Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!
Hello all ,
Today tried with one of my very old and lasting desires 🙂 well iam talking about Hacking my own wireless point .. the primary reason i have done this is that i often forget my WEP key and it would be handy to get hold of this mechanism just in case 🙂
Keeping fun aside , i am studying my Quality of service and other frame-relay Traffic shaping stuff and also wanted to get certified into wireless security domain … first wanted to start with wireless security .. i dint knew much about wireless apart from basic terminology …
i verified and found that BACKTRACK 4 would help me to do the stuff as it had many of the tools out of which AIRCRACK-NG is the most famous and powerful one .. initially i struggled to get that working as not everything was from the manual
for example , the site in their demonstration used wireless channel 9 and number 9 for testing but unfortunately my AP is in channel 1 and my card was in a different channel .. this took me time to figure it out .. for those who want to get their hands dirty and know what am i speaking about try these commands once you are up
airmon-ng stop wlan0
airmon-ng start wlan0 1
this sets up you interface wlan0 in channel 1 and monitor mode would get started .. additionally a mon0 interface was created and here it is how i used it
aireplay-ng -e <essid> -a <ap.mac.addr> <inft(mon0 here)>
Remaining are straight out from website …and if any one wants to get their hands dirty they can do it but you need to have proper card which can support packet injection … for more details better to contact
airmon-ng official website for hardware support
Regards
Rakesh
var infolink_pid = 46990;
var infolink_wsid = 0;
I was working with some of the Bgp and wide variety of tortures with it and took two routers to see some basic bgp peering again … i have been working with gns3 and cisco routers for a quite some time now and honestly i have never seen or thought about
“what happens when
you assign an ip address to an interface and dont activate it ? and what happens when you activate the interface ? ”
“Also how duplicate address detected ” I know i know you must be saying well its because of arp packet type called GRATUITOUS ARP .. i have never seen it on the router as of ..so in order for everything to happen let’s get started
why does first ping looks like .!!!! or ..!!! or so on depending on router hops ?
well i know you must be saying some arp .. but lest see what exactly happens with a proper message type and other details ? shall we
Now iam assigning the IP ADDRESS to FA0/0 which is connected to Router R2 FA0/0 from R1 ..Note iam just assigning the IP ADDRESS not ACTIVATING the interface (no shutdown is not yet issued on the interface)
Can you see Arp starting out
*Mar 1 00:09:12.363: ARP DYNAMIC: cancelling refresh on FastEthernet0/0*Mar 1 00:09:12.367: RT: is_up:
FastEthernet0/0 0 state: 6 sub state: 1 line: 1 has_route: False*Mar 1 00:09:12.367: RT: is_up: FastEthernet0/0 0 state: 6 sub state: 1 line: 1 has_route: False
Make a note of State No 6 , and has_Route->false statements … most probably when iam activating the interface they should change and a route should be added to routing table may be condition should turn to TRUE
let us see what happens when i issue “NO SHUTDOWN” command
First of all as we can see ARP went out on finding the dynamic entries for that interface … next it started a Arp map for our interface ip 1.0.0.1 with the mac address given there ..
next it is verifying that there is no duplicate address is there on any of the links which are connected .. this you can see it with this message
*Mar 1 00:27:25.059: IP ARP: sent rep src 1.0.0.1 c200.0e1c.0000,
dst 1.0.0.1 ffff.ffff.ffff FastEthernet0/0
every one knows what does all f’s mean … well i mean to say technically f here stands for broadcast …:)
Now after all this .. it inserts the route into the routing table and if you remember the previous state number now we have another state number
*Mar 1 00:27:28.039: RT: is_up: FastEthernet0/0 1 state: 4 sub state: 1 line: 1 has_route: True
*Mar 1 00:27:25.071: RT: add 1.0.0.0/24 via 0.0.0.0, connected metric [0/0]
*Mar 1 00:27:25.075: RT: NET-RED 1.0.0.0/24
Route got added to routing table as you can see after activating the interface ….
