Recently in howto Category
CAAS and OPNET ITGURU only allow you to capture from one interface at a time from the OPNET agent. If you use the DNS name and the IP address you can capture two interfaces, but what do you do if there are three interfaces?
Custom HOSTS editing will let you resolve the same IP address to different names, here are a few pointers on doing this:
Go to
C:\windows\system32\drivers\etc
edit the HOSTS file with notepad or something like vi.
format is IP address TAB desiredname
for example:
Use the last MAC address octet to differentiate.
127.0.0.1 localhost
192.168.1.29 SERVER-1A.COMPANY.INTERNAL.COM
192.168.1.29 SERVER-19.COMPANY.INTERNAL.COM
192.168.1.29 SERVER-23.COMPANY.INTERNAL.COM
This gives you a UNIQUE dns type name to resolve to and when picking the interfaces in the GUI you will be able to check and refer to the correct one with the MAC octet for that interface.
If you need to check a list of servers for active agents, you can put the hostnames in a file, hostname.txt for instance and use NMAP to check if the port 27401 is open and listening.
server1:~# nmap -iL hostname.txt -n -p 27401
I will explain this, the -iL option loads the file with hostnames in it,
-n prevents DNS resolution, since, we probably are using IP addresses and -p is the flag for PORT.
server1:~# nmap -iL hosts -n -p 27401
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-30 14:14 EDT
Interesting ports on 192.168.10.29:
PORT STATE SERVICE
27401/tcp open unknown
Interesting ports on 192.168.10.23:
PORT STATE SERVICE
27401/tcp open unknown
Interesting ports on 192.168.10.67:
PORT STATE SERVICE
27401/tcp open unknown
The Open1X project is dedicated to bringing a free, open source 802.1X/WPA/WPA2/IEEE802.11i implementation to as many target platforms as possible. [...]
IEEE 802.1X
IEEE 802.1X [...] provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication fails. It is used for certain closed wireless access points, and is based on the EAP, Extensible Authentication Protocol.
[...]
Some vendors are implementing 802.1X for wireless access points, to be used in certain situations where an access point needs to be operated as a closed access point, addressing the security vulnerabilities of WEP (see 802.11i). The authentication is usually done by a third-party entity, such as a RADIUS server.
switch01#sh int status
/server01
filtering...
Gi3/47 server01-5 (RSA) connected 482 full 100 10/100/1000BaseT
switch01#config t
Enter configuration commands, one per line. End with CNTL/Z.
switch01(config)#interface GigabitEthernet3/47
switch01(config-if)#switchport access vlan 482
switch01(config)#exit
switch01(config)#exit
switch01#write mem
switch01#sh ver
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.2(18)SXF7, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Thu 23-Nov-06 06:34 by kellythw
Image text-base: 0x40101040, data-base: 0x42A70000
[...]
cisco WS-C6509-E (R7000) processor (revision 1.2) with 458720K/65536K bytes of memory.
Processor board ID SMG1039NZR9
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
SuperLAT software (copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
Bridging software.
TN3270 Emulation software.
I've been working with a few of these tools, it is nice to see them all summarized on one page.
Bandwidth Monitoring Tools For Linux -- Ubuntu Geek
Bandwidth in computer networking refers to the data rate supported by a network connection or interface. One most commonly expresses bandwidth in terms of bits per second (bps). The term comes from the field of electrical engineering, where bandwidth represents the total distance or range between the highest and lowest signals on the communication channel (band).Bandwidth represents the capacity of the connection. The greater the capacity, the more likely that greater performance will follow, though overall performance also depends on other factors, such as latency.
I have been watching a csu/dsu that is giving me headaches at a remote site, the carrier appears to be having hardware issues, and I know my equipment is good, here is the show command with the last 16+ hours of logs to view:
Cisco supports three different Local Management Interface (LMI) types for Frame Relay:
- Cisco
- ANSI Annex D
- Q933-A Annex A
Beginning with Cisco IOS Software Release 11.2, the LMI autosense feature allows a Frame Relay interface to autodetect the LMI type supported by the directly connected Frame Relay switch. Based on the LMI status messages it receives from the Frame Relay switch, the router automatically configures its Frame Relay interface with the supported LMI type acknowledged by the Frame Relay switch.
No extra configuration command is required on a Cisco router to activate the LMI autosense feature. With Cisco IOS Release 11.2 or later, LMI autosense is activated by default when an LMI type is not explicitly configured on the interface.
