Archive for the ‘Blog’ Category

What happens when you die?

Friday, June 28th, 2013

I guess you didn’t expect a post from me again, well I broke the 4 year silence.. 4 years, imagine! (Well, almost.)

So what happens when you die?
This is not really a post about what happens when you die, I have a hard time believing in spirits and the like, but it’s incredible to come back to this website several years later and find out that it still retains quite a lot of traffic. Hopefully it means I made an impact somehow, I am not sure about how though.

Are you back for good?
I don’t know, I will try to post some items every now and then when I find something interesting. I must admit that a lot of things have happened in my life since I last posted here in 2009. I am not sure which of these are most notable; but first of all I quit my old job as CTO of a small ISP to come work with some incredible people at a major browser company, I am currently working there as a Network Administrator, maintaining data center network installations all over Europe and the US – it is exciting, I get to play with the bleeding edge of network equipment. I’ve attended Juniper Networks training sessions, Cisco training sessions, etc. And I sometimes get to attend major technical events, which is positive for increasing the knowledge for both me and the company I am working for.

I am not as vendor centric as I used to be, I must admit there are other vendors than my fetished one out there, and they are doing some really cool stuff. Just look at Juniper QFX. It looks great.

I became a father
So, late 2011, I finally saw my firstborn son for the first time. It’s also a major life event and incredible to see him grow up. I have a tendency to prioritize playing with all his cars and toys instead of networking lab work these days, so I honestly don’t know how much time I will have to post articles here between traveling and parenting. (Yeah, also I moved far away and I am commuting to the HQ which is a 1h50m flight every now and then, plus the events and things I have to attend.)

I will try my best to post interesting things and features here, some of you old readers might even be here still?

Thanks everyone.

Less Frequent Posting, Here’s Why

Wednesday, September 2nd, 2009

It’s no secret that it keeps me motivated to see that my blog picks up traffic and see the Google Adsense earnings grow, not that it’s a full compensation for the time spent writing the articles. Not that it matters, I’ve been writing haven’t I?

As my blog was starting to get views on the first search engine result page for some keywords, the leechers also started showing their face. After blogging for a year, I have gathered enough experience to say that these people – these theifs – mostly originates from Asia or the Middle-East. That’s two our of three regions of the world that I am reluctant to visit due to f***** up laws. So it kind of figures.

The PROBLEM now is that; While serving up Google Adwords advertisers with ad space on a visited domain, some individuals are now creating new blogs on the popular blogging services blogger.com and blogspot.com, just copying off my articles and content and smack some Google Ads on top of that.
After a while, I am now competing with myself on the SERP’s – it’s pretty hard, while if the latter me wins – I won’t get paid. It’s just so unfair, that the principle of it all really bugs me to post any new content.

I should also note that mostly while contacting people for copyright infringement you just get laughed in the face for your hard work that someone now obviously have the equal right to use and make money off. I am afraid that if I post enough content, someone will publish a book from it….

On the last note; I’ve tried to contact Google several times per email, both to blogger and blogspot and also phone – any attempt to contact them has failed. There is an option to file a DMCA take down notice, but that is a legal document – it should not be a problem.

Google can see WHEN the original article was written based on WHEN the page started to rank/show in the Google index, and also WHEN the same article has been posted (months later) on their own blogging platforms. It is OBVIOUS fraud/infringement.

Thanks.
– Espen

HOWTO: Gathering All The Information About An IP Address

Thursday, May 21st, 2009

Would you like to know more about that attacker or who the sucker that draws all your bandwidth is? You can!

The information is stored all around the internet, I will use one of the addresses that RIPE resolves to in this example.
I am using a linux system, but here is an online whois tool that you can use.

$ host ripe.net
ripe.net has address 193.0.19.25
ripe.net has IPv6 address 2001:610:240:11::c100:1319

Now, it’s is not always like this because some of the addresses have records in ARIN (North American Region) and other registries around the world, but I will focus a bit on the RIPE database right now.

As we can see, ripe.net resolves to 193.0.19.25, to figure out a bit more you can do a whois for that IP address.

$ whois 193.0.19.25
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘193.0.18.0 – 193.0.21.255’

inetnum: 193.0.18.0 – 193.0.21.255
netname: RIPE-NCC
descr: RIPE Network Coordination Centre
descr: Amsterdam, Netherlands
remarks: Used for RIPE NCC infrastructure.
country: NL
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: OPS4-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-MNT
mnt-lower: RIPE-NCC-MNT
source: RIPE # Filtered

role: RIPE NCC Operations
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: X@ripe.net
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: GL7321-RIPE
tech-c: JA47
tech-c: MENN1-RIPE
tech-c: EMIL-RIPE
tech-c: SSIE-RIPE
tech-c: RCO-RIPE
tech-c: APZ-RIPE
tech-c: CNAG-RIPE
tech-c: SMCA-RIPE
tech-c: BOH-RIPE
nic-hdl: OPS4-RIPE
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

… output omitted …

% Information related to ‘193.0.18.0/23AS3333’

route: 193.0.18.0/23
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

You can see from the whois output that this address is part of the address range 193.0.18.0 – 193.0.21.255 which has been delegated to RIPE NCC. It lives in the prefix 193.0.18.0/23 which is supposedly announced by AS3333.

Check the Real World BGP
We can check if this is correct by using a looking glass, I found that AS6453 got an online looking glass.
Choose BGP and enter the IP address 193.0.19.25.
Look for: BGP routing table entry for 193.0.0.0/21. Right, it is announced as a /21 on the internet.

We can go further and perform an inverse query to check for other prefixes that AS3333 have registered to see if it’s part of a larger range.

This time I have to ask whois.ripe.net directly because the whois tool on linux automatically chooses the correct whois server for an object, and it does not understand which whois server it should send inverse queries to.

$ whois -h whois.ripe.net — -i origin AS3333
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘193.0.0.0/21AS3333’

route: 193.0.0.0/21
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘193.0.12.0/23AS3333’

route: 193.0.12.0/23
descr: RIPE-NCC
descr: Specific range for nameserver operations.
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘193.0.18.0/23AS3333’

route: 193.0.18.0/23
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘193.0.20.0/23AS3333’

route: 193.0.20.0/23
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

There we go 193.0.0.0/21 is registered there as well, now this is actually part of a (seems like) special /18 which parts of is handed out to network operators. According to remarks, RIPE itself has taken 193.0.0.0/19 for their own network. (And this is just a little of what information I gathered in three minutes.)

A whois of the AS Number:

$ whois AS3333
[… output omitted ….]
% Information related to ‘AS3333’

aut-num: AS3333
as-name: RIPE-NCC-AS
descr: RIPE Network Coordination Centre
[… output omitted …]

Usually you can find references to an org, to check a prefix just use the command whois PREFIX | grep ^org, or use egrep to also get type of address space; you will then often get a result like this:

$ whois 193.0.0.0/18 | egrep \(^org\|^status\)
org: ORG-NCC1-RIPE
status: ALLOCATED UNSPECIFIED
organisation: ORG-NCC1-RIPE
org-name: RIPE NCC
org-type: RIR

The org-name is the name of the organisation, the type can be for example:

  1. RIR – Regional Internet Registry (king of the hill [or continent])
  2. LIR – Local Internet Registry (basically an ISP)
  3. OTHER – Other type, for example users of PI address space

The status is the type of address space, it can be for example:

  1. ALLOCATED UNSPECIFIED – This is often legacy address space which was not handed out under current conditions.
  2. ALLOCATED PA – Provider Aggregatable, which is a larger address space handed out to LIRs for sub delegations.
  3. ALLOCATED PI – Provider Independent, handed out to smaller organisations (registered as OTHER) which are NOT members of the RIPE NCC (LIRs), this kind of address space makes it possible for a company to multihome and change providers without changing IP addresses. (Rather than getting assignments from a larger PA address space)

I guess you figured out that you can also whois the org name, ‘ORG-NCC1-RIPE’.

Let me know if I also should write a tutorial on how to update and perform changes to the RIPE whois database!

Twittering but Which Networking Communities exist?

Tuesday, May 12th, 2009

Yes, this time I am asking you a question, so why don’t you just leave me a comment?

Fewer posts lately
First off, I would like to explain my lack of posts. I have had less creative input lately, so I can’t actually find anything interesting enough to write about to make it fun – and that’s a big part of maintaining this blog; having fun!
I’ve had some valuable input on my attempts to create a Web 2.0 IP Calculator, and I’ve had critics .. the bad, the good.

You inspire me!
I must say that the thing that inspire me the most to work is to see something I’ve created being used and from seeing Google searches hit this blog with articles directly related to the ‘googled’ issue, it gives me a good feeling inside.

Twitter
Lately, I’ve fell for the Twitter hype and you can find my tweets over at http://twitter.com/holmie, it would be fun to follow my readers on Twitter – so if you have a user there follow me!

Website statistics and the future
Anyhow, the good critics have been more visible to me than the bad ones – so I will continue this little blog experiment of mine. I can see on the traffic stats that I now have about 200 unique users every week day, except for weekends when the unique visitors drops to from 80 to 150, but there seems to be a lower bounce rate (People are reading articles about work on Sundays, preparing for Mondays?) But the traffic seems to be growing with the content, and that hopefully means that someone finds it useful!

But BACK TO THE QUESTION: Which Networking Communities exists?
I have found small forums, but where have you found study partners or other interesting networking people?
I was a member of groupstudy.com for a while, but the amount of mails where a bit overwhelming and my email client had issues with threading the mails – so I had to unregister. Maybe I will give it a second try!

Other mailing lists that I find interesting are:
cisco-nsp
extreme-nsp
foundry-nsp

Well, if you know of a good resource (a forum, website, anything!) shout it out in the comment box.

My next post will be more technical, I promise!

8 Great Resources that Every Computer Technician Should Know About

Tuesday, March 3rd, 2009

This post is a must read for computer technicians, and the resources can be used by both amateurs and professionals. I hereby share some of my clues for knowledge!

  1. The MAC address vendor search lets you identify the vendor for a MAC address, it is very helpful when troubleshooting ARP tables. Just insert the MAC address such as 00-00-01, you will see that it is identified as XEROX.
  2. Ever been on the lookout for a BGP looking glass? Wonder what your network look like on the Internet? Need to traceroute yourself? Thomas Kernen maintains traceroute.org, which is a public looking glass listing service. Alternatively you can use routeviews.org which also provides an excellent service!
  3. Need Cisco documentation? Ciscos own site can be a very good source for information, at least when you learn to find your way around. You can find an article about mostly every technology in a Cisco box on their website!
  4. Need something that can calculate your subnets on the fly? I have an Online IPv4 and IPv6 IP Calculator, and I also made an AJAX version of it which is available on ipv6calculator.net, it can be faster to use in some situations.
  5. The RIRs (Regional Internet Registry) can give you information about IP addresses, you can find out mostly anything you would like to know about the EU IP address space from querying for example RIPEs Whois Database.
    Here is a list of the RIRs and their respective Whois Database

    • RIPE Serves the EU Region
    • ARIN Serves the US Region
    • LACNIC Serves Latin America and the Carribean
    • AfriNIC serves the African Region
    • APNIC serves the Asian Region
    • If you just want to query one time, here is a free whois proxy
  6. To monitor your BGP announced prefix from the outside you can use the service BGPmon, which will monitor your prefixes and alert you in case of path changes.
  7. Dynamips is a Cisco emulator, it successfully emulates Cisco 7200, 3600 (3620, 3640 and 3660), 2691, 3725, 3745 and the 2600 platform. You can for example use it for testing network scenarios before deploying it!
  8. New software! Fresh meat! Check out freshmeat.net, this has been around forever now. New versions of open software projects are announced there, and it is also a browsable site for Open Software.

Now it is time for you to do your homework, let me know which sites you find useful or funny in your work or sites that you use on a daily basis, GO COMMENT!

I Tried to Make a Fancy IP Calculator

Friday, February 27th, 2009

Heyhey, I have been playing around with Ajax and Javascript and I made a more fancy IP Calculator.

I have one available on this site (in the menu to the right, use it in case you don’t have javascript enabled).
If you want to try out my fancy version just go to ipv6calculator.net.

I haven’t had the chance to try the design in Internet Explorer, so if anyone can email me a screenshot or something it would be just awesome! (It is probably totally broken, because I am not a designer.)

Well, that’s that, enjoy it!

Usefull and Free Network Management and Monitoring Software Part 2

Thursday, October 23rd, 2008

I wrote about usefull and free network management and monitoring software a couple of posts earlier and wanted to follow up with just a couple of tips I got. I have included a some windows tools here, the last post was mostly about linux tools.

Here are 6 more free network management/monitoring utilities!

  1. PRTG is a network graphing suite for windows, the free version includes 10 ‘sensors’ (snmp data points).
  2. TFTPD32 is a free TFTP server for Windows.
  3. Solarwinds TFTP Server is a free TFTP server for Windows from Solarwinds, it is also widely used.
  4. Nmap is a port scanner, it works for both linux and Windows. This one is really good.
  5. Wireshark is a network sniffer/monitorer, it can be usefull for analysing traffic.
  6. netcat/netcat6 (ubuntu package names) is a nice utility if you just want to open a port, connect to a port, etc. You can even send data with it, it is described as the “TCP/IP swiss army knife”.

Hope this is usefull to some of you!