What happens when you die?

June 28th, 2013

I guess you didn’t expect a post from me again, well I broke the 4 year silence.. 4 years, imagine! (Well, almost.)

So what happens when you die?
This is not really a post about what happens when you die, I have a hard time believing in spirits and the like, but it’s incredible to come back to this website several years later and find out that it still retains quite a lot of traffic. Hopefully it means I made an impact somehow, I am not sure about how though.

Are you back for good?
I don’t know, I will try to post some items every now and then when I find something interesting. I must admit that a lot of things have happened in my life since I last posted here in 2009. I am not sure which of these are most notable; but first of all I quit my old job as CTO of a small ISP to come work with some incredible people at a major browser company, I am currently working there as a Network Administrator, maintaining data center network installations all over Europe and the US – it is exciting, I get to play with the bleeding edge of network equipment. I’ve attended Juniper Networks training sessions, Cisco training sessions, etc. And I sometimes get to attend major technical events, which is positive for increasing the knowledge for both me and the company I am working for.

I am not as vendor centric as I used to be, I must admit there are other vendors than my fetished one out there, and they are doing some really cool stuff. Just look at Juniper QFX. It looks great.

I became a father
So, late 2011, I finally saw my firstborn son for the first time. It’s also a major life event and incredible to see him grow up. I have a tendency to prioritize playing with all his cars and toys instead of networking lab work these days, so I honestly don’t know how much time I will have to post articles here between traveling and parenting. (Yeah, also I moved far away and I am commuting to the HQ which is a 1h50m flight every now and then, plus the events and things I have to attend.)

I will try my best to post interesting things and features here, some of you old readers might even be here still?

Thanks everyone.

Less Frequent Posting, Here’s Why

September 2nd, 2009

It’s no secret that it keeps me motivated to see that my blog picks up traffic and see the Google Adsense earnings grow, not that it’s a full compensation for the time spent writing the articles. Not that it matters, I’ve been writing haven’t I?

As my blog was starting to get views on the first search engine result page for some keywords, the leechers also started showing their face. After blogging for a year, I have gathered enough experience to say that these people – these theifs – mostly originates from Asia or the Middle-East. That’s two our of three regions of the world that I am reluctant to visit due to f***** up laws. So it kind of figures.

The PROBLEM now is that; While serving up Google Adwords advertisers with ad space on a visited domain, some individuals are now creating new blogs on the popular blogging services blogger.com and blogspot.com, just copying off my articles and content and smack some Google Ads on top of that.
After a while, I am now competing with myself on the SERP’s – it’s pretty hard, while if the latter me wins – I won’t get paid. It’s just so unfair, that the principle of it all really bugs me to post any new content.

I should also note that mostly while contacting people for copyright infringement you just get laughed in the face for your hard work that someone now obviously have the equal right to use and make money off. I am afraid that if I post enough content, someone will publish a book from it….

On the last note; I’ve tried to contact Google several times per email, both to blogger and blogspot and also phone – any attempt to contact them has failed. There is an option to file a DMCA take down notice, but that is a legal document – it should not be a problem.

Google can see WHEN the original article was written based on WHEN the page started to rank/show in the Google index, and also WHEN the same article has been posted (months later) on their own blogging platforms. It is OBVIOUS fraud/infringement.

– Espen

Cisco 3750 Password Recovery

June 1st, 2009

This password recovery method also applies to at least the:
Cisco 2950, Cisco 2960, Cico 3550, Cisco 3560 and Cisco 3750 series.
The only difference will be for how long you will hold the mode button,
from my experience just try to hold it longer if it doesn’t work.
(It should be around 15 seconds for the 3750.)

Connect the PC to the console port

  • 9600 bits
  • 8 data bits
  • ‘none’ parity
  • 1 stop bit

If the switch is powered on, power it off and press and hold the mode button while you power on the switch again. Hold it for about 15 seconds until the SYS led is solid green, then release it.

The switch should then give you this prompt


To initialize the flash file system, run the command

switch: flash_init

The switch will now print a bunch of messages about the flash memory, hopefully one of them will be ‘done initializing flash’.
The next command is load_helper to load any helper images required by boot.

You can now list the contents of your flash by running dir flash:
There should be a file named ‘config.text’, you can rename this file

switch: rename flash:config.text flash:oldconfig.backup

To further boot the switch run the boot command, this will start the boot you are used to. When the switch is booted up, you will realize that the configuration is gone.. But you are enabled on the switch now.

