RE: how to spoof a IP? [7:65559]
A couple of amplifications: On Sun, 2003-03-16 at 20:51, Priscilla Oppenheimer wrote: > Alan Stone wrote: > > > > Hi.. Group > > > > I always heard of those hacker spoof a IP and hack other people > > system. Does spoof IP mean they are changing their source IP > > so that they pass thru firewall? If yes, may I know what tool > > can they use in order to change their source IP .. > To change your address, use the TCP/IP Control Panel or equivalent in the > operating system that you are using. More commonly (in my experience) people (skr1pt k1dd3z) use some stupid program on a UNIX computer that writes to the network on a raw socket. This way the administrator of the system doesn't have to know (as long as the user has root - required for raw sockets). > You probably won't get through any firewalls, though. Firewalls make sure an > outsider isn't using an inside address. Routers ensure this too. It can be > easily accomplished with a simple access list. Those ACLs are far less common in enterprises than one would hope. Routers should do ingress filtering, but if the attacker chooses just a random address, it won't be in the filter list. Most of the packet floods I've been on the business end of have been completely random addresses. In fact, some of them pick a random address per packet. On networks that do ingress filtering, the user may only have to pick an address in the network's range, which will often still disguise his true identity. > Even before firewalls and routers watched for this, IP spoofing didn't mean > you could hack much unless you had additional hacking abilities. You had to > spoof the IP address of a trusted host and you had to be running software > that didn't care that you didn't see any replies. The replies go to the > legitimate holder of the IP address. Another scenario is the above-mentioned packet flood attack, which still happens every day to somebody. Outside of SYN floods, this is usually done with non-TCP datagrams, and the sender never reallly cares about responses. A special case of this is the smurf attack - the attacker writes the address of the victim host into the source address field and sends a big directed-broadcast ping to a big network. Each host on the network sends a big response to the victim, chewing up most/all of its bandwidth. As Priscilla pointed out, hijacking attacks are pretty difficult these days, given the ISN randomization and ingress filtering that many firewalls and routers tend to do. It's usually easier to just exploit a security hole directly. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65572&t=65559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DS3 slow connection problem. [7:65491]
Mark, Saying that THE problem is one thing or another is always dangerous (and, frankly, a little unprofessional). I should have said that A problem is that you didn't have a clock source on the line. You need at least one. Two doesn't hurt either (both can be internal). There may well be other issues. As others have pointed out, framing and coding need to match. According to your posts they do. As for attenuation, DS3s are VERY sensitive. I dont have the specs here at home but can say with experience that even a few tenths of a volt high or low can cause errors. Hopefully youre using good 75 ohm DS3 coax (AT&T 735 series or equivalent). Also, with Cisco routers, Ive seen plenty of instances where a 75 ohm terminator was necessary at the receiving (and in some cases transmitting) interface. You may have to put a T in with the stem of the T on the interface, the cable on one part of the top of the T, and the terminator on the other end. Are these routers back to back? That changing the clock scheme made such a negative change probably tells us something. I've been out working on an electric fence all day (and battling dehydration by way of drinking dehydrating liquids with "Lite" in the name) so I'm probably not much help tonight. I'll give it some thought but will be flying most of tomorrow. Hopefully you'll make good progress in the mean time. Please keep us posted Regards, Scott Mark Walmsley wrote: > > Hi Again Everyone, > > Just to let you all know, this morning I changed the 7200 > router serial interface clock to int and left the 7500 clock > set to line, this actually made the connection worse, I got 5% > packet loss as opposed to 1% packet loss when both router > interfaces were set to line, I changed it back and it returned > to 1% packet loss so then I changed the 7500 interface clock to > int while the 7200 was set to line and this appeared to have > little affect, still getting lots of input errors on the 7200 > and 1% packet loss. > I'm wondering now if we have a faulty ds3 card. > > I logged into the routers and did some ping tests, pinging the > routers own serial interface I still get the 1% packet loss. I > did this on both routers, I thought this might rule out the > actual line because I'm not pinging across the ds3 connection > please correct me if i'm wrong. > > Somebody asked if scrambling was on but I'm not sure what > scrambling does or how to check if it's turned on or off so > i'll look into that too. > > > Thanks for everybody's help and I'm going to spend all day > checking out what you've said and going through the > troubleshooting stuff from cisco and i'll let you know how I > get on. > > Anymore advice would be greatly appreciated. > > Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65566&t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load blanacing - VERY URGENT [7:65567]
