Friday, December 17, 2010
Tuesday, December 14, 2010
IPv6 calculator
A nice IPv6 calculator. It was posted on a blog from a network guy in Norway located here. It isn't really being updated much anymore but there is a lot of nice info there.
Tuesday, November 30, 2010
More Control Plane policing goodness
Control Plane video from Cisco. It is more concepts (and not overly deep ones) on data plane vs control plane vs management plane.
Sunday, November 7, 2010
Forensics Wiki
Forensics Wiki. Looks like a lot of nice articles. This was found while looking for FAT12 and FAT16 partition differences.
Tuesday, November 2, 2010
Malware ports
While looking around for malware info, I found this list of ports used by malware: Emsisoft Portlist.
Monday, October 25, 2010
Wednesday, September 22, 2010
Thursday, September 16, 2010
Applying a nonexistent access list to an interface in IOS
An interesting issue came up at work that puzzled me. I know from experience that if you configure an access list in IOS and there is no entry in it, it acts as an permit any...and once there is an ACE in the access list, the deny-by-default function begins. However, what if an access list that doesn't exist is applied to an interface? Does it deny or accept?
Wendell Odom indicated in one article that it might deny all traffic:
"Implicit deny at the end of every access-list. Check first if you have it applied somewhere (interface, NAT, protocol, ...), else you can block all traffic when you point to non-existent access list"
But that wasn't good enough for me. I had to know for sure. Fortunately I was on a 6500 and had the luxury of polling the tcam. Here is the scenario:
A dummy interface is configured and given a valid ingress access list and a nonexistent egress access list.
interface GigabitEthernet1/1
description dummy interface
ip address 10.10.10.9 255.255.255.248
ip access-group traffic_IN in
ip access-group traffic_OUT out
Let's see what happens.
Router#show tcam int gi1/1 acl out ip
* Global Defaults shared
Entries from Bank 0
permit ip any any (128 matches)
Entries from Bank 1
The TCAM is showing it is permitting all traffic - just like it would an empty access list. I am not saying Odom is incorrect. This is just the behavior on a 6500 running 12.2SX* code. Since 6500s handle access lists in the TCAM, it might accept whereas a software-based router (eg 7200) might deny. It is nice the 6500 has a means to show us this without really messing with the access list config and possibly contaminating the scene. In addition, a quick search will show you that, depending what you do with an access list, all sorts of different things can happen - in line with Odom's statement regarding NAT, protocols, etc.
Wendell Odom indicated in one article that it might deny all traffic:
"Implicit deny at the end of every access-list. Check first if you have it applied somewhere (interface, NAT, protocol, ...), else you can block all traffic when you point to non-existent access list"
But that wasn't good enough for me. I had to know for sure. Fortunately I was on a 6500 and had the luxury of polling the tcam. Here is the scenario:
A dummy interface is configured and given a valid ingress access list and a nonexistent egress access list.
interface GigabitEthernet1/1
description dummy interface
ip address 10.10.10.9 255.255.255.248
ip access-group traffic_IN in
ip access-group traffic_OUT out
Let's see what happens.
Router#show tcam int gi1/1 acl out ip
* Global Defaults shared
Entries from Bank 0
permit ip any any (128 matches)
Entries from Bank 1
The TCAM is showing it is permitting all traffic - just like it would an empty access list. I am not saying Odom is incorrect. This is just the behavior on a 6500 running 12.2SX* code. Since 6500s handle access lists in the TCAM, it might accept whereas a software-based router (eg 7200) might deny. It is nice the 6500 has a means to show us this without really messing with the access list config and possibly contaminating the scene. In addition, a quick search will show you that, depending what you do with an access list, all sorts of different things can happen - in line with Odom's statement regarding NAT, protocols, etc.
