Destination Unreachable vs Request Timed-Out

According to Mr. Lammle:

If a packet is lost on the return to the originating host we will probably see a request timed-out because of an unknown error.

If a packet is lost on the way to it’s destination, we will see a destination unreachable message. Typical cause is a router along the way does not possess a route to the destination.

To summarize, a packet can successfully reach its destination and on the return can be dropped at the destination host or a successive router because a needed route does not exist.

Locate and uninstall Windows Product Key

Recently I began preparing a Task Sequence in Microsoft System Center Configuration Manager (SCCM) to upgrade workstations from Windows 8.1 Pro to Windows 10.

A goal of mine was to conserve the product keys we had purchased so they wouldn’t go to waste.

Here is a short Powershell script that could be included as a step in a Task Sequence to accomplish this goal.

$temp = cscript.exe C:\windows\system32\slmgr /dlv
#$temp = Select-String -Path .\license.txt -Pattern "Application ID:"
#$temp = Select-String -InputObject $temp -Pattern "Application ID:"
$temp=Select-String -InputObject $temp -Pattern "Application ID:"
echo $temp
slmgr /upk $temp

Restart Ubiquiti Edgerouter Remote Access VPN

After connecting to my home lab the day before, today no dice.

Connecting from the same site as yesterday, I enabled the hotspot on my iPhone and connected my laptop to the personal WiFi.

At that point I could bring up the vpn to back home.

At the router I issued show vpn debug to check things out. To my surprise I found the router still had an active SA from my last connection.

Security Associations (1 up, 0 connecting):
remote-access[2]: ESTABLISHED 9 hours ago,

I was able to break down this SA by issuing restart vpn from a non-global configuration prompt. In other words, do not bother issuing this command in configure mode. Ensure your terminal looks like you@edgerouter:~$


Reddit – Link list

For my sake I posted this comment from a Moderator on Sysadmin that points at resources for learning more about a variety of topics including Cisco networking, Linux, Microsoft and information security.

Another recommendation is to peruse the Gilded posts in this forum. A list of some of the best posts as voted up by the community.

Using iPerf to test bandwidth

We can measure link bandwidth between two hosts by using iPerf.

Configure the server:

iperf -s -u

Configure the client:

iperf -c -u -b 100m  -d -i 1

  1. -c Connect client to server at IP
  2. -u Use layer 4 transport protocol UDP instead of the default, TCP
  3. -b Send traffic over UDP and a bandwidth of 100 Mbit/s
  4. -d Make test in both directions
  5. -i Provide updates at 1 second intervals until test completes





Send SYSLOG from Palo Alto to LibreNMS

Step 1 – Configure Server Profile used to send SYSLOG messages to a destination
Note: The Palo Alto Administrators guide states that by default all log data is forwarded over the MGT interface. In addition, we will have to create a Server Profile for external services the firewall will interact with.

From your web based management console navigate to Device -> Server Profiles -> Syslog. You’ll configure the name, ip address or fqdn of the syslog server, port, and format. Typically syslog messages are sent over UDP to port 514 in a BSD format. IETF format is normally used over TCP/SSL.


Step 2 – Enable Log Forwarding
Navigate to Objects -> Log Forwarding.
We create a Log Forwarding Profile that specify ServerProfiles that we will be sending event logs to in the form of SYSLOG and SNMP messages. You can control a severity threshold to define when messages are forwarded out of the palo alto to your log collector.



Step 3 – Add Log Forwarding Profile to a Security Rule
In this example I have created a security rule that governs DNS traffic that is generated in our LAN and is destined for the Internet. My thought is I would like to receive notice when any user on my network tries to resolve a URL while avoiding our internal DNS servers. I edit this “Deny DNS Out” rule, navigating to the Actions Tab where we specify a Log Forwarding Profile created in step 2.


tshark – list udp traffic from a specific host

We can use tshark to view traffic that reaches an interface. In my example I am looking for SYSLOG messages from a firewall destined to my instance of LibreNMS. LibreNMS listens for UDP traffic on port 514 of the eth0 interface from a specific IP address.

We’d like to filter traffic based on source ip address and protocol type.

Specify the interface
-i eth0

Specify the protocol

Specify packet capture count

Write to a file for review

#Use a display filter to limit view to a specific source IP
-R “ip.src==”

Here’s the final product
tshark -i eth0 -O UDP -c 100 -w capture.pcap host a.b.c.d

Cisco Configure DHCP Server

At your central router, Corp, create a pool, specify a DNS server and default gateway that will be provided to clients that are configured using DHCP.

Exclude addresses from the pool before you enable the dhcp pool.

Corp(config)#ip dhcp excluded-address
Corp(config)#ip dhcp pool SF_LAN

Configure the remote router to forward DHCP client requests received on the Fast Ethernet 0/0 interface to an IP address, in our case the Corp router that was just configured above.

LA(config)#int fa0/0
LA(config)#ip helper-address

Serial Connections: DCE & DTE

In a lab environment when you create a serial connection between two routers, keep the following in mind.  Modern Cisco ISR routers can autodetect this and set the clock rate to 2000000.

Determine what connection a router has by issuing sh controllers s0/0/0

You may see a DCE cable connection:

Router#sh controllers s0/0/1
Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 1000000

Of you may see a DTE cable connection:

Corp#show controllers s0/0/1
Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DTE V.35 TX and RX clocks detected

Remember, a serial connection with a DCE interface requires that a clock rate be set as the other interface will have a DTE connection that receives the clock rate you set.

You can set the clock rate like so:

Router#conf t

Router(config)#int serial s0/0/0

Router(config-if)#clock rate 1000000



Display Names and Account Names

C:\>dsquery user “OU=FRESHMEN,OU=STUDENTS,DC=GREATSCHOOL,DC=US” -limit 0 | dsget user -samid -display > freshmen.txt

Use this command to list the name and login for all users that belong to a specific OU in a Microsoft Active Directory environment.