« August 2004 | Main | April 2005 »

March 29, 2005

QoS , P2P and NBAR

Data classification is one of more important things in QoS but how we can classified data flow through cisco devices (with proper IOS)?and in this days what's important to prioritize?
Data classification depends on each network data flow, for example when you're using voice,video,citrix application and so on , you should plan a strategy for your classification data.

Generally data network is classified to following :
- Voice
- Mission critical (application like citrix)
- Transactional (E-commerce)
- Best-effort (web,email and ...)
- Less-Than-Best-effort (P2P)
*Note : Cisco recommend that your classification doesn't exceeded from 4 or 5 categorize.

These days Peer 2 Peer file sharing applications are a issue for any network which is connected to internet, because it has many data traffic for instance video,mp3 and other larg files so it cause bad situation when the newtrok has congestion.what do you think when you haven't QoS and all of data flow has same priority? yes ofcourse your voice and other low latency data are experienced loss data.
Cisco content networking architecture help you to classified data in later 4-7, it called Network Based Application Recognition (NBAR) so it can regognition some P2P application like Kazza however it depends on PDLM (packet description language module) which is loaded in your cisco device.
You should download the latest PDLM from Cisco web site to up to date application signatures.

In another aspects NBAR can recognize the HTTP GET packets contain the URL through hostname, mime type as well as it has protocol discovery analyzes application traffic pattern in real time and discovery which traffic is running on the network.it uses SNMP to provide that information.

Regarding to this article see the following commands :
ip nbar pdlm pdlm-file
class-map [match-all | match-any] class-name
policy-map policy-name
class class-name
service-policy output
service-policy input
match protocol protocol-name (like kazza)
match protocol fasttrack file-transfer "regular-expression"
ip nbar protocol-discovery
snmp-sever enable traps cndp

Posted by Mehrdad at 08:48 PM

March 19, 2005

Artificial Intelligence


In the early 1950s Herbert Simon, Allen Newell and Cliff Shaw conducted experiments in writing programs to imitate human thought processes. The experiments resulted in a program called Logic Theorist, which consisted of rules of already proved axioms. When a new logical expression was given to it, it would search through all possible operations to discover a proof of the new expression, using heuristics.
This was a major step in the development of AI. The Logic Theorist was capable of quickly solving thirty-eight out of fifty-two problems with proofs that Whitehead and Russel had devised. At the same time, Shanon came out with a paper on the possibility of computers playing chess. Though the works of Simon et al and Shanon demonstrated the concept of intelligent computer programs, the year 1956 is considered to be the start of the topic Artificial Intelligence. This is because the first AI conference, organised by John McCarthy, Marvin Minsky, Nathaniel Rochester and Claude Shanon at Dartmouth College in New Hampshire, was in 1956. This conference was the first organised effort in the field of machine intelligence. It was at that conference that John McCarthy, the developer of LISP programming language, proposed the term Artificial Intelligence. The Dartmouth conference paved the way for examining the use of computers to process symbols, the need for new languages and the role of computers for theorem proving instead of focusing on hardware that simulated intelligence.

Newell, Shaw and Simon developed a program called General Problem Solver (GPS) in 1959, that could solve many types of problems. It was capable of proving theorems, playing chess and solving complex puzzles. GPS introduced the concept of means-end analysis, involving the matching of present state and goal state. The difference between the two states was used to find out new search directions. GPS also introduced the concept of backtracking and subgoal states that improved the efficiency of problem solving .
Backtracking is used when the search drifts away from the goal state from a previous nearer state, to reach that state. The concept of subgoals introduced a goal-driven search through the knowledge. The major criticism of GPS was that it could not learn from previously solved problems. In the same year, John McCarthy developed LISP programming language, which became the most widely used AI programming language.

Artificial Intelligence and Expert Systems for Engineers
by C.S. Krishnamoorthy; S. Rajeev
CRC Press, CRC Press LLC
ISBN: 0849391253

Posted by Mehrdad at 03:25 PM

March 12, 2005

Diffie Hellman


Diffe Hellman is a method for exchange securely shared key between two nodes over untrusted netwrok like internet, it's not encryption method,it's key aggrement protocol that was developed by Diffie and Hellman in 1976.
in fact it generates key between two nodes,it uses a mathematical algorithm with simple concept, let's take a look the following example :

- Node A and Node B agree on two numbers : p and g
p is a larg prime number and q is called the base or generator
- Node A picks a secret number a
- Node B picks a secret number b
- Node A choose public number x = g^a mod p
- Node B choose public number y = g^b mod p
- now Node A knows y and Node B knows x
* in this step they create key as follow :
- Node A k(a) = y^a mod p
- Node B k(b) = x^b mod p
In fact k(a) = k(b) = k (laws of algebra) in this section Node A and Node B know K as shared key.

unfortunately this method hasn't authentication so a man-in-the-middle can attack and decrypt any messages from Node A and Node B.
The authenticated Diffie-Hellman key agreement protocol was developed by Diffie, van Oorschot, and Wiener in 1992 to defeat the man-in-the-middle attack. it uses digital signature for authentication each origin.

