Category Archives: Network

NetScreen Syslog over TCP

August 23, 2012 patrick.preuss

set syslog config “10.0.12.1”
set syslog config “10.0.12.1” facilities local0 local1
set syslog config “10.0.12.1” log traffic
set syslog config “10.0.12.1” transport tcp
set syslog src-interface untrust
set syslog enable
set log cli enable

Cisco, Computer, Network, Uncategorized

Cisco DHCP for secondary addresses

March 21, 2012 patrick.preuss

ip dhcp smart-relay

Computer, Linux, Network

BASH inet_aton inet_ntoa

March 19, 2012 patrick.preuss

# aton and ntoa
function INET_NTOA() {
  local IFS=. num quad ip e
  num=$1
  for e in 3 2 1; do
    quad=$((256**$e))
    ip[$((3-$e))]=$(($num/$quad))
    num=$((num%quad))
  done
  ip[3]=${num}
  echo "${ip[*]}"
}

function INET_ATON() {
  local IFS=. ip num e
  ip=($1)
  for e in 3 2 1; do
    num=$(($num+${ip[$((3-$e))]}*256**$e))
  done
  num=$(($num+${ip[3]}))
  echo $(($num&0xFFFFFFFF))
}

ASA, Cisco, Computer, Juniper, Network, Security

i got my first juniper

March 14, 2012 patrick.preuss Leave a comment

It is a Netscreen 5gt. So now commands maybe usefull:

Cisco IOS	Cisco PIX Cisco ASA	Juniper Netscreen	Description
show configuration	show configuration	get config saved	get saved configuration
show running-config	show running-config	get config	get device configuration
		save	to save changes to config
show version	show version	get system	gets system information, Netscreen mode
show ip inspect session		get session info	shows load on the firewall 85+ implies there will be some latency
show interface sh ip interface		get interface	shows interfaces, zones
		get address trust/unturst	shows defined network objects
show arp sh ip arp <interface>	show arp	get arp	shows arp entries
show ip route	show route	get route	shows firewall routes
		get service	shows firewall services
		get group address	network groups
		get group service	service groups
		get policy in/out	shows applied firewall policies
		get log traffic	shows firewall logs – options: based on src/dst/IP/port
	no <command>	unset	to remove a config statement
		get user all	shows vpn users
		get log event	shows vpn logs
		get mip	shows one to one Nat’s
		get vip	shows configured port forwarding rules
		get route ip x.x.x.x	finds the specific route for an ip
		set policy id xx	put you in a specific policy then you can add more objects it instead of creating a group

Computer, Network

Infoblox API

March 14, 2012 patrick.preuss Leave a comment

Download the API

wget –no-check-certificate https://10.0.136.180/api/dist/CPAN/authors/id/INFOBLOX/Infoblox-6.003000015125.tar.gz
Link depends on NIOS Version.

Network, Windows

Windows 7 Packet Caputre

December 21, 2011 patrick.preuss Leave a comment

You have several options to capture packets on Windows 7 on is Wireshark the other is

netsh

[sourcecode]

C:\Users\rt01>netsh trace show scenarios

Verfügbare Szenarien (18):

AddressAcquisition       : Problembehandlung in Zusammenhang mit der Adressenerfassung
DirectAccess          : Problembehandlung in Zusammenhang mit DirectAccess
FileSharing                    : Allgemeine Datei- und Druckerfreigabeprobleme behandeln
InternetClient                 : Probleme mit der Webkonnektivität diagnostizieren
InternetServer                : Behandeln von serverseitigen Webkonnektivitätsproblemen
L2SEC                            : Problembehandlung in Zusammenhang mit der Authentifizierung auf der 2. Schicht
LAN                                : Problembehandlung im Zusammenhang mit verkabelten LANs
Layer2                          : Problembehandlung in Zusammenhang mit der Konnektivität auf der 2. Schicht
MBN                         : Problembehandlung in Zusammenhang mit mobilem Breitband
NDIS                              : Problembehandlung in Zusammenhang mit Netzwerkadaptern
NetConnection              : Problembehandlung bei Netzwerkverbindungen
P2P-Grouping               : Peer-zu-Peer-Gruppierungsprobleme behandeln
P2P-PNRP                     : Problembehandlung in Zusammenhang mit dem Peer Name Resolution-Protokoll (PNRP)
RemoteAssistance         : Probleme mit der Windows-Remoteunterstützung behandeln
RPC                               : Probleme mit dem RPC-Framework beheben
WCN                            : Problembehandlung in Zusammenhang mit der Windows-Sofortverbindung
WFP-IPsec                     : Behandeln von Windows-Filterplattformproblemen und IPsec-bezogenen Problemen
WLAN                     : Problembehandlung in Zusammenhang mit drahtlosen LANs
[/sourcecode]

[sourcecode]

C:\Windows\system32>netsh trace start scenario=MBN capture=yes report=yes tracefile=c:\trace\trace.etl

Ablaufverfolgungskonfiguration:

Status:             Wird ausgeführt
Ablaufverfolgungsdatei:         C:\trace\trace.etl
Anfügen:             Aus
Kreisförmig:           Ein
Maximale Größe:           250 MB
Bericht:             Ein
[/sourcecode]

