Tuesday, April 23, 2024

IP Fragmentation

Some basic info

Ethernet header is 14bytes
TCP header is 40byes
standard IP MTU is 1500bytes



DF is not set 

find MTU of source

powershell to see max MTU of win11:

netsh interface ipv4 show interfaces 


Send some test traffic that is bigger than the MTU of the source

ping -l 1600 <destination>


Check with wireshark at destination

fragmented in 2 packets

first packet


second packet


DF is set


Send some test traffic that is bigger than the MTU of the source 

ping -l 1600 -f <destination>

packet will be dropped at the laptop




at No comments:

Tuesday, March 26, 2024

Wireshark display GRE packets

 

display filter ip.proto == 47

Add colummn with the following details:






at No comments:

Friday, February 23, 2024

VRF Route leaking via static routes

R1
10.170.138.14
|
|
Gi1/9-10.170.138.13
SW001(VRF INTERNET)
|
SW001(GLOBAL)
|
SW001(VRF ATT)
Gi1/2-10.170.137.2
|
|
Gi1/1-10.170.137.1
Router
|
|
network
|
|
10.0.29.3

To achieve this, we do vrf route leaking via static routes. It is not possible to leak directly between to vrfs, but it is possible between vrf and global in both directions.

On SW001:
VRF INTERNET (leak destination to global)
ip route vrf INTERNET 10.0.29.3 255.255.255.255 10.170.137.1 global

VRF ATT (leak source to global)
ip route vrf ATT 10.170.138.14 255.255.255.255 10.170.138.14 global

GLOBAL (static route to next-hops defined in static routes above)
ip route 10.170.137.1 255.255.255.255 GigabitEthernet1/2
ip route 10.170.138.14 255.255.255.255 GigabitEthernet1/9


at No comments:

Wednesday, February 21, 2024

NAT and PAT on ASA

 Best reference

https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/

at No comments:

Saturday, February 3, 2024

mac securecrt send cisco break to rommon

 in securecrt configure session with VT220 keyboard mapping and press F5 continuously when the router boots.

at No comments:

Wednesday, January 31, 2024

OpenWRT linksys with TC and NETEM

 

install openwrt on e4200v2 

Open ssh and http on the WAN (disable firewall)

Via GUI of openwrt (LuCi) install tc-full and kmod-netem

Inject some delay:

tc qdisc add dev internet root netem delay 10ms

Disable delay:

tc qdisc del dev internet root

tc -s qdisc ls dev internet

at No comments:

Sunday, January 7, 2024

vmware esxi letsencrypt certificate

 Good info on how to install ssl certificate on esxi

(note that I run 6.5 which only seems to work with w2c 1.0.0)

https://github.com/w2c/letsencrypt-esxi/wiki/Installation-via-Web-UI

https://www.it-connect.fr/vmware-esxi-lets-encrypt-la-solution-pour-obtenir-un-certificat-ssl-gratuit/

at No comments:
Subscribe to: Posts (Atom)

YAML Files for ESP32

 Gree Versati III https://gist.github.com/slanckma/3bad4ff49545488a3719766bdf0cdc76 TUF-2000M Water flow sensor https://gist.github.com/slan...

  • eve-ng : When a node won't start
      /var/log/syslog shows: Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Error while connecting local AF_UNIX: ...
  • Arista Zero Touch Provisioning
    zerotouch cancel -> only for current uptime (reload will start ZTP again) zerotouch disable -> forever to reenable zerotouch do: ...
  • OpenWRT linksys with TC and NETEM
      install openwrt on e4200v2  Open ssh and http on the WAN (disable firewall) Via GUI of openwrt (LuCi) install tc-full and kmod-netem Injec...