• Home Page
• Computer Blog
• Chess Blog
• Exercise & Diet Blog
• Theology Blog
• Islamic Terrorism Blog
• Contact Us

John McCool chosen as Jayshree Ullal’s replacement to lead Cisco’s Data Center Switching and Services Group (DSSG)

John McCool was chosen to succeed Jayshree Ullal as the leader of the DSSG yesterday. John comes with a rich development background on both the 4500 and 6500 series platforms, as well participating in internet standards bodies.

Please join me in welcoming John McCool to his new position as the leader of (in my opinion) Cisco’s most strategic business units.

Post from: Colin McNamara - CCIE 18233 , RHCE, CCVP, GIAC-GCIH, GEEK

John McCool chosen as Jayshree Ullal’s replacement to lead Cisco’s Data Center Switching and Services Group (DSSG)

Should Twitter replace Q&A?

More twitter talk... Jimmy Ray and I were brainstorming how we might be able to use Twitter when a show is streaming live to get a more animated (and transparent) conversation going about the topics on a given show. For every live show, we feature a Q&A with experts that is chat based via the on24 interface. We capture that Q&A and make it available to access if you are watching the replay. Why should some of that conversation stop? Could we not make it more valuable and long lasting if we moved it to Twitter? Couple of angles to consider with this:

1. Not everyone has twitter. (This once again highlights the viral networking nature of an app like this...’please join so we can add value to each other...’)
2. Twitters are limited to 140 characters. (pro and con - be concise with your question - we will have to be concise with our replies.
3. On the pro side - the conversation is viewable by all. More than just a designated group can get in on the conversation. Expands the value I believe.

I don’t quite have it straight in my head on how to do this - I think we will just start trying it over the next few shows. You can follow both me and Jimmy Ray on twitter. We have also created a TechWiseTV twitter account to follow for use during the shows.

I wonder hashtags might give us more creative options? Still a very emerging capability... so I don’t place this high on the urgent list... more about hashtag’s here:

From the about page on the Twitter Fan Wiki:

Hashtags are a community-driven convention for adding additional context and metadata to your tweets. They're like tags on Flickr, only added inline to your post. You create a hashtag simply by prefixing a word with a hash symbol: #hashtag.

Hashtags were developed as a means to create "groupings" on Twitter, without having to change the basic service. The hash symbol is a convention borrowed primarily from IRC channels, and later from Jaiku's channels.

To Catch a (Hacking) Intruder

Don’t miss another great article by Jimmy Ray posted on bMighty.com: To Catch a (Hacking) Intruder. This one covers some great technical (but easy to understand) detail on 4 things you need to do if you think or know you have been hacked.

1. (If you know you have been hacked) - Preserve the crime scene! How to do it without disturbing evidence and when to contact law enforcement.
2. Using Netstat to understand all the outside connections your machine is making.
3. Using the Registry to see what programs are starting up each time you start your machine. (Your start up menu is not your friend here... fun to see what matches up and what doesn’t.
4. Understanding the use of ADS or Alternate Data Streams (we covered this on Episode 27: Invisible Attackers). This would be the only tip JR gives that involves the use of some third party tools. He suggests a few to try.

This is a great article and is entertaining as well as informative. Another nod to the greatness that is Jimmy Ray and of course proof once again I get to work with the smartest people at Cisco. I only have two complaints:
1. I wish JR’s articles on bMighty did a better job of linking back to our official video site at Cisco so people could find more content with and by Jimmy Ray (www.cisco.com/go/interact)
2. This was a very windows centric article. No mention of how to do this with a Mac. Now Jimmy Ray is as comfortable with his Mac as he is with anything else... but he is playing to the larger crowd it looks like. Perhaps he will follow up with a blog entry here on advice for Mac users to do some of the same things he referenced in this article!?

Great Stuff Once Again my Redneck Friend!

Robb

Thanks and farewell to Jayshree Ullal

Jayshree Ullal anounced today that she will be leaving her post as Senior Vice President in charge of Data Center, Switching, and Security groups. Jayshree has earned a reputation inside and outside of Cisco as a person who could take charge and get things done. First coming to Cisco as an engineer with the crescendo acquisition, she has directed some of Cisco’s most successful units culminating with the realization of the DC 3.0 vision.