Now let me do one more thing … let me assign the same ip address on the other side and see what message pops up or what exactly triggers the duplicate address message …
as soon as i assign that address … g – arp follows its steps and should announce that there is a duplicate address on the segment …
As you can see , There is another statement from IP ARP : GRATUITOUS ARP THROTTLED
Now , lets move on to assigning with an address of 1.0.0.2/24 to the interface
and lets create loopback1 on both the routers with respective 1.1.1.1/24 on R1 and 2.2.2.2/24 on R2
as now you can see .!! as my repeat count was 3 .. first went for arp resolution .. when we see how the R1 has replied to unknown request from R2 … this is how it goes
This is how The entire thing gets resolved .. i hope you enjoyed something as much as i did with this article
Regards,
Rakesh
Hello all ,
Today i was working on a ticket which was based on an interface down alert and was observing all the details what Network management system has thrown on my face … i was seeing it and was impressed with amazing details it was showing all of the values … quickly my brain recalled that it was from snmp and i was very happy for my memory power 🙂 haha
as i was thinking about the monitoring system and wanted to set it up so that i could gain some experience on it i went to solar winds website and was happy to see that they are offering a free trial of all of their products ..
the point is how do i have such a huge equipment stance as a Data center ..and quickly i thought about a wild guess of associating the trial Network management system With Gns3 .. i quickly downloaded their Network monitoring software which allowed me to see only one product ..nevertheless i installed it and was thinking how could i associate it with my GNS3 … i did it finally and was seeing all the results and snmp world as iam unware of snmp stuff as such ..still i dont know how it happens as my goal from tomorrow would be precisely that ! .. i got some results and would show that to you …
This is still in Idea phase hope it grows more and gives all of us a huge familiarity of all the technologies with a open source software such as gns3 .. thank you guys @ gns3 who made it possible
Regards
Rakesh
Well i was studying about Routing policy and their implementation and their power in filtering out and filtering in updates … i knew this before as many access lists , distribute lists and other do the same filtering .. but was studying an interesting thing called Radix tree which showed a very basic way in which ‘1’ or ‘0’ would change the ip address / subnet … i wish i could have showed the same but instead of me telling i would advice you to do some search and feel good after reading !
In the mean while iam working on Quality of service and may be going with some internetwork expert work books … trying to attend Narbik bootcamp in a near by location .. had a chat wid Narbik and waiting for his email for other details
i will post you updated about the ccie and status …. i would be attempting lab some where soon and dnt know how that goes ! iam working with Junipers Adaptive threat Management and Data center architecture …. some unified solutions
Keep Rocking
Rakesh
M and MX series overiew
———————–
juniper is #2 with 48% market share
consolidation , complexity , reliability , security&compliance is evolution
reduce tco, increase roi , profitability
Advance Routing and sofware
—————————
two tiered collapsed architechture
virtualisation , low latency , carrier class reliablity , qos , security
one operating system , one single software release , one common architechture
junos trio chipset
mx 3d industry leader
carrier class reliability,reduced network complexity , sustainablity and operational efficiency , improved end user exp and app perf , improved network flexibility
mcast distribution tree – spt or source tree / shared tree
forwarding delay – advance asic
transmission – user higher port speeds
propagation – reduce distance between source and recievers
