Ethernet Testing Parameters

Testing Ethernet Services

The Ethernet connections must be tested to ensure

that they are operating correctly and also they are

performing to the required levels.This is done by testing

 the bandwidth, the delay and the loss of frames in the

 connection. In Ethernet terms these are called

Throughput, Latency and Frame Loss.

Throughput

Data throughput is simply the maximum amount of data,

that can be transported from source to destination.

However the definition and measuring of throughput is

complicated by the need to define an acceptable level of

quality. For example, if 10% errored or lost frames were

deemed to be acceptable then the throughput would be

measured at 10% error rate. Here we have

generally accepted definition that throughput should be

measured with zero errors or lost frames.

In any given Ethernet system the absolute maximum

throughput will be equal to the data rate, e.g. 10 Mbit/s

100 Mbit/s or 1000 Mbit/s. In practice these figures

cannot be achieved because of the effect of frame size.

The smaller size frames have a lower effective

throughput than the larger sizes because of the addition

of the pre-amble and the interpacket gap bytes, which do

not count as data.

Latency

Latency is the total time taken for a frame to travel from

source to destination. This total time is the sum of both

the processing delays in the network elements and the

propagation delay along the transmission medium.

In order to measure latency a test frame containing a

time stamp is transmitted through the network. The time

stamp is then checked when the frame is received. In

order for this to happen the test frame needs to return to

the original test set by means of a loopback (round-trip

delay).

Frame Loss

Frame loss is simply the number of frames that were

transmitted successfully from the source but were never

received at the destination. It is usually referred to as

frame loss rate and is expressed as a percentage of the

total frames transmitted. For example if 1000 frames

were transmitted but only 900 were received the frame

loss rate would be: (1000 – 900) / 1000 x 100% = 10%

Frames can be lost, or dropped, for a number of reasons

including errors, over-subscription and excessive delay.

Errors - most layer 2 devices will drop a frame with an

incorrect FCS. This means that a single bit error in

transmission will result in the entire frame being

dropped. For this reason BER, the most fundamental

measure of a SONET/SDH service, has no meaning in

Ethernet since the ratio of good to errored bits cannot be

ascertained.

Oversubscription - the most common reason for frame

loss is oversubscription of the available bandwidth. For

example, if two 1000 Mbit/s Ethernet services are

mapped into a single 622 Mbit/s SONET/SDH pipe (a

common scenario) then the bandwidth limit is quickly

reached as the two gigabit Ethernet services are loaded.

When the limit is reached, frames may be dropped.

Excessive Delay - The nature of Ethernet networks

means that it is possible for frames to be delayed for

considerable periods of time. This is important when

testing as the tester is “waiting” for all of the transmitted

frames to be received and counted. At some point the

tester has to decide that a transmitted frame will not be

received and count the frame as lost. The most common

time period used to make this decision is the RFC

specification of two seconds. Thus any frame received

more then two seconds after it is transmitted would be

counted as lost.

Ethernet Frame explained.

Actually,Ethernet frames look like

The function of the various parts is as follows: 

Preamble/Start of Frame Delimiter, 8 Bytes - Alternate

ones and zeros for the preamble, 11010101 for the SFD

(Start of Frame Delimiter). This allows for receiver

synchronisation and marks the start of frame.

Destination Address, 6 Bytes - The MAC destination

address of the frame, usually written in hex, is used to

route frames between devices. Some MAC addresses are

reserved, or have special functions. For example

FF:FF:FF:FF:FF:FF is a broadcast address which would go

to all stations.

Sources Address, 6 Bytes - The MAC address of the

sending station, usually written in hex. The source

address is usually built into a piece of equipment at

manufacture. The first three bytes would identify the

manufacturer and the second three bytes would be

unique to the equipment. However there are some

devices, test equipment for example, in which the

address is changeable.

VLAN Tag, 4 Bytes (optional) - The VLAN tag is

optional. If present it provides a means of separating

data into “virtual” LANs, irrespective of MAC address. It

also provides a “priority tag” which can be used to

implement quality of service functions.

Length/Type, 2 Bytes - This field is used to give either

the length of the frame or the type of data being carried

in the data field. If the length/type value is less than

05DC hex then the value represents the length of the

data field. If the value is greater than 0600 hex then it

represents the type of protocol in the data field, for

example 0800 hex would mean the frame was carrying

IP. 809B hex would mean the frame was carrying

AppleTalk.

Data, 46 to 1500 Bytes - The client data to be

transported. This would normally include some higher

layer protocol, such as IP or AppleTalk.

Frame Check Sequence, 4 Bytes - The check sequence

is calculated over the whole frame by the transmitting

device. The receiving device will re-calculate the

checksum and ensure it matches the one inserted by the

transmitter. Most types of Ethernet equipment will drop a

frame with an incorrect or missing FCS.

The minimum legal frame size, including the FCS but

excluding the preamble, is 64 bytes. Frames below the

minimum size are known as “runts” and would be

discarded by most Ethernet equipment.