Please join me in thanking Jayshree for all the positive contributions she has given to Cisco and the industry, and wishing her the best in her future endeavors.

Post from: Colin McNamara - CCIE 18233 , RHCE, CCVP, GIAC-GCIH, GEEK

Thanks and farewell to Jayshree Ullal

Fun with the Fortune 500

While Cisco is one of the big kahunas of networking and continues to roll as seen in its Q3 financial results released this week , it's easy to forget that Cisco isn't quite so big when you compare it to other companies of all types.

Read more

Daddy’s Rules for Dating

Jimmy Ray has a daughter that is dating age.... I have one that I am trying to keep from getting even close thinking about dating... Sorry this post has nothing to do with show or with networking but I found every bit of advice within these posts to be right on the mark!

Daddy’s Rules for Dating

Rule One:
If you pull into my driveway and honk you'd better be delivering a package, because you're sure not picking anything up.

Rule Two:
You do not touch my daughter in front of me. You may glance at her, so long as you do not peer at anything below her neck. If you cannot keep your eyes or hands off of my daughter's body, I will remove them.

Rule Three:
I am aware that it is considered fashionable for boys of your age to wear their trousers so loosely that they appear to be falling off their hips. Please don't take this as an insult, but you and all of your friends are complete idiots. Still, I want to be fair and open minded about this issue, so I propose this compromise: You may come to the door with your underwear showing and your pants ten sizes too big, and I will not object. However, in order to ensure that your clothes do no, in fact come off during the course of your date with my daughter, I will take my electric nail gun and fasten your trousers securely in place to your waist.

Rule Four:
I'm sure you've been told that in today's world, sex without utilizing a "Barrier method" of some kind can kill you. Let me elaborate, when it comes to sex, I am the barrier, and I will kill you.

Rule Five:
It is usually understood that in order for us to get to know each other, we should talk about sports, politics, and other issues of the day. Please do not do this. The only information I require from you is an indication of when you expect to have my daughter safely back at my house, and the only word I need from you on this subject is: "early."

Rule Six:
I have no doubt you are a popular fellow, with many opportunities to date other girls. This is fine with me as long as it is okay with my daughter. Otherwise, once you have gone out with my little girl, you will continue to date no one but her until she is finished with you. If you make her cry, I will make you cry.

Rule Seven:
As you stand in my front hallway, waiting for my daughter to appear, and more than an hour goes by, do not sigh and fidget. If you want to be on time for the movie, you should not be dating. My daughter is putting on her makeup, a process than can take longer than painting the Golden Gate Bridge. Instead of just standing there, why don't you do something useful, like changing the oil in my car?

Rule Eight:
The following places are not appropriate for a date with my daughter: Places where there are beds, sofas, or anything softer than a wooden stool. Places where there is darkness. Places where there is dancing, holding hands, or happiness. Places where the ambient temperature is warm enough to induce my daughter to wear shorts, tank tops, midriff T-shirts, or anything other than overalls, a sweater, and a goose down parka - zipped up to her throat. Movies with a strong romantic or sexual theme are to be avoided; movies which features chain saws are okay. Hockey games are okay. Old folks homes are better.

Rule Nine:
Do not lie to me. I may appear to be a potbellied, balding, middle-aged, dimwitted has-been. But on issues relating to my daughter, I am the all-knowing, merciless god of your universe. If I ask you where you are going and with whom, you have one chance to tell me the truth, the whole truth and nothing but the truth. I have a shotgun, a shovel, and five acres behind the house. Do not trifle with me.

Rule Ten:
Be afraid. Be very afraid. It takes very little for me to mistake the sound of your car in the driveway for a chopper coming in over a rice paddy near Hanoi. When my Agent Orange starts acting up, the voices in my head frequently tell me to clean the guns as I wait for you to bring my daughter home. As soon as you pull into the driveway you should exit the car with both hands in plain sight. Speak the perimeter password, announce in a clear voice that you have brought my daughter home safely and early, then return to your car - there is no need for you to come inside. The camouflaged face at the window is mine.

