Wireshark on Android

The other day I found myself wishing I could run wireshark in realtime on an Android phone, but use the familiar GUI on my laptop. After a few minutes tinkering around, I was doing exactly that.

The phone belonged to an Android developer, so he'd already rooted it, enabled developer tools, etc... He'd also installed a packet capture application which worked, but didn't allow me to see things in real time.

The Android SDK bundle contains the adb binary, which is required for connecting to the phone. Extract adb and drop it somewhere in $PATH

 # run adb as root:  
 adb root  
 # connect to the phone over WiFi (the phone's owner had
 # already enabled this feature with 'adb tcpip' via USB):  
 adb connect <phone's wifi ip address>  
 # check that we get a root shell on the phone:  
 adb shell 'id'

It turns out that the packet capture application included a tcpdump binary at /data/data/lv.n3o.shark/files/tcpdump, and invoking it from the adb shell worked normally. It produced the usual startup message, and then a one line summary of each packet.

 adb shell '/data/data/lv.n3o.shark/files/tcpdump -c 2'
 tcpdump: verbose output suppressed, use -v or -vv for  Continue reading

F5 Configuration Backups 3.0

In a previous article I introduced a project for the configuration backups of F5 devices. It offered an automated, centralized backup service for F5 BigIP devices with a web interface. There was also several features mentioned in the road map. Now after 4 months of tireless work, version 3.0 of the Config Backup for F5 […]

Author information

Eric Flores

Eric is a senior network engineer for a major real estate company. He has seven years in the field and has a passion for anything related to technology. Find him on Twitter @nerdoftech.

The post F5 Configuration Backups 3.0 appeared first on Packet Pushers Podcast and was written by Eric Flores.

Microsoft Office 365 outage

6/24/2014 Information Week - Microsoft Exchange Online Suffers Service Outage, "Service disruptions with Microsoft's Exchange Online left many companies with no email on Tuesday."

The following entry on the Microsoft 365 community forum describes the incident:

====================================

Closure Summary: On Tuesday, June 24, 2014, at approximately 1:11 PM UTC, engineers received reports of an issue in which some customers were unable to access the Exchange Online service. Investigation determined that a portion of the networking infrastructure entered into a degraded state. Engineers made configuration changes on the affected capacity to remediate end-user impact. The issue was successfully fixed on Tuesday, June 24, 2014, at 9:50 PM UTC.

Customer Impact: Affected customers were unable to access the Exchange Online service.

Incident Start Time: Tuesday, June 24, 2014, at 1:11 PM UTC

Incident End Time: Tuesday, June 24, 2014, at 9:50 PM UTC

=====================================

The closure summary shows that operators took 8 hour 39 minutes to manually diagnose and remediate the problem with degraded networking infrastructure. The network related outage described in this example is not an isolated incident; other incidents described on this blog include: Packet loss, Amazon EC2 outage, Gmail outage, Delay vs utilization for Continue reading

Beyond the Blog

I'm thinking about writing a book.

Obviously, there are a lot of networking books on the market today. Search for any mainstream certification on Amazon and you'll find titles from half a dozen publishers. The majority of these are oriented toward specific vendors (most commonly Cisco) and many parallel a given certification exam. These books are overall pretty great. Most of them.

There also exists a minority of books which cover topics outside of the vendor-driven mainstream, like Gary A. Donahue's Network Warrior published by O'Reilly, now in its second edition. I love this kind of independent title because its content isn't constrained to a particular mold. The author finds stuff he thinks is relevant and interesting, and he writes about it. This is the correct way to write a book.

But over the past few years it has become painfully evident to me that there are many areas of this field we simply don't talk about in print, at least not at the entry level where perhaps it would be most helpful. If you want a thirty-page lecture on subnetting or a terrible mnemonic for the OSI model, pick any CCNA book from the pile and you're good to Continue reading

INE Special

Just a quick note… Recently I have had some discussions with the people over at INE and they have offered to extend a special to the visitors of this blog. Just click on the URL https://members.ine.com/dash/aap/sign_up/premium/FryGuySpecial and you will save $500 off an all-access pass subscription. I have had access in the past and it is […]

Ethernet, STP, Topology change and the behaviour of Ethernet

Introduction

This post is inspired by a post at IEOC about Uplinkfast and TCN which
can be found here.

Before we get to those parts, let’s recap how Ethernet and STP work together.

