Archive for May, 2009

Do You Love Books? I do!

Tuesday, May 26th, 2009

Just a short notice for you. I reviewed a book in my last post, but what about all the other books? I am not going to turn this blog into a book reviewing site, so instead I have another plan. Hear me!

There will be no more…
I love books, I love: reading books, writing about books and I love recommending books that actually managed to teach my boggled brain something. I would love telling everyone about everything I read, but that’s going to be alot. so..

The Book Store
There are so many books, and so little time and I would like to work on more exciting content for you.
So I have a plan! At the book store how you can still see which books swing best, whenever YOU want to instead having to get it in your RSS feed all the time!
So from now on, there will be fewer reviews and more configuration and fun content!

The new book listing
This inspired me to integrate a book store to this site, you can reach it here!

I will present all the books that are valuable for certification and learning purposes along with some hobby books in the book store. You know… instead of flooding the web with blog posts about books.

Sounds like a better idea?

Best book recommendation: MPLS Fundamentals

Saturday, May 23rd, 2009

Are you a network operator or are you interested in getting a professional Cisco certification like CCIP?

MPLS is on the rise and something that everyone must learn today. I didn’t want to be left behind with my ‘old fashion’ routing, so I decided to do a little reading.

I actually bought this book 6 months ago but never had the time to pick it up and read it, but I realize that I should have done that a few months earlier.

The mass of knowledge contained inside was at great value, nicely and explained from the history of tag switching until today. Someone have obviously spent a lot of time editing it. Thank you, it was definitively worth buying.

Heard the word MPLS?
A lot of people are discussing it, you’ve probably heard the buzz about MPLS. Do you want to know what all the secret speech is about or do you just want to expand your knowledge on the subject of MPLS?

My experience with the book
I’ve actually spent a month reading and labbing with this book now and it covers everything you need to know to keep your position as the clever guy in the office/class. I am overly satisfied with this book, so that’s why I am writing a recommendation. It was just great!

What’s in the book?
I find that the book is very well formatted, everything that is important lights up in your face so that you will notice it.
It is amusing that someone is finally killing the argument that MPLS is here because of CPU usage.
A better argument must be that you can basically carry any protocol that you would like over MPLS, this is a pretty cool effect that extends MPLS+IP a mile or five. Learn how to MPLS enable a network and apply traffic engineering on it.

The book is divided into two parts, the first part covers the history and the technical fundament. The second part covers a bit more configuration and troubleshooting. I am not done with the last couple of chapters, but what I have read so far got my back covered a long time and I will start to write some articles about MPLS soon because of what I have already learned.

So if you’re like me, into new technology this must be right up your alley.
MPLS is soon to become everywhere, you need to learn it!

Buy it on Amazon

MPLS Fundamentals (Paperback)
by Luc De Ghein (Author) on Amazon

Best book so far this year!

HOWTO: Gathering All The Information About An IP Address

Thursday, May 21st, 2009

Would you like to know more about that attacker or who the sucker that draws all your bandwidth is? You can!

The information is stored all around the internet, I will use one of the addresses that RIPE resolves to in this example.
I am using a linux system, but here is an online whois tool that you can use.

$ host has address has IPv6 address 2001:610:240:11::c100:1319

Now, it’s is not always like this because some of the addresses have records in ARIN (North American Region) and other registries around the world, but I will focus a bit on the RIPE database right now.

As we can see, resolves to, to figure out a bit more you can do a whois for that IP address.

$ whois
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘ –’

inetnum: –
netname: RIPE-NCC
descr: RIPE Network Coordination Centre
descr: Amsterdam, Netherlands
remarks: Used for RIPE NCC infrastructure.
country: NL
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: OPS4-RIPE
mnt-by: RIPE-NCC-MNT
mnt-lower: RIPE-NCC-MNT
source: RIPE # Filtered

role: RIPE NCC Operations
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: GL7321-RIPE
tech-c: JA47
tech-c: MENN1-RIPE
tech-c: EMIL-RIPE
tech-c: SSIE-RIPE
tech-c: RCO-RIPE
tech-c: APZ-RIPE
tech-c: CNAG-RIPE
tech-c: SMCA-RIPE
tech-c: BOH-RIPE
nic-hdl: OPS4-RIPE
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

… output omitted …

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

You can see from the whois output that this address is part of the address range – which has been delegated to RIPE NCC. It lives in the prefix which is supposedly announced by AS3333.