If you get this far - don’t forget to fill out the application:
Application for Permission to Date My Daughter

25 Things I Hate About Your Network

I just love this title. I think it grabs you...
25 Things I Hate About Your Network

Stump the Geek

Our target audience is networking geeks.  The daunting thing for me is that this is generally a group of really smart people. So as I think about this - what might be the value or interest in creating a game? (read: application) that would allow our target audience to compete with each other for escalating recognition and/or prizes?  I have fond memories of ‘stump the geek’ challenges within a live audience whenever a geeky customer felt the need to challenge my engineer. Jimmy Ray in fact welcomed that and made ‘Stump Jimmy Ray’ a regular part of his presentations.  So could we not bring that to our audience building efforts for TechWiseTV?  Couple of articles got me thinking about this: 1. “2 Big Reasons Why Apps Monetize Better Than Social Networks” a blog entry by Justin who covers the blog ‘Inside Facebook’ as well as an interview he did for a company called ‘Context Optional.’  These guys apparently help build Facebook apps.   So my first confession should be obvious at this point - this is a Facebook oriented set of questions here.  Why could we not replicate the spirit of ‘Stump the Geek’ in an online application designed to build up our ‘community’of interactive fans?  (an active community of interactive fans is actually my biggest dream for this show). 

As I think this out. Here are a few things that I think are needed to work this out:

1. The Basics:  Escalating complexity on questions around Cisco Network Trivia is an obvious first step. 
2. Competition among Peers:  To create a ‘viral loop’ type effect I think we need to make this a ranking type of thing. “Who is the uber geek?” “Challenge your friends...”  Seems like it would only help us if network geeks were encouraging their peers to join facebook, become fans of our app and challenge each other to the ultimate geek supremacy. 
3. Tie it to TechWise Shows: I would think that this needs to be done with some amount of balance... but I love the idea of people perhaps opting in to answering trivia questions about what we covered on a certain show.  Escalating prizes and stack rankings once again could drive a more interactive audience.
4. Keep it Fresh.  Whatever we do it needs to change often.  This is a smart group of people and we all get whipped by the same ol same ol too often...

What do you think?   Do these ideas suck or do you think they have legs?

Robb

Pump and dump or slow economy?

Mitchell Ashley weighs in on Brad Reese's stunning blog post about Cisco's 3Q financials. Ashley says that Cisco's razor thin margins may be the culprit. Very interesting! Ashley writes:

Read more

Be careful with your image!

This is a non-doctored picture taken from
an Avaya Services brief.  I don't know the real story here so I don't want to guess... I just find it funny that Avaya has a Cisco phone in their image here and they obviously reversed the image but did not pay attention to what they did to our phone...unless maybe this is a new version I have not seen? 

Home Improvement

It's time for some home improvements. Season 3 is just around the corner and FY’09 planning is in full swing right now.  Although we do this all the time there are many tweaks and improvements being considered for the show.  For the most part, I think we consider the ‘content’ of the show to be ‘on the mark.’  Two things we are working on now is 1. Structuring the team for growth (how do we produce more content with the same budget and team) and 2. How do we continue to grow our audience. 

I will address audience tactics in a later post so let me comment on it briefly here first.  Relatively speaking, we have been very successful so far when compared with Cisco programs of the past.   That is great and we are enjoying the accolades but if you compare our audience numbers with that of ‘total addressable audience, (all the IT people in the US?)  independent of previous Cisco results’ then we have a LONG way to go. Which is really pretty exciting.  More on this later.

There three areas in my mind that can give us immediate results in the area of ‘doing more with less’ as we move into Season 3.
1. Integrate with more Cisco product launches
2. Become more of a service.
3. Formalize our partnering strategy.

1.  Integrate with more Cisco Product Launches. I have often felt that one of the tough things about getting the word out when it comes to cool Cisco technologies or happenings we tend to get ‘lost in our own noise.’  Bottom line - we (Cisco) have a lot going on.  As a company this is why we get choosy about what gets the most funding and resources when it comes to product launches.  Video is not new at Cisco.  Cisco already produces a ton of videos, we have been doing corporate video long before it was ‘cool.’  Quantity in this sense however does not equal quality however and many of Cisco videos (internal generally) can be very informative but a little dull.  This is where TechWiseTV comes in.  We have a developed a brand, a loyal and growing audience and an experienced team that can take a product message, integrate it with the smartest technical minds from a given team and get noticed through the noise.   This also means that Jimmy Ray and I get to play with and talk about the coolest new tech stuff.

