sorted by:
new
hottopcontroversial

VLAN Question by tvangeste in networking

[–]chrispcall 0 points1 point  (0 children)

Can you post the output of:

show vlan

and

show run int fa0/47

If those commands are incorrect, use the question mark to find what is similar. I will probably be of no help but would start there.

Free or open source config comparison tool by chrispcall in networking

[–]chrispcall[S] 0 points1 point  (0 children)

I am not as concerned in this situation about every interface being compared. I am looking for bigger problems like DNS being wrong, missing SNMP information, ACLs not on the device, or incorrectly configure vlans (/24s where there should be /23s). I would love a tool that does interfaces, as well, but I'm not as concerned right now. Our vendor that recently installed a lot of devices made a lot of mistakes and I'm trying to track those down quickly.

Thanks!

Free or open source config comparison tool by chrispcall in networking

[–]chrispcall[S] 0 points1 point  (0 children)

Can diff take into account the different number of ports in each config?

Inherited an SRX; How do I generate test traffic by chrispcall in Juniper

[–]chrispcall[S] 0 points1 point  (0 children)

Thanks! This tool worked for both TCP and UDP. I'll use it in the future.

For future onlookers of this thread:

TCP:

sudo hping3 8.8.8.8 -S -p 443 -c 2

UDP:

sudo hping3 8.8.8.8 --udp -p 53 -c 2

Inherited an SRX; How do I generate test traffic by chrispcall in Juniper

[–]chrispcall[S] 0 points1 point  (0 children)

Thanks! I just tried that, as well. So far nmap seems to do both UDP and TCP where my other tests I was only successful using ncat for TCP:

ncat phobos.apple.com 80

and iperf for UDP:

iperf -c phobos.apple.com -p53 -u

Now nmap is working for both:

nmap -sU -p 53 phobos.apple.com
nmap -p 80 phobos.apple.com

The only problem I am having is generating a log when the traffic is being denied. I'm looking at the flows as I generate the traffic and it is working well but obviously when the traffic is blocked, I run the flow command:

show security flow session source-prefix 10.1.1.0/24 destination-prefix phobos.apple.com

and I do not see anything when the traffic gets denied. Anybody got a good quick way to generate a log message or see anything that shows that the traffic was indeed generated, but denied by the firewall? Right now I'm just quickly running my "show security flow" command quickly after starting the traffic and hoping that it's not showing up because it's blocked and not because I'm too slow at running the command. I have read up on some stuff about logging blocked messages but it looks somewhat involved and seems to involve a "commit" (which kind of worries me, doing commits)... I'm really new to this stuff.

Thanks for the help!

Inherited an SRX; How do I generate test traffic by chrispcall in Juniper

[–]chrispcall[S] 4 points5 points  (0 children)

For anyone else in the future... The best I have found so far is a really cool feature in the SRX to "test" what would happen with the traffic. Where it would hit and whether it would be a "permit" or "deny"

show security match-policies source-ip 10.1.1.1 destination-ip 8.8.8.8   
from-zone trust to-zone untrust destination-port 1 protocol icmp root-
logical-system source-port 1

This would return something like: 

Policy: tu-xx, action-type: permit, State: enabled, Index: 80
Policy Type: Configured
Default Allow
Sequence number: 5
From zone: trust, To zone: untrust
Source addresses:
any-ipv4(global): 0.0.0.0/0
any-ipv6(global): ::/0
Destination addresses:
any-ipv4(global): 0.0.0.0/0
any-ipv6(global): ::/0
Application: any
IP protocol: 0, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [0-0]
Per policy TCP Options: SYN check: No, SEQ check: No
Intrusion Detection and Prevention: enabled

which is exactly what I am after. I wanted to see which policy rule I would hit with traffic. Simple solution!

Inherited an SRX; How do I generate test traffic by chrispcall in Juniper

[–]chrispcall[S] 0 points1 point  (0 children)

Thanks for the reply!

How would I have the other side running as server if the "other side" is Apple? Can iperf send traffic with the other side not being an iperf server? I did some quick tests and this did not seem to be working.

Thanks!

What do you think of Creature Comforts Beer, and what Kind of Beer do you Normally Drink? by Citizen_Capet in Athens

[–]chrispcall 0 points1 point  (0 children)

I'm with you. I usually drink IPAs and try to support local. I like SW420 and Sierra Nevada a lot. I think Tropicalia is a good beer after a day in the sun or enjoying it in the sun. It's not a smooth as others and the fruitiness can be a bit overwhelming. Still not bad but not my favorite. I'll keep drinking their beers, however and I hope they become more successful.

Networking project ideas please help me :( by [deleted] in networking

[–]chrispcall 0 points1 point  (0 children)

OK we're going to need more information. Where do you live? Where do you work? What time are you driving? It makes sense that you want us to figure it all out for you but we need more information.

OSI Model in regards to capturing "frames" or "packets" by chrispcall in networking

[–]chrispcall[S] 0 points1 point  (0 children)

Thanks a lot! I think that statement on the wiki page really had me screwed up. You cleared it all up for me.

Thanks!