After the no shutdown interface configuration command is used to activate the Frame Relay interface, the interface starts polling the Frame Relay switch for the supported LMI type by sending out LMI status requests for all three supported LMI types—ANSI, Q933-A, and Cisco—in quick succession.
import Ace_Tool
def ssl_message_label (msg):
return
def ssl_packet_label (npk):
for layer in npk.get_layers():
summary = layer.get_summary ()
index = summary.find("Client Hello")
if (index >= 0):
npk.add_label("Client Hello", "Client Hello", "")
return
index = summary.find("Server Hello")
if (index >= 0):
npk.add_label("Server Hello", "Server Hello", "")
return
index = summary.find("Client Key Exchange")
if (index >= 0):
npk.add_label("Key Exchange", "Key Exchange", "")
return
index = summary.find("Application Data")
if (index >= 0):
npk.add_label("App Data", "App Data", "")
return
index = summary.find("Continuation Data")
if (index >= 0):
npk.add_label("Continuation", "Continuation", "")
return
index = summary.find("GET")
if (index >= 0):
npk.add_label("HTTP Get", "HTTP Get", "")
return
index = summary.find("POST")
if (index >= 0):
npk.add_label("HTTP Post", "HTTP Post", "")
return
def ssl_color_init (colors, names):
colors[:] = ["#ff00ff", "#ff8000", "#ffff00", "#0000ff", "Red", "#ffffff", "#00FF00", "#808080"]
names[:] = ["Client Hello", "Server Hello", "Key Exchange", "App Data", "Continuation Data", "HTTP Get", "HTTP Post", "Other"]
def ssl_packet_color (npk):
for layer in npk.get_layers():
summary = layer.get_summary ()
index = summary.find("Client Hello")
if (index >= 0):
return 0
index = summary.find("Server Hello")
if (index >= 0):
return 1
index = summary.find("Client Key Exchange")
if (index >= 0):
return 2
index = summary.find("Application Data")
if (index >= 0):
return 3
index = summary.find("Continuation Data")
if (index >= 0):
return 4
index = summary.find("GET")
if (index >= 0):
return 5
index = summary.find("POST")
if (index >= 0):
return 6
return 7
def ssl_message_color (msg):
npk = msg.get_network_packet (0)
return ssl_packet_color (npk)
rdp over ssh tunnel which encrypts the rdp session
Easy to set up with Cygwin:
$>ssh -o TCP KeepAlive=yes -L 3389:localhost:3389 -f -N
This sets up the tunnel.
Then, type into your XP Remote Desktop Connection 'computer name' field: localhost
Your Windows XP rdp (port 3389) session is now safely encrypted.
I was asked to change port assignments on a server in the data center. The current VLAN is 400 and I was to change it to 401:
Cisco Systems Console
This is a monitored system for authorized users only.
Unauthorized use of this system is subject to legal action.
This system is subject to monitoring and anyone using this
system expressly consents to such monitoring.
Username: admin
Enter PASSCODE:
switch01> en
Enter password:
switch01> (enable) show ver
WS-C6509 Software, Version NmpSW: 7.6(4)
Copyright (c) 1995-2003 by Cisco Systems
NMP S/W compiled on Nov 4 2003, 19:31:23
System Bootstrap Version: 5.3(1)
System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Version: 2.0 ADK: 40
System Boot Image File is 'slot0:cat6000-supcvk8.7-6-4.bin'
System Configuration register is 0x2
Hardware Version: 2.0 Model: WS-C6509 Serial #: SCAxxxxxxxx
PS1 Module: WS-CAC-2500W Serial #: ART0610001J
PS2 Module: WS-CAC-2500W Serial #: ART06100059
Mod Port Model Serial # Versions
--- ---- ------------------- ----------- --------------------------------------
1 2 WS-X6K-SUP1A-2GE SALxxxxxxxx Hw : 7.1
Fw : 5.3(1)
Fw1: 5.4(2)
Sw : 7.6(4)
Sw1: 7.6(4)
WS-X6K-SUP1A-2GE SALxxxxxxxx Hw : 7.1
Sw :
2 2 WS-X6K-SUP1A-2GE SALxxxxxxxx Hw : 7.1
Fw : 5.3(1)
Fw1: 5.4(2)
Sw : 7.6(4)
Sw1: 7.6(4)
WS-X6K-SUP1A-2GE SALxxxxxxxx Hw : 7.1
Sw :
3 48 WS-X6348-RJ-45 SALxxxxxxxx Hw : 2.2
Fw : 5.4(2)
Sw : 7.6(4)
4 16 WS-X6316-GE-TX SADxxxxxxxx Hw : 1.2
Fw : 5.4(2)
Sw : 7.6(4)
5 16 WS-X6316-GE-TX SADxxxxxxxx Hw : 1.2
Fw : 5.4(2)
Sw : 7.6(4)
6 16 WS-X6316-GE-TX SADxxxxxxxx Hw : 1.2
Fw : 5.4(2)
Sw : 7.6(4)
7 48 WS-X6348-RJ-45 SALxxxxxxxx Hw : 1.5
Fw : 5.4(2)
Sw : 7.6(4)
8 48 WS-X6348-RJ-45 SALxxxxxxxx Hw : 5.0
Fw : 5.4(2)
Sw : 7.6(4)
9 48 WS-X6148-GE-TX SALxxxxxxxx Hw : 1.1
Fw : 7.2(1)
Sw : 7.6(4)
15 1 WS-F6K-MSFC2 SALxxxxxxxx Hw : 1.2
Fw : 12.1(22)E1
Sw : 12.1(22)E1
16 1 WS-F6K-MSFC2 SADxxxxxxxx Hw : 2.1