Spanning Tree

The Spanning Tree Algorithm builds a loop free tree by comparing Bridge ID(BID) and
least cost paths to the root bridge. By doing this it blocks all links not leading
to the root.

MAC Learning

Switches learn where to forward frames by looking at the source MAC address of the frame
on the port that the frame was received on. This learning is done in the data plane
as opposed to routing where the routes are learned in control plane. I will come back
to this later in the post.

S4 learns that A is located on port 1 after A has sent a frame. This is stored in
the MAC address table located in Content Addressable Memory (CAM). The CAM is a
fast memory optimized for quick lookups in the table. By default there is a 300
second aging timeout for learned MAC addressesm, meaning that if the switch
does not see any traffic from a source MAC within five minutes the entry will
Continue reading

Cisco Exam Policy Changes and Cost Increases

There has been some talk on the twitter-verse and at Cisco Live around some of the changes that Cisco is making to the CCIE/DE written and lab policies. Last month they posted those changes to their Certification Exam Policies website to let everyone know and read. The ones that are key to CCIE/DE candidates (and […]

Coffee Break – Show 10

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break.

Coffee Break – Show 10

The post Coffee Break – Show 10 appeared first on Packet Pushers.

Coffee Break – Show 10

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 10 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Network Automation or SDN?

With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while.

I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks. This almost totally misses the point, in my opinion. Network automation should literally be thought of a prerequisite for what we’ll likely be doing on our networks in 10 years; call it SDN if you want. My logic involved with coming to this conclusion is almost 100% about the people involved. Allow me to elaborate.

What’s Missing?

In my experience the main thing that’s missing from 90% of enterprise networks today is that networking teams have not properly defined their workflows, and/or have not formalized a service catalog to other parts of the business. As a result, everything is fire-fighting, or one-off requests.

Tracking changes historically, and pinning them to business processes is totally impossible (if it’s even attempted), and garbage collection does not occur. Continue reading

IP Subnetting Part 1: What is a Subnet?

We cover all sorts of different topics on this site. Today, we are starting a multipart series on subnetting. These concepts are fundamental building blocks for network administrators, engineers and architects. The subnetting topics outlined in this series should be well understood prior to moving into advanced design or configuration topics. Moreover, the underlying technical concepts of this subject should be understood prior to utilizing any shortcuts to calculate subnet addresses and useable address space.

So the question I ask today is–

What is a Subnet?

If I asked this as a multiple choice question, which one of the possible answers would you choose?

In OSI terms, the layer under the network layer–also known as the data link layer.
A subset of a Classful Network
255.255.255.192
192.168.1.0

If you chose answer B, you are correct. A subnet is a subset of a Classful Network. So the next logical question is, “What is a Classful Network?”

As we answer these questions, we will use “Classful Network” and Network interchangeable. As we move to discussions about subnets, we will explicitly address them as such.

Classful Networks, in TCP/IP terminology are outline in RFC791. It specifically states the following–

Addresses are fixed length of Continue reading

The Citadel and Gameover Campaigns of 5CB682C10440B2EBAF9F28C1FE438468

As the infosec community waits for the researchers involved to present their Zeus Gameover take down spoils at the next big conference; ASERT wanted to profile a threat actor that uses both Citadel, “a particularly sophisticated and destructive botnet”, and Gameover, “one of the most sophisticated computer viruses in operation today”, to steal banking credentials.

Citadel Campaign

When a threat actor decides that they would like to start a Citadel campaign they: buy the builder software, build the malware, distribute it to the wild, and then, unfortunately, usually profit. A “login key” in Citadel parlance identifies a specific copy of the builder. This key is also copied into the generated binaries so a link between malware builder and malware is formed. Login keys are supposed to be unique, but due to builders being leaked to the public, some aren’t. For all intents and purposes though, malware researchers use login keys to distinguish between distinct Citadel campaigns.

On October 29, 2013, security researcher Xylitol tweeted that login key 5CB682C10440B2EBAF9F28C1FE438468 was not associated with any of the defendants in Microsoft’s Citadel botnet lawsuit:

ASERT has the following command and control (C2) URLs linked with that campaign. Most Continue reading

SDN/NFV Management & Orchestration

SDN/NFV Management and Orchestration

by Steve Harriman, VP of Marketing - June 24, 2014

At last week’s Big Telecom Event in Chicago, Caroline Chappell, senior analyst with Heavy Reading (the sister organization of Light Reading) moderated a panel discussion on SDN/NFV Management and Orchestration. Readers of this blog will know that’s a subject near and dear to us at Packet Design, and Cengiz Alaettinoglu, our CTO, was a member of the panel. He was joined by speakers from Infoblox, Overture, UBIqube, and NTT America.