2. Become more of a service.  We need to do more shows that are joint funded by the teams whose products we are discussing.  One benefit:  Better access to the right people and the right equipment when it comes to preparing the right message.  When we drive 100% of our own show ideas, we have to spend a lot of time tracking down the right resources and convince them to give us some time.  When that same team is investing in us everything changes to the win/win angles we most enjoy.  ‘Here is our best TME’s for this subject.... we have already sent gear to Jimmy Ray in the code cave so he can break it down... here are some confidential documents to help build the story...’  That is what makes for a great show!   There is of course a drawback to this - and it comes up when we work on product launches:  Launches are very stressful events for all involved and by definition they represent new technologies that are not always ready at day 1.  Jimmy Ray is a true engineer and he won’t talk about something he can’t actually prove out through his own hands-on experience... this can be tricky to pull off when everyone is stressing to hit a launch date.  It is a fun time though and worth the trouble in our minds.

3. Formalize our Partnering Strategy.  The idea here is to do a better job of tapping into the fans of a non-Cisco technology featured on the show. It is amazing how many people follow a SolarWinds for example. We have played with this since episode 1 kicked off with great demos that included RSA and Trend Micro. We have since tried to always find good technology partners to help us round out a message on a given show.  This is in line with our sincere belief that our audience already knows we are going to talk about Cisco... we are not an independent voice... but we can certainly be responsible with a message and highlight the complimentary things that our technology partners are doing to provide more complete solutions.  Recent work by our Executive Producer Brad Murphy is starting to show a lot of promise in this area.  He has done the grunt work to get permission from Cisco to do joint sharing of the marketing info we generate that would be of value to our partner for a given show and help set up the proper quid pro quo that ensures we both get something out of working together.  This should continue to expand our audience.

There is more we are potentially looking at of course.  These are just the three I am most focused on right now.  We are in a great position right now with the popularity of the show and the internal accolades we are getting.  This is the best time to push forward however and redefine the category we have created.  The only way to do more shows without increasing headcount is to be smarter about how we use the resources that become temporarily part of our team each time we work on a new show. We are getting better and better at this and I look forward to what we will accomplish together.

Robb

Congrats to April giveaway contest winners!

Congrats to April giveaway contest winners!

Congratulations to Jim Segal, network specialist at Networking Technologies! He won the Skyline-ATS free training. Jim says he's about to embark on his CCNP and is planning on taking a training course that will help him with that certification. His answer to the trivia question was correct. Answer: Cisco CEO John Chambers is making his first appearance in Barron's 30 "World's best CEOs"

You, too, can win a free training course -- but first you have to enter. Check out all of our giveaways for May!

Read more

Report card on Cisco’s 3d quarter

Cisco gets an A- for posting a solid third quarter in the face of softness in US and European enterprise markets, and a macro US economy teetering on the edge of recession. Revenues were up 10% and slightly better than Wall Street expectations; earnings exceeded Street estimates by $.02 per share and were up 12%. Cisco tempered its guidance for the current fourth fiscal quarter – to 9% to 10% revenue growth, down from its long-term target of 12% to 17%.

Read more

Cisco - IP Phone Video Tutorials

Installing Cisco NAC with a VoIP network

Security guru Joel Snyder from Opus One starred as the guest of a live Network World chat on Tuesday where he discussed the state of network access control. Questions regarding Cisco vs. Microsoft were asked, as were questios about implementing Cisco NAC within a network supporting Cisco VoIP. Here are Joel's responses. (Click here for the full transcript and read why Joel thinks Microsoft is winning the NAC war.)

Read more

Dumb Idea v2.0

Maybe it is just me, but there are many things I do not understand. Things like:
- The Mother In Law pop ins
- SV theory
- The  number 1.618 repeating in all things
- People that enjoy Sushi
But Microsoft wanting to pay over 40 billion dollars for Yahoo has now went to the top of that list.  Now to me, I love math. I enjoy messing around with numbers for useless trivia reasons. So to understand how much money this is, break it down in smaller one billion chunks. Consider this:

· A tightly-packed stack of new $1,000 bills totaling $1 billion would be 63 miles high. Commercial Jets fly at 30,000 - 40,000 feet (between 5-7 miles)

· One billion minutes is about 1,900 years. Your coins would have a picture Caesar, since the Roman Empire was in full swing.