Tuesday, September 14, 2010
Windows 2008 free antivirus
I noticed that the PC Tools antivirus I have installed on my home Windows 2008 server was not updating. It appears I had 6.x installed and the most current version was 8.x so...my guess is they just stopped putting out definition updates. Not a problem but after uninstalling PC Tools AV 6.x and trying to install 8.x I ran into an error that killed the installation. This brought about a rehash of the 'how do I get free AV for my test server'. Keep in mind, it is a TEST server. I am not an enterprise trying to get around paying huge fees for a product that is almost never used. Of course, I ran into page after page after page of:
1) People saying to use PC Tools but the posts were from 2008 and referred to 6.x.
2) People saying to use another product that doesn't work on Server 2008 and probably never did.
3) People ignoring the OP and mentioning using an obviously paid product (eg McAfee, Norton)
4) Parking sites.
Then, I started testing (it is a test server, after all). After trying a few products, I found that Comodo AntiVirus works on W2k8. I even ran a full system scan and found only two items - UltraVNC (which is supposed to be there) and another similar remote control application installer.
1) People saying to use PC Tools but the posts were from 2008 and referred to 6.x.
2) People saying to use another product that doesn't work on Server 2008 and probably never did.
3) People ignoring the OP and mentioning using an obviously paid product (eg McAfee, Norton)
4) Parking sites.
Then, I started testing (it is a test server, after all). After trying a few products, I found that Comodo AntiVirus works on W2k8. I even ran a full system scan and found only two items - UltraVNC (which is supposed to be there) and another similar remote control application installer.
Friday, September 3, 2010
Collecting crash data on Juniper routers
Collect crash data on Juniper routers. Some interesting commands listed there and I suspect the document only scratches the surface of what you can do.
Tuesday, August 31, 2010
Project Honeypot
Project Honeypot is a nice resource to look for historic behavior of suspect IP addresses.
Wednesday, August 18, 2010
MVRP
I was in the process of researching a VLAN propagation protocol when I found out it was superseded by a newer standard - MVRP. This is an IEEE competitor to VTP (which is Cisco proprietary, if you didn't know). The IEEE document is here. To be honest, I was hoping for an MST and VTPv3 migration.
Thursday, August 5, 2010
More traceroute fun
Darren at Darren's CCIE mission has another interesting item on traceroute with more information on the OS overhead (read: Windows overhead) in performing traceroutes. I have to assume this might be inherent to Active Directory (especially the DNS PTR record lookup) since it is so DNS dependent.
Thursday, July 29, 2010
NTP over IPv6 on a Netscreen
I spent a little time trying to get my Netscreen to talk to an IPv6 NTP server today but it wouldn't work. I could ping the IPv6 server but no NTP. I am running 5.4 code and it does IPv6 flawlessly but NTP didn't want to work. But I found out why. Per Juniper, this isn't supported until 6.3 and I am not sure if there will even be a 6.3 code put out for the EOL 5GTs. Bah!
Wednesday, July 21, 2010
Thursday, July 15, 2010
First router
Obviously this goes back pretty far but I found this recent post on the Cisco Blog site linky. It has some basic ICMP how-tos for IOS but it links to something very nostalgic - The story of the PING program. The reason it is nostalgic for me is it is a time in which I first saw networking of any real sort (other than goofy access to local BBSes using the 300 bps modem on my Apple IIe which doesn't quite count) at the local University (albeit I understood none of it) and I would love to have been able to just go back and look over sholders during those days. The site even has some old TCP/IP Digest archives featuring many names now famous in the history of networking.
I wish I had a time machine.
I wish I had a time machine.
