11/18/2016
VMWare Workstation Networking
This is a great overview of how networking works in VM Workstation:
rednectar: vmware-interfaces-tutorial
The diagrams are especially helpful:
rednectar: vmware-interfaces-tutorial
The diagrams are especially helpful:
10/28/2016
Map ports to ASIC on Cisco 7K
Map Port to ASIC on Cisco 7K Switch
From: Nexus 7000 NXOS VDC Config GuideFind the slot# of the module:
show mod
Enter command:
slot 3 show hardware internal dev-port-map
Sample Output:
--------------------------------------------------------------
CARD_TYPE: 48 port 10G
>Front Panel ports:48
--------------------------------------------------------------
Device name Dev role Abbr num_inst:
--------------------------------------------------------------
> Clipper MAC DEV_ETHERNET_MAC MAC_0 12
> Clipper FWD DEV_LAYER_2_LOOKUP L2LKP 12
> Clipper XBAR DEV_QUEUEING QUEUE 12
> Sacramento Xbar ASIC DEV_SWITCH_FABRIC SWICHF 1
> PHY DEV_PHY PHYS 12
> Clipper L3 Driver DEV_LAYER_3_LOOKUP L3LKP 12
+----------------------------------------------------------------+
+---------+++FRONT PANEL PORT TO ASIC INSTANCE MAP+++------------+
+----------------------------------------------------------------+
FP port | PHYS | MAC_0 | L2LKP | L3LKP | QUEUE |SWICHF
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 0 0 0 0 0 0
5 1 1 1 1 1 0
6 1 1 1 1 1 0
7 1 1 1 1 1 0
. . .
- Port number = FP port column.
- ASIC = MAC_0 column.
- So, ASIC=int(Port/4) - 1
One port in each
port group can be dedicated to 10Gb using the rate-mode
command.
9/29/2016
9/28/2016
Dig Web Interface
1. Browse to http://www.digwebinterface.com/
2. Enter the list of hosts you wish to test under Hostnames or IP addresses:
3. Select Resolver under Name Servers:
4. Check Trace under Options
5. Click Dig
First section of results are root servers.
Next section are authoritative name servers for the TLD
Next section (your domain) are the NS records from the domain registry.
Next section (your domain) are the NS records provided an authoritative NS
2. Enter the list of hosts you wish to test under Hostnames or IP addresses:
3. Select Resolver under Name Servers:
4. Check Trace under Options
5. Click Dig
First section of results are root servers.
Next section are authoritative name servers for the TLD
Next section (your domain) are the NS records from the domain registry.
Next section (your domain) are the NS records provided an authoritative NS
Duplicate IP address registrations in DNS
Duplicate IP address registrations in DNS
https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/
Very useful discussion of this issue and methods to address it.
Also a script to identify duplicate IP addresses in DNS:
https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/
Very useful discussion of this issue and methods to address it.
Also a script to identify duplicate IP addresses in DNS:
#
#Import the Active Directory Module
import-module activedirectory
#Define an empty array to store computers with duplicate IP address registrations in DNS
$duplicate_comp = @()
#Get all computers in the current Active Directory domain along with the IPv4 address
#The IPv4 address is not a property on the computer account so a DNS lookup is performed
#The list of computers is sorted based on IPv4 address and assigned to the variable $comp
$comp = get-adcomputer -filter * -properties ipv4address | sort-object -property ipv4address
#For each computer object returned, assign just a sorted list of all
#of the IPv4 addresses for each computer to $sorted_ipv4
$sorted_ipv4 = $comp | foreach {$_.ipv4address} | sort-object
#For each computer object returned, assign just a sorted, unique list
#of all of the IPv4 addresses for each computer to $unique_ipv4
$unique_ipv4 = $comp | foreach {$_.ipv4address} | sort-object | get-unique
#compare $unique_ipv4 to $sorted_ipv4 and assign just the additional
#IPv4 addresses in $sorted_ipv4 to $duplicate_ipv4
$duplicate_ipv4 = Compare-object -referenceobject $unique_ipv4 -differenceobject $sorted_ipv4 | foreach {$_.inputobject}
#For each instance in $duplicate_ipv4 and for each instance
#in $comp, compare $duplicate_ipv4 to $comp If they are equal, assign
#the computer object to array $duplicate_comp
foreach ($duplicate_inst in $duplicate_ipv4)
{
foreach ($comp_inst in $comp)
{
if (!($duplicate_inst.compareto($comp_inst.ipv4address)))
{
$duplicate_comp = $duplicate_comp + $comp_inst
}
}
}
#Pipe all of the duplicate computers to a formatted table
$duplicate_comp | ft name,ipv4address -a
Check DNS Propagation
Great online utility to check propagation of DNS changes.https://www.whatsmydns.net
6/21/2016
5/26/2016
Packet Capture
The challenge I often have for capturing packets is that I need 2 interfaces on the machine doing the capture. It has been problematic to use the wired NIC on the span port and using the wireless NIC for remote access to the laptop.