· One billion hours is about 114,000 years. About a billion hours ago, we were living in the Stone Age.

Now multiply that by 40 and some change and that is the offer Microsoft made to Yahoo and they refused?!?!?! I am not an econ kinda guy nor am I a business person, but I am a techno-geek that uses technology every single day. I never ever use Yahoo. Now back in the day, I used Yahoo Mail, IM and search engine, but better tools have been developed so me and my peers have moved away from Yahoo.

I worked at HP when they purchased Compaq and the disruption was massive. Is Microsoft's need to fight Google big enough that they want to take over a company with a hostile take over? You think Vista was bad, start practicing your Linux and Open Office Skills. I believe folks should be what the do best AND do it better then anyone. Microsoft has purchased over 100 companies since they opened their doors and (for the most part) they have all made sense. OK WebTV was questionable... But over 40 billion for a stale old turd of a search engine? Come on man! What happen to innovation? Google could be improved on many parts. What about purchasing some solid Web 2.0 players? That is where data/people are moving to now. Welcome to the 21st century Microsoft.

I would have like to have heard the pitch to buy Yahoo in the boardroom. It must have been like the same pitch for the sitcom "caveman" "OK...these computer type people are using this thing called a search engine for find stuff. We can pay 40+ billion for Yahoo and then make $2.15 per ad word!" Oh well,at this point I put my snooty "I use a Mac" hat on... Funny thing though, when this was announced, A non-data cousin of mine wondered why Microsoft would pay that much money for a watered down chocolate drink... I started laughing...but thought...hmmmm.....truer words

Jimmy Ray   

Network Topology Discovery

I had the privilege of reviewing a neat paper, Network Topology Discovery, by Eric Siegel, a technical analyst at the Burton Group.  His paper covers a many aspects of network topology discovery in 30 pages, sprinkled with details on how things work.  I found it to be a very well written paper, covering the topic very thoroughly.  I can't promise that the paper is free (their business depends on selling their papers).  If you're interested in a copy, contact Eric at esiegel@burtongroup.com.  He will put you in touch with the appropriate sales person at Burton and it's up to you from there to convince them that you deserve a free copy. ;-)  Subscribers to the Burton Group's services will be able to download it for free.

Topology discovery is an interesting topic and is one that we have worked hard to implement well.  We recently had a customer decide to use our products as the 'master repository' of device discovery, due to the accuracy and depth of the resulting inventory.  A key component of discovery is classification of the discovered devices.  Knowing that a device is a router, a switch, or a Linux system performing routing and switching, or a Cisco ISR that performs routing, switching, firewall, and wireless are important data to knowing what's in your network and being able to track down problems caused by those devices. 

   -Terry

Cisco’s got game, a lame game, but worth $45,000

Cisco is trying hard to update its nerd image into something more techno-hip, but you'll have to decide for yourself if it is succeeding. First the news: Cisco is offering a $10,000 purse, plus a $35,000 Aggregation Service 1000 Router, for the winner of its video game tournament, "EDGE QUEST." Qualifying began on Monday and will end June 11.

Read more

The Network Monitor - Vol 7 N1

 I've been doing a quarterly publication for a number of years called The Network Monitor.  In it, I cover topics related to networking.  We used it back in the days of Chesapeake Computer Consultants, which was one of Cisco's premier training partners (I founded Chesapeake).

Vol 7 N1 of TNM is now available from our web site (free download). In this issue, I talk about the business impact of network problems, talk about the healthcare industry and cover one of our customers, Northwestern Community Hospital, and include two networking tech tips.

I'm getting ready to start on the next issue.  If you have suggestions for future topics to cover, please let me know (mailto:support@netcordia.com).

  -Terry
 

CCIE Written Study Tools

Well, I'm now recertified; having passed the written (350-001) this morning.  My challenge, like many of the long-term CCIEs, is that my job is far removed from daily operations, which is what the CCIE test measures. I had not kept up with several of the newer technologies, so I had a fair amount of studying to do.  To prepare, I used TestiT, a written testing system created by NetMasterClass (http://netmasterclass.com/).

