NetworkingNexus.net

Wi-Fi Tools

A good engineer takes pride in his tools.

As with many things in IT, there are many options to choose from and most work equally well provided the engineer has a thorough understanding of how to use them. I happen to use and prefer the following tools, but your taste may be different. Use what you like and know as long as it gets the job done.

Items with an asterisk are my preferred tools for each category.

Information Gathering:
*AirMagnet Wi-Fi Analyzer Pro
*MetaGeek inSSIDer
Fluke AirCheck
Ekahau HeatMapper (Free)
Xirrus Wi-Fi Inspector
WiFi Scanner (Mac)
Kismet (Linux)

Predictive Site Surveys:
*Cisco Wireless Control System (WCS)
AirMagnet Planner
Ekahau Site Survey
Motorola LANPlanner
Aerohive Wi-Fi Planner (online - Free)

Post-Installation Site Surveys:
*AirMagnet Survey Pro
Ekahau Site Survey
TamoSoft TamoGraph Site Survey
Veriwave WaveDeploy

Protocol & Roaming Analysis:
*WildPackets OmniPeek
*MetaGeek Eye P.A. (protocol visualization)
*Wireshark with CACE AirPcapNx and Wi-Fi Pilot (now Riverbed Cascade Pilot Personal Edition)
Wireshark with Atheros Adapter (Linux)
AirMagnet Wi-Fi Analyzer Pro with multi-adapter kit
AirMagnet VoFi Analyzer
TamoSoft CommView for Wi-Fi

Spectrum Analysis:
*MetaGeek WiSpy DBx Continue reading

Weighing AWS VPN Options

Earlier this week, a client asked for some assistance in building a VPN from their corporate office to Amazon Web Services for a project they were doing. I’ve done this a few times before, a few different ways, so I proceeded to give my client some pros and cons of the two most common methods I’ve used. After putting that analysis together, I realized it could be helpful for others so here it is (with the addition of a few snazzy diagrams!).

This post is not meant to be a treatise on AWS connectivity, just a quick analysis with some (maybe) little-considered effects of a given design choice. Amazon documents several other recipes which are, of course, valid in various circumstances. Note that I don’t have any examples of configuration. The AWS documentation pages have very thorough configuration examples for each design.

Option 1

Build the VPNs off the Internet routers themselves. Route AWS traffic in to the corporate network through the firewall. In an ideal world, you’d probably dedicate some routers for this purpose, but I’ve never had anyone do that. We’re talking about a LAN-to-LAN VPN, here; one doesn’t commonly deploy totally dedicated infrastructure for each new Continue reading

HP Comware-based Switches – Configuring filters for BPDU (bpdu-filtering)

The Spanning-tree protocol sends messages every two second in order to keep the LAN stability, protecting the topology from physical loops (blocking the logical loop) and providing high availability in case of any switch fail.

For that matter, the Switches exchange messages called BDPUs which are utterly important for the correct functioning of the network described as above.

There are scenarios when is necessary to deactivate the protocol within a specific interface, utilizing other protocols and features of high availability such as RRPP, Smart-Link, Monitor-Link, etc or when also the Switch needs to transport the information in tunnel form (transparent), for example, QinQ.

In client-sharing environments, it is not recommended that the network alteration be advised for all Swtiches that do not belong to that particular network and have the same Switch in common, for example, Service Provider and Data Center.

The main question in this scenario of BPDU filtering is to certify that the network does not have any sort of loop that can cause a disaster for the Network Engineer’s project.

Certifying those questions, the HP Comware based Switches carry the following commands, that may help finding a solution:

Interface gigabitethernet 1/0/1
stp disable
! Deactivating  STP only on  Continue reading

ONS2014 SDN Idol finalist demonstrations

The video of the ONS 2014 SDN Idol final demonstrations has been released (the demonstrations were presented live at the Open Networking Summit on Monday, March 3, 02:30P - 04:00P).