Check the Real World BGP
We can check if this is correct by using a looking glass, I found that AS6453 got an online looking glass.
Choose BGP and enter the IP address
Look for: BGP routing table entry for Right, it is announced as a /21 on the internet.

We can go further and perform an inverse query to check for other prefixes that AS3333 have registered to see if it’s part of a larger range.

This time I have to ask directly because the whois tool on linux automatically chooses the correct whois server for an object, and it does not understand which whois server it should send inverse queries to.

$ whois -h — -i origin AS3333
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: RIPE-NCC
descr: Specific range for nameserver operations.
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘’

descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

There we go is registered there as well, now this is actually part of a (seems like) special /18 which parts of is handed out to network operators. According to remarks, RIPE itself has taken for their own network. (And this is just a little of what information I gathered in three minutes.)

A whois of the AS Number:

$ whois AS3333
[… output omitted ….]
% Information related to ‘AS3333’

aut-num: AS3333
as-name: RIPE-NCC-AS
descr: RIPE Network Coordination Centre
[… output omitted …]

Usually you can find references to an org, to check a prefix just use the command whois PREFIX | grep ^org, or use egrep to also get type of address space; you will then often get a result like this:

$ whois | egrep \(^org\|^status\)
organisation: ORG-NCC1-RIPE
org-name: RIPE NCC
org-type: RIR

The org-name is the name of the organisation, the type can be for example:

  1. RIR – Regional Internet Registry (king of the hill [or continent])
  2. LIR – Local Internet Registry (basically an ISP)
  3. OTHER – Other type, for example users of PI address space

The status is the type of address space, it can be for example:

  1. ALLOCATED UNSPECIFIED – This is often legacy address space which was not handed out under current conditions.
  2. ALLOCATED PA – Provider Aggregatable, which is a larger address space handed out to LIRs for sub delegations.
  3. ALLOCATED PI – Provider Independent, handed out to smaller organisations (registered as OTHER) which are NOT members of the RIPE NCC (LIRs), this kind of address space makes it possible for a company to multihome and change providers without changing IP addresses. (Rather than getting assignments from a larger PA address space)

I guess you figured out that you can also whois the org name, ‘ORG-NCC1-RIPE’.

Let me know if I also should write a tutorial on how to update and perform changes to the RIPE whois database!

Cisco IP Phone Configuration with Asterisk

Wednesday, May 20th, 2009

Getting the Cisco IP Phone 7970 G to work together with the software PBX Asterisk was something I had my hands on a couple of years back. Here’s how you can get them talking together.

You need a couple of things to get this working:

  1. A functioning DHCP server
  2. A functioning TFTP server
  3. SIP Firmware from Cisco This is just a gzipped and tar’ed file.
  4. A functioning asterisk server
  5. A Cisco IP Phone

According to a recent installation, the TFTP server must contain the following files


The file you should pay the most attention to is the SEP<MACADDRESS>.cnf.XML file, this is the configuration file. The configuration file is in XML format. You can find a sample configuration here that should work.

<device xsi:type=”axl:XIPPhone” ctiid=”203849429″ uuid=”{96f8508b-10ef-f98c-d20d-0471777ec725}”>
<devicePool uuid=”{a755aa55-089c-2b47-9603-c7d51b9ca4b5}”>
<dateTimeSetting uuid=”{9ec4850a-7748-11d3-bdf0-00108302ead1}”>
<timeZone>Greenwich Standard Time</timeZone>
<member priority=”0″>
<description>CallManager 5.0 Beta Pub –</description>
<srstInfo uuid=”{cd241e11-4a58-4d3d-9661-f06c912a18a3}”>
<sipIpAddr1>IP ADDRESS TO SIP SERVER</sipIpAddr1>
<line button=”1″>
<line button=”3″>

On the Asterisk server, you will have a file named sip.conf and to have the Cisco IP Phone talking to Asterisk you need this


That should be it, good luck!

Download: Twitter API Social Graph Plugin for Munin

Tuesday, May 19th, 2009

We are all geeks here, right? And geeks like to graph things!

I have had so much fun with the social mediums lately, so I decided to make a plugin for Munin to create graphs of my followers count and friends count!

Keeping track of this, and also be able to see if I lose followers when I post boring blog posts (like, if you are NOT a geek: this one sure is! :D). Anyways, I just wanted to share this with you – it should be interesting at least for the ones who promote themself on Twitter.

You can download this plugin for Munin here:
Check it out! You’re welcome!

Cisco Certification: Why, How and Where? DIY! It’s easy!

Sunday, May 17th, 2009

There are a lot of questions regarding Cisco Certifications these days; some people are certified, some people have found their way to a class, and you? Still thinking only about it? It’s pretty easy to do something about it.

I am writing this because if you can’t afford the school, there is actually possible to get certified for something between $100 and $200 depending on where you are in the world.

If you *are* Cisco certified but have a friend who wants join that club, give them a tip about this article, it might just get them to do it!

Why should I get certified?
For one thing; if you are on the look for work it will be positive for anyone you would like to work with, that may be someone who wants to hire you or someone who wants you to do freelance work. A Cisco CCNA or CCNP certification is something you can use to show that you have at least enough basic training to be able to take of the (sometimes mind boggling) Cisco certification exams.

If you are applying for a technical job, a CCNA/CCNP will always be a little push further up the line of applicants who are not certified.

That said, a lot of employers requires CCNA or CCNP to apply for a job, just do a job search and you will see a bunch of job positions that would be available for applications that you may not be able to apply for today. Only because they require that level of certification which should be no problem for you to achieve!

And most of all, because if you’re a bit good at what you do; the test should be peanuts!

The title “Cisco Certified Network Associate” is achieved by completing the 640-802 CCNA exam OR by completingBOTH 640-822 ICND1 exam AND the 640-816 exam.

Practice Tests
There used to be some sites online where I used to do free practice exams before the actual exam to see how I was performing while studying for the Cisco certification. The ones I used have started to take money for their tests, and I cannot recommend any good sites for this right now. If you know of a place, please leave a comment and if it’s “worthy” (good) I will include it in the article and refer to you.

UPDATE: @FadeToBright recommended this site for taking practice tests and jdmurray recommends this forum for discussing Cisco certifications. Thanks!

For training material, I can recommend this book

CCNA Official Exam Certification Library (CCNA Exam 640-802) (Exam Certification Guide)

It covers everything you ever need to know, and also Cisco Press have nice quality books which are mostly written by CCIE (Cisco Certified Internetwork Expert) certified people.

Emulated Cisco Routers
There is a project called dynamips that actually emulates the cisco hardware and makes it possible to run IOS images on a PC. To get a feel of the configuration interface and set up simple scenarios it should prove perfect. You need an IOS image to run on it.

You should also have a look at dynagen, which is a GUI frontend for dynamips.

You can run quagga also to set up simple practice scenarios, if you do not run the zebra daemon quagga will not update your routing table and you can run it without thinking about it.

So with the books, the tools and the practice tests (that I was hoping will show up in comments) you should be on your way to the certification.

So when your scores are coming up to acceptable levels and you are starting to feel ready for the test, where should you go?

You can locate your nearest academy here, they should be able to do an examination. Or you can locate your nearest Person VUE test center, which are authorized to do cisco certification examinations.

Good luck!

Port Mirroring on Cisco – Monitoring the network

Thursday, May 14th, 2009

“We just bought a new IPS/IDS, just put it between us and our transit provider!”. Sounds slick, huh? This request seems easy, but do you really know if it will function like expected and not jam all network traffic?

Try it out on a mirrored (SPAN) port first! With a SPAN you can get a copy of all traffic from/to a port output on a second port, without interacting with traffic. This can be very helpful if you want to test out some new equipment for Intrusion detection and/or prevention. Snort is an open source alternative for monitoring network traffic for obscurity and irregularities.

To configure a SPAN on 2940, 2950, 2955, 2960, 2970, 3550, 3560 and 3750 switches

Switch#conf t
Switch(config)#monitor session 1 source interface Fa0/18
Switch(config)#monitor session 1 destination interface Fa0/2

With the configuration above you will copy all traffic from FastEthernet 0/18 and output it to FastEthernet 0/2
The Cisco Catalyst 2950 is incapable to monitor vlans, but this is possible on for example the Cisco 3750.

To verify a SPAN session

Switch#sh monitor session 1
Session 1
Source Ports:
RX Only: None
TX Only: None
Both: Fa0/18
Destination Ports: Fa0/2

I hope this maybe encourages you to test out some applications or equipment that you’ve been wanting to try but haven’t had the guts to!

Twittering but Which Networking Communities exist?

Tuesday, May 12th, 2009

Yes, this time I am asking you a question, so why don’t you just leave me a comment?

Fewer posts lately
First off, I would like to explain my lack of posts. I have had less creative input lately, so I can’t actually find anything interesting enough to write about to make it fun – and that’s a big part of maintaining this blog; having fun!
I’ve had some valuable input on my attempts to create a Web 2.0 IP Calculator, and I’ve had critics .. the bad, the good.

You inspire me!
I must say that the thing that inspire me the most to work is to see something I’ve created being used and from seeing Google searches hit this blog with articles directly related to the ‘googled’ issue, it gives me a good feeling inside.

Lately, I’ve fell for the Twitter hype and you can find my tweets over at, it would be fun to follow my readers on Twitter – so if you have a user there follow me!

Website statistics and the future
Anyhow, the good critics have been more visible to me than the bad ones – so I will continue this little blog experiment of mine. I can see on the traffic stats that I now have about 200 unique users every week day, except for weekends when the unique visitors drops to from 80 to 150, but there seems to be a lower bounce rate (People are reading articles about work on Sundays, preparing for Mondays?) But the traffic seems to be growing with the content, and that hopefully means that someone finds it useful!

But BACK TO THE QUESTION: Which Networking Communities exists?
I have found small forums, but where have you found study partners or other interesting networking people?
I was a member of for a while, but the amount of mails where a bit overwhelming and my email client had issues with threading the mails – so I had to unregister. Maybe I will give it a second try!

Other mailing lists that I find interesting are:

Well, if you know of a good resource (a forum, website, anything!) shout it out in the comment box.

My next post will be more technical, I promise!

Manipulate Routed Traffic With A Route-map

Wednesday, May 6th, 2009

Sometimes.. when everything is failing, you’ll need to do some dirty hacks to get things the way you want. I’m going to show you how to modify the next-hop (where the packet is routed) with a route-map

Let’s say you want to redirect web-traffic to a local cache running for example squid, but let other traffic pass on to its intended destination. As usual I have created an imaginary scenario, but this time I have used my creative skills (yeah, right!) to draw a little network map in dia also.


The idea is to let all TCP port 80 traffic from all the clients to be sent to the web cache server on
To achieve this, we need to create an access-list to match web traffic from the clients.

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip access-list extended webtraffic
Router(config-ext-nacl)#deny tcp host any eq www
Router(config-ext-nacl)#permit tcp any eq www

To verify that this access-list now exists, run this command

Router#sh ip access-list webtraffic
Extended IP access list webtraffic
10 deny tcp host any eq www
20 permit tcp any eq www

As you can see, I have a deny on, this is because we can’t match traffic coming from the web caching server and redirect it to itself, that would create a loop.

The next thing we need to do is to create a route-map which uses the webtraffic access-list to match packets and do the intended modifications to it.

Router(config)#route-map webcache-redirect permit 10
Router(config-route-map)#match ip address webtraffic
Router(config-route-map)#set ip next-hop
Router(config-route-map)#route-map webcache-redirect permit 200

You can now verify this route-map by doing this

Router#sh route-map webcache-redirect
route-map webcache-redirect, permit, sequence 10
Match clauses:
ip address (access-lists): webtraffic
Set clauses:
ip next-hop
Policy routing matches: 0 packets, 0 bytes
route-map webcache-redirect, permit, sequence 200
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes

The last thing that needs to be done for this to have effect is to apply policy routing on the interface on which you receive the traffic from the clients (the interface which acts as a gateway for the clients, in this case the one with the IP address

Router(config)#int vlan 1
Router(config-if)#ip policy route-map webtraffic-redirect

You can now use the sh route-map command again to see that your webtraffic now is being policy-routed.

Read about how to setup a squid as a transparent proxy here.

UPDATE: Eirik Hjelle poked me and told me that the squid tutorial that I am refering to is outdated, and it sure is!
The basics of the squid.conf should be (was not going to cover it here, since it’s a cisco blog, but since Eirik was a nice fellow and just gave me a paste of the required I’ll include it:

http_port 3128 transparent
acl internal_network src
http_access allow internal_network

The traffic will still be directed to port 80 so it might be needed to change the http_port to

http_port transparent