General notes |
FOR DUMPS SAKE
Export Putty Sessions
Run CMD as administrator regedit /e "%USERPROFILE%\Desktop\putty-sessions.reg" HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions |
Slitaz Linux
**Notes default # /etc/httpd.conf: Busybox HTTP web server configuration file. ### /etc/init.d/httpd stop tazpkg get-install lighttpd nano /etc/lighttpd/lighttpd.conf $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/ssl/certs/lighttpd.pem" } cd /etc/ssl/certs openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes chmod 400 lighttpd.pem |
Nagios Log Server
#Download and install the ova https://www.nagios.com/downloads/nagios-log-server/vmware/ #Initial setup https://assets.nagios.com/downloads/nagios-log-server/docs/Installing-Nagios-Log-Server-with-VMware-Workstation-Player.pdf #Run this command if there is an issue with DHCP allocation /etc/sysconfig/network-scripts/ifup-eth eth0 #make things easy yum install nano #Set static IP nano /etc/sysconfig/network-scripts/ifcfg-eth0 So when you open up that file, you'll want to change: BOOTPROTO=dhcp To: BOOTPROTO=static Now you'll need to add the entries to set not only the IP address, but the netmask, gateway, and DNS addresses. At the bottom of that file, add the following: IPADDR=192.168.1.200 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=1.0.0.1 DNS2=1.1.1.1 DNS3=8.8.4.4 |
VPN phases
Phase 1 is IKE where you start things out... Diffie-Hellman is used to set up your negotiation and setup of your traffic-encryption keys to get started. Your IKE SA will be completed here. Phase 2 is IPSec (ISAKMP) where you get into what specifics you set up in your policies to have your keys set. This is the traffic keys themselves. And the traffic is getting encrypted here. IPSec SA is present if everything goes well. IKE Phase 1 works in one of two modes, main mode or aggressive mode now of course both of these modes operate differently and we will cover both of these modes. Main Mode: IKE Phase 1 operating in main mode works with both parties exchanging a total of 6 packets, that’s right 6 packets is all it takes to complete phase 1. The first packet is sent from the initiator of the IPSec tunnel to its remote endpoint, this packet contains the ISAKMP policy The second packet is sent from the remote endpoint back to the initiator, this packet will be the exact same information matching the ISAKMP policy sent by the initiator. The third packet is sent from the initiator to the remote endpoint, this packet contains the Key Exchange payload and the Nonce payload, the purpose of this packet is generate the information for the DH secret key This fourth packet as you would expect comes from the remote endpoint back to initiator and contains the remote endpoints Key Exchange and Nonce payload. The fifth packet is from the initiator back to the remote endpoint with identity and hash payloads, the identity payload has the device’s IP Address in, and the hash payload is a combination of keys (including a PSK, if PSK authentication is used) The sixth packet from the remote endpoint to the initiator contains the corresponding hash payloads to verify the exchange. Aggressive Mode: IKE Phase 1 operating in aggressive mode only exchanges 3 packets compared to the 6 packets used in main mode. One downside in aggressive is the fact it not as secure as main mode. The first packet from the initiator contains enough information for the remote endpoint to generate its DH secret, so this one packet is equivalent to the first four packets in main mode. The second packet from the remote endpoint back to the initiator contains its DH secret The third packet from the initiator includes identity and hash payloads. After the remote endpoint receives this packet it simply calculates its hash payload and verifies it matches, if it matches then phase one is established. IKE Phase 2 Now let’s look at IKE Phase 2, IKE Phase 2 occurs after phase 1 and is also known as quick mode and this process is only 3 packets. Perfect Forward Secrecy PFS, if PFS is configured on both endpoints the will generate a new DH key for phase 2/quick mode. Contained in this first packet from the initiator to the remote device are some of the hashes/keys negotiated from phase 1, along with some IPSec parameters IE: Encapsulation (ESP or AH), HMAC, DH-group, and the mode (tunnel or transport) The second packet contains the remote endpoint’s response with matching IPSec parameters. The last packet is sent to the remote device to verify the other device is still there and is an active peer. That last packet concludes the forming an IPSec tunnel and the phase 1/2 process. |
TCP DUMP
See the list of interfaces on which tcpdump can listen: tcpdump -D Listen on interface eth0: tcpdump -i eth0 Listen on any available interface tcpdump -i any Be verbose while capturing packets: tcpdump -v Be more verbose while capturing packets: tcpdump -vv Be very verbose while capturing packets: tcpdump -vvv Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header: tcpdump -v -X Be verbose and print the data of each packet in both hex and ASCII, also including the link level header: tcpdump -v -XX Be less verbose (than the default) while capturing packets: tcpdump -q Limit the capture to 100 packets: tcpdump -c 100 Record the packet capture to a file called capture.cap: tcpdump -w capture.cap Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time: tcpdump -v -w capture.cap Display the packets of a file called capture.cap: tcpdump -r capture.cap Display the packets using maximum detail of a file called capture.cap: tcpdump -vvv -r capture.cap Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers): tcpdump -n Capture any packets where the destination