To recover the old configuration:

Switch#rename flash:oldconfig.backup flash:config.text

And now to replace the running configuration with the backup

Switch#copy flash:config.text running-config
Destination filename [running-config]?

Press enter, and you will have your old switch configuration back and you are enabled.
Just remember to change your password now! 😀

Do You Love Books? I do!

May 26th, 2009

Just a short notice for you. I reviewed a book in my last post, but what about all the other books? I am not going to turn this blog into a book reviewing site, so instead I have another plan. Hear me!

There will be no more…
I love books, I love: reading books, writing about books and I love recommending books that actually managed to teach my boggled brain something. I would love telling everyone about everything I read, but that’s going to be alot. so..

The Book Store
There are so many books, and so little time and I would like to work on more exciting content for you.
So I have a plan! At the book store how you can still see which books swing best, whenever YOU want to instead having to get it in your RSS feed all the time!
So from now on, there will be fewer reviews and more configuration and fun content!

The new book listing
This inspired me to integrate a book store to this site, you can reach it here!

I will present all the books that are valuable for certification and learning purposes along with some hobby books in the book store. You know… instead of flooding the web with blog posts about books.

Sounds like a better idea?

Best book recommendation: MPLS Fundamentals

May 23rd, 2009

Are you a network operator or are you interested in getting a professional Cisco certification like CCIP?

MPLS is on the rise and something that everyone must learn today. I didn’t want to be left behind with my ‘old fashion’ routing, so I decided to do a little reading.

I actually bought this book 6 months ago but never had the time to pick it up and read it, but I realize that I should have done that a few months earlier.

The mass of knowledge contained inside was at great value, nicely and explained from the history of tag switching until today. Someone have obviously spent a lot of time editing it. Thank you, it was definitively worth buying.

Heard the word MPLS?
A lot of people are discussing it, you’ve probably heard the buzz about MPLS. Do you want to know what all the secret speech is about or do you just want to expand your knowledge on the subject of MPLS?

My experience with the book
I’ve actually spent a month reading and labbing with this book now and it covers everything you need to know to keep your position as the clever guy in the office/class. I am overly satisfied with this book, so that’s why I am writing a recommendation. It was just great!

What’s in the book?
I find that the book is very well formatted, everything that is important lights up in your face so that you will notice it.
It is amusing that someone is finally killing the argument that MPLS is here because of CPU usage.
A better argument must be that you can basically carry any protocol that you would like over MPLS, this is a pretty cool effect that extends MPLS+IP a mile or five. Learn how to MPLS enable a network and apply traffic engineering on it.

The book is divided into two parts, the first part covers the history and the technical fundament. The second part covers a bit more configuration and troubleshooting. I am not done with the last couple of chapters, but what I have read so far got my back covered a long time and I will start to write some articles about MPLS soon because of what I have already learned.

So if you’re like me, into new technology this must be right up your alley.
MPLS is soon to become everywhere, you need to learn it!

Buy it on Amazon

MPLS Fundamentals (Paperback)
by Luc De Ghein (Author) on Amazon

Best book so far this year!

HOWTO: Gathering All The Information About An IP Address

May 21st, 2009

Would you like to know more about that attacker or who the sucker that draws all your bandwidth is? You can!

The information is stored all around the internet, I will use one of the addresses that RIPE resolves to in this example.
I am using a linux system, but here is an online whois tool that you can use.

$ host ripe.net
ripe.net has address
ripe.net has IPv6 address 2001:610:240:11::c100:1319

Now, it’s is not always like this because some of the addresses have records in ARIN (North American Region) and other registries around the world, but I will focus a bit on the RIPE database right now.

As we can see, ripe.net resolves to, to figure out a bit more you can do a whois for that IP address.

$ whois
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘ –’

inetnum: –
netname: RIPE-NCC
descr: RIPE Network Coordination Centre
descr: Amsterdam, Netherlands
remarks: Used for RIPE NCC infrastructure.
country: NL
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: OPS4-RIPE
mnt-by: RIPE-NCC-MNT
mnt-lower: RIPE-NCC-MNT
source: RIPE # Filtered

role: RIPE NCC Operations
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: X@ripe.net
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: GL7321-RIPE
tech-c: JA47
tech-c: MENN1-RIPE
tech-c: EMIL-RIPE
tech-c: SSIE-RIPE
tech-c: RCO-RIPE
tech-c: APZ-RIPE
tech-c: CNAG-RIPE
tech-c: SMCA-RIPE
tech-c: BOH-RIPE
nic-hdl: OPS4-RIPE
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

… output omitted …

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

You can see from the whois output that this address is part of the address range – which has been delegated to RIPE NCC. It lives in the prefix which is supposedly announced by AS3333.