The first demo presented is Real-time SDN Analytics for DDoS mitigation, a joint Brocade / InMon solution that combines real-time sFlow analytics and OpenFlow with SDN so that service providers can deliver large scale distributed denial of service (DDoS) attack mitigation services to their enterprise customers using their existing network infrastructure. DDoS mitigation is particularly topical, two weeks ago, a large attack was targeted at CloudFlare, DDoS Attack Hits 400 Gbit/s, Breaks Record, and this past week, Meetup.com has been hit with a large persistent attack, Meetup Suffering Significant DDoS Attack, Taking It Offline For Days. The SDN DDoS mitigation solution can address these large attacks by leveraging the multi-Terabit, line-rate, monitoring and filtering capabilities in the network switches.

ONS2014 Announces Finalists for SDN Idol 2014 provides some sFlow related trivia relating to the finalists.

An expert panel of judges selected the finalists:

The finalists were selected based on the following criteria:

Voting is open to ONS delegates and will occur during this evenings reception and Continue reading

Slovak Air Force MiG-29 with 2008 Digital Camoflage, 1/48

For best article visual quality, open Slovak Air Force MiG-29 with 2008 Digital Camoflage, 1/48 directly at NetworkGeekStuff.

I am failing to find words to describe this very beautiful 1/48 scale model, but this one is simply very special for me. First reason is that as a Slovak national, it was very enjoyable to be able to build this majestic plane. Second reason is that I was able to finally incorporate proper pre-shading technique along with manually painted (with painfully detailed masking) of the digital camouflage pattern this plane uses. The painting of this one actually took me two weeks of work every evening (yes, I have full time job, so that is the best I can have). Because this plane is so special for me , I will also make this article a little bit different as well. So this time it will not be only a simple few picture gallery, but I will actually go a little bit over the construction right after that.

MiG-29AS in Slovak Air Force
(super quick history)

Slovak Air Force MiG29 – plane number #0921

The Mikoyan MiG-29 (Russian: Микоян МиГ-29; NATO reporting name: “Fulcrum“) is a fourth-generation jet fighter Continue reading

Network Flavors in OpenDaylight

OpenStack uses the concept of flavors to define compute/storage configurations that vary in terms of resource consumption. When we start to consume the network as a resource pool, we need a similar concept. This post explains how this is achieved in the context of the Flavors application in the OpenDaylight project

Network Flavors in OpenDaylight

Fallacies of Distributed Computing

If you haven't read the Fallacies of Distributed Computing you should. Specifically points 2 and 3.

2) Latency is Zero 3) Bandwidth is Infinite

The truth is that not all networks are created equally. We may have some pools of 2:1, 4:1, 8:1 oversubscribed fabric. We may links between data centers at varying bandwidths and costs to the business.

In a cloud network, we can increase our ROI by charging out portions of the network based on their actual cost to the business, but to do this we need to model the network appropriately. Applications also need to consume networking in an abstract way, and the concept of using Flavors as this abstraction is an interesting prospect.

Problem Statement

The problem is that todays cloud networking solutions (OpenDaylight included) are based on "Overlay Networks". The Overlay Network solution only assumes L3 reachability between tunnel endpoints Continue reading

Network Flavors in OpenDaylight

Changing Your MAC Address Using Macchanger

Macchanger is a free utility used to change the MAC address of the network adapter. Macchanger can randomly assign a MAC address or assign a specific MAC address of your choosing.

Usage

There are several instances changing the MAC address is necessary, but I use the utility while pentesting a wireless network with MAC filtering enabled and have to assign an approved MAC address to the wireless adapter.

Install

The Macchanger utility is included with Kali Linux, but to install the application, update it, or verify your using the most up to date version run the following command. In the screen shot that follows the install command confirms that the newest version is already installed.

#apt-get install macchanger

Help

Help with Macchanger can be accessed by running the following two commands.

#macchanger --help

#man macchanger

Assign a Random MAC Address

I’m using an Alfa USB wireless adapter and I will run the following commands to verify the adapters interface and the permanent MAC address.

#ifconfig

#ifconfig wlan1

Macchanger can also be used to verify the manufacture burned in MAC address by running the following command.

#macchanger--show wlan1

Change the MAC address using one of the following commands.

#macchanger -r  Continue reading

3Com / H3C / HP Comware based Switches – Edged-port + BPDU Protection

Today we’ll comment on the two features that work as a complement to the Spanning-Tree. The edged-port command gathers many benefits to the STP, for example, the timeout prevention concerning the DHCP process. As for the bpdu-protection, it prevents loop in the “edged” configured ports within the network via HUBs, “Switches HUB”, etc.