Hi everyone A silly question can somebody gimme load balancing commands for RIP both v1 and v2 thanx thsi is very urgnet Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65567&t=65567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to spoof a IP? [7:65559]
Alan Stone wrote: > > Hi.. Group > > I always heard of those hacker spoof a IP and hack other people > system. Does spoof IP mean they are changing their source IP > so that they pass thru firewall? If yes, may I know what tool > can they use in order to change their source IP Spoofing an IP address means that you change your IP address to be that of some other host. Packets from you will have that address in the Source IP Address field of the IP header. For example, you could change your address to be in the range of inside trusted addresses, even though you are on the outside. To change your address, use the TCP/IP Control Panel or equivalent in the operating system that you are using. You probably won't get through any firewalls, though. Firewalls make sure an outsider isn't using an inside address. Routers ensure this too. It can be easily accomplished with a simple access list. Even before firewalls and routers watched for this, IP spoofing didn't mean you could hack much unless you had additional hacking abilities. You had to spoof the IP address of a trusted host and you had to be running software that didn't care that you didn't see any replies. The replies go to the legitimate holder of the IP address. So, let's say that you start a 3-way handshake claiming that your address is 10.0.0.1. You send a SYN. The SYN ACK goes to the real holder of the 10.0.0.1 address. You send an ACK anyway after waiting the proper amount of time. For this to work, you have to guess what sequence number the target host is using in its SYN ACK packet. These days most operating systems and/or firewalls randomize the initial sequence number so you can't guess it. Even if you got that far and established a 3-way handshake, you would have to keep guessing at sequence numbers and you would have to know how to get root access or equivalent, or have some other hacking abilities to do any damage. Priscilla > > Thanks a lot > > > > - > Do you Yahoo!? > Yahoo! Web Hosting - establish your business online > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65563&t=65559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Topology Question - Parkhurst's Book [7:65532]
"Cisco OSPF Command and Configuration Handbook" by William R Parkhurst ISBN 1587050714 > -Original Message- > From: richard dumoulin [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 16, 2003 2:06 PM > To: [EMAIL PROTECTED] > Subject: RE: OSPF Topology Question - Parkhurst's Book [7:65532] > > > Hey Chuck, > > Which book is this one ? > > Cheers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65562&t=65532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Network design product selecion question [7:65564]
Hi All, once again, I am back designing a network for my company (scary). The budget I have been given from my manager, would not pay for a family visit to McDonalds. However, this is the requirment (my product selection is below) * Provide up to 200 ports on the floor * 2 level building, with multi-mode fibre between level 1 & 2 * Level 1, has 70 users, 30 servers * Level 2 has 60 users * 2 subnets will be used in this office I suggested, that we use a single 4003 as the core, purchase a Sup III, 1 x 8 port GBIC module, 1 x 48 port 10/100/1000 module. We then use the GBIC's to extend to the 2 x 2950's on the floor above, and 2 x copper GBIC's to the 2950's on the same floor as the core switch. This solution, worked out to be around $100K AUD (australian $$). This was seen as far to expensive. Is there any other model of Cisco catalyst switch that can perform layer 3 routing, GBIC between floors and etc that could do the job of the 4003/4006 ? Or is there a better way of doing it ? John Sydney Australia ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65564&t=65564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Topology Question - Parkhurst's Book [7:65532]