end-to-end latency – implement all of them
forwarding path is full of asic based providing low latency
optimized hardware
i-chip asic for intensive services , pfe , redundancy
nsr – non stop routing , issu in-service software upgrade
graceful routing engine switchover
———————————-
backup routing states are maintained with keepalive mechanism
Nonstop Active Routing
———————-
maintains all the state routing engines , hence no routing latency in switchover
Unified in-service software upgrade
———————————–
can be installed with new versions without
reloading the device by installing it in the standby routing engine
quality of service
——————
standard 8 hardware ques with over 1000 to choose from (mcli)
acl and policers
—————–
m/mx/t have the most flexible and sophisticated policers in the industry
memory allocation – dynamic (mad)
———————————
provides right amount of bandwidth to queues
rewrites / marking
——————
ingress dscp rewrite / egress rewrite
802.1p ieee bits
mpls network virtualisation
—————————
support network segmentation and privacy
improve network security
scales for future growth
enterprise routing portifolio
—————————–
mx – optimized for wan gw , campus , dc aggr and core
m – application at campus backbone , wan edge
t – carrier class multi-service routing system,high perf
mx80 , mx240 , mx480 , mx960
ise – intelligent services edge
——————————-
not a product , its a service which enables high performance and scale , service flexibility and operational efficiency
mx 3d aggregation
——————
16x10gbe ports , 120 gbps (mx 240 mx 480 mx 960)
eantc – european advanced networking test center
mx 3d 100gb3 line card – line rate 100mb
16port ge line card – regional high speed metro network,suitable for large data center
mx80 3d ethernet services router – worlds most powerful 3.5 inch router
mx80 – any where dc
junos space simplicty , reliability ,scalability
mx960 ethernet services router
——————————
14 slot chassis , 172 ports , front to back cooling
dpc – dense port concentrators
re is the daughter card for scb (switch control board)
mx480 ethernet services router
——————————
smaller firm factor than mx960 and offers
half capacity than mx960
8 slot chassis cards (6+2)
side to side cooling
mx240 ethernet services router
——————————
half of mx480 performance
4 slot chassis (2+2 or 3+1)
mx fpc carrier cards (non ethernet intf)
mx architecture
—————-
2-3 switch control boards(scb’s)
scb’s fully redundant
packet order maintained
qos maintained
mx fpc architecture
——————–
pics are hot swappable and support oir
l3 ichip and l2 ese npu as the dpc’s
fpc supports l2 and l3
dpc-r(switching and routing) , dpc-x(scaled-down switching routing) , dpc-q (queing)
mx family has fuller and richer capabilities over ex
M-series
——–
m7i , m10i , m120 , m320
m7i multiservice edge router
—————————-
1 fixed ge or 2 fixed fe ports
16mpps lookup perf
m7i components
————–
4 pic slots , fic 2 fixed fe , side to side cooling , redundant ac or dc pwr supplies,20 g harddrive , pcmcia , 2 serial aux , ethernet card intf, 850 mbps(tunnel services)
m10i multiservice edge router
—————————–
most compact m series w/ fully redundant common hardware
m10i components
—————
8 slots for hot-swappable and exchanble with m5/m7i/m10i pics , redundant re and fe , redundant pwr ac / dc
m120 multiservice edge router
—————————–
120 gigs throughput , 90mpps lookup , 8 queues per intf
m120 arch
———
4+2 fpc slots,one pfe per feb , 10gbps full duplex per slot , 15mpps per feb
m120 10gig capable high-end enterprise router
type 1 : 4pics / fpc 1gig/sec
type 2 : 4pics / fpc 2.5gig/sec
type 3 : 1 pic /fpc 10 gig/sec
two cfpcs for wan intf 10ge or option for no cfpcs
front to back cooled system
routing engineris a daughter card for scb
m120 ip services pic
——————–
provides hw accel
encryption servies pic – ipsec
monitoring services pic – j-flow
tunnel services – gre ipinip
multi-services nat
linkservices – mlppp , mlfr
m320 multiservice edge router
—————————–
same arch as 120 and mx offer with diff type of form factor
