According to Mr. Lammle:
If a packet is lost on the return to the originating host we will probably see a request timed-out because of an unknown error.
If a packet is lost on the way to it’s destination, we will see a destination unreachable message. Typical cause is a router along the way does not possess a route to the destination.
To summarize, a packet can successfully reach its destination and on the return can be dropped at the destination host or a successive router because a needed route does not exist.
Recently I began preparing a Task Sequence in Microsoft System Center Configuration Manager (SCCM) to upgrade workstations from Windows 8.1 Pro to Windows 10.
A goal of mine was to conserve the product keys we had purchased so they wouldn’t go to waste.
Here is a short Powershell script that could be included as a step in a Task Sequence to accomplish this goal.
$temp = cscript.exe C:\windows\system32\slmgr /dlv
#$temp = Select-String -Path .\license.txt -Pattern "Application ID:"
#$temp = Select-String -InputObject $temp -Pattern "Application ID:"
$temp=Select-String -InputObject $temp -Pattern "Application ID:"
slmgr /upk $temp
After connecting to my home lab the day before, today no dice.
Connecting from the same site as yesterday, I enabled the hotspot on my iPhone and connected my laptop to the personal WiFi.
At that point I could bring up the vpn to back home.
At the router I issued show vpn debug to check things out. To my surprise I found the router still had an active SA from my last connection.
Security Associations (1 up, 0 connecting):
remote-access: ESTABLISHED 9 hours ago,
I was able to break down this SA by issuing restart vpn from a non-global configuration prompt. In other words, do not bother issuing this command in configure mode. Ensure your terminal looks like you@edgerouter:~$
For my sake I posted this comment from a Moderator on Sysadmin that points at resources for learning more about a variety of topics including Cisco networking, Linux, Microsoft and information security.
Another recommendation is to peruse the Gilded posts in this forum. A list of some of the best posts as voted up by the community.
We can measure link bandwidth between two hosts by using iPerf.
Configure the server:
iperf -s -u
Configure the client:
iperf -c 172.20.255.254 -u -b 100m -d -i 1
- -c Connect client to server at IP 172.20.255.254
- -u Use layer 4 transport protocol UDP instead of the default, TCP
- -b Send traffic over UDP and a bandwidth of 100 Mbit/s
- -d Make test in both directions
- -i Provide updates at 1 second intervals until test completes
Step 1 – Configure Server Profile used to send SYSLOG messages to a destination
Note: The Palo Alto Administrators guide states that by default all log data is forwarded over the MGT interface. In addition, we will have to create a Server Profile for external services the firewall will interact with.
From your web based management console navigate to Device -> Server Profiles -> Syslog. You’ll configure the name, ip address or fqdn of the syslog server, port, and format. Typically syslog messages are sent over UDP to port 514 in a BSD format. IETF format is normally used over TCP/SSL.
Step 2 – Enable Log Forwarding
Navigate to Objects -> Log Forwarding.
We create a Log Forwarding Profile that specify ServerProfiles that we will be sending event logs to in the form of SYSLOG and SNMP messages. You can control a severity threshold to define when messages are forwarded out of the palo alto to your log collector.
Step 3 – Add Log Forwarding Profile to a Security Rule
In this example I have created a security rule that governs DNS traffic that is generated in our LAN and is destined for the Internet. My thought is I would like to receive notice when any user on my network tries to resolve a URL while avoiding our internal DNS servers. I edit this “Deny DNS Out” rule, navigating to the Actions Tab where we specify a Log Forwarding Profile created in step 2.
We can use tshark to view traffic that reaches an interface. In my example I am looking for SYSLOG messages from a firewall destined to my instance of LibreNMS. LibreNMS listens for UDP traffic on port 514 of the eth0 interface from a specific IP address.
We’d like to filter traffic based on source ip address and protocol type.
Specify the interface
Specify the protocol
Specify packet capture count
Write to a file for review
#Use a display filter to limit view to a specific source IP
Here’s the final product
tshark -i eth0 -O UDP -c 100 -w capture.pcap host a.b.c.d
At your central router, Corp, create a pool, specify a DNS server and default gateway that will be provided to clients that are configured using DHCP.
Exclude addresses from the pool before you enable the dhcp pool.
Corp(config)#ip dhcp excluded-address 192.168.10.1
Corp(config)#ip dhcp pool SF_LAN
Corp(dhcp-config)#network 192.168.10.0 255.255.255.0
Configure the remote router to forward DHCP client requests received on the Fast Ethernet 0/0 interface to an IP address, in our case the Corp router that was just configured above.
LA(config)#ip helper-address 172.16.10.5
In a lab environment when you create a serial connection between two routers, keep the following in mind. Modern Cisco ISR routers can autodetect this and set the clock rate to 2000000.
Determine what connection a router has by issuing sh controllers s0/0/0
You may see a DCE cable connection:
Router#sh controllers s0/0/1
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 1000000
Of you may see a DTE cable connection:
Corp#show controllers s0/0/1
Hardware is PowerQUICC MPC860
DTE V.35 TX and RX clocks detected
Remember, a serial connection with a DCE interface requires that a clock rate be set as the other interface will have a DTE connection that receives the clock rate you set.
You can set the clock rate like so:
Router(config)#int serial s0/0/0
Router(config-if)#clock rate 1000000
C:\>dsquery user “OU=FRESHMEN,OU=STUDENTS,DC=GREATSCHOOL,DC=US” -limit 0 | dsget user -samid -display > freshmen.txt
Use this command to list the name and login for all users that belong to a specific OU in a Microsoft Active Directory environment.