Since the spoke routers are NBMA, multicast hello's will not locate the neighbor. The ospf router neighbor command must be used to manually identify the neighbor so routing updates can be exchanged. I'm not sure why you would want to implement in this way, but it will work. Regards ""The Long and Winding Road"" wrote in message news:[EMAIL PROTECTED] > Ran into something in Parkhurst's OSPF book while studying tonight. Looking > for validation of my observation. > > The example: OSPF over frame relay > > The topology: hub and spoke, with a twist. The hub uses subinterfaces ( one > to each spoke router ) and the spokes use physical interfaces. > > Now, the Parkhurst examples show leaving the physical interfaces as ospf > type non-broadcast, change the ospf timers on the subinterfaces, place > neighbor statements on the spoke routers ( physical interfaces ) and all is > well. > > Except I don't believe it works this way. > > The subinterfaces are point-to-point networks, and expect the other side to > be a point-to-point connection and adjacency. the physical interfaces are > non-broadcast, and expect DR elections to occur, something the router with > the subinterfaces will not do. > > I believe the correct solution is to make the physical interfaces ospf type > point-to-multipoint. > > An alternative is to change the physical interfaces to ospf point-to-point. > > In any case - can anyone else verify what I see and do not see - that > Parkhurst chapter 11, example 3, pages 275-279 answer is incomplete? > > thanks. > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65560&t=65532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Topology Question - Parkhurst's Book [7:65532]
Hey Chuck, I don't know how this slipped past me ;-> You are correct. Not only is RtrB configured the same as RtrC, but the solution only allows the hub/spoke to form adjacencies. This is one of the many reasons why routes are in the OSPF database but NOT in the routing table. I'm not sure if all he wanted to show was the effect of different Hello parameters. Interesting that the only corrections on the Ciscopress site are the ones I sent to Bill. You should send him this as well, in case he hasn't yet noticed this issue. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Long and Winding Road Sent: Sunday, March 16, 2003 1:14 AM To: [EMAIL PROTECTED] Subject: OSPF Topology Question - Parkhurst's Book [7:65532] Ran into something in Parkhurst's OSPF book while studying tonight. Looking for validation of my observation. The example: OSPF over frame relay The topology: hub and spoke, with a twist. The hub uses subinterfaces ( one to each spoke router ) and the spokes use physical interfaces. Now, the Parkhurst examples show leaving the physical interfaces as ospf type non-broadcast, change the ospf timers on the subinterfaces, place neighbor statements on the spoke routers ( physical interfaces ) and all is well. Except I don't believe it works this way. The subinterfaces are point-to-point networks, and expect the other side to be a point-to-point connection and adjacency. the physical interfaces are non-broadcast, and expect DR elections to occur, something the router with the subinterfaces will not do. I believe the correct solution is to make the physical interfaces ospf type point-to-multipoint. An alternative is to change the physical interfaces to ospf point-to-point. In any case - can anyone else verify what I see and do not see - that Parkhurst chapter 11, example 3, pages 275-279 answer is incomplete? thanks. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65557&t=65532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
trying to understand how this works. [7:65555]
Hi all, Would like a few opinions on this network that I have come a cross 10.10.16.0/20--vpn10.10.0.0/16--firewall--intern et --vpn--main office The ip address at the main office are all in the 192.168.1.x, 192.168.2.x etc etc This network seems to be working and I am still wondering why with the way the 10.10.x.x networks are arranged Any comments would be greatly appreciated. Dwayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6&t=6 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Router problem, please help!!! [7:65553]
I have a 2501 series router that I wanted to use... When I tried to bring it back on-line, it boots up normally and after the IOS is loaded with all the interface up message, the "press Enter key to proceed" didn't come out... So I tried to change the config-register to 0x2101, the router boots into ROM mode with that very old IOS, but again, the "press Enter to proceed" didn't come out... WHich I suspect that someone may have turned off EXEC mode or something on the startup-config... Is there anything I cuold do which can bypass the startup config? Currently, the router is in BootROM mode as follows: >? $ Toggle cache state B [filename] [TFTP Server IP address | TFTP Server Name] Load and execute system image from ROM or from TFTP server C [address] Continue execution [optional address] D /S M L V Deposit value V of size