8fpc slots , 20gbps full dup , 40mpps per fpc
4 scbs
e3 fpc overview
—————-
type 1(4) , 2(4) , 3(2 – 10gigs each),
redundant power supplies
non – ethernet intfs – then m-series
only ethernet intfs – them mx but you have an option for non-intfs
m-series offer with l3 where as mx can as work as l2
partner solution development platform
customers
———
nyse – new york stock exchange
doe – department of energy
laboratory of neuro imaging
Regards
Rakesh
upgrade path
————-
cisco vs juniper
1600 series vs srx 100
1600->1700->1800 to ssg20, srx210
2500->2600->2800 to srx140,srx240,j2320,j2350,j4350
3600->3700->3800 to srx650,j4350,j6350
7200->7600->M7i srx3000 or srx5000(worlds fastest fw)
7500->7600-> m series or srx3000/srx5000
————-
srx and j-series features
————————-
best in class routing with bgp , rip , ospf , mcst , isis
rich set of wan and lan intf
quality of service
support acl , stateful fw inspect , ipsec , ddos screeing , ids ips , webfilt ,
mpls ce pe and ipv6 routing
fw , nat ,ipsec etc
—————
power of junos
————–
one os(branch and core) , one release , one architechture
quaterly release process
stand-alone modules and seperation of control and packet forwarding planes
NextGen data plane (alg for instance)
NextGen software is based on screen os
(junos smp kernel with embedded junos features)
firewall processing has been enhanced with best of netscreen and junos with a single lookup and also policy implementation
fw processing also has DOS and ACL filter with special hardware
session-aware processing avoids policy-matching
SRX series : zones and policies (simplify management)
NEXTGEN NAT : zone based security policy which seperates nat from security policy and no need for loopback-grps or dummy static routes
security policies and NAT are independent
—————————————–
UNIFIED THREAT MANAGEMENT : UTM
——————————-
antivirus – kaspersky
webfiltering – websense / surfcontrol
content filtering
antispan – symantec
url whitelists can be used to bypass scanning of traffic from some sites
mime lists can be set up to bypass scanning of some traffic
webfiltering
———–
Integrated (surfcontrol) and redirect(websense)
a global whitelist/blacklist can be configred
redirect solution
Juniper networks-websense WF soultions
————————————–
Integrated webfiltering and location is in cloud
redirect webfilter is located in same network
ease-of-use is good for integrated webfiltering
latency is good for redirect web filtering
what to use depends on needs of requirement and latency issues
Content Filtering
—————–
control traffic based on MIME type , file extention , protocol commands
ANTISPAM
——–
ip address recognition based on symantec database provider (SPM RBL)
DYNAMIC VPN SERVICE — Access Manager Client
——————————————–
supported on srx100 , srx210 , srx240 not on srx650
layer 3 ipsec client that is automatically downloaded from a junos device
ssl fallback for tcp traversal
will replace NS-REMOTE which was on screen os and NS-REMOTE on srx
SRX FOR THE BRANCH OVERVIEW
—————————
srx100
srx210
srx240
srx650
srx series offers routing and security
all srx will have
——————
routing and switching
firewall and vpn
utm
ids and ips
uac – unified access control
voice services
power over ethernet 802.3at(30watt/port) versus 802.3af (15.4watt/port)
Antivirus
two av engines
full av kaspersky
express av – packet / content security accelarator
full av is high detection and express av is high performance
performance , coverage , memory utilsation
in express av the packet is sent as is and there is no huge av db
in full av the packet is reconstructed as is upto 20 mb and hence more cpu
When performance and memory utilization is a concern , use Express AV
when coverage rate is a concern use fULL av
————-
srx100(small)
——
8xfe , 1 usb , fw 175mbps , vpn 75 mbps , idp 50 mbps , no poe , no voi port , a/a or a/p conn (active , passive) , full utm features
srx210(small)
——
2xge+6 fe , 1 mini pim , 3g slot , usb 2 , voice ports optional 2xfxs 2xfxo or mini-pim , fw perf 250Mbps , vpn 85Mbps , idp 80Mbps , a/a , a/p
