set syslog config “10.0.12.1”
set syslog config “10.0.12.1” facilities local0 local1
set syslog config “10.0.12.1” log traffic
set syslog config “10.0.12.1” transport tcp
set syslog src-interface untrust
set syslog enable
set log cli enable
Category Archives: Network
Cisco DHCP for secondary addresses
ip dhcp smart-relay
BASH inet_aton inet_ntoa
# aton and ntoa function INET_NTOA() { local IFS=. num quad ip e num=$1 for e in 3 2 1; do quad=$((256**$e)) ip[$((3-$e))]=$(($num/$quad)) num=$((num%quad)) done ip[3]=${num} echo "${ip[*]}" } function INET_ATON() { local IFS=. ip num e ip=($1) for e in 3 2 1; do num=$(($num+${ip[$((3-$e))]}*256**$e)) done num=$(($num+${ip[3]})) echo $(($num&0xFFFFFFFF)) }
i got my first juniper
It is a Netscreen 5gt. So now commands maybe usefull:
Cisco IOS | Cisco PIX Cisco ASA |
Juniper Netscreen | Description |
---|---|---|---|
show configuration | show configuration | get config saved | get saved configuration |
show running-config | show running-config | get config | get device configuration |
save | to save changes to config | ||
show version | show version | get system | gets system information, Netscreen mode |
show ip inspect session | get session info | shows load on the firewall 85+ implies there will be some latency | |
show interface sh ip interface |
get interface | shows interfaces, zones | |
get address trust/unturst | shows defined network objects | ||
show arp sh ip arp <interface> |
show arp | get arp | shows arp entries |
show ip route | show route | get route | shows firewall routes |
get service | shows firewall services | ||
get group address | network groups | ||
get group service | service groups | ||
get policy in/out | shows applied firewall policies | ||
get log traffic | shows firewall logs – options: based on src/dst/IP/port | ||
no <command> | unset | to remove a config statement | |
get user all | shows vpn users | ||
get log event | shows vpn logs | ||
get mip | shows one to one Nat’s | ||
get vip | shows configured port forwarding rules | ||
get route ip x.x.x.x | finds the specific route for an ip | ||
set policy id xx | put you in a specific policy then you can add more objects it instead of creating a group |
Infoblox API
Download the API
wget –no-check-certificate https://10.0.136.180/api/dist/CPAN/authors/id/INFOBLOX/Infoblox-6.003000015125.tar.gz
Link depends on NIOS Version.
Windows 7 Packet Caputre
You have several options to capture packets on Windows 7 on is Wireshark the other is
netsh
[sourcecode]
C:\Users\rt01>netsh trace show scenarios
Verfügbare Szenarien (18):
AddressAcquisition : Problembehandlung in Zusammenhang mit der Adressenerfassung
DirectAccess : Problembehandlung in Zusammenhang mit DirectAccess
FileSharing : Allgemeine Datei- und Druckerfreigabeprobleme behandeln
InternetClient : Probleme mit der Webkonnektivität diagnostizieren
InternetServer : Behandeln von serverseitigen Webkonnektivitätsproblemen
L2SEC : Problembehandlung in Zusammenhang mit der Authentifizierung auf der 2. Schicht
LAN : Problembehandlung im Zusammenhang mit verkabelten LANs
Layer2 : Problembehandlung in Zusammenhang mit der Konnektivität auf der 2. Schicht
MBN : Problembehandlung in Zusammenhang mit mobilem Breitband
NDIS : Problembehandlung in Zusammenhang mit Netzwerkadaptern
NetConnection : Problembehandlung bei Netzwerkverbindungen
P2P-Grouping : Peer-zu-Peer-Gruppierungsprobleme behandeln
P2P-PNRP : Problembehandlung in Zusammenhang mit dem Peer Name Resolution-Protokoll (PNRP)
RemoteAssistance : Probleme mit der Windows-Remoteunterstützung behandeln
RPC : Probleme mit dem RPC-Framework beheben
WCN : Problembehandlung in Zusammenhang mit der Windows-Sofortverbindung
WFP-IPsec : Behandeln von Windows-Filterplattformproblemen und IPsec-bezogenen Problemen
WLAN : Problembehandlung in Zusammenhang mit drahtlosen LANs
[/sourcecode]
[sourcecode]
C:\Windows\system32>netsh trace start scenario=MBN capture=yes report=yes tracefile=c:\trace\trace.etl
Ablaufverfolgungskonfiguration:
Status: Wird ausgeführt
Ablaufverfolgungsdatei: C:\trace\trace.etl
Anfügen: Aus
Kreisförmig: Ein
Maximale Größe: 250 MB
Bericht: Ein
[/sourcecode]
[sourcecode]
netsh trace stop
[/sourcecode]
then you can use the Network Monitor NM
Cisco Config Archive
c870-adventerprisek9-mz.124-15.T7.bin
c2960-lanlitek9-mz.122-50.SE3.bin
