July 2nd, 2009 No comments

I use this WordPress installation as a way to post snippets of information and aides memoir, which I use in my work. Sometimes I may add a short piece of information which may be useful to a casual visitor. Hit Ctrl-D to bookmark me or subscribe to my Site RSS Feed – Daren.

Creative Commons License
This work is licensed under:
Creative Commons Attribution-NonCommercial 2.0 Generic License 

Find posts with capture files..


Categories: Diary of Events Tags: , ,

EEM Script to check log messages and trigger email

June 15th, 2017 No comments

Here’s a tip to become alerted when an interface is down (in this case a VPN tunnel). The script can be adapted to look for any pattern in the syslog and send a triggered email message:

event manager environment _ifDown_rcpt somebody@somewhere.com
event manager session cli username “admin”
event manager applet MailOnIfDown
event syslog occurs 1 pattern “%LINEPROTO-5-UPDOWN.* Tunnel” period 1
action 1.0 mail server “smtp-server@somewhere.com” to “$_ifDown_rcpt” from “router-hostname@somewhere.com” subject “DON’T PANIC – Tunnel Changed State!” body “$_syslog_msg”

Read more…

Categories: CISCO, EEM Scripts Tags:

Archive DHCP Bindings from Cisco Router using EEM

March 24th, 2017 No comments

This recipe describes a simple method to send DHCP bindings from a Cisco router to a remote TFTP server running on Windows.  A batch file renanes and date-stamps the file and another batch file removes the archived files after a retention period:


(Note: the cron entry sends the file every 5 minutes)
event manager session cli username “your_username”  (NOTE: this is required if tacacs+ is running on the router)
event manager applet copy-dhcp-bindings
event timer cron cron-entry “*/5 * * * * ”
action 0.5 cli command “enable”
action 1.0 cli command “show ip dhcp binding | redirect tftp://[ip_address]/bindings.txt”
end Read more…

Categories: CISCO, EEM Scripts Tags:

Monitor QoS Policy on Cisco Router using SNMP

March 23rd, 2017 No comments

This recipe describes how to use SNMP to determine the traffic offered and drop rate for a QoS policy configured on a Cisco router.

The steps here describe which OIDs to interrogate in the CISCO-CLASS-BASED-QOS-MIB


Get the SNMP ifIndex for the interface where the QoS policy is attached:
CiscoRouter#sh snmp mib ifmib ifindex | i GigabitEthernet0/1
GigabitEthernet0/1: Ifindex = 22

(or by using SNMP):
root@Linux# snmpwalk -v2c -c communityname | grep -i GigabitEthernet0/1
RFC1213-MIB::ifDescr.22 = STRING: “GigabitEthernet0/1” Read more…

Categories: CISCO, Network Management, QoS Tags: ,

Troubleshooting VMWare Networking

August 28th, 2015 No comments

To locate a VM Host on a Cisco switch, enable the sending of CDP (Cisco Discovery Protocol) packets on the VMWare host, the syntax is:

# esxcli network vswitch standard set –c both –v vSwitch# (Note: Replace # with the vSwitch number)

In ESXCLI 5.1, you can now retrieve additional network statistics at a physical NIC (vmnic), on a per VLAN (portgroup) which needs to be configured and on a per VM port (vNIC). Here is a quick diagram to help you visualize where you can retrieve network statistics: Read more…

Categories: CISCO Tags:

How to Find SNMP ifIndex on Cisco Devices

July 30th, 2015 No comments

show snmp mib ifmib ifindex

show snmp interface Read more…

Categories: CISCO Tags:

Secure Hashing Algorithms SHA-1 and SHA-2

May 15th, 2015 No comments

First implemented by the National Security Agency (NSA) in 1993, the Secure Hashing Algorithm (SHA) is used by certification authorities such as Verisign and Thawte to sign certificates and Certificate Revocation Lists. SHA is used to generate unique hash values from files.

This is the SHA-1 hash fingerprint from the bbc.co.uk website:

root@raspberrypi:/# echo | openssl s_client -connect bbc.co.uk:443 2>/dev/null | openssl x509 -fingerprint -noout
SHA1 Fingerprint=EA:D2:F2:79:18:A0:CD:2B:10:3B:12:01:CF:B1:9E:CC:AF:0F:28:0C

SHA versions:

  • SHA0 Obsoleted
  • SHA1 Currently the most widely implemented
  • SHA2 Stronger than SHA-1 due to longer hash (SHA224, SHA256, SHA384 and SHA512)

As part of their SHA-2 migration plan, Microsoft, Google, and Mozilla have announced that they will stop trusting SHA-1 certificates. Google began phasing out trust in SHA-1 certificates in November 2014. Read more…

Categories: Network Design, Security Tags: ,

How to Determine which Process or Application uses a TCP Connection

May 14th, 2015 2 comments

This recipe shows how to determine which process or application uses a TCP connection which you saw listed in your netstat output.  The exampe below is for Linux.  Windows is further down in the post:

In this example, I have a small ARM Linux device being remotely managed via the “Dataplicity” service. To use the service you install a script which runs on startup. It seems that the script sets up an SSH connection from the managed ARM device to the dataplicity server, so that when you login to their Admin portal and choose the “terminal” option, you access the Linux terminal which is already setup.

The netstat output shows a session outbound from the ARM machine ( to the dataplicity server ( on TCP/22 (SSH):

root@raspberrypi:/# netstat -an | grep ‘:443’

the next step is to find which process(es) use the (source) TCP port 46098:

Read more…

Filtering Cisco “show” Output Using Regular Expressions

April 22nd, 2015 No comments

show run | i ^interface|^_ip address
! Gives you the every line in your running config that starts with (that’s what the ^ is all about) “interface” or ” ip address”, essentially giving you all of your interface IP’s in an IOS-pastable format.  The underscore represents a space.  Useful for displaying IP addresses with their associated masks and interfaces. Read more…

Categories: CISCO Tags:

Understanding F5 BIG-IP Memory Usage

March 30th, 2015 No comments

Any non-tmsh command you use in the HMS bash shell (like free) will generally only relate to the HMS. This is why there is an apparent discrepancy between the tmsh “show system memory” command and the Linux “free” command: Read more…

Categories: linux Tags:

AS/400 Ethernet Type May Cause Problems

March 13th, 2015 No comments

After a core network switch reload, a strange problem occured for 5250 terminal sessions to an AS/400. Sometimes they worked and sometimes not. The same behaviour was observed using ping from within the same IP subnet.

The problem appeared to be the Ethernet framing on the AS/400. The ARP replies kept changing between type SNAP and ARPA. An ARP entry on the core routers showed the mac address of the AS/400 but using Ethernet “SNAP” encapsulation, rather than “ARPA”, the latter of which is the default encapsulation type for the Cisco 6500’s which we were using. Read more…