4 poe ports (50w total),full utm features
low mem 512mb ram / 1gb flash
high mem 1gb ram / 1 gb flash(comes with regex accelaration for av and idp)
srx240(small to medium)
——
16xge , mini pim 4 , 3g wireless , usb 2 , poe 16ports (150w) , optional 2xfxs , fw 500mbps , vpn 200mbps , idp 250 mbps , a/a a.p (smb) , full utm
srx650(medium)
——
4xge , gpim 8 , usb 2 per processor,poe upto 48 ports (250w or 500w) , pstn voice ports 8 analog , 2 t1/e1 per gpim , fw 2.5gbps , vpn 1.5 gbps,idp 900mpbs , a/a or a.p or dual power , full utm
2 process module slots (sre services and routing enginer backup sre , application co processor engine ACE card)
uac l3 enforcement points
Mid-plane design and modular , 8 gpim slots not hot-swap as of now
—————-
Wireless
——–
ax411 blend high perf 802.11n with srx
rapid setup and centralized monitoring of remote sites
integrated
802.11n client adapter choosing should be good
ax411 is 180mbps peak throughput
oversubscription rates 4:1 or 8:1
provisioning model
——————
ap request an ip address using DHCP
DHCP should be configured on SRX gateways
you cannot plug ap into first port of gig eth as it is dhcp client
zero config
———–
except first port of gig e all others are in default-vlan and are in trust zone
plug ap into any of the other ports its as simple as that
L2 Management Mode
——————-
in l2 mode all ports are conn to intf in switching mode
all aps belong to same l3 network
roaming is supported and tranparent to srx series
L3 Management Mode
——————
In l3 mode all ap ports are connected to intf in routing mode
each ap’s belong to diff l3 network
in this mode roaming is not supported
client isolation can be enforced
authentication
————–
local and radius mac
802.1x
wep , wpa , wpa2 with eap based protocols
at srx series gateways
———————-
fw auth with local redirect for local auth
utm,idp,uac,wan accl,ip sec
Junipers Networks 3G Networks
—————————–
Bridge or Integrated with SRX210 integrated 3G
deployment options
on-demand dialing
backup interface
prefix monitoring
rpm monitoring scripts cab be used for failover
Dialer interfaces
—————–
dialer intf are pseudo intfs
J-Series overview
—————–
juniper networks with avaya voip solution with cme configured at remote end
wxc ism200 application accelaration for j2320 , j2350 , j4350 , j6350
unmatched performance when services are turned on
j2320
—–
4ports ge , 3 pims , internal and external c-flash , optional encry card ,supports avaya ip telephony module
j2350
——
5 pim slots , 4 ge , nebs and dc pwr , optional encryp and supports avaya telephony module
j4350
——
4 ge ports , 4pims , 2 epims , supoprts avaya media gateway , dc version available, low mem ver 256mb flash or high end 1gb , optional encryp
j6350
——
4fixed ge lan ports , 2pim slots and 4 epim slots , supports avaya media gateway , dc version available , hardware encryp standard , 1gb dram max 2gb , nebs compliant
pims , enchance pim , universal pim
double the speed whn services when compared with CISCO ISR
30% lower than cisco isr products
Enterprise routing portifolio
—————————–
srx 240 – srx 650 with j-series in between
greenfield acounts – lead with srx series
screen os installed base – go ahead with ssg
existing junos cust – introude srx would be more sense
federal govrnt – then ssg series
managed services – srx
3g connectivity – srx
poe – srx series
wlan today – ssg
ipv6 security – ssg
anything between srx240 – srx650 is j-series
ssg products provides deep inspection are replaced with ips on srx
express av – hardware specific required
srx dosent support wan accel
Regards
Rakesh
Hello all ! hope everyone is doing good ! there are somethings to share .. first of all iam with various firms as a consultant and been doing some work in setting up their networks and the other way is iam working with a juniper systems elite partner ! .. juniper is not that hard or illogical per se and its good to have so many resources available in juniper site . iam a juniper certified sales associate for m/mx series router platforms now ! … does this mean iam off with ccie track ?