Their written test questions focused me on the areas of technology that I needed to study.  I didn't take the approach of studying to the test - I took the approach of learning the technology that was covered by the questions.  When I encountered a question that I answered incorrectly, I read their solution summmary and used their reference links to read up on the technology.  That approach obviously worked, since I passed the recertification written test today.

I highly recommend NetMasterClass's written testing tools to help you focus on the technology you need to know.  They are great folks and have been teaching CCIE prep classes for many years, going back to the days when Chesapeake was a Cisco training partner.

  -Terry
 

How Cisco’s John Chambers’ compensation compares to those of other tech CEOs

Ever wonder what top network company CEOs make? Well, Network World has a list of 30 of them here. When you hear that John Chambers made eight figures last year, you might think that a bit exorbitant, particularly when compared with Steve Jobs, who apparently works for granola. But we also found a fair number of tech CEOs who received a heck of a lot more in compensation than Chambers. Check it out.

Fin Filters

Just in case you are ever on Jeopardy and see a category for networking — and Alex gives the answer, "The true name of TCPDump Expressions" — well, it's time to get ready for the Double Jeopardy round, because the question is, "What is BPF or Berkeley Packet Filters?" Understanding TCPDump Expressions can really streamline your troubleshooting and filter writing. I like to use the packet sniffer Wireshark. With the addition of so many Open Source monitoring tools/appliances, understanding how to use and write TCPDump Expressions allows you make the most out of all your networking equipment. Plus, it scores big points with the other networking folks when competing for the most coveted title of "Alpha Geek."

Understand that unlike half-price chicken night at Popeye's, with TCPDump Expressions more is not better. I use TCPDump Expressions in Wireshark all the time. I am not a big fan of capture filters; I like display filters much better. With a display filter, I capture all traffic and can mine it all I need to. With a capture filter, I miss traffic that I may need later on, and then I have to go back and recapture traffic again. With Wireshark, display filters are a piece of cake, with a small bit of TCPDump experience.

For example, let's say I believe I have a user who is running a FIN scan on my network, but I am not sure who it is. Well they ain't gettin' away with that on my watch! I go and capture traffic for three minutes. Wireshark display a total capture of 200K packets. How much time are you going to waste sorting through that traffic one packet at a time? Of course you can eliminate ARPs, ICMP, STP BPDU, etc., but that is still a whole mess of traffic to filter through. Not to worry, time to show your manager why you get paid the big bucks. TCPDump Expressions to the rescue. Sorting through that mess is as simple as:

tcp.flags.fin == 1.

Now let's break it down, break—break—break it—break it down. Sorry, rap flashback. I used to rap under the name ARP Poison. Jimmy Ray kicked it old school, but with IPv6 coming out, I just don't have the time anymore... Looking at the expression from above:

tcp.flags.fin == 1

The expression itself is: tcp flags fin. In Wireshark, the filter is tcp.flags.fin Unlike in a Boolean logic filter, you must include the periods. This sets up the condition of what packets Wireshark is looking for, from largest to smallest match. In this statement, it reads: find all tcp packets, then out of those look in the flags portion of the packet, then display all set FIN flags. Wireshark uses double equal signs to look for the state condition of the packet. In this case we wanted the FIN flag set because that is what we are looking for. If you make a mistake, just erase the filter with the clear button and try again.

So now on the same trace you decide that this person is trying to log into an FTP server, but whose account are they trying to use? Once again, the info is in the packets:

ftp.request.command == "USER"

Oops! A hacker got our Executive Producer Brad's account and now are trying to guess the password. VARMAN to the rescue... It looks complicated enough that Brad will think, holy smokes, that Jimmy Ray knows his stuff. But wait... there's more!

For example, all those pesky ARPs getting in your way, nuke 'em with the filter:

not arp

Or even make a combo filter to filter out ARP and STP with:

not arp and not stp

Notice that Boolean logic does not use a period between words. A period would break the statement. Mega Cool scale rating: 8 of 10. Just remember to save your filter so you do not have to go back and re-write it. Some of the more common filters that I use for analysis and troubleshooting are:

MAC Addresses Filters:

• Ethernet header destination address field (hex):eth.dst == 01:3a:5e:50:ef:06 for source, just change eth.dst to eth.src

IP Filters:

• IP header: IP flags – don't fragment bit (0 or 1) ip.flags.df == 0 (may fragment) Great to see if someone is trying the old school ping of death attack...yawn...
• IP header: IP source address field (IP address) ip.src == 192.168.1.114
• IP header: IP address src/dst for a network range ip.addr== 192.168.1.0/24

TCP Filters: (UDP is the same, just replace proto type)

• TCP header: Source port field (decimal) tcp.srcport == 31337 Caught ya' Robb!!!
• TCP header: Sequence number field (decimal) tcp.seq == 52703261
• TCP header: Reset bit (0 or 1) tcp.flags.reset == 1 This is the base filter for looking for TCP flags. 1= set.

ICMP/IGMP Filters:

• ICMP: Type field (decimal) icmp.type== 8 Use this to find all those PING packets.
• IGMP: Version number field (decimal) igmp.version == 2 Use this filter to see what version of IGMP your apps are requesting.
• IGMP: Multicast address field (IP) igmp.maddr == 224.77.2.2 Looking for where your Ghost server may be breaking down? Use this filter.

My all-time favorite filter is what I call the "Network is Slow" filter:

tcp.analysis.retransmission

With TCP-based applications, I can bring all parties to the table with this filter. If I see a high number of reorders for a stream, I know that indicates major-league networking issues, with packets being dropped in transit somewhere. When I hear folks ask why the network is slow, after I rule out auto negotiation issues, retransmission is the issue the majority of the time.

The cool thing about Wireshark is that when you are writing your TCPDump Expressions in the display filter bar, the bar lights up — green for a good and properly formatted TCPDump Expression, and red for an incorrect one. It actually will turn red when you type one character out of place. How cool is that!! Auto debugger!! Now if I could get my fridge to light red when I reach for the last Newcastle

Keep on sniffin'

Jimmy Ray

Encrypting your backup tapes with Cisco Storage Media Encryption (SME)

IT staff at the University of Miami are having a very bad week. They are having to deal with the fact that two million private health records were stolen from from them. While it wasn’t directly their fault that their backup tapes were stolen from a off site storage providers transport van. The responsibility does fall on their shoulders to protect sensitive data no matter who has access to the physical media.

Legal implications of a breach

Losing control of personal data means means more then just replacing a tape in your backup rotation. Laws vary from state to state, however generally you are required to contact the identity holders who were breached, as well as fund some sort of remediation. This has huge implications on consumer confidence, and at the end of the day stock price of your company. In some cases, such as ChoicePoint a company can be completely decimated by a breach.

Data protection regulations

There are an ever increasing number of regulations that concern the control of sensitive data. These can vary from laws focused on patient data, to financial data, to personal identification data. The most most well known laws are HIPPA, GLBA, and Sarbanes Oxley (SOX). Past that there are laws that pop up every day at the state and municipality level that further increase the requirements and expense of dealing with a breach. In short, it is becoming an expensive and in some cases criminal offense to lose control of your sensitive.

What you can do to protect your backup tapes

First things first, putting a lock on that Iron Mountain box is just not good enough. You must assume that no matter what, a determined attacker will get physical access to your tapes. So many times companies thing that just because their data format is unique or proprietary that an attacker won’t be able to access it. The cold reality is that any format can be read, and yours is not that special.

The only way to be assured that your data is safe is to encrypt it with a complex cipher. In short, you need to treat your data the same way on tape as you would if it was sitting on a public ftp site (with anonymous access enabled). Luckily Cisco has a technology that allows you to encrypt and decrypt your data coming on and off tape. This technology is storage media encryption.

Cisco Storage Media Encryption (SME)

Cisco’s Storage Media Encryption (SME) technology allows for the seamless encryption of your data flows on and off your backup tapes using AES256 standard encryption. Whether you have VSANS segregating your data, a core / edge architecture, or Virtual Tape Libraries (VTL), you can use SME to protect your data at rest, removing the possibility of an attacker getting access to your critical data.