Thursday, July 8, 2010
Ethernet crossover
Yesterday provided a moment of 'wtf' when the test cable-diagnostics on a Cisco switch was showing some really screwy output and it made me wonder if the cabling was incorrectly terminated. To make a long story short, the connection was switch-to-switch over copper gigabit Ethernet and the MDIX was causing the odd results but I was sent on an adventure into answering a question, "If copper Gigabit Ethernet uses all 4 pairs for data, is there something unusual about the straight-through versus crossover pinouts for Gigabit Ethernet?" Turns out there is. First, the 'duh' moment where 10/100 Ethernet pinouts are displayed:
Nothing unusual there - standard 1,2 3 and 6 in use. If you use this pinout on most Gigabit Ethernet ports, you end up with 100 Mb/s. This creates a hard problem to troubleshoot since the ports will show up and you will get data over the cable but not at the speed you want. Of course, anyone not terminating Cat 5 (or better) with all 4 pair needs to be beaten in my opinion. Now for the Gigabit Ethernet pinouts:
First, Gigabit Ethernet normal:
So, this should work fine (assuming the cable wasn't terminated by someone trying to cause you grief). But the crossover is strange:
Gigabit Ethernet crossover:
This is really odd and isn't exactly easy to remember. What makes matters even more fun is the MDIX auto feature on most (if not all) Gigabit Ethernet ports on Gigabit Ethernet switches (at least good ones) will correct the crossover pinout and work so you will never know the cable is 'wrong'. A cable tester (or the Cisco 'test cable-diagnostics' command) will likely give some odd results - especially on switch-to-switch connections. For more on the Cisco 'test cable-diagnostics' command, look here.
10/100 Megabit normal:
Pin Function Color Match Function Pin
1 TD+ White/Orange 1
2 TD- Orange/White 2
3 RD+ White/Green 3
4 Blue/White 4
5 White/Blue 5
6 RD- Green/White 6
7 White/Brown 7
8 Brown/White 8
10/100 Megabit crossover:
Pin Function Color/Match Function Pin
1 TD+ White/Orange RD+ 3
2 TD- Orange/White RD- 6
3 RD+ White/Green TD+ 1
4 Blue/White
5 White/Blue
6 RD- Green/White TD- 2
7 White/Brown
8 Brown/White
Nothing unusual there - standard 1,2 3 and 6 in use. If you use this pinout on most Gigabit Ethernet ports, you end up with 100 Mb/s. This creates a hard problem to troubleshoot since the ports will show up and you will get data over the cable but not at the speed you want. Of course, anyone not terminating Cat 5 (or better) with all 4 pair needs to be beaten in my opinion. Now for the Gigabit Ethernet pinouts:
First, Gigabit Ethernet normal:
Pin Function Color Match Function Pin
1 BI_DA+ White/Orange BI_DA+ 1
2 BI_DA- Orange/White BI_DA- 2
3 BI_DB+ White/Green BI_DB+ 3
4 BI_DC+ Blue/White BI_DC+ 4
5 BI_DC- White/Blue BI_DC- 5
6 BI_DB- Green/White BI_DB- 6
7 BI_DD+ White/Brown BI_DD+ 7
8 BI_DD- Brown/White BI_DD- 8
So, this should work fine (assuming the cable wasn't terminated by someone trying to cause you grief). But the crossover is strange:
Gigabit Ethernet crossover:
Pin Function Color Match Function Pin
1 BI_DA+ White/Orange BI_DB+ 3
2 BI_DA- Orange/White BI_DB- 6
3 BI_DB+ White/Green BI_DA+ 1
4 BI_DC+ Blue/White BI_DD+ 7
5 BI_DC- White/Blue BI_DD- 8
6 BI_DB- Green/White BI_DA- 2
7 BI_DD+ White/Brown BI_DC+ 4
8 BI_DD- Brown/White BI_DC- 5
This is really odd and isn't exactly easy to remember. What makes matters even more fun is the MDIX auto feature on most (if not all) Gigabit Ethernet ports on Gigabit Ethernet switches (at least good ones) will correct the crossover pinout and work so you will never know the cable is 'wrong'. A cable tester (or the Cisco 'test cable-diagnostics' command) will likely give some odd results - especially on switch-to-switch connections. For more on the Cisco 'test cable-diagnostics' command, look here.
Wednesday, July 7, 2010
Tracert - two ways to do it
A discussion came up at work about how traceroute works on different platforms. I knew some use UDP and some just use ICMP but I didn't know why they were so different. Here is a description of why and how each works. Rather interesting.