A big No .. i almost done with all sorts of my prep work and in final stages to launch the official labbing experience and scenarios .. i was not getting enough time to blog and keep you informed with my status updates !
ok … as iam done with most of my technologies .iam now going through INE extended blue print which is well written by Anthony Here is the link
http://blog.ine.com/2009/05/12/ccie-rs-4x-expanded-study-blueprint/
For next week i will be on Spanning tree from layer 2 and GRE tunnel and keep alive mechanisms from Layer 3 . just was going through a cisco doc on gre tunnel keep alive mechanism and was surprised as how Ethernet keepalives work
i will try to do a packet capture and see if that is how it works out … but to make it a soft finish let me brief you about what i read.. A detailed keepalive notes would be posted , this is just a what i have read about ethernet keepalives
ETHERNET KEEPALIVES
Generally keepalives are designed if the path to any particular neighbor is reachable and valid .. but on Ethernets it works in a different and strange way as there are many neighbors in a ethernet segment … A keepalive in this case of ethernet is designed such that local system has a read and write access to the ethernet segment itself ..
The Process
The router which for that matter any router local to itself produces a ethernet packet with source and destination mac addresses as itself and special ethernet code of 0x9000 .. as the packet reaches ethernet hardware , it immediately sends and receives the same packet which should confirm the whole purpose of keepailve mechanism ..
This is amazing for me as of now i dint knew this and as i have known if now i will try to lab it up and see if i can catch the same packet
Regards
Rakesh
Been so many sleep less nights wondering what ip sla was until i configured it my self .
Ip sla is basically as one of the methods for enhanced object trackings .
Few names for IP sla
Ip sla -> service level agreeement
or
RTR -> response time reporter
or
SAA -> service assurance agent
Ip sla is used to track many things including DELAY , apps response time such as HTTP , DHCP , DNS , TCP and also reachability using ICMP ECHO
We will basically use it for FHRP (first hop redundancy tracking)
Here is the scenario with HSRP Enabled routers. i would use ip sla to track the interfaces and their status and if active goes down then standby should take over with the help of Ip sla . unlike interface tracking this is fun and powerful as i have added something spicy into the topology
here is what i have done
Initial Congiruation
R1
router eigrp 1
net 10.0.0.0
net 13.0.0.0
pass fa0/0
no auto
same conf on R2
r3
int l1
ip addr 1.1.1.1 255.255.255.0
router eigrp 1
net 13.0.0.0
net 23.0.0.0
net 1.0.0.0
no auto
R4 has a special configuration and will act like a host . so lets turn off routing for it
r4(conf)#no ip routing
r4(conf)#ip default-gateway 10.0.0.10 -> this would be hsrp Virtual Ip address .
int fa0/0
ip addr 10.0.0.4 255.255.255.0
—————
before enabling HSRP we should not be able to ping the V.ip lets verify it on R4
r4#ping 10.0.0.10
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.0.10, timeout is 2 seconds:…..Success rate is 0 percent (0/5)
let us enable HSRP now on R1 and R2
r1(config)#int fa0/0
r1(config-if)#standby 1 ip 10.0.0.10
r1(config-if)#standby 1 preempt
r1(config-if)#exit
r1(config)#
*Mar 1 00:14:58.659: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
r1(config)#
Brief topology and configuration of protocol
HSRP Configuration
int fa0/0
standby 1 ip 10.0.0.10
standby 1 preempt
 | Mr WordPress on Hello world! |
 | Charu on ROUTING ? 5 MINUTES ARE MORE T… |
 | Anudeep on GNS 3 AND AN IDEA !!! THRILLIN… |
 | Rakesh on GNS 3 AND AN IDEA !!! THRILLIN… |
| Webmaster on E-BGP Multihop and TTL-Se… |