Fw : 12.1(19)E1
Sw : 12.1(19)E1
DRAM FLASH NVRAM
Module Total Used Free Total Used Free Total Used Free
------ ------- ------- ------- ------- ------- ------- ----- ----- -----
1 65408K 52485K 12923K 16384K 13893K 2491K 512K 394K 118K
Uptime is 3 days, 9 hours, 55 minutes
switch01> (enable) show port 8/6
* = Configured MAC Address
Port Name Status Vlan Duplex Speed Type
----- -------------------- ---------- ---------- ------ ----- ------------
8/6 server01(2) connected 400 full 100 10/100BaseTX
Port AuxiliaryVlan AuxVlan-Status InlinePowered PowerAllocated
Admin Oper Detected mWatt mA @42V
----- ------------- -------------- ----- ------ -------- ----- --------
8/6 none none - - - - -
Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex
----- -------- --------- ------------- -------- -------- -------- -------
8/6 disabled shutdown 0 0 1 disabled 181
Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left
----- -------- ----------------- -------- ----------------- ------------------
8/6 0 - - - - -
Port Flooding on Address Limit
----- -------------------------
8/6 Enabled
Port Broadcast-Limit Multicast Unicast Total-Drop Action
-------- --------------- --------- ------- -------------------- ------------
8/6 - - - 0 drop-packets
Port Send FlowControl Receive FlowControl RxPause TxPause
admin oper admin oper
----- -------- -------- --------- --------- ---------- ----------
8/6 off off off off 0 0
Port Status Channel Admin Ch
Mode Group Id
----- ---------- -------------------- ----- -----
8/6 connected off 124 0
Port Status ErrDisable Reason Port ErrDisableTimeout Action on Timeout
---- ---------- ------------------- ---------------------- -----------------
8/6 connected - Enable No Change
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
8/6 0 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
8/6 0 0 0 0 0 0 0
Port Last-Time-Cleared
----- --------------------------
8/6 Sat Feb 17 2007, 04:54:59
Idle Detection
--------------
--
switch01> (enable) set vlan 401 8/6
VLAN 401 modified.
VLAN 400 modified.
VLAN Mod/Ports
---- -----------------------
401 3/5,3/20,3/25,3/48
4/4,4/6,4/12
5/4,5/7-8,5/12,5/15-16
6/7-9,6/14
7/2-4,7/10,7/17,7/19-20,7/22,7/25,7/29,7/31,7/42,7/44-45
8/2,8/4-6,8/10,8/15-16,8/18,8/21-23,8/25,8/27-28,8/31,8/34,8/36,8/40,8/42,8/44,8/47-48
9/3,9/6,9/9,9/13,9/15,9/17-18,9/20,9/22
switch01> (enable)
I have an old Siemens 1024 SpeedStream PCI card I'm trying to setup WPA with... This might work.
Linux WPA Supplicant (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)
wpa_supplicant has support for being used as a WPA/WPA2/IEEE 802.1X Supplicant on Windows. The current port requires that WinPcap (http://winpcap.polito.it/) is installed for accessing packets and the driver interface. Both release versions 3.0 and 3.1 are supported.The current port is still somewhat experimental. It has been tested
mainly on Windows XP (SP2) with limited set of NDIS drivers. In
addition, the current version has been reported to work with Windows
2000.All security modes have been verified to work (at least complete
authentication and successfully ping a wired host):
- plaintext
- static WEP / open system authentication
- static WEP / shared key authentication
- IEEE 802.1X with dynamic WEP keys
- WPA-PSK, TKIP, CCMP, TKIP+CCMP
- WPA-EAP, TKIP, CCMP, TKIP+CCMP
- WPA2-PSK, TKIP, CCMP, TKIP+CCMP
- WPA2-EAP, TKIP, CCMP, TKIP+CCMP
I came across this online book while looking for info on the arp command. Great find! Check it out.
Guide to IP Layer Network Administration with Linux (http://linux-ip.net/)
The Guide to IP Layer Network Administration with Linux was conceived as a project to document and provide examples for the use of Linux-specific IP networking tools.
Enable WPA Wireless access point in Ubuntu Linux -- Debian Admin
To update the source list run the following commandsudo apt-get
sudo apt-get install wpasupplicant
sudo apt-get install network-manager-gnome network-manager
sudo gedit /etc/network/interfaces
Comment out everything other than “lo” entries in that file and save the file
Create a file called /etc/default/wpasupplicant, add entry ENABLED=0 and save the file
sudo touch /etc/default/wpasupplicant
Reboot your system or use the following command
sudo /etc/init.d/dbus restart
