Welcome

to Gaurav Kansal blog

Follow
banner-image
post-thumb

Thank you note

"A thank you note is the simplest form of showing gratitude". I am both humbled and honored that you have placed your confidence and support in me by electing me for the NRO NC Member and NIR SIG Co-Chair position. I sincerely thank you for casting your valuable vote ...

Continue...
post-thumb

IP Ratings

An IP rating must begin with 5 for partial dust protection or 6 for complete dust protection. The IP rating is two digits, with the first and second digit defined as follows: First Digit (intrusion protection) 0. (or X - see section below): No special protection. Not rated ...

Continue...
post-thumb

Identity PSK ( iPSK)

"With the evolution of IoT (Internet of Things), devices that connect wirelessly have increased many folds. From webcams, Smartwatches, fitness bands, firestick, Alexa, Google Home, and many more.., everything is going wireless for connectivity and so does the security threat...

Continue...
post-thumb

Analysis of IGI Airport Wi-Fi setup

The access points installed at T3, IGI Airport, New Delhi are of Cisco make, Internal access points with internal antennas. This is depicted in the below images – Cisco access points can be installed in two modes –

Continue...
post-thumb

CA Certificate chain and traceroute of bad.horse

Today i come across a funny domain, name bad.horse; Its funny not because of its name but because of the certificate chain and traceroute to this domain. Both subCA hierarchy and tracroute, has the full lyrics of Bad Horse song. Interesting stuff and amazing use of technology.

Continue...
post-thumb

Export Grade Cryptography

What is export grade cryptography ? Since World War II, many countries including the U.S., U.K. and others, have regulated the export of cryptography in the interest of national security till 1992. Those countries used to believe that they had developed more advanced cryptographic solution than others and they wished to monitor the communication of other countries and hence restricted the advanced cryptographic solution to other nations, by their companies. Restriction had been eased down in 1992 and in 2000 but some are still there. Only those cryptography solutions which can be breaked by security agencies, were allowed to export and were known as Export Grade Cryptography. Ciphers itself are not of Export Grade as they properly follows algorithms. It is the use of cryptographic keys that are deliberately weekend so that security agencies can crack them as and when needed. The export-grade encryption had 512 bits, the maximum allowed under U.S. restrictions de...

Continue...
post-thumb

IP to Country Mapping in Wireshark

Please follow the below articles for IP to Country Mapping in Wireshark :-
https://www.wireshark.org/lists/wireshark-dev/200902/msg00154.html
https://wiki.wireshark.org/HowToUseGeoIP..

Continue...
post-thumb

Server Name Indication (SNI)

TLS does not provide a mechanism for a client to tell a server the name of the server it is contacting. It may be desirable for clients to provide this information to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address..

Continue...
post-thumb

TLS Session Resumption

The extra latency and computational costs of the full TLS handshake impose a serious performance penalty on all applications that require secure communication. To help mitigate some of the costs, TLS provides an ability to resume or share the same negotiated secret key data between multiple connections..

Continue...
post-thumb

TLS Handshake

Before the client and the server can begin exchanging application data over TLS, the encrypted tunnel must be negotiated: the client and the server must agree on the version of the TLS protocol, choose the cipher suite, and verify certificates if necessary. Unfortunately, each of these steps requires new packet roundtrips between the client and the server, which adds startup latency to all TLS connections.

Continue...
post-thumb

HTTP/1.0 and HTTP/1.1

HTTP is a protocol used to exchange or transfer hypertext. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. Tim Berners-Lee and his team at CERN are credited with inventing the original HTTP along with HTML and the associated technology for a web server and a text-based web browser.

Continue...
post-thumb

SPDY (pronounced speedy); NPN (Next Protocol Negotiation); ALPN (Application Layer Protocol Negotiation) and HTTP/2

SPDY (pronounced as SPeeDY) :- SPDY is an experimental protocol developed at Google, designed to reduce the latency of web pages. Specifically, its goal is to address the limitations of HTTP/1.1 and to remove existing bottlenecks like:- - head of line blocking, - inefficient use of underlying TCP connections, - and header bloat SPDY achieves reduced latency through compression, multiplexing, and prioritisation. The name "SPDY" is a trademark of Google and is not an acronym..

Continue...
post-thumb

Cipher Suites

A cipher suite is a named combination of authentication , encryption , message authentication code (MAC) and key exchange algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol..

Continue...
post-thumb

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

Transport Layer Security (TLS) is a successor of Secure Sockets Layer (SSL) and its a cryptographic protocol used for establishing an encrypted link between a Server and a Client over a public network. They use X.509 certificates and hence asymmetric cryptography to authenticate the certificate holder to its clients, and to negotiate a symmetric session key...

