An aide-memoir:
Cisco3750#who
Line User Host(s) Idle Location
1 vty 0 idle 13w0d l00151267.domainl.com
2 vty 1 172.23.64.17 14w3d 172.23.64.10 Read more…
Another personal aide-memoir for SSL testing:
This method uses OpenSSL to create public/private keys pair and submit the public key to a Certificate Signing Authority to be signed by that CA. The procedure uses various methods to test certificates and SSL connections to web servers: Read more…
HTTP and ETag
Download this capture file: ” IfModifieldSince_and_ETag ”
OR: view it now via Cloudshark
With caching enabled, a web server does not need to send a full response if content has not changed.
If-Modified-Since Allows a 304 Not Modified to be returned if content is unchanged
If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
If-None-Match Allows a 304 Not Modified to be returned if content is unchanged,
If-None-Match: "737060cd8c082f209582d" Read more…
SIP / RTCP
Download this capture file: ” SIP – RTCP control through NAT Device ”
OR: view it now via Cloudshark
SIP is defined by RFC 2543 and is used for multimedia call session setup and control over IP networks. Read more…
An aide-memoir for PMTU operation.
Usually, the path MTU is determined using MTU Path Discovery. Usually, two hosts can dynamically negotiate the path MTU (e.g. client and server ) but networks that contain firewalls or tunnels (VPN, GRE, IPSec transport mode) sometimes require tuning the MTU values manually. Read more…
Useful Wireshark filters
To Find Inner channel splice setup: rvbd.sport.setup.type eq 0x1
Using Riverbed Wireshark 1.8.2 you can use a new feature to find all inner channel traffic for a conversation. You can for instance use the Inner channel splice setup filter rvbd.sport.setup.type eq 0x1 to display all splice setups or some other method.
When you have identified the splice connection you are interested in you can then right click on the connection in Wireshark and choose the ‘Find the inner channel’ option to try to locate the entire inner channel connection. You can also right click on any part of an optimised connection to obtain the same result.
WCCP
Refer to this Wireshark Capture. OR: view it now via Cloudshark
Alternatively, Download: WCCPv2.pcap and continue reading.. Read more…
Available Network Adapters
Only those network adapters that are appropriate for the virtual machine you are creating are available configuration options in the Choose Networks window. Read more…
The TCPDUMP filter to match a DSCP is a little tricky to construct. I need to explain how the filter works and also what TCPDUMP sees in the ToS Byte of the IP header and then how to filter on just the DiffServ extensions.
The IP ToS Byte (DSCP and IP ECN)
FIRST THE ANSWER:
(in case it is not important to understand how the filter is constructed)
– an example filtering on DSCP decimal 20 (AF22):
tcpdump -i eth0 (ip and (ip[1] & 0xfc) >> 2 == 20) -vvv
– An example filtering on DSCP Hex 14 (also decimal 20 or AF22):
tcpdump -i eth0 (ip and (ip[1] & 0xfc) >> 2 == 0x14) –vvv
Read more…
A video from The Linux Foundation, commemorating 20 Years of the Linux Operating System: Read more…