S into location L with modifier M E /S M L Examine location L with size S with modifier M G [address] Begin execution H Help for commands I Initialize K Stack trace L [filename] [TFTP Server IP address | TFTP Server Name] Load system image from ROM or from TFTP server, but do not begin execution O Show configuration register option settings P Set the break point S Single step next instruction T function Test device (? for help) Deposit and Examine sizes may be B (byte), L (long) or S (short). Modifiers may be R (register) or S (byte swap). Register names are: D0-D7, A0-A6, SS, US, SR, and PC > Best Regards, Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65553&t=65553 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DS3 slow connection problem. [7:65491]
Mark Walmsley wrote: > > Hi Again Everyone, > > Just to let you all know, this morning I changed the 7200 > router serial interface clock to int and left the 7500 clock > set to line, this actually made the connection worse, I got 5% > packet loss as opposed to 1% packet loss when both router > interfaces were set to line, I changed it back and it returned > to 1% packet loss so then I changed the 7500 interface clock to > int while the 7200 was set to line and this appeared to have > little affect, still getting lots of input errors on the 7200 > and 1% packet loss. > I'm wondering now if we have a faulty ds3 card. > > I logged into the routers and did some ping tests, pinging the > routers own serial interface I still get the 1% packet loss. It may surprise you to learn that when you ping from a router's serial interface to the router's own serial interface, the packets actually do go across the serial link. Try turning on ICMP debug on the other end and you will see that the pings get there and get redirected back. Here's what Marty Atkins, CCIE (some very low number), had to say about this when it came up before: "If the router itself is the source of the packet, and it pings its own serial IP, and the outbound interface and layer 2 encap are resolved and unambiguous, then the router will launch the packet out that p2p interface or PVC. I have done exactly what Priscilla describes, and not only seen the output from "debug ip icmp" on the neighbor router, but also observed it generating ICMP redirects, since the packet was forwarded out the interface it arrived on! This Cisco aberation is extremely useful for troubleshooting p2p WAN links. When the path has been looped (line protocol up (looped)), the only IP that is pingable is the directly connected one. That the router actually sends the packet makes it possible to test the link with ping." So it shouldn't surprise you that you see the errors even when pinging yourself. Weird, eh? But helpful to hopefully. Priscilla > I > did this on both routers, I thought this might rule out the > actual line because I'm not pinging across the ds3 connection > please correct me if i'm wrong. > > Somebody asked if scrambling was on but I'm not sure what > scrambling does or how to check if it's turned on or off so > i'll look into that too. > > > Thanks for everybody's help and I'm going to spend all day > checking out what you've said and going through the > troubleshooting stuff from cisco and i'll let you know how I > get on. > > Anymore advice would be greatly appreciated. > > Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65552&t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 slow connection problem. [7:65491]
Hi Jim, Here's the output you wanted. I was thinking about the cablelength so I might give it a try in the morning becaause it looks to me like more than 10 feet but not alot more perhaps 15-20, Also, the wiring was previously working fine in the same place but conected to a converter then into a BLN and which was swapped for the 7204 the other day, now we don't use the converter and just go straight into the ds3 module. You mention that it would be a good idea to bounce the interfaces at each end so I'll give that a try too. Thanks, Mark. NOC01#show run int s4/0 Building configuration... Current configuration : 175 bytes ! interface Serial4/0 description NOC01-DS3-MAN01 ip address ***.***.**.*** 255.255.255.252 framing c-bit cablelength 10 dsu bandwidth 44210 serial restart-delay 0 end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65549&t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Syslog server [7:65217]
Another good utility is Swatch. -Original Message- From: Tariq [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 5:09 PM To: [EMAIL PROTECTED] Subject: Syslog server [7:65217] I am looking for a good free ware PIX / CISCO syslog server. Any recommendations??? Tariq Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65551&t=65217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Topology Question - Parkhurst's Book [7:65532]