Check the Real World BGP
We can check if this is correct by using a looking glass, I found that AS6453 got an online looking glass.
Choose BGP and enter the IP address
Look for: BGP routing table entry for Right, it is announced as a /21 on the internet.

We can go further and perform an inverse query to check for other prefixes that AS3333 have registered to see if it’s part of a larger range.

This time I have to ask whois.ripe.net directly because the whois tool on linux automatically chooses the correct whois server for an object, and it does not understand which whois server it should send inverse queries to.

$ whois -h whois.ripe.net — -i origin AS3333
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: RIPE-NCC
descr: Specific range for nameserver operations.
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

There we go is registered there as well, now this is actually part of a (seems like) special /18 which parts of is handed out to network operators. According to remarks, RIPE itself has taken for their own network. (And this is just a little of what information I gathered in three minutes.)

A whois of the AS Number:

$ whois AS3333
[… output omitted ….]
% Information related to ‘AS3333’

aut-num: AS3333
as-name: RIPE-NCC-AS
descr: RIPE Network Coordination Centre
[… output omitted …]

Usually you can find references to an org, to check a prefix just use the command whois PREFIX | grep ^org, or use egrep to also get type of address space; you will then often get a result like this:

$ whois | egrep \(^org\|^status\)
organisation: ORG-NCC1-RIPE
org-name: RIPE NCC
org-type: RIR

The org-name is the name of the organisation, the type can be for example:

  1. RIR – Regional Internet Registry (king of the hill [or continent])
  2. LIR – Local Internet Registry (basically an ISP)
  3. OTHER – Other type, for example users of PI address space

The status is the type of address space, it can be for example:

  1. ALLOCATED UNSPECIFIED – This is often legacy address space which was not handed out under current conditions.
  2. ALLOCATED PA – Provider Aggregatable, which is a larger address space handed out to LIRs for sub delegations.
  3. ALLOCATED PI – Provider Independent, handed out to smaller organisations (registered as OTHER) which are NOT members of the RIPE NCC (LIRs), this kind of address space makes it possible for a company to multihome and change providers without changing IP addresses. (Rather than getting assignments from a larger PA address space)

I guess you figured out that you can also whois the org name, ‘ORG-NCC1-RIPE’.

Let me know if I also should write a tutorial on how to update and perform changes to the RIPE whois database!

Cisco IP Phone Configuration with Asterisk

May 20th, 2009

Getting the Cisco IP Phone 7970 G to work together with the software PBX Asterisk was something I had my hands on a couple of years back. Here’s how you can get them talking together.

You need a couple of things to get this working:

  1. A functioning DHCP server
  2. A functioning TFTP server
  3. SIP Firmware from Cisco This is just a gzipped and tar’ed file.
  4. A functioning asterisk server
  5. A Cisco IP Phone

According to a recent installation, the TFTP server must contain the following files


The file you should pay the most attention to is the SEP<MACADDRESS>.cnf.XML file, this is the configuration file. The configuration file is in XML format. You can find a sample configuration here that should work.

<device xsi:type=”axl:XIPPhone” ctiid=”203849429″ uuid=”{96f8508b-10ef-f98c-d20d-0471777ec725}”>
<devicePool uuid=”{a755aa55-089c-2b47-9603-c7d51b9ca4b5}”>
<dateTimeSetting uuid=”{9ec4850a-7748-11d3-bdf0-00108302ead1}”>
<timeZone>Greenwich Standard Time</timeZone>
<member priority=”0″>
<description>CallManager 5.0 Beta Pub –</description>
<srstInfo uuid=”{cd241e11-4a58-4d3d-9661-f06c912a18a3}”>
<sipIpAddr1>IP ADDRESS TO SIP SERVER</sipIpAddr1>
<line button=”1″>
<line button=”3″>

On the Asterisk server, you will have a file named sip.conf and to have the Cisco IP Phone talking to Asterisk you need this


That should be it, good luck!

Download: Twitter API Social Graph Plugin for Munin

May 19th, 2009

We are all geeks here, right? And geeks like to graph things!

I have had so much fun with the social mediums lately, so I decided to make a plugin for Munin to create graphs of my followers count and friends count!