The maximum standard frame size is 1522 bytes if VLAN

tagging is being used and 1518 bytes if VLAN is not being

used. It is possible to use frames larger than the

maximum size. Such frames are called “Jumbo Frames”

and are supported by some manufacturer’s equipment in

various sizes up to 64 Kbyte. Jumbo frames are identical

in form to standard frames but with a bigger data field.

This produces a better ratio of “overhead” bytes to data

bytes and hence more efficient transmission. Jumbos are

non-standard and manufacturer specific and therefore

interoperability cannot be guaranteed.

The frames are transmitted from left to right, least

significant bit first. The frames are separated by an

“inter-packet gap”. The minimum length of the interpacket

gap is 12 bytes. The inter-packet gap exists

because in a half duplex system time is needed for the

medium to go quiet before the next frame starts

transmission. The inter-packet gap is not really needed

for full duplex operation but is still used for consistency.

Auto-Negotiation

Most Ethernet devices support auto-negotiation. When

two devices are first connected together they will send

information to each other to “advertise” their

capabilities. The devices will then configure themselves

to the highest common setting. The capabilities

negotiated are speed, full or half duplex operation and

the use of flow control.

Know-how for types of Viruses

Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.

Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…

Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.

EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is “.COM” all virus scanners should recognize as virus. 

Exploit
An exploit (security gap) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.

Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot
A honeypot is a service (program or server), which is installed in a network.

It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.

Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet. 

Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware".

Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.

Top 10 hackers in world

Hackers a group that consists of skilled computer enthusiasts. A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.

These are the top 10 Hackers in the world till date, Few has become famous by their Black hat work and few of them are famous by their Ethical Hacking. Below is separate list of World’s All Time Best Hackers and Crackers. Although I represent them by Hackers only because what every they did, was wrong but one thing is sure they were Brilliant. Hacking is not a work of simple mind, only Intelligent Mind can do that.

1. Gary McKinnon

Gary McKinnon, 40, accused of mounting   the largest ever hack of United States government computer networks — including Army, Air Force, Navy and NASA systems The court has recommended that McKinnon be extradited to the United States to face charges of illegally accessing 97 computers, causing US$700,000 (400,000 pounds; euro 588,000) in damage.

2. Jonathan James

The youth, known as “cOmrade” on the Internet, pleaded guilty to intercepting 3,300 email messages at one of the Defense Department’s most sensitive operations and stealing data from 13 NASA computers, including some devoted to the new International Space Station. James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive e-mails and capture employee usernames and passwords.James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, “The software supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.” NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost.

3. Adrian Lamo

Dubbed the “homeless hacker,” he used Internet connections at Kinko’s, coffee shops and libraries to do his intrusions. In a profile article, “He Hacks by Day, Squats by Night,” Lamo reflects, “I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional.”Dubbed the “homeless hacker,” he used Internet connections at Kinko’s, coffee shops and libraries to do his intrusions. For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

4. Kevin Mitnick

The Department of Justice describes him as “the most wanted computer criminal in United States history.” His exploits were detailed in two movies: Freedom Downtime and Takedown. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation’s computer network and stealing software.Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.

5. Kevin Poulsen

Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio’s KIIS-FM phone lines, (taing over all of the station’s phone lines) which earned him a brand new Porsche, among other items. Law enforcement dubbed him “the Hannibal Lecter of computer crime.”Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.His hacking specialty, however, revolved around telephones. Poulsen’s most famous hack, In a related feat, Poulsen also “reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency.” Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.

6.Robert Tappan Morris

Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.

Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years’ probation, 400 hours of community service and a fined $10,500.Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.

7. Vladimir Levin

Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in Finland, the United States, the Netherlands, Germany and Israel.In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular Provider.net.ru website dedicated to telecom market.According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them.ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was not involved. ArkanoiD’s group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank’s USA-based networks remotely. Members of the group played around with systems’ tools (e.g. were installing and running games) and were unnoticed by the bank’s staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. Someone of them later handed over the crucial access data to Levin (reportedly for the stated $100).

8. David Smith

David Smith, the author of the e-mail virus known as Melissa, which swamped computers around the world, spreading like a malicious chain letter. He was facing nearly 40 years in jail . About 63,000 viruses have rolled through the Internet, causing an estimated $65 billion in damage, but Smith is the only person to go to federal prison in the United States for sending one.

9. Mark Abene

Abene (born 1972), better known by his pseudonym Phiber Optik, is a computer security hacker from New York City. Phiber Optik was once a member of the Hacker Groups Legion of Doom and Masters of Deception. In 1994, he served a one-year prison sentence for conspiracy and unauthorized access to computer and telephone systems.
Phiber Optik was a high-profile hacker in the early 1990s, appearing in The New York Times, Harper’s, Esquire, in debates and on television. Phiber Optik is an important figure in the 1995 non-fiction book Masters of Deception — The Gang that Ruled Cyberspace.

10. Onel A. de Guzman

el A. de Guzman, a Filipino computer student, Greatest Hacker of all time. He was creator of “Love Bug” virus that crippled computer e-mail systems worldwide.