Posted by Mehrdad at 05:26 PM

March 07, 2005


MAC (Message Authentication Code) and HMAC (Keyed-Hashing for Message Authentication Code) are mechanism for providing integrity when the data transfer over untrusted enviroment like internet, they are work base on shared secret key.
When we use MAC mechanism based on cryptographic hash functions so it called HMAC. there are different cryptographic hash functions like SHA-1,MD5,RIPEMD-160,PANAMA,SHA256 and etc.
Let's take a look to HMAC mathematical algorithm :

HMAC(Message) = Hash[(Key XOR OPAD) || Hash(Key XOR IPAD) || Message]
|| means concatenation operation
OPAD (outer padding) = 36hex, repeated as needed
IPAD (inner padding) = 5Chex, repeated as needed

for instance :
message : welcome to ippacket site
secret key : mehrdad
HMAC digest by MD5 = 76960728e94b2693149728b076c614cf
HMAC digest by SHA-1 = 95ab25cb679c193fe141cb92e55126876a5285ea
HMAC digest by RIPEMD160 = fd9bab4a7f4b69d895fbb38f2fb09972c7137c43

MAC is simple than HMAC , it uses encryption like DES.

* HMAC RFC is RFC 2104 you can read it from FAQ.ORG

Posted by Mehrdad at 04:42 PM

March 06, 2005

RSA Encryption and Digital Signature

It offers encryption and authentication (digital signature), developed in 1977 by Ron Rivest, Adi Shamir and Adleman and it works asymetric and generate public and private key by itself.thus encryption and authentication take place without any sharing of private keys: each person uses only another’s public key or their own private key.


For generate public and private keys it takes two larg prime numbers p and q , they should not equal and with a size of at least 1024 bits.
Let's take a look to its algorithm :
n define as follow :
n = p · q
phi define as follow :
φ = (p – 1) · (q – 1)
e is a number greater than 1 and less than φ as follow :
1< e < φ
d define as follow :

d is private key and n,e are public key so it's difficult to obtain the private key d from the public key (n, e).
for example when our plaintext = 707
The encrypted data is c = m^e (mod n) :
ciphertext = 707^425(mod 3431) = 2142
then the plaintext is easily retrieved using m = c^d(mod n)
plaintext = 2142^1769(mod 3431) = 707

RSA group 2003 Picture

Posted by Mehrdad at 10:20 AM

March 03, 2005

A trick for using DIP at NetScreen firewall

When a host initiates several sessions that match a policy with network address translation (NAT) enabled and is assigned an address from a dynamic IP (DIP) pool, the NetScreen device assigns a different source IP address for each session. Such random address assignment can be problematic for services that create multiple sessions that require the same source IP address for each session.
I analyzed it with ethereal and i known it use round roubin algorithm for assigment source ip address for example when You ping a host,source address for request ICMP are dffrent and it use round roubin algorithm.
This behaviur cause problem for some service (some web base email,AOL instance messenger and so on)
for using same ip address from DIP pool to a host for multiple concurrent session you should set the following command
set dip sticky
P.S : you can't set this feature from web base

Posted by Mehrdad at 01:10 AM

March 02, 2005


DES is one of encription algorithms , it's an acronym for Data Encription Standard
Oginally DES was developed by IBM in early 1970 as lucifer.
it's symetric and its key length is 64bits (8bits are used for parety),meaning that
there are 72,057,594,037,927,936 possible keys (56bits).
at that time (~1970) it was good algorithm for encription and decription but it's cracked
When computers became powerful.

Posted by Mehrdad at 10:38 PM

Complexity Kills Innovation


I believe that any complexity in anythings can kill innovation.
These days we hear about windows OS vulnerability, worm and virus that are intruded to this OS and do wrong functions so this complexity cause complex solutions for solve them.
We can see this situation in some complex network so trubleshooting in these networks are difficult. what's your idea about this complexity?
you can see the following link about this subject :

Posted by Mehrdad at 12:10 PM

March 01, 2005

Triton Studio and Yamaha


Tow days ago , i had to open my synthesizer box for check it out for a reason
It has three layers electronic board ,clavier section and other hardware like CDROM,Floppy drive ,HD and port controller.
It was intresting that some electronic boards which are used in clavier section were labaled with YAMAHA! it seems these two companies work together in some parts.
Anyway if you need any hardware for triton studio you can buy them from www.korgparts.com or contact to 800-590-0014 or 802-464-0014

Posted by Mehrdad at 10:16 PM