSr+Cbn5+SkwpUmVSp4JdflFmZr+CdmJdYmZibyNVh z8zkalif5jjbjtd4hvkrvh7c8asymv1+j0relvkefgz66a/dppxvgjtj9x6d/znz w/yub75hhg+mrwea =W95Y -----END PGP MESSAGE----- ( )... # gpg -d test.asc ( ) # gpg --clearsign test2 test2.asc test2.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a test. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) id8dbqfmofvrdffcj6gak/araplgaj92dmtqwlyfur2crwpsl83/flmbcgcfe3k0 ut8xxfrjnct/8qfupcmdcbu= =wzwd -----END PGP SIGNATURE-----

138 12 II 12.1.5 ( ) # gpg -ea -r kanayama@matsue-ct.jp test2.asc test2.asc.asc ( GnuPG ( ) asc ) # gpg -d test3

12.2. 139 12.2 12.1 GnuPG ( ) Type bits /keyid Date User ID pub 1024D/BEEFF8B3 2011/07/16 Noriyo Kanayama (Prof. N.Kanayama) <kanayama@matsue-ct.jp> User ID 12.2 GnuPG 12.3 GnuPG 12.4 ( )

141 13 13.1 13.2 13.2.1 VPN IPsec 2 ( 2 ) Layer3 SSL(Secure Socket Layer) SSH(Secure SHell)

142 13 ( ) 13.2.2 Cisco 13.2.3 VLAN VLAN PPPoE DHCP PPPoE Windows RAS(Remote Access Server) PHS LAN LAN WEP LAN PPPoE SSH

13.3. 143 13.3 13.3.1 DNS, Mail, WWW etc. DHCP, CIFS, NFS, POP, IMAP, LDAP etc. DNS DoS (Denial of Service) DDoS (Distributed DoS) DoS ( :IDS ) MD5

144 13 13.3.2 WWW CGI SSL 02 78% 13.3.3 Mail 13.4 Nimda Blaster SSH SSH SSH

13.5. 145 IDS 13.5

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック