Archive for February, 2009

I Tried to Make a Fancy IP Calculator

Friday, February 27th, 2009

Heyhey, I have been playing around with Ajax and Javascript and I made a more fancy IP Calculator.

I have one available on this site (in the menu to the right, use it in case you don’t have javascript enabled).
If you want to try out my fancy version just go to

I haven’t had the chance to try the design in Internet Explorer, so if anyone can email me a screenshot or something it would be just awesome! (It is probably totally broken, because I am not a designer.)

Well, that’s that, enjoy it!

Using Tcpdump in Linux to Analyze Network Traffic

Wednesday, February 25th, 2009

Have you ever needed to see traffic in front of your eyes? There exists a tool in linux to do this. You can see it all, even .. passwords.

I will just give you the commands to see different types of traffic, use it for what you want.
You will not see network traffic going between other devices on the network, only to your workstation – assuming you are on a switched network, on a WLAN things are different.
If you want to monitor a network port, you can use a ‘mirror port’ in Cisco, configuration is as follows:

monitor session 1 source interface fastethernet 0/1
monitor session 1 destination interface fastethernet 0/2 encap ingress vlan 1

This will mirror all network traffic on FastEthernet 0/1 to FastEthernet 0/2.
There also exists methods for injecting ARP to a switched network to make network devices believe you are the gateway, so that you can inspect the packets before passing them on to the gateway.

Tcpdump commands
So back to tcpdump, to look at for example web traffic
Always remember that if you want to see the traffic as ASCII, just apply the argument ‘-A’ to tcpdump

I am assuming you are using eth0, -n turns off DNS.

tcpdump -i eth0 -n port 80

Now a little more fancy, using egrep – this will show all your web requests in real time!

tcpdump -i eth0 -A -n port 80 | egrep -i \(GET.\/\|POST.\/\|Host:\)

Did you know you can tcpdump for a subnet by just excluding the last octet?

tcpdump -i eth0 -n port 80 and host 10.0.5

You can see I used ‘and’ here to specify more filter, you can also use or
For example port 80 or port 81

If you forgot your pop3 password, but have it stored in the client

tcpdump -i eth0 -n port 110 -A | egrep -i \(user\|pass\)

This also applies to passwords for the web, I have used this a lot instead of the ‘forgot password’ mechanism.

If I forgot to mention anything, please let me know.

Configuring errdisable behaviour

Thursday, February 19th, 2009

When was the first time you learned that errdisable exists? Here is a short introduction!

I learned this the hard way, I had a network setup in a lab when I had a port shutdown and never come up again… You can say I am glad I learned about it before that happened in the field, but do you know what it is and how you can configure it?

What is errdisable?
Errdisable is a mechanism in Cisco equipment that will for example shutdown or suspend network ports where traffic is looping, ports with unidirectional traffic and various other causes.  This renders the port useless and no traffic is passed over it, the LED on the switch or router turns orange.

To determine if a port is in errdisable state you can issue the command:

Switch#sh int gigabitEthernet 1/0/25 status
Port Name Status Vlan Duplex Speed Type
Gi1/0/25 mynetwork err-disabled 1 auto auto 1000BaseSX SFP

Additionally to see all errdisabled interfaces that will be enabled you can use

Switch# show errdisable recovery

This command will show all errdisable causes with enabled recovery and all interfaces that will be enabled on the next timeout.

To configure errdisable recovery, you will use exactly that command

Switch#conf t
Switch(config)#errdisable recovery cause bpduguard

That command will enable recovery for the bpduguard (STP loop) cause.

errdisable recovery timer

Switch(config)#errdisable recovery interval 30

This will set a 30 second interval between timeouts, for every timeout cycle – all interfaces which are shutdown because of errdisable will be re-enabled.

If the reason for the errdisable status persists, the interface will then be shutdown and set to status errdisable again. If you set the timeout too low, you may use a lot of CPU because the interface will effectively be flapping.