host is 172.16.1.1. Display IP addresses and port numbers: tcpdump -n dst host 172.16.1.1 Capture any packets where the source host is 172.16.1.1. Display IP addresses and port numbers: tcpdump -n src host 172.16.1.1 Capture any packets where the source or destination host is 172.16.1.1. Display IP addresses and port numbers: tcpdump -n host 172.16.1.1 Capture any packets where the destination network is 172.16.1.0/24. Display IP addresses and port numbers: tcpdump -n dst net 172.16.1.0/24 Capture any packets where the source network is 172.16.1.0/24. Display IP addresses and port numbers: tcpdump -n src net 172.16.1.0/24 Capture any packets where the source or destination network is 172.16.1.0/24. Display IP addresses and port numbers: tcpdump -n net 172.16.1.0/24 Capture any packets where the destination port is 23. Display IP addresses and port numbers: tcpdump -n dst port 23 Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: tcpdump -n dst portrange 1-1023 Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: tcpdump -n tcp dst portrange 1-1023 Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: tcpdump -n udp dst portrange 1-1023 Capture any packets with destination IP 172.16.1.1 and destination port 23. Display IP addresses and port numbers: tcpdump -n "dst host 172.16.1.1 and dst port 23" Capture any packets with destination IP 172.16.1.1 and destination port 80 or 443. Display IP addresses and port numbers: tcpdump -n "dst host 172.16.1.1 and (dst port 80 or dst port 443)" Capture any ICMP packets: tcpdump -v icmp Capture any ARP packets: tcpdump -v arp Capture either ICMP or ARP packets: tcpdump -v "icmp or arp" Capture any packets that are broadcast or multicast: tcpdump -n "broadcast or multicast" Capture 500 bytes of data for each packet rather than the default of 68 bytes: tcpdump -s 500 Capture all bytes of data within the packet: tcpdump -s 0 |
OSPF notes
BGP notes
TCP 179 N WLLA OMNI N = next hop reachability W = weight, bigger is better (Local router) L = local preference, bigger is better (AS / non transitive) L = locally injected preferred over BGP learned (network / aggregate ) A = AS path length, shorter is better O = origin, (igp is better than egp is better than incomplete) I IGP - E Exterior Gateway Protocol (EGP), ? INCOMPLETE. M = MED, lower is better (route suggestion) N = neighbor type, ebgp better than ibgp (Prefer eBGP over iBGP paths) I = IGP metric to BGP next-hop, lower is better -Closest IGP neighbor -Oldest learned (external) -Lowest Cluster / Router ID -Lowest neighbour Address |
MP BGP
***WORK IN PROGRESS*** Multiprotocol Extensions for BGP (MBGP), sometimes referred to as Multiprotocol BGP or Multicast BGP and defined in IETF RFC 4760, is an extension to Border Gateway Protocol (BGP) that allows different types of addresses (known as address families) to be distributed in parallel. Whereas standard BGP supports only IPv4 unicast addresses, Multiprotocol BGP supports IPv4 and IPv6 addresses and it supports unicast and multicast variants of each. Multiprotocol BGP allows information about the topology of IP multicast-capable routers to be exchanged separately from the topology of normal IPv4 unicast routers. Multiprotocol BGP is also widely deployed in case of MPLS L3 VPN Enable by configuring - Address family vpnv4 vpnv4 routes (VPN label) Extended Communities neighbour 1.1.1.1 send-communities extended VRF name Route Distinguisher 1.1.1.1:2 (keeps networks separate in MPBGP) local significant VRF (VRF PICTURE) Route Targets Export Target 10:10 ( out of the VRF into MPBGP ) Import Target 9:9 (out MPBGP into the VRF ) (how the routes should be shared with) router bgp 65020 LSP - Label Switching Path (each router applies its own label based upon its own routing table) |
Spanning Tree Notes
***WORK IN PROGRESS*** SPANNING TREE EXAMPLE PICTURE Original Spanning Tree - 802. 1d PASSIVE (convergence 50 sec + ) *Blocking - 0-26 sec *Listening - 15 sec *Learning - 15 sec Rapid Spanning Tree - 802. 1w RSTP ACTIVE (convergence 2 sec ) Per Vlan Rapid Spanning Tree PVSTP ACTIVE 1 instance per vlan (can be different topology per vlan) Multiple Spanning Tree MSTP ACTIVE cut down on spanning tree instances Region Matching Name Matching Revision No Matching Mapping e.g. instance 0 - catch all (internal spanning tree) instance 1 - vlan 11 to 20 instance 2 - vlan 21 to 30 *Rules 1. Root bridge election 2. Best path to the root 2a. lowest cost 2b. lowest ID 3c. lowest port number (advertising switch) *no more than 7 in the chain* BPDU - bridge protocol data unit every 2 seconds Root and Loop detection Multicast Address 01:80:c2:00:00:00 Bridge MAC + Bridge Priority = Bridge ID Find best path to the root using cost DP designated port (one per segment) RP root port *AP alternate port (backup to RP) BP blocked port Bridge Assurance - disables ports if BPDU is NOT seen LoopGuard - RP/AP can't become DP RootGuard - apply on switch port to another LAN BPDU Guard - disables ports if BPDU is seen PortFast - disables spanning tree BPDU filter - MAC flap ???? |
Handy Software
**Veeam Endpoint Backup** Veeam® Endpoint Backup™ FREE provides a simple solution for backing up Windows-based desktops and laptops. With Veeam Endpoint Backup FREE, you can easily back up your PC to an external hard drive, NAS (network-attached storage) share or a Veeam Backup & Replication™ repository. And if your system crashes, hard drive fails, or a file gets corrupted or accidentally deleted, you can recover what you need in minutes — like it never even happened. https://www.veeam.com/endpoint-backup-free.html **Ninite** Install and Update All Your Programs at Once! Ninite will start working as soon as you run it
|
1-10 of 11