Continue...
post-thumb

IPv6 DNS Measurement Stats

NIC IPv6 DNS Measurement Measuring who all are querying for nic.in or gov.in domain, what they are querying for and from where they are querying. NIC had tested its IPv6 connectivity with internet peers on June 8, 2011 (World IPv6 day) and next year on World IPv6 Launch Day (June 6, 2012), we had launched our IPv6 DNS Server (having address 2405:8A00:1000::2) along with some websites...

Continue...
post-thumb

Internationalized Domain Name -- URL in any Language

From whichever part of the world you belong, no matter what is your mother tongue, if you are reading this post, this means you understands English. Nearly half of the world doesn't know English But still accessing Internet was not very much friendly for those non-English speaking community to an extent due to the limitation of only having ASCII characters in domain names until few years back...

Continue...
post-thumb

Extension Mechanisms for DNS (EDNS0)

DNS Background The Domain Name System Protocol was first designed in 1980s and after that various features has been added while maintaining the compatibility with earlier versions of the protocol. DNS Packet was restricted to UDP 512 bytes in the early releases while keeping in mind the minimum MTU size is of 576 bytes in IPv4...

Continue...
post-thumb

PGP and S/MIME Protocol

Both PGP and S/MIME protocols are used for authentication and privacy of messages over internet. S/MIME protocol refers to Secure/Multipurpose Internet Mail Extensions which has been incorporated in the various main exchange software, incl. Outlook, Thunderbird & others And also incorporated in all major browsers (chrome, Mozilla, IE and others)...

Continue...
post-thumb

Google Public DNS Servers Hijacked on 16th March 2014

Google Public DNS Servers i.e., 8.8.8.8 (which are running in Anycast mode) was hijacked on 16th of March 2014 for the Internet users of Venezuela and Brazil for nearly 22 mins. Google's Public DNS servers are used for "130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day."..

Continue...
post-thumb

Public DNS Servers

Domain Name Service (or Server or System) is an internet service that translate easily memorized domain names into IP numbers and vice-versa. DNS Servers can be better understands as Yellow page directory to the Internet. Every ISP runs DNS services for their customers and users. A user can also runs DNS service for its own. ..

Continue...
post-thumb

Why we have IPv6 after IPv4..... Where is IPv5 ?

IP or Internet Protocol, is the primary network protocol used on the Internet, introduced by Vint Cerf and Bob Kahn in 1974. IP version 0 to 3 was introduced and used between 1974 and 1979. After changes and refinements in initial IP protocol, version 4 was introduced in 1981, commonly known as IPv4, described in RFC 791 , which become the backbone of Whole Internet in no time..

Continue...
post-thumb

IPv6 Address Allocation BCP

Best Current Practices in for IPv6 Address Allocation This Best Practices document aims to provide IPv6 Address allocation guidelines that a network operator can follow while planning the IPv6 sub-netting for its network (based on the issues faced and learning’s from IPv6 implementation in NKN and NIC network)...

Continue...
post-thumb

Domain Information Groper (DIG) -- DNS Query Tool

DIG is a command-line tool for querying DNS Name Server (similar to nslookup utility available in Windows and host utility). dig utility can be used for querying DNS about the host address (both A and AAAA), name server(NS), mail exchange(MX), Pointer Record(PTR), SOA (Start Of Authority) and others...

Continue...
post-thumb

How to install DIG in Windows Machine

DIG is a domain query tool and a part of BIND package of ISC. Using dig is very simple in Linux but is little bit tricky to use the same in Windows. I have tried to do the same and sharing you the steps which i follow for configuring the dig in my windows machine...

Continue...
post-thumb

Online Privacy (About gstatic.com and DoNotTrackMe)

There was a time when we use to get a call from marketing companies selling blah-blah products and these calls were the last call we want to receive. Then comes a National Do Not Call and we get a rid of these marketing calls. But what about internet. Big internet marketing companies (like Google and others) whose business base is marketing and selling ads are tracking us...

Continue...
post-thumb

National Knowledge Network

National Knowledge Network The NKN is a state-of-the-art multi-gigabit pan-India network for providing a unified high speed network backbone for all knowledge related institutions in the country. The purpose of such a knowledge network goes to the very core of the country's quest for building quality institutions with requisite research facilities and creating a pool...

Continue...
post-thumb

What is Wi-Fi ???

Wi-Fi is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections. Wireless networks operate using radio frequency (RF) technology, a frequency within the electromagnetic spectrum associated with radio...

Continue...
post-thumb

Shouldn't India have a Root Server ???

A Root name server is a name server for DNS root zone. Every new DNS query resolved by our local resolver first goes to Root Name Server and then root name server directs it to required domain server. This means that if in any case, root name servers goes down, then whole internet goes down (don't worry this cannot be done so easily as most of root name servers...

Continue...
LATEST POST