There are many ways to monitor devices: netflow, span port, switchport and so on. Today I will explain how to monitor bandwith, CPU, … of routers and switches using SNMP and Cacti. Simple Network Management Protocol (SNMP) is an “Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more.” It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists [...]

The Switched Port Analyzer (SPAN) feature, which is sometimes called port mirroring or port monitoring, selects network traffic, from a switched port, for analysis by a network analyzer. Unfotunately this feature works only on switches or switches Layer3. And in a router, what can I do to copy the traffic? In a previous article, I explained the Embedded Packet Capture, a powerful feature to capture data packets directly on the NVRAM. Another good solution is the ‘IP traffic export‘. Introduced in 12.3(4)T IOS, the IP Traffic Export feature allows users to configure their router to export IP packets that are [...]

Started with IOS 12.4(20)T version, EPC or Embedded Packet Capture, is a powerful feature to capture data packets flowing through, to, and from, a Cisco router. In contrast with SPAN feature, EPC permits to save the dump directly on the NVRAM and for this reason, Embedded Packet Capture is useful whenever a network protocol analyzer might be useful in debugging a problem, but when it’s not practical to install such a device. The features are: The ability to capture IPv4 and IPv6 packets in the Cisco Express Forwarding path A flexible method for specifying the capture buffer size and type [...]

How long does it take to reload your router? 3 or 4 minutes? Do you know that is possible to speed up your reboot? If your answer is negative, read how warm reload is faster than cold (classic) reload. Introduced in Cisco IOS Release 12.3(2)T, the warm reload feature allows users to reload their routers without reading images from storage. That is, the Cisco IOS image reboots without ROM monitor mode (ROMMON) intervention by restoring the read-write data from a previously saved copy in the RAM and by starting execution without either copying the image from flash to RAM or [...]

Not everyone knows that the reload command permits to schedule a reboot system; for instance, to plan a night router restart or during a critical configuration (AAA, vty, and so on…). There are two ways to schedule a reload system: at: at a specific time/date in: after a time interval The ‘at’ keyword permits to schedule a reload of the software to take place at the specified time (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. The following example reloads the router on April [...]

There are many tools to decrypt Cisco type-7 password, based on Vigenere algorithm. But, what can we do if we can not use these software? The Cisco-IOS method might not be new to some, but those that don’t know about it will find it useful. Suppose you would decrypt these string: username cisco password 7 0718365B000A1016141D11050A2F6527273E username fabio password 7 0110140558004B0224014600110C To find the password, you can use the Cisco Key Chain:

I have decided to write this tutorial (only for test purpose) to show how it is simple decode a G.729 stream using SPAN port, Wireshark, VoiceAge G.729 decoder and Audacity software. What is G.729? G.729 is an audio data compression algorithm for voice that compresses digital voice in packets of 10 milliseconds duration. It is officially described as Coding of speech at 8 kbit/s using conjugate-structure algebraic-code-excited linear prediction.

An access list is a sequential list consisting of at least one permit statement and possibly one or more deny statements that apply to IP addresses and possibly upper-layer IP protocols. Time-based ACLs is a Cisco feature introduced in the Release 12.0.1.T to allow access control based on time. The time range, identified by a name, can be ‘absolute‘ or ‘periodic‘. Use time-based access list is easy and can be useful in some situations. To implement it, you need: Define time-range Define ACL, where the time-range is applied to Apply ACL; for istance: to the interface, to the vty, to [...]

The Cisco® Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and December 2010. It also provides a snapshot of the state of security for that period, with special attention paid to key security trends expected for 2011. In response to the last decade of cyber-exploits targeting PC operating systems, PC platform and application vendors have shored up security in their products and taken a more aggressive approach to patching vulnerabilities. As a result, scammers are finding it harder to exploit platforms that [...]

Traceroute is a tool for measuring the route path and transit times of packets across an Internet Protocol (IP) network. Traceroute sends a sequence of Internet Control Message Protocol (ICMP) packets addressed to a destination host. Tracing the intermediate routers traversed involves control of the time-to-live (TTL) Internet Protocol parameter. Routers decrement this parameter and discard a packet when the TTL value has reached zero, returning an ICMP error message (ICMP Time Exceeded) to the sender. In a Data Center, it is often required to find a host and the layer2 path. To do it, Cisco has implemented a good [...]