Hey Chuck, Which book is this one ? Cheers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65550&t=65532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 slow connection problem. [7:65491]
Mark, Scrambling will jumble the payload data so it does not accidentally set off an alarm. The routers just takes the bits in and if the bit pattern matches that of an alarm it will trigger the alarm when it could actually just be data that is passing. It won't hurt to have it on, but on looking closer I am not sure this will solve your trouble. I know that changing the timing scheme did yield empirical results but I would strongly encourage you to give it another try. It may require you to bounce the interface on both sides. Unless the timing is provided from the carrier, which again, is extremely unlikely, you are going to having timing slips. I also noticed you have the cable length very short. Can you include a sh run int s4/0 for the 7200. Can you run me through a physical setup? The cable goes to a DSX-3 panel? To a meet me room? Just wondering if the cable attenuation could be a problem as well. Of course, everything I have said could absolutely be obsoleted by the damn PA being bad, but it doesn't sound like it is bad. Thanks, Jim - Original Message - From: "Mark Walmsley" To: Sent: Sunday, March 16, 2003 5:16 AM Subject: RE: DS3 slow connection problem. [7:65491] > Hi Again Everyone, > > Just to let you all know, this morning I changed the 7200 router serial > interface clock to int and left the 7500 clock set to line, this actually > made the connection worse, I got 5% packet loss as opposed to 1% packet loss > when both router interfaces were set to line, I changed it back and it > returned to 1% packet loss so then I changed the 7500 interface clock to int > while the 7200 was set to line and this appeared to have little affect, > still getting lots of input errors on the 7200 and 1% packet loss. > I'm wondering now if we have a faulty ds3 card. > > I logged into the routers and did some ping tests, pinging the routers own > serial interface I still get the 1% packet loss. I did this on both routers, > I thought this might rule out the actual line because I'm not pinging across > the ds3 connection please correct me if i'm wrong. > > Somebody asked if scrambling was on but I'm not sure what scrambling does or > how to check if it's turned on or off so i'll look into that too. > > > Thanks for everybody's help and I'm going to spend all day checking out what > you've said and going through the troubleshooting stuff from cisco and i'll > let you know how I get on. > > Anymore advice would be greatly appreciated. > > Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65547&t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The Joys of The OSPF Database [7:65546]
I've been hunkering down with the Parkhurst OSPF book, just refreshing my memory. BTW, for the nitty gritty on how commands work on Cisco routers, Parkhurst is da man. However, I am noticing a lot of glitches for which I have neither the patience nor the time to sort out. For example, redistribution into OSPF. As I go through the Parkhurst exercises, I find odd things in my routing tables - routes that should have been filtered in the route-map. route tags assigned by the route-map but not showing up in the ospf database ( show ip ospf database ) or into the routing table ( show ip route x.x.x.x ) Sometimes "clear ip ospf redistribution" does not clear all the routes. I have also noticed this odd thing: When reditributing EIGRP, for example, if I enter a "no redistribute eigrp x route-map etc" command under the ospf process, I go back and look at the configuration, and there is a "redistribute eigrp x" statement still there. it wasn't there to start with. This has happened a couple of times. another one is the application of route tags. This happened a couple of times, and it took several applications of the "clear ip ospf redistribution" to finally get the route tags to attach to the routes. for those who have experienced bizarre behaviour like this during your studies, all I can say is I feel your pain. It is apparent that some of the IOS images out there can produce odd behaviour sometimes. All of this further validates my belief that I ran into one of those "one of" bugs in the Lab last time through. I can't say what it was, fearing an NDA violation rap, but it involved something I have done many times here at home and works exactly the way it is described in the documentation - EXCEPT in the Lab pod I was using - and ended up costing me about 10 points, in my estimation :-< -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65546&t=65546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: span sessions [7:65531]
