Wassim

This post contains my notes on the Cisco Webcast title “The Network as Security Enforcer”. The webcast was broadcast on June 30th 2015. The network can be leveraged as an attack detector, or a security enforcer. It can be configured to watch out for threats and, if an attack occurs, it can protect itself from future threats. To be able to prevent attacks, we must see network traffic by device and by user. We must see what type of traffic is crossing our network. What can the network do for us? detect anomalous traffic flows detect application usage and access policy violations detect rogue devices, APs and other What tools can we use to detect that? Netflow : can be leveraged as a forensics tool. Netflow collects raw data that can contain attack signatures. Use Netflow to establish the normal behaviour of the network can be coupled with ISE to answer questions such as “who?, what?, when?,…” Lancope StealthWatch : provides alarming and notifications TrustSec What can th...

Just like there are road shortcuts, there are IOS display shortcuts too. They are based on Cisco IOS Regex (Regular Expressions) operators. Here are some basic Regex examples that can be useful in your day-to-day network administration. Display the list of interfaces on your device Figure: Displaying the list of interfaces on the device. Display all IP interfaces on the device. Figure: Displaying all IP interfaces Display all IP interfaces that are in the “up…up” state Figure: Displaying all IP interfaces that are in the “up..up” state Display all IP interfaces that are in the “up…down” state Figure: Displaying all IP interfaces that are in the “up..down” state Count the interfaces that have “line is up” or “line protocol is up” Figure: Counting the number of interfaces that either have “line is up” or “line protocol is up” Count the interfaces that are in the “up…down...

Tired of manually placing incoming email into folders? Exhausted from deleting junk email and reporting it as spam? a Gmail filter is the answer you need. Gmail filters allow to apply a certain treatment to your flow of incoming mail. With a Gmail filter, you can label mails, add a star, move to a folder or even to spam. Here is how to do it: Go to your Gmail account in the search area, click on the down arrow Figure: the down arrow is at the right of the search box. type your search criteria. For example, I’m going to search for all emails coming from Neil Patel Figure: Typing “Neil Patel” in the “From” section of the search box. To create a filter, click on the bottom link Create filter with this search Figure: Click on the link to launch the Filter setup menu set the type of action you’d like to see. For example, I’m going to direct all incoming mails from Neil Patel to a new folder called Blogging. Note that, in Gmail, folders are associated with “label...

ARP is a link layer protocol in the TCP/IP model. It crosses the layer 3 in the OSI model, although it was created before the OSI model. Each protocol layer has its own addresses, e.g. IP addresses or Ethernet addresses. The Network layer addresses and the Link layer addresses are logically separated. But, they are used together in practice. In fact, it’s ARP that does that. ARP provides a logical mapping between a network layer address and a link layer address. We often think of Ethernet when we talk about link layer addresses. However, don’t forget that there are many other link layer technologies (by the way an Ethernet address is 48-bit long, or 6 bytes separated by colons). In TCP/IP stack, ARP does not cross link layer boundaries (remember when we talked about cross-layer implementations ). It sits in the Network layer, of the TCP/IP model. Each TCP/IP host maintains an ARP cache . the duration of the ARP cache varies among implementations. E.g. on Mac OS X, ARP cache...

I use Evernote on both my home computer and office computer to bookmark my favourite websites into an online store. After reading this Evernote tutorial you will be able to do the same too. What is Evernote and what does it do? The beauty of bookmarking sites is they are location-independent, which means you can reach your documents and bookmarks from anywhere in the world, with only a computer and ain internet connection. Evernote is a web clipping tool that helps you store your favourite web pages in a virtual notebook. It comes in two major forms: an online version: the most famous one. This allows you to access your files from any device connected to the internet, a desktop version: this is a software that you donwload and install on your computer. I only tried the Windows version. It can be set to synchronize with your web account and download the files that you clipped while surfing the web. Evernote can be used to store the following purposes: songs technical articles motivation...

Every network engineer must know how to convert decimal to hex and hex to decimal. Decimal to Hexadecimal conversion To learn how to convert a decimal number to its hexadecimal format, let’s take an example. Suppose we want to convert 39619 into Hex. We take 39619 and divide it by 16:  39619/16 = 2476 .1875. We note the remainder of the division (aka the Modulo). 39619 mod 16 = 3 . We take 2476. We divide it by 16:  2476/16 = 154 .75. We note the remainder of the division: 2476 mod 16 = 12 We take 154 and divide it by 16:  154/16 = 9 .625. We note the remainder of the division: 154 mod 16 = 10 We take 9 and divide it by 16:  9/16 = 0. We note the remainder of the division: 9 mod 16 = 9 We stop because we encountered a 0 in step 4. Now we read the series of modulos we found in steps 1 to 4, in the reverse order: 9 10 12 3 We convert each modulo of the sequence to its hex format: This gives us 9AC3 which is the hexadecimal format of 3619 . Figure 1: Steps to convert decimal 39619 t...

Many network engineers use the Traceroute command very often. They need a basic tool to determine a path from node A to node B. So they simply type “traceroute” or “tracert” without really knowing what it is doing in the background. This article will demystify some of the dark operations of Traceroute. And when you learn all this stuff, you will become a Traceroute wizard. What Traceroute does is it displays the Round-Trip Time (or two-way delay) between a source node and each other node in the network path.  The Round-Trip Time is calculated with this formula: The time stamp when a hop sends the ICMP Time Exceeded message minus the time stamp when the SRC sends the probe The Round Trip Time calculated by Traceroute must not be confused with the Round Trip Time of a TCP connection . Although both concepts measure a delay, they are different. The first measures the delay between sending a probe and receiving a response. The second measures...