[sourcecode]

netsh trace stop

[/sourcecode]

then you can use the Network Monitor NM

Cisco, Computer, Network

Cisco Config Archive

December 14, 2011 patrick.preuss Leave a comment

c870-adventerprisek9-mz.124-15.T7.bin
c2960-lanlitek9-mz.122-50.SE3.bin

rt1#sh archive
The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/rt1-4
 Archive #  Name
   0
   1       ftp://cisco:cisco@10.0.160.230/config/rt1-1
   2       ftp://cisco:cisco@10.0.160.230/config/rt1-2
   3       ftp://cisco:cisco@10.0.160.230/config/rt1-3 <- Most Recent
   4
   5
   6
   7
   8
   9
   10
   11
   12
   13
   14

sw2#sh archive
The maximum archive configurations allowed is 14.
The next archive file will be named ftp://cisco:cisco@10.0.160.230/config/sw2--18
 Archive #  Name
   1        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-30.425-8
   2        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-36.440-9
   3        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-41.926-10
   4        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-47.454-11
   5        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-24-54.492-12
   6        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-40.688-13
   7        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-50.788-14
   8        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-25-58.766-15
   9        ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-07.104-16
   10       ftp://cisco:cisco@10.0.160.230/config/sw2Dec-14-17-26-14.092-17 <- Most Recent

ftp> dir
200 Port command successful
150 Opening data channel for directory list.
-rw-r--r-- 1 ftp ftp          20299 Dec 14 18:18 rt1-1
-rw-r--r-- 1 ftp ftp          20299 Dec 14 18:19 rt1-2
-rw-r--r-- 1 ftp ftp          20299 Dec 14 18:21 rt1-3
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:22 sw2Dec-14-17-22-39.964-0
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:23 sw2Dec-14-17-23-45.597-1
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:23 sw2Dec-14-17-23-51.393-2
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-23-56.972-3
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-03.515-4
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-08.665-5
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-14.085-6
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-24.176-7
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-30.425-8
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-36.440-9
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-41.926-10
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:24 sw2Dec-14-17-24-47.454-11
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:25 sw2Dec-14-17-24-54.492-12
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:25 sw2Dec-14-17-25-40.688-13
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:25 sw2Dec-14-17-25-50.788-14
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:26 sw2Dec-14-17-25-58.766-15
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:26 sw2Dec-14-17-26-07.104-16
-rw-r--r-- 1 ftp ftp           6714 Dec 14 18:26 sw2Dec-14-17-26-14.092-17
226 Transfer OK
FTP: 1631 Bytes empfangen in 0,00Sekunden 815,50KB/s
ftp>

Cisco, Computer, NAT, Network, Security, VPN

Cisco IOS VPN to IPCop

December 9, 2011 patrickpreuss Leave a comment

[sourcecode]
crypto isakmp key supersecertkey address AAA.BBB.CCC.DDD
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map CSM_CME_FastEthernet0.831 131 ipsec-isakmp
set peer AAA.BBB.CCC.DDD
set transform-set ESP-3DES-SHA
match address XY-TEST-CRYPTO-ACL
reverse-route
!
ip nat outside source static 192.168.XX.121 10.4.YYY.243 add-route
!
ip access-list extended XY-TEST-CRYPTO-ACL
permit ip 10.0.YYY.40 0.0.0.252 192.168.XX.0 0.0.0.255
!
[/sourcecode]

[sourcecode]
# Do not modify ‘ipsec.conf’ directly since any changes you make will be
# overwritten whenever you change IPsec settings using the web interface!
#
version 2.0
config setup
protostack=netkey
klipsdebug=”none”
plutodebug=”none”
#plutoload=%search
#plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.5.0/255.255.255.0,%v4:!10.0.244.40/30

conn %default
keyingtries=0
disablearrivalcheck=no
leftupdown=/usr/local/bin/ipsecupdown.sh

#RED
conn RED
left=192.168.0.1
leftsubnet=192.168.XXX.0/24
right=AAA.BBB.CCC.EEE
rightsubnet=10.0.YYYY.40/30
ike=3des-sha-modp1024
esp=3des-sha1
ikelifetime=1h
keylife=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=no
authby=secret
auto=start
[/sourcecode]

Computer, Network

Wirehark SMB2 Trace

December 9, 2011 patrickpreuss Leave a comment

[sourcecode]
"Program FilesWiresharktshark.exe" -r trace.pcapng -R "smb2.filename or smb2.nt_status eq 0xc0000034"
[/sourcecode]

0xc0000034 = STATUS_OBJECT_NAME_NOT_FOUND

Enterasys, Security

Enterasys Radius authentication against ACS

November 17, 2011 patrickpreuss Leave a comment

set radius enable
set radius server 1 10.0.xx.y7 1812 supersecret realm any
set radius server 2 10.0.xx.y8 1812 supersecret realm any

on the acs

Radius reply item must be

Filter-ID = Enterasys:version=1:mgmt=su

Patrick Marc Preuss

Category Archives: Network

NetScreen Syslog over TCP

Cisco DHCP for secondary addresses

BASH inet_aton inet_ntoa

i got my first juniper

Infoblox API

Windows 7 Packet Caputre

Verfügbare Szenarien (18):

Ablaufverfolgungskonfiguration:

Cisco Config Archive

Cisco IOS VPN to IPCop

Wirehark SMB2 Trace

Enterasys Radius authentication against ACS

The worst day diving is better than the best day working:-)