David, You might want to check out the CAPTURE option on the SET SECURITY command. Below is a quote from the configuration guide: " Capturing Traffic Flows on Specified Ports You can use the capture option in the set security acl (ip, ipx, and mac) commands to specify that packets that match the specified flows are captured and transmitted out of capture ports. You can specify capture ports using the set security acl capture-ports mod/ports... command. When you use the capture option, packets that match the specified flows are switched normally but are also captured and transmitted out of the capture ports. Capture ports do not send out all the captured traffic; they send out only the traffic belonging to the VLANs of the captured port. " -Bob Sinclair CCIE #10427, MCSE Senior Network Engineer Networking For Future, Inc. www.nffinc.com - Original Message - From: "David Cooper" To: Sent: Sunday, March 16, 2003 1:04 AM Subject: span sessions [7:65531] > hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 > users > network with both 100mbit and gigabit links. I have to watch a couple boxes > on a very busy vlan for session data for analysis, but there is s much > traffic on the specific vlan that it literally made my little laptop scream > and makes other stronger boxes kinda just die. Well the application (ntop). > > I'd like to see if there is a way to use regexp or filtering somehow to > apply > to span to kinda not get the 1gig/s backup traffic that blows my application > up. I've dug through various manuals and "?" is certainly my friend but I > can't get anything to work and theres just way too much data off the pipe. > Kinda like drinking from a fire hose ya know. > > If anyone has a suggestions on how to limit traffic on a span port to hosts, > please let me know. > > Possibly also if anyone knows any neato applications that can do application > stream reporting per port etc with bw graphing for the folks who think > computers are like books let me know. One caveat, it has to run in a GNU > enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' > > Thanks in advance, > Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65545&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
any windows 2000 mailing list? [7:65544]
Hi... Group Personally I feel this cisco mailing list is very good. Do u know is there any windows 2000 mailing list to recommend me? Thanks - Do you Yahoo!? Yahoo! Web Hosting - establish your business online Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65544&t=65544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trouble with PA-MC-8TE1+ (ISDN PRI) [7:65540]
sumitsood wrote: > we have a new PRI card PA-MC-8TE1+ > The alarm light stays on the card as soon as you plug it in any port on > 7204. > > We have tried replacing the card, but the newer card also had the same prob. > Any Suggestions/Experience?? a) That 7204 is a -VXR? If not, that's your problem right there. b) If it is, you're running IOS 12.2(2)DD, 12.2(4)B, 12.2(7)T or later? Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65542&t=65540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trouble with PA-MC-8TE1+ (ISDN PRI) [7:65540]
Hi, we have a new PRI card PA-MC-8TE1+ The alarm light stays on the card as soon as you plug it in any port on 7204. We have tried replacing the card, but the newer card also had the same prob. Any Suggestions/Experience?? Sumit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65540&t=65540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Off Topic - 2500 rack brackets [7:65539]
Anyone have a good source in the UK? I need 6 pairs. Symon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65539&t=65539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Unable to delete flash [7:65529]
Some possible things to try would be to use the /force switch with the delete command. Also try erase versus delete to see if that helps. Thanks, www.ccie4u.com Rack Rentals and Lab Scenarios -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tafasi Sent: Saturday, March 15, 2003 11:09 PM To: [EMAIL PROTECTED] Subject: Unable to delete flash [7:65529] Hi Group, I have a problem deleting a file from a 4500 series flash memory. The file shows up as been deleted but the available free space indicates that the file has not been deleted yet. I tried to use the squeeze command but it will not work with this file system. Can you guys suggest something. Thanks John Tafasi r1#show fla System flash directory: File Length Name/status 1 10031664 c4500-a3jk8s-mz.122-7b.bin [deleted] 2 3668568 c4500-i-mz.120-25.bin [13700360 bytes used, 3076856 available, 16777216 total] 16384K bytes of processor board System flash (Read/Write) r1#delete flash:c4500-a3jk8s-mz.122-7b.bin Delete filename [c4500-a3jk8s-mz.122-7b.bin]? Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm] %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or directory) r1# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65541&t=65529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 2501 DC Power adaptors ? [7:64296]