I am tempted to do the following:
- setup the span port on the interface where the only wired NIC of the laptop is attached. But don't enable it yet.
- remote control and setup wireshark to capture from the wired NIC. Start the capture.
- enable the span port on the switch.
This will prevent remote access to the laptop during the capture.
- when ready, disable the span config on the NIC.
- remote control to the laptop and stop the capture.
The advantage is I could use whatever machine is available instead of having to get a local person to setup a laptop and (try to) tell me what the wireless IP address is.
5/24/2016
How to solve Windows 7 crashes in minutes | Network World
How to solve Windows 7 crashes in minutes | Network World: How to solve Windows 7 crashes in minutes
4/29/2016
Jumbo Frames
Hurts my head to think about attempting jumbo frames.
http://www.bitplumber.net/2009/03/how-to-configure-jumbo-frames/
http://www.bitplumber.net/2009/03/how-to-configure-jumbo-frames/
4/21/2016
Cisco Nexus: EthAnalyzer
I've been fighting with getting EthAnalyzer trying to get it to do something useful. But it always only showed me traffic to/from the switch itself, not packets that pass through it.
Today I found the following information and EUREKA!
ethanalyzer data plane traffic analysis
ACLs and Ethanalyzer for Data Plane Sampling:
Today I found the following information and EUREKA!
ethanalyzer data plane traffic analysis
ACLs and Ethanalyzer for Data Plane Sampling:
The Ethanalyzer captures only traffic on CPU, so seems as unsuitable solution for the data plane traffic analysis. However, this limitation can be avoided with a use of ACL logging to sample specific packets from data plane.
. . .
So the following accomplished what I have been trying to do for a long time:
When we use ACLs and the “log” keyword, access control entries (ACEs) with log keyword cause system to punt a copy of matching packets to supervisor CPU. Key point is that original traffic forwarded or dropped in hardware with no performance penalty. Note that punted copies subjected to hardware rate limiter, forwarding engine hardware enforces rate to avoid saturating inband interface/CPU.
So the following accomplished what I have been trying to do for a long time:
IP
access list acl-cap
10 permit ip 10.10.10.11/32 any log
20 permit ip any any
Eth6/28
ip port access-group
acl-cap in
ethanalyzer
local int inband limit-captured-frames 0 autostop duration 60 write
bootflash:test-2.pcap
3/25/2016
powershell ssh
One method for using powershell to ssh to a router/etc:
powershelladmin
Unfortunately it doesn't accept a credential object.
One workaround would be something like the following pseudo code:
powershelladmin
Unfortunately it doesn't accept a credential object.
One workaround would be something like the following pseudo code:
import-module ssh-sessions
$cred = get-credential
$user = $cred.getnetworkcredential().username
$pw = $cred.getnetworkcredential().password
(create log file)
(get $list of hosts from file)
(get $commands from file)
(for each $comp in $list)
(output $comp to log file)
$loginresult = new-sshsession $comp -username $user -password $pw
(output $loginresult to log file)
(for each $cmd in $commands)
$sshresults = invoke-sshcommand -computername $host -command $cmd
(output $sshresults to log file)
}
$logoutresult = remove-sshsession -computername $comp
(output $logoutresult to log file)
}
1/27/2016
tracetcp
tracetcp
The utility available at the link above is very useful.
Instead of requiring icmp, it will perform a traceroute using any TCP port you wish.
VERY useful for testing custom route-map just for tcp 443. (I could make plain old traceroute work by adding icmp to the route-map, but that isn't really a test.)
The utility available at the link above is very useful.
Instead of requiring icmp, it will perform a traceroute using any TCP port you wish.
VERY useful for testing custom route-map just for tcp 443. (I could make plain old traceroute work by adding icmp to the route-map, but that isn't really a test.)
Subscribe to:
Posts (Atom)