Packet Design CTO, Cengiz Alaettinoglu, speaks at the BTE Conference

Ms. Chappell opened the discussion by posing the question, “How real is SDN/NFV, and how quickly will network operators move from proofs of concept to production deployments?” In keeping with what we had heard in earlier conference keynotes and panel sessions, Doug Junkins with NTT America, the only operator on this panel, stated they are already implementing SDN/NFV in 50 data centers globally. He said the primary business drivers are: (1) driving down the cost of provisioning services and (2) new services creation. When asked how NTT views SDN in the context of NFV, he explained that they use the term network automation in Continue reading

Network Automation or SDN?

Docker essentials – More work with images

Images – Messing with the stack
So we’ve had some time to digest what containers and images are. Now let’s talk in a little greater detail about images and how they layer. A key piece of docker is how the images stack. For instance, let’s quickly build a container that has 3 user image layers in it. Recall, images are the read-only pieces of the container so having 3 user layers implies that I have done 3 commits and any changes after that will be in the 4th read/write layer that lives in the container itself…

Note: Im using the term ‘user images’ to distinguish between base images and the ones that I create. We’ll see in a minute that a base image can even have multiple images as part of the base. I’m also going to use the term ‘image stack’ to refer to all of the images that are linked together to make a running image or container.

I’ve highlighted each user image creation to break it out. Essentially this is what happened…

-Ran the base CentOS image creating a container called stacking
-Created a file in the container called Continue reading

Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored

Global telecom giant Huawei continues to grow their substantial networking footprint by pushing into the enterprise and data center spaces with competitive products. In this podcast, Ian Foo, Director for Data Center Products & Solutions Enterprise Global Marketing at Huawei, joins co-hosts Ethan Banks and Greg Ferro in a discussion focused on Huawei’s CloudEngine switches […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cisco IOS – Understanding IGP Network Statements

One of the things that I find both counterintuitive and often misunderstood is the role of the network command in interior gateway protocols. This command is used in the router configuration mode on Cisco devices. While there are some protocol specifics that should be understood, it behaves similarly between RIP, EIGRP and OSPF. The common misconception is that the network statement determines what will be advertised. While it can affect what is being advertised, that is not the direct purpose of this command.

If you have mistakenly thought the network command determines what is being advertised, you’re certainly not alone. We can even find verbiage in the output of “show ip protocols” that lends credibility to this position. Let’s take a look at the following configuration.

In the above example, I have enable EIGRP on all of the interfaces.

R1 Configuration

interface Loopback0
 ip address 1.1.1.1 255.255.255.0
interface Loopback1
 ip address 2.2.2.1 255.255.255.0
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
router eigrp 1
 network 1.1.1.1 0.0.0.0
 network 2.2.2.1 0.0.0.0
 network 192. Continue reading

How to simulate an IPv6 network using the cloonix network simulator

As we work through this tutorial, we will learn how to use the cloonix graph interface to build a simulation scenario that includes two small IPv6 networks connected to each other by two routers via static routes. We will also learn how cloonix saves network topologies and guest virtual machine root filesystems.

Linux IPv6 network simulation running on the cloonix open-source network simulator

The cloonix open-source network simulator uses KVM virtual machines in the simulated network so, in this tutorial, we will demonstrate real Linux router and host configuration procedures.

Procedure summary

First, let’s review the high-level steps we will execute to set up and configure a simulated IPv6 network and then save a network topology and node configurations.

Create root filesystems, one for each virtual machine we plan to create in the simulation
Create static guest virtual machines with the previously-created root filesystems
Connect nodes to create a network topology
Configure each node in the simulated network
Save the network simulation scenario for future use
(Optional) Make changes and save another version of the topology
(Optional) Load a saved network simulation scenario

Step 1: Create root filesystems

We intend to create a scenario made up of static root filesystems Continue reading

« Previous 1 … 3,706 3,707 3,708 3,709 3,710 … 3,817 Next »