Decapsulation ERSPAN Traffic With Open Source Tools
Cisco Encapsulated Remote SPAN (ERSPAN) feature allows to monitor traffic on one or more ports and send the monitored traffic to one orDecapsulation ERSPAN Traffic With Open Source Tools
Cisco Encapsulated Remote SPAN (ERSPAN) feature allows to monitor traffic on one or more ports and send the monitored traffic to one or more destination ports. Traffic is encapsulated into GRE tunnel and routed via network to ERSPAN destination. Any device that supports ERSPAN can be used as ERSPAN destination. It might be another Cisco device or Linux with installed software that can decapsulate GRE traffic.
The goal of this article is to show methods and tools for decapsulation of ERSPAN traffic. For this purpose I have built simple lab that consists of a Cisco CSR 1000v router and two Linux boxes. Core Linux represents a network host and generates network traffic (ICMP) that is going to be monitored. It is connected to the port GigabitEthernet1 of the Cisco router. The router is configured to monitor traffic on the port Gi1 and it sends traffic encapsulated in GRE tunneling protocol to IP address 10.230.10.1. It is the IP address of the ERSPAN destination configured on Linux Security Union. Security Onion is a unique Linux distro for intrusion detection, network security monitoring, and log management based on Ubuntu however any other Linux distro can be used.
Picture 1 - ERSPAN Lab Topology
Below is an example of ERSPAN Continue reading
MPLS VPN
Thought I would put this on here, makes use of an MPLS backbone which allows for multiple VRF's to exist.Original blog post which covers50 000 Page views of orhanergun.net between March-May 2015
This blog received 50 000 page views between 1 of March and 1 th of May.I shared you couple more metrics from the site stats in addition to Pageviews. Since at the same time two classes I teach ( Pre-CCDE and CCDE ) in addition to my other jobs, I couldn’t update the blog since… Read More »
The post 50 000 Page views of orhanergun.net between March-May 2015 appeared first on Network Design and Architecture.
Quick tool: NetSetMan
I work as a consultant for many clients, often jumping from different networks. Management networks sometimes don’t have a DHCP server, in some networks I have a special IP address assigned to access some devices, in other networks I need…On Theory and Practice
I recently read a must-read blog post by Russ White in which he argued that you need to understand both theory and practice (see also Knowledge or Recipes and my other certification rants) and got a painful flashback of a discussion I had with a corner-cutting SE (fortunately he was an exception) almost two decades ago when I was teaching my Advanced OSPF course at Cisco.
Read more ...New on SDxCentral: Enhanced SDN & NFV Use Cases
SDxCentral makes its catalog of SDN & NFV Use Cases available to the entire SDxCentral community. Track the most common SDN & NFV Use Cases on SDxCentral now.
Are You an ACKer?
There are lots of differences in the way that individuals communicate and interact. One difference I often notice is whether a given individual does or does not respond. Using myself as an example, I will typically respond to a text message or email even if no question is posed. Often I will either Thank the sender or provide some unnecessary comment.
My wife on the other hand almost never responds to an information only message. If nothing is being requested, don’t expect a response. I find that lots of people exhibit this behavior and there’s nothing wrong with it. The lack of a response doesn’t necessarily mean the information isn’t appreciated. It is important to realize that just because you do something a certain way, don’t expect others to do the same.
I’d love to hear from you, so share your thoughts by commenting below.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.
The post Are You an ACKer? appeared first on PacketU.
How to fix the CFAA
Someone on Twitter asked for a blogpost on how I'd fix the CFAA, the anti-hacking law. So here is my proposal.The major problem with the law is that the term "authorized" isn't clearly defined. You non-technical people think the meaning is obvious, because you can pick up a dictionary and simply point to a definition. However, in the computer world, things are a bit more complicated.
It's like a sign on a store window saying "No shirt, no shoes, no service" -- but you walk in anyway with neither. You know your presence is unwanted, but are you actually trespassing? Is your presence not "authorized"? Or, should we demand a higher standard, such as when the store owner asks you to leave (and you refuse) that you now are trespassing/unauthorized?
What happens on the Internet is that websites routinely make public data they actually don't want people to access. Is accessing such data unauthorized? We saw that a couple days ago, where Twitter accidentally published their quarterly results an hour early on their website. An automated script discovered this and republished Twitters results to a wider audience, ironically using Twitter to do so. This caused $5-billion to drop off Continue reading
SDxCentral Weekly News Roundup — May 1, 2015
OpenStack's 11th release, Kilo, is now available, and Nokia's CEO defends the Alcatel-Lucent deal.
Making the Most of Multi-User MIMO
With the first Wave 2 802.11ac access points hitting the market, Wi-Fi goes gigabit in a big way. Yet to realize such speeds means maximizing a number of new sophisticated RF capabilities that the vast majority of today’s Wi-Fi access...OpenCloud Connect Attempts Liftoff for Cloud Standards
The former CloudEthernet Forum has started showing off its work.