On Jul 25, 9:03pm, "Troy Leliard" wrote: } Simon Watson wrote: } > } > Hi Guys I am based in the UK and have aquired some 2501 DC routers, } > I want to use the routers to set up a home lab but I only have AC power } > supply is there some form of AC/DC adaptor I can buy to plug my AC supply } > in and be converted to DC for the routers ??? Thanks Simon It takes -48V DC. This is standard Telco power. If you can find a Telco power supply, you could use it. However, the best thing would probably be to find a replacement power supply. } You need a RPS. It converts AC to DC and can be used for a number of I haven't seen any 2500 series routers with RPS connectors, so an RPS won't do him any good. }-- End of excerpt from "Troy Leliard" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65537&t=64296 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DS3 slow connection problem. [7:65491]
Hi Again Everyone, Just to let you all know, this morning I changed the 7200 router serial interface clock to int and left the 7500 clock set to line, this actually made the connection worse, I got 5% packet loss as opposed to 1% packet loss when both router interfaces were set to line, I changed it back and it returned to 1% packet loss so then I changed the 7500 interface clock to int while the 7200 was set to line and this appeared to have little affect, still getting lots of input errors on the 7200 and 1% packet loss. I'm wondering now if we have a faulty ds3 card. I logged into the routers and did some ping tests, pinging the routers own serial interface I still get the 1% packet loss. I did this on both routers, I thought this might rule out the actual line because I'm not pinging across the ds3 connection please correct me if i'm wrong. Somebody asked if scrambling was on but I'm not sure what scrambling does or how to check if it's turned on or off so i'll look into that too. Thanks for everybody's help and I'm going to spend all day checking out what you've said and going through the troubleshooting stuff from cisco and i'll let you know how I get on. Anymore advice would be greatly appreciated. Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65538&t=65491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - CCIE Certification Junkies [7:65499]
First of all, surely you would agree that Cisco is not a dominant vendor in security products the way they are in, say, straight enterprise routing and switching. The fact of the matter is that when it comes to security, Cisco is really just one of several vendors. In no security submarket do they hold greater than 50% market share. That's my point. And not only that, but the competition within the security marketplace is fierce. You say that Cisco marketing should move away from convergence. But let's face it - Cisco has dominant market share when it comes to convergence. The same thing with wireless. Cisco is going to spend money on where it thinks it can get the greatest return on investment, and Cisco has enjoyed success in convergence and in wireless to a degree that it doesn't enjoy in security - either because the competition is fierce or because Cisco has made mistakes, or because Cisco's products aren't very good, or a combination of all three factors. If I was Cisco, I don't know if I would invest serious money in the security market either - because, again, it all comes down to a return on investment. Why duke it out with a savvy and technically superior competitor like Checkpoint when you can earn serious money in the convergence space? And I'm afraid I must take issue with the notion that there is another security cert out there of serious note. Let's look at things seriously. When it comes to hands-on security certifications that are respected and well-known, what is there? Not much. The CISSP and all the SANS stuff is not hands-on. And, as I'm sure we would all agree, paper exams are usually not worth the paper they're printed on. Original Message - From: "Will Gragido" To: "'nrf'" ; Sent: Saturday, March 15, 2003 7:31 PM Subject: RE: Off Topic - CCIE Certification Junkies [7:65499] Well, I think that if you look beyond the scope of mere Cisco Certifications (btw, I am not insinuating that Cisco Certs are somehow not up to par, only that they are not the only game in town), you'll find exactly that which you are speaking to NRF, especially in the world of Security. BTW, Cisco is actually a HUGE provider of security technologiestheir marketing department needs to realize this and defer some of their efforts away from Wireless and Convergence and focus a tad bit more on Security. My 2 Cents, Will Gragido CISSP CCNP CIPTSS CCDA MCP 9450 W. Bryn Mawr Ave. Suite 325 Rosemont, Il 60018 www.ins.