Destination Unreachable vs Request Timed-Out

According to Mr. Lammle:

If a packet is lost on the return to the originating host we will probably see a request timed-out because of an unknown error.

If a packet is lost on the way to it’s destination, we will see a destination unreachable message. Typical cause is a router along the way does not possess a route to the destination.

To summarize, a packet can successfully reach its destination and on the return can be dropped at the destination host or a successive router because a needed route does not exist.

Locate and uninstall Windows Product Key

Recently I began preparing a Task Sequence in Microsoft System Center Configuration Manager (SCCM) to upgrade workstations from Windows 8.1 Pro to Windows 10.

A goal of mine was to conserve the product keys we had purchased so they wouldn’t go to waste.

Here is a short Powershell script that could be included as a step in a Task Sequence to accomplish this goal.

$temp = cscript.exe C:\windows\system32\slmgr /dlv
#$temp = Select-String -Path .\license.txt -Pattern "Application ID:"
#$temp = Select-String -InputObject $temp -Pattern "Application ID:"
$temp=Select-String -InputObject $temp -Pattern "Application ID:"
$temp=$temp.ToString()
$temp=$temp.SubString(57)
echo $temp
slmgr /upk $temp

Restart Ubiquiti Edgerouter Remote Access VPN

After connecting to my home lab the day before, today no dice.

Connecting from the same site as yesterday, I enabled the hotspot on my iPhone and connected my laptop to the personal WiFi.

At that point I could bring up the vpn to back home.

At the router I issued show vpn debug to check things out. To my surprise I found the router still had an active SA from my last connection.

Security Associations (1 up, 0 connecting):
remote-access[2]: ESTABLISHED 9 hours ago,

I was able to break down this SA by issuing restart vpn from a non-global configuration prompt. In other words, do not bother issuing this command in configure mode. Ensure your terminal looks like you@edgerouter:~$

 

Reddit – Link list

For my sake I posted this comment from a Moderator on Sysadmin that points at resources for learning more about a variety of topics including Cisco networking, Linux, Microsoft and information security.

Another recommendation is to peruse the Gilded posts in this forum. A list of some of the best posts as voted up by the community.

https://www.reddit.com/r/sysadmin/gilded

Using iPerf to test bandwidth

We can measure link bandwidth between two hosts by using iPerf.

Configure the server:

iperf -s -u

Configure the client:

iperf -c 172.20.255.254 -u -b 100m  -d -i 1

  1. -c Connect client to server at IP 172.20.255.254
  2. -u Use layer 4 transport protocol UDP instead of the default, TCP
  3. -b Send traffic over UDP and a bandwidth of 100 Mbit/s
  4. -d Make test in both directions
  5. -i Provide updates at 1 second intervals until test completes

 

 

References:

  1. https://www.sd-wan-experts.com/iperf-bandwidth-testing/
  2. https://fasterdata.es.net/performance-testing/network-troubleshooting-tools/iperf-and-iperf3/
  3. https://iperf.fr/

Send SYSLOG from Palo Alto to LibreNMS

Step 1 – Configure Server Profile used to send SYSLOG messages to a destination
Note: The Palo Alto Administrators guide states that by default all log data is forwarded over the MGT interface. In addition, we will have to create a Server Profile for external services the firewall will interact with.

From your web based management console navigate to Device -> Server Profiles -> Syslog. You’ll configure the name, ip address or fqdn of the syslog server, port, and format. Typically syslog messages are sent over UDP to port 514 in a BSD format. IETF format is normally used over TCP/SSL.

paloalto-syslog-server-profile

Step 2 – Enable Log Forwarding
Navigate to Objects -> Log Forwarding.
We create a Log Forwarding Profile that specify ServerProfiles that we will be sending event logs to in the form of SYSLOG and SNMP messages. You can control a severity threshold to define when messages are forwarded out of the palo alto to your log collector.

paloalto-logforwarding

 

Step 3 – Add Log Forwarding Profile to a Security Rule
In this example I have created a security rule that governs DNS traffic that is generated in our LAN and is destined for the Internet. My thought is I would like to receive notice when any user on my network tries to resolve a URL while avoiding our internal DNS servers. I edit this “Deny DNS Out” rule, navigating to the Actions Tab where we specify a Log Forwarding Profile created in step 2.

paloalto-connect-logforwarding-to-securitypolicy

tshark – list udp traffic from a specific host

We can use tshark to view traffic that reaches an interface. In my example I am looking for SYSLOG messages from a firewall destined to my instance of LibreNMS. LibreNMS listens for UDP traffic on port 514 of the eth0 interface from a specific IP address.

We’d like to filter traffic based on source ip address and protocol type.

Specify the interface
-i eth0

Specify the protocol
-O UDP

Specify packet capture count
-c

Write to a file for review
-w

#Use a display filter to limit view to a specific source IP
-R “ip.src==172.16.0.1”

Here’s the final product
tshark -i eth0 -O UDP -c 100 -w capture.pcap host a.b.c.d

Cisco Configure DHCP Server

At your central router, Corp, create a pool, specify a DNS server and default gateway that will be provided to clients that are configured using DHCP.

Exclude addresses from the pool before you enable the dhcp pool.

Corp(config)#ip dhcp excluded-address 192.168.10.1
Corp(config)#ip dhcp pool SF_LAN
Corp(dhcp-config)#network 192.168.10.0 255.255.255.0
Corp(dhcp-config)#default-router 192.168.10.1
Corp(dhcp-config)#dns-server 8.8.8.8

Configure the remote router to forward DHCP client requests received on the Fast Ethernet 0/0 interface to an IP address, in our case the Corp router that was just configured above.

LA(config)#int fa0/0
LA(config)#ip helper-address 172.16.10.5

Serial Connections: DCE & DTE

In a lab environment when you create a serial connection between two routers, keep the following in mind.  Modern Cisco ISR routers can autodetect this and set the clock rate to 2000000.

Determine what connection a router has by issuing sh controllers s0/0/0

You may see a DCE cable connection:

Router#sh controllers s0/0/1
Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 1000000

Of you may see a DTE cable connection:

Corp#show controllers s0/0/1
Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DTE V.35 TX and RX clocks detected

Remember, a serial connection with a DCE interface requires that a clock rate be set as the other interface will have a DTE connection that receives the clock rate you set.

You can set the clock rate like so:

Router#conf t

Router(config)#int serial s0/0/0

Router(config-if)#clock rate 1000000

 

 

Display Names and Account Names

C:\>dsquery user “OU=FRESHMEN,OU=STUDENTS,DC=GREATSCHOOL,DC=US” -limit 0 | dsget user -samid -display > freshmen.txt

Use this command to list the name and login for all users that belong to a specific OU in a Microsoft Active Directory environment.