Sunday, July 4, 2010
Friday, July 2, 2010
Monday, June 21, 2010
Wednesday, June 16, 2010
Thursday, June 10, 2010
Netwitness
Just saw mention of a product called NetWitness. What is cool is they offer a freeware version of it. The hardware requirements >MIGHT< be within the specs of older 'retired' systems.
Monday, June 7, 2010
SNMPRG
I was piddling around with getting STG (an old, but cool, SNMP tool for Windows) and stumbled across this: SNMPRG. It seems someone tried to contact the author of STG, had no luck, and decided to rewrite it with new capabilities. The only lacking thing is the refresh interval is 1 second or more. STG could be set to poll at insane rate - multiple times a second...which is what I want to test - SNMP throttling with CoPP.
In more annoying news, I found downloads for GetIf but it won't run in XP (even in compatibility mode). Not sure what is wrong with it. It was a nice tool to have in the back pocket but I guess it is not being updated and is about to fall off the radar.
In more annoying news, I found downloads for GetIf but it won't run in XP (even in compatibility mode). Not sure what is wrong with it. It was a nice tool to have in the back pocket but I guess it is not being updated and is about to fall off the radar.
Friday, June 4, 2010
bluecoat training
Free courses from Bluecoat. At the bottom of the page...basic how-tos on their products.
Ghost Route Hunter
Ghost Route Hunter. Similar to the bogon stuff I keep finding myself involved in.
Monday, May 31, 2010
Sunday, May 30, 2010
Friday, May 28, 2010
Geant Looking Glass site
Geant's (sorry about the lack of the accent over the 'e') Looking glass site: linky. I wasn't able to get the traceroute to work (but maybe I was being impatient) but the ping worked for my home network.
Wednesday, May 26, 2010
Tuesday, May 25, 2010
Conserver Cisco Console guide
Conserver Cisco Console guide. I found this while looking over some terminal server info.
Sunday, May 23, 2010
Free training from deepsurplus
In addition to the excellent pricing for patch cables, I recalled that Deepsurplus.com offers some decent free training info.
Friday, May 21, 2010
Wednesday, May 19, 2010
Tuesday, May 18, 2010
Friday, April 30, 2010
serial port information
Serial/Null Modem notes
A very interesting list of notes about serial connections. This reminded me of the Lantronix issue I dealt with a few months back in which the Lantronix would literally begin to crawl when hooked up to a Nortel (I think it was a Nortel) phone switch: Plug in the phone switch, Lantronix crawls; remove phone switch, Lantronix returns to normal. Literally NO setting I could put in place would correct this. This link gave me some new ideas that didn't pop up at the time.
Slight edit: This link shows a nice option for making null modem adapters with RJ45-to-DB9 adapters. I really want to try this out now.
A very interesting list of notes about serial connections. This reminded me of the Lantronix issue I dealt with a few months back in which the Lantronix would literally begin to crawl when hooked up to a Nortel (I think it was a Nortel) phone switch: Plug in the phone switch, Lantronix crawls; remove phone switch, Lantronix returns to normal. Literally NO setting I could put in place would correct this. This link gave me some new ideas that didn't pop up at the time.
Slight edit: This link shows a nice option for making null modem adapters with RJ45-to-DB9 adapters. I really want to try this out now.
Friday, March 19, 2010
Thursday, March 4, 2010
Sunday, February 28, 2010
Friday, February 19, 2010
Clack
I had never heard of this application but it sounds pretty neat.
Clack. The author, Dan Wendlandt had some nice resources linked on his page.
Clack. The author, Dan Wendlandt had some nice resources linked on his page.
Friday, February 12, 2010
UNetbootin
UNetbootin - Universal Netboot Installer. UNetbootin loads utilities or installs Linux/BSD to a partition or USB drive without a CD.
Subscribe to:
Posts (Atom)