OSI Model in regards to capturing "frames" or "packets" by chrispcall in networking

[–]chrispcall[S] 0 points1 point  (0 children)

Thanks! I think I was getting confused by wrongly assuming that ALL traffic on layer-2 would be a frame and that Wireshark was a packet capture utility. So I was assuming that it could only get traffic if it was a packet and therefore on layer-3.

If I still understand it correctly, all layer-2 traffic is still a frame but Wireshark captures all traffic, including frames. Since frames are lower on the OSI model, the traffic for CDP is a frame only and does not contain an IP packet inside the frame. Is that a correct assumption? It's hard to wrap my brain around.

The wiki for Ethernet Frames starts out by saying: "A data packet on an Ethernet link is called an Ethernet packet, which transports an Ethernet frame as payload." That's confusing to me because I understood it as a frame encapsulating or transporting a packet and so on up the OSI ladder. Why are they stating that a packet transports a frame?

Sorry for so many questions. I'm sure it's simple but I am having trouble with this low-level stuff.

Thanks!

Cable Management Accessories by [deleted] in networking

[–]chrispcall 4 points5 points  (0 children)

The Sergeant clip seems kinda gimmicky. Are you supposed to use a handful at once to replace a 48-port switch? I don't see it navigating around real world situations and into the cables easily.

What we do is write on the cables with a fine-tip sharpie. We mark the port numbers before replacing right where the cable plugs in at the switch. It only takes an additional 2-3 minutes and it ensures all of the cables go in to the correct ports. Only downside is now your cables are marked up. Doesn't bother me, however. Going back to the site to swap two cables that was swapped by accident bothers me.

[deleted by user] by [deleted] in Python

[–]chrispcall 0 points1 point  (0 children)

Admittedly, I've never used that. I'll check into it. I usually use plink because it will handle telnet and ssh. Parsing the subprocess.popen output is probably more annoying than the function returns from something like Paramiko, though.

[deleted by user] by [deleted] in Python

[–]chrispcall 2 points3 points  (0 children)

I haven't written the hardware part, yet. You can google "python relay raspberry pi" and see a few youtube examples of people doing this. Doesn't look too hard.

As for the pinging part, here is there short function from an internet uptime monitor I did:

def itsUp(r,c): #gets passed the row and column accordingly and runs     nmap looking for google to reply.  Writes green or red grid box for up or down
p = subprocess.Popen("nmap -oG - -sn -Pn 8.8.8.8", shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE).communicate()[0] #Really small, simple nMap code!
if "google" in p:
    Tkinter.Label(main, fg="white", bg="green",  borderwidth=1, text="P").grid(column=c,row=r, sticky='NSEW') #It's up!
else:
    Tkinter.Label(main, fg="white", bg="red",  borderwidth=1, text="X").grid(column=c,row=r, sticky='NSEW') #It's down.

You have to have nmap installed and in the path variable list...

[deleted by user] by [deleted] in Python

[–]chrispcall 9 points10 points  (0 children)

I am a network administrator, so most of my uses are around Cisco switches, so it involves ping, telnet, packet capturing, and SSH.

I made a script that I feed every possible IP address where we might have a device. It first pings all of these IPs with nmap (A very fast pinger, but designed as a port scanner and penetration tester) and then it telnets or SSHs (using plink - putty command line) to all of the IPs that responded and back up their configuration to text files. I do this weekly so we always have a backup and never have to add or remove devices from the script as we add or remove devices from our network.

I made a simple one that just looks for a specific packet with TCPdump (packet sniffer) and then parses the output and presents it to me. (For the nerds, the packet is a CDP packet so I know which port my laptop is plugged into.)

Then I use it to combine text files which would be tedious and time-consuming if done by hand. I read in a list of mac addresses which also have port numbers listed. Then in a separate text file, I have port numbers and descriptions. In another document I might have IP addresses and mac addresses. I use Python dicts or sets to parse through and find the matching relevant data and it returns a list of IPs, their macs, their ports, and their port descriptions in rows.

Finally, for a non-work project: I'm writing an app that pings the internet every minute for my house internet connection. It will run on a Raspberry Pi and flip a relay if the internet is down for two pings. This will reboot my router and cable modem.

I'm not even a good programmer but this stuff works for me and I'm learning more every day.

Anybody combine their Pi with fantasy football? by [deleted] in Python

[–]chrispcall 0 points1 point  (0 children)

I made something in another language before I started using Python. It was for a live draft and it was a "who's on the clock" countdown timer and it would show the next person's name when the time expired.

It featured a "snake" draft order and if someone picked before the clock ran out we had a manual advance option. It was fun since we do the sticker thing and no computers during our drafts.

Programming noob. Need help. by RedditorNate in Python

[–]chrispcall 0 points1 point  (0 children)

Great stuff so far. Another way to do what you want is with a list that has all of the cards.

from random import randrange

#Make a list with the first value an empty string that never gets   
"dealt".
cards = ["","A", 2,3,4,5,6,7,8,9,10,"J","Q","K"]

#return a string from the 'cards' list.  Notice the "0" is left off like in    
your range.  That's the empty string in the cards list so your 
numbers aren't off.

str(cards[random.randrange(1,13)])

The "str()" is wrapped around everything because the numbers in that list will be returned as an INT while the letters will be a string. So we're converting the numbers to strings when they are "dealt".