Edged-port

The edged-port feature allows the interface to skip the Listening and Learning states of the Spanning-Tree Protocol, setting the ports into the Forwarding state immediately. The STP’s configuration edged-port enable, forces the interface to ignore the convergence states of the STP, including the notification of topology change messages (TCN messages).

The command must be applied to the access ports connected to servers, workstations, printers, etc.

Configuration

[Switch]interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1]stp edged-port enable
[Switch-GigabitEthernet1/0/1]quit
[Switch]interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2]stp edged-port enable
[Switch-GigabitEthernet1/0/2]quit

PS: When a port is configured as a edged-port receives a BPDU, the interface will return to participate on the STP like any other interface.
PS:An Edged-port send BPDUs normally. The edged-port feature is also known as Portfast.

BPDU Protection

The utilization of the edged-port feature is restricted to ports connected to the final equipment such as servers and workstations. Continue reading

Network Management Challenges of 2014

Network Management Challenges of 2014

by Brian Boyko, Technology Commentator - March 4, 2014

No matter how much virtualization or abstraction or automation we place into the network, it still has to run on a physical infrastructure somewhere. And you still need to understand how the underlying network is performing, which route the traffic is taking, how much bandwidth each application needs and during what time periods, etc.

So no matter how much the venerable router is under assault and in danger of becoming a commodity, we know that you will never be able to abstract all physical devices – or humans for that matter – from the network. But we will all need to adapt.

This is the perspective we’re taking in this blog. Welcome to the first post of the Packet Design blog, where we will delve into all things network management, route analytics, SDN, IT and beyond. We’ll be covering issues for everyone affected by network management concerns.

That’s a broader audience than you’d think at first glance. It of course includes the planners, architects and engineers who design, set up and maintain the network, the NOC staff who oversee it, the managers responsible Continue reading

DEW Testimony

Thanks to God !! Finally all the effort to be Design Expert is paid off!
I really appreciate to Himawan for his knowledge and passion about CCDE mindset, insight and learning strategy to help my CCDE journey.
They are really enlightening and accelerating.
“Learn from the best to be the best” really works for me.
Thanks Him, great to have you as my mentor!!
All the best, brother :)
(Hinwoto – CCDE #2014::4 / CCIE #15026 RS & SP)

Thanks, Hinwoto, for the kind words.
And congratulations once again for your CCDE.

I can't make anyone to pass CCDE. And I don't think anyone can give promise that he or she can make you pass CCDE exam. The only person who can make you become CCDE is yourself. I, and all other CCDE study groups, training vendors, or individuals who spend time to help others to pass CCDE, can only help with knowledge and tips to prepare for the exam. You are the one who has to push yourself to continue learning. You have to gain experience and real design skills. You are the one who will make decision to get certified or not.

I can only show you the Continue reading

Has SDN Changed Networking?

Software Defined Everything, NFV, OpenFlow, SDDC and Orchestrators are buzz words of DC networking. An interesting point would be to check whether these proposed solutions change our understanding of DC Networks? A good analogy to start with is chassis based switches (e.g Cisco’s Cat6500, Juniper’s EX8200). Regardless of how convoluted it may seem, any networking […]

Author information

Karim Jamali

Karim is a network engineer, blogger, and CCIE #25064. His main focus areas are Data Center, Virtualization and Security..Karim has been working in the industry for more than 6 years covering both pre-sales & post-sales functions.

The post Has SDN Changed Networking? appeared first on Packet Pushers Podcast and was written by Karim Jamali.

Capture your fancy, part one, PFC3

It's often incredibly useful to be able to capture transit traffic, it's quick way to prove that you're actually receiving some frames and with any luck have good idea how and where you are sending them. It's unfortunately common, especially in 7600/6500 PFC3 to have bug where packets are not going where software FIB suggests they are. Luckily there is quite good tooling to inspect what really is happening. So we're taking a peek at 'ELAM'.