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of nrf Sent: Saturday, March 15, 2003 5:57 PM To: [EMAIL PROTECTED] Subject: Re: Off Topic - CCIE Certification Junkies [7:65499] ""Jim Brown"" wrote in message news:[EMAIL PROTECTED] > I would imagine the 5 CCIE mark has already been obtained. I met someone > who was working on their 5th at the end of the summer and I'm sure they > have passed by now. > > Don't forget the article in Packet about Mark Purcell. I'm not sure on > the spelling of his name, but he already had 4 and was working on his > 5th. Which is why I think there's even more reason for there to be a certification that sits above the CCIE. Instead of having all these multiple CCIE's, just enact one super-cert. I envision a lab where you might be expected to demonstrate competence in absolutely anything and everything that Cisco sells - IOS, Callmanager, ATM switches, optical, CIP cards - if Cisco sells it, it's fair game. What would be even better is if Cisco allowed a cert that was multi-vendor. Or a true security cert that tested all the common security technologies (including Checkpoint, Snort, etc.) instead of just Cisco gear - let's face it, Cisco is not a dominant vendor in security gear. For example, a true service-provider cert that tested both Cisco and Juniper. But I'm not going to hold my breath. > > -Original Message- > From: The Long and Winding Road > [mailto:[EMAIL PROTECTED] > Sent: Saturday, March 15, 2003 10:31 AM > To: [EMAIL PROTECTED] > Subject: Off Topic - CCIE Certification Junkies [7:65499] > > > With the announcement of the CCIE Voice certification ( a Good Thing, > IMHO ) > I wonder a couple of things: > > 1) who will be the first quadruple CCIE? > > 2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid > certifications, making it possible to have more than four? > > 3) When will the CCIE become just another useless cert in the long > history > of useless networking certs? > > NRF - you out there tonight? > > > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65536&t=65499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Ref:CISCO 1721 ROUTER WITH FIREWALL SOFTWARE [7:65535]
Dear ALL; Anybody may help regarding how to configure 1721 Cisco router (Internet Router) as a firewall if that router contains just an Ethernet port and one BRI ISDN WAN BRI0 connectivity to Internet. Do we need a natting to be to setup on both interfaces ETHER AND BRI. A Sample is preferred to show us what the minimum access-list should be set on that router to get the inside network protected. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65535&t=65535 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF Topology Question - Parkhurst's Book [7:65532]
Ran into something in Parkhurst's OSPF book while studying tonight. Looking for validation of my observation. The example: OSPF over frame relay The topology: hub and spoke, with a twist. The hub uses subinterfaces ( one to each spoke router ) and the spokes use physical interfaces. Now, the Parkhurst examples show leaving the physical interfaces as ospf type non-broadcast, change the ospf timers on the subinterfaces, place neighbor statements on the spoke routers ( physical interfaces ) and all is well. Except I don't believe it works this way. The subinterfaces are point-to-point networks, and expect the other side to be a point-to-point connection and adjacency. the physical interfaces are non-broadcast, and expect DR elections to occur, something the router with the subinterfaces will not do. I believe the correct solution is to make the physical interfaces ospf type point-to-multipoint. An alternative is to change the physical interfaces to ospf point-to-point. In any case - can anyone else verify what I see and do not see - that Parkhurst chapter 11, example 3, pages 275-279 answer is incomplete? thanks. -- TANSTAAFL "there ain't no such thing as a free lunch" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65532&t=65532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
span sessions [7:65531]
hey all quick q for ya. I have a cat 6509 sitting on the core of a 5000 users network with both 100mbit and gigabit links. I have to watch a couple boxes on a very busy vlan for session data for analysis, but there is s much traffic on the specific vlan that it literally made my little laptop scream and makes other stronger boxes kinda just die. Well the application (ntop). I'd like to see if there is a way to use regexp or filtering somehow to apply to span to kinda not get the 1gig/s backup traffic that blows my application up. I've dug through various manuals and "?" is certainly my friend but I can't get anything to work and theres just way too much data off the pipe. Kinda like drinking from a fire hose ya know. If anyone has a suggestions on how to limit traffic on a span port to hosts, please let me know. Possibly also if anyone knows any neato applications that can do application stream reporting per port etc with bw graphing for the folks who think computers are like books let me know. One caveat, it has to run in a GNU enviroment eg Linux/FreeBSD.. no Microsoft 'solutions' Thanks in advance, Eo Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65531&t=65531 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