rt1#sh archive The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/rt1-4 Archive # Name 0 1 ftp://cisco:cisco@10.0.160.230/config/rt1-1 2 ftp://cisco:cisco@10.0.160.230/config/rt1-2 3 ftp://cisco:cisco@10.0.160.230/config/rt1-3 <- Most Recent 4 5 6 7 8 9 10 11 12 13 14
sw2#sh archive The maximum archive configurations allowed is 14. The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/sw2--18 Archive # Name 1 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-30.425-8 2 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-36.440-9 3 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-41.926-10 4 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-47.454-11 5 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-54.492-12 6 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-40.688-13 7 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-50.788-14 8 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-58.766-15 9 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-07.104-16 10 ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-14.092-17 <- Most Recent
ftp> dir 200 Port command successful 150 Opening data channel for directory list. -rw-r--r-- 1 ftp ftp 20299 Dec 14 18:18 rt1-1 -rw-r--r-- 1 ftp ftp 20299 Dec 14 18:19 rt1-2 -rw-r--r-- 1 ftp ftp 20299 Dec 14 18:21 rt1-3 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:22 sw2Dec-14-17-22-39.964-0 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:23 sw2Dec-14-17-23-45.597-1 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:23 sw2Dec-14-17-23-51.393-2 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-23-56.972-3 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-03.515-4 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-08.665-5 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-14.085-6 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-24.176-7 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-30.425-8 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-36.440-9 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-41.926-10 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:24 sw2Dec-14-17-24-47.454-11 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:25 sw2Dec-14-17-24-54.492-12 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:25 sw2Dec-14-17-25-40.688-13 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:25 sw2Dec-14-17-25-50.788-14 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:26 sw2Dec-14-17-25-58.766-15 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:26 sw2Dec-14-17-26-07.104-16 -rw-r--r-- 1 ftp ftp 6714 Dec 14 18:26 sw2Dec-14-17-26-14.092-17 226 Transfer OK FTP: 1631 Bytes empfangen in 0,00Sekunden 815,50KB/s ftp>
Cisco IOS VPN to IPCop
[sourcecode]
crypto isakmp key supersecertkey address AAA.BBB.CCC.DDD
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map CSM_CME_FastEthernet0.831 131 ipsec-isakmp
set peer AAA.BBB.CCC.DDD
set transform-set ESP-3DES-SHA
match address XY-TEST-CRYPTO-ACL
reverse-route
!
ip nat outside source static 192.168.XX.121 10.4.YYY.243 add-route
!
ip access-list extended XY-TEST-CRYPTO-ACL
permit ip 10.0.YYY.40 0.0.0.252 192.168.XX.0 0.0.0.255
!
[/sourcecode]
[sourcecode]
# Do not modify ‘ipsec.conf’ directly since any changes you make will be
# overwritten whenever you change IPsec settings using the web interface!
#
version 2.0
config setup
protostack=netkey
klipsdebug=”none”
plutodebug=”none”
#plutoload=%search
#plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.5.0/255.255.255.0,%v4:!10.0.244.40/30
conn %default
keyingtries=0
disablearrivalcheck=no
leftupdown=/usr/local/bin/ipsecupdown.sh
#RED
conn RED
left=192.168.0.1
leftsubnet=192.168.XXX.0/24
right=AAA.BBB.CCC.EEE
rightsubnet=10.0.YYYY.40/30
ike=3des-sha-modp1024
esp=3des-sha1
ikelifetime=1h
keylife=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=no
authby=secret
auto=start
[/sourcecode]
Wirehark SMB2 Trace
[sourcecode]
"Program FilesWiresharktshark.exe" -r trace.pcapng -R "smb2.filename or smb2.nt_status eq 0xc0000034"
[/sourcecode]
0xc0000034 = STATUS_OBJECT_NAME_NOT_FOUND
Enterasys Radius authentication against ACS
set radius enable
set radius server 1 10.0.xx.y7 1812 supersecret realm any
set radius server 2 10.0.xx.y8 1812 supersecret realm any
on the acs
Radius reply item must be
Filter-ID = Enterasys:version=1:mgmt=su