We have traffic coming in unlabeled to 7600 and going out labeled. Let's see how to capture it

psl2-pe2.hel.fi#show platform capture elam asic superman slot 5 psl2-pe2.hel.fi#show platform capture elam trigger dbus ipv4 help SEQ_NUM [5] QOS [3] QOS_TYPE [1] TYPE [4] STATUS_BPDU [1] IPO [1] NO_ESTBLS [1] RBH [3] CR [1] TRUSTED [1] NOTIFY_IL [1] NOTIFY_NL [1] DISABLE_NL [1] DISABLE_IL [1] DONT_FWD [1] INDEX_DIRECT [1] DONT_LEARN [1] COND_LEARN [1] BUNDLE_BYPASS [1] QOS_TIC [1] INBAND [1] IGNORE_QOSO [1] IGNORE_QOSI [1] IGNORE_ACLO [1] IGNORE_ACLI [1] PORT_QOS [1] CACHE_CNTRL [2] VLAN [12] SRC_FLOOD [1] SRC_INDEX [19] LEN [16] FORMAT [2] MPLS_EXP [3] REC [1] NO_STATS [1] VPN_INDEX [10] PACKET_TYPE [3] L3_PROTOCOL [4] L3_PT [8] MPLS_TTL [8] SRC_XTAG [4] DEST_XTAG [4] FF [1] Continue reading

Network Configuration: The Case for Normalization

I’ve had network configuration tools and protocols on my mind for the last few weeks. Everyone’s got some hot new API or configuration protocol - and on the outside looking in, it’s easy to assume that they’re all just different flavors of the same general concept - network configuration. So are they basically competing standards (VHS vs Betamax, anyone?)? Or is there a method to this madness? Just to name a few, OVSDB and Netconf are actually established JSON-RPC and XML-RPC (respectively) based standardized formats for accomplishing network configuration on the wire, rather than chase down each vendor’s individual XML/JSON API.

Network Configuration: The Case for Normalization

Server Brawn + Switch Brains = Infrastructure Fabric

Last week I attended Networking Field Day 7, and was introduced to Pluribus Networks. Pluribus is taking an interesting approach to building the data center fabric, by combining high-performance data center top-of-rack (ToR) switching with powerful server internals in a platform they’ve dubbed the Freedom Server-Switch.

Source: pluribusnetworks.com

The Freedom platform can be loaded to bare with RAM and storage along with some pretty powerful CPUs (this data sheet provides all the details), which enables embedding various network (and not-so-network) services right in the network at every edge. The platform runs the NetVisor operating system, based on BSD. This software can be had in various feature levels:

Source: pluribusnetworks.com

Various services that can be enabled beyond typical L2/L3 network services include DHCP, DNS, PXE, load balancing, CDN functions, NAT, NAS (yes, really), and traffic analytics. Since these switches are designed for deployment as leaf nodes in leaf-spine architecture datacenters, this embeds these services right at the network ingress point for each connected device.

You may be thinking about the potential administrative overhead included with performing advanced network services on each ToR switch, but that burden is eased with fabric-wide management features that allow an administrator to Continue reading

Show 181 – Intro to I2RS with Joel Halpern & Russ White

Traditionally, routing protocols running on a router will perform calculations to determine the best forwarding path. The RIB with be then populated with next-hop information. Ultimately, that information will be populated into the FIB (forwarding information base), the FIB taking the guesswork of how to get to the next hop and easing CPU utilization on […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 181 – Intro to I2RS with Joel Halpern & Russ White appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Using IPMI Serial-over-LAN for server consoles

I’ve been trying to learn linux networking and virtualisation using a donated server in a remote lab. The server didn’t have an IP-KVM attached but it did have a working IPMI connection. Not that I’d need it of course; I … Continue reading →

The post Using IPMI Serial-over-LAN for server consoles appeared first on The Network Sherpa.

Orhan Ergun CCDE Story

Once I decided for the CCDE exam I was thinking it is a hard challenge but surprisingly I will say it is not as much as you think.This is good news and you started to smile ? Hope once you finished the article you continue to it Yes it is not since I […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Orhan Ergun CCDE Story appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

« Previous 1 … 3,767 3,768 3,769 3,770 3,771 … 3,855 Next »

Option 1

MiG-29AS in Slovak Air Force (super quick history)

Fallacies of Distributed Computing

Problem Statement

Author information

Author information

Author information

MiG-29AS in Slovak Air Force
(super quick history)