Keeping track of this, and also be able to see if I lose followers when I post boring blog posts (like, if you are NOT a geek: this one sure is! :D). Anyways, I just wanted to share this with you – it should be interesting at least for the ones who promote themself on Twitter.

You can download this plugin for Munin here:
Check it out! You’re welcome!

Cisco Certification: Why, How and Where? DIY! It’s easy!

May 17th, 2009

There are a lot of questions regarding Cisco Certifications these days; some people are certified, some people have found their way to a class, and you? Still thinking only about it? It’s pretty easy to do something about it.

I am writing this because if you can’t afford the school, there is actually possible to get certified for something between $100 and $200 depending on where you are in the world.

If you *are* Cisco certified but have a friend who wants join that club, give them a tip about this article, it might just get them to do it!

Why should I get certified?
For one thing; if you are on the look for work it will be positive for anyone you would like to work with, that may be someone who wants to hire you or someone who wants you to do freelance work. A Cisco CCNA or CCNP certification is something you can use to show that you have at least enough basic training to be able to take of the (sometimes mind boggling) Cisco certification exams.

If you are applying for a technical job, a CCNA/CCNP will always be a little push further up the line of applicants who are not certified.

That said, a lot of employers requires CCNA or CCNP to apply for a job, just do a job search and you will see a bunch of job positions that would be available for applications that you may not be able to apply for today. Only because they require that level of certification which should be no problem for you to achieve!

And most of all, because if you’re a bit good at what you do; the test should be peanuts!

The title “Cisco Certified Network Associate” is achieved by completing the 640-802 CCNA exam OR by completingBOTH 640-822 ICND1 exam AND the 640-816 exam.

Practice Tests
There used to be some sites online where I used to do free practice exams before the actual exam to see how I was performing while studying for the Cisco certification. The ones I used have started to take money for their tests, and I cannot recommend any good sites for this right now. If you know of a place, please leave a comment and if it’s “worthy” (good) I will include it in the article and refer to you.

UPDATE: @FadeToBright recommended this site for taking practice tests and jdmurray recommends this forum for discussing Cisco certifications. Thanks!

For training material, I can recommend this book

CCNA Official Exam Certification Library (CCNA Exam 640-802) (Exam Certification Guide)

It covers everything you ever need to know, and also Cisco Press have nice quality books which are mostly written by CCIE (Cisco Certified Internetwork Expert) certified people.

Emulated Cisco Routers
There is a project called dynamips that actually emulates the cisco hardware and makes it possible to run IOS images on a PC. To get a feel of the configuration interface and set up simple scenarios it should prove perfect. You need an IOS image to run on it.

You should also have a look at dynagen, which is a GUI frontend for dynamips.

You can run quagga also to set up simple practice scenarios, if you do not run the zebra daemon quagga will not update your routing table and you can run it without thinking about it.

So with the books, the tools and the practice tests (that I was hoping will show up in comments) you should be on your way to the certification.

So when your scores are coming up to acceptable levels and you are starting to feel ready for the test, where should you go?

You can locate your nearest academy here, they should be able to do an examination. Or you can locate your nearest Person VUE test center, which are authorized to do cisco certification examinations.

Good luck!

Port Mirroring on Cisco – Monitoring the network

May 14th, 2009

“We just bought a new IPS/IDS, just put it between us and our transit provider!”. Sounds slick, huh? This request seems easy, but do you really know if it will function like expected and not jam all network traffic?

Try it out on a mirrored (SPAN) port first! With a SPAN you can get a copy of all traffic from/to a port output on a second port, without interacting with traffic. This can be very helpful if you want to test out some new equipment for Intrusion detection and/or prevention. Snort is an open source alternative for monitoring network traffic for obscurity and irregularities.

To configure a SPAN on 2940, 2950, 2955, 2960, 2970, 3550, 3560 and 3750 switches

Switch#conf t
Switch(config)#monitor session 1 source interface Fa0/18
Switch(config)#monitor session 1 destination interface Fa0/2

With the configuration above you will copy all traffic from FastEthernet 0/18 and output it to FastEthernet 0/2
The Cisco Catalyst 2950 is incapable to monitor vlans, but this is possible on for example the Cisco 3750.

To verify a SPAN session

Switch#sh monitor session 1
Session 1
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/18
Destination Ports: Fa0/2

I hope this maybe encourages you to test out some applications or equipment that you’ve been wanting to try but haven’t had the guts to!