Storage Media Encryption works by leveraging a multifunction chipset available in the 18/4 module that comes default with the 9222i and is an option for the 9500 series director class SAN switches. Chipset has a couple functions, including line rate encryption of iSCSI and FCIP data streams at gigabit speeds, as well as line rate encryption of data as it streams your tape or virtual tape library’s (VTL).

Want to learn more ?

SAN and NAS, Oreilly Press - In the classic Oreilly style by W. Curtis Preston, this book is a great starting place to understanding the fundamentals of San and Nas architectures that many people are likely to face.

Storage Media Encryption for Cisco MDS SAN Switches - http://www.cisco.com/en/US/products/ps8502/index.html . Cisco has lumped together a couple good data sheets here, though I may have to write a future article taking a deap dive on what really drives SME.

Post from: Colin McNamara - CCIE 18233 , RHCE, CCVP, GIAC-GCIH, GEEK

Encrypting your backup tapes with Cisco Storage Media Encryption (SME)

Congratulations Michael Morris, winner of a prestigious NPA award!

The award was based on the work I have done with my team over the last year on network architecture standards, templates, and MPLS design. Read more

Is Vyatta as fast, cheap and wonderful as it claims to be?

Vyatta says forget about thinking of it as just an open-source router. The company wants to do the whole networking enchilada. "Think of us not just as a pure routing play but also firewall, VPN, WAN load balancing," says Vyatta's Dave Roberts in this video interview with Network World's Jim Duffy at Interop.

Read more

Cisco Q3 report due Tuesday, 10% boost in revenue expected

Cisco is expected to report earnings of 34 cents on revenue of $9.76 billion, compared with 30 cents a share on revenue of $8.9 billion for the year-earlier period. The company reports on May 6. Analysts say that the sluggish economy has meant weak sales to enterprises in the U.S. but that this is expected to be offset by growth in Asia and perhaps even growth in sales to service providers. So reports the Wall Street Journal's MarketWatch blog.

Read more

Default routes

The other day I ran into some problems with a default route, which prompted a discussion with co-workers, which led me to look up the behavior of redistributing a static default route into a dynamic routing protocol.

Take, for example, the following


! default route
ip route 0.0.0.0 0.0.0.0 1.1.1.1
! pick your routing protocol
router XXXXX
redistribute static


Under what conditions will the default route make it into the routing protocol? The docs seem to indicate that the process is automatic in EIGRP, but requires intervention in IS-IS, OSPF, and BGP. Let’s validate.

Take a simple network:


1.1.1.0/24 [R1] 2.2.2.0/24 [R2] 3.3.3.0/24 [R3]


(dynagen .net)

On R1, I have


router eigrp 1
redistribute static
network 1.0.0.0
network 2.0.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 1.1.1.99


and over on R3


D*EX 0.0.0.0/0 [170/33280] via 3.3.3.1, 00:01:00, FastEthernet0/0


One thing to note is that the network statement specified 1.1.1.0 and 2.2.2.0, and not 0.0.0.0. This is because the network statement in the EIGRP config is used to match the interfaces that EIGRP will run on, which is where the network information comes from. network 0.0.0.0 would match both interfaces, but still would not add the default route. The redistribute static is what causes the route to get into EIGRP (which is why it shows up in R3’s routing table as D*EX)

In OSPF, we have on R1


router ospf 1
log-adjacency-changes
redistribute static subnets
network 0.0.0.0 255.255.255.255 area 0


This time I used network 0.0.0.0 to save some typing. However R3 does not see the default route. It does see another static route I put in to 9.9.9.0/24, so we know redistribution works properly.

The solution here is the default-information originate command. Adding “default-information originate” to the OSPF config solves this:


O*E2 0.0.0.0/0 [110/1] via 3.3.3.1, 00:00:02, FastEthernet0/0


For BGP, R1 is set up as follows:


R1#show run | section router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.0
network 2.2.2.0
neighbor 2.2.2.2 remote-as 2
no auto-summary


If I redistribute static, the default route does not show up on R2:


R2#show ip route bgp
9.0.0.0/24 is subnetted, 1 subnets
B 9.9.9.0 [20/0] via 2.2.2.1, 00:00:31


At least two options exist. 1 is to do the “default-information originate” which allows the static route to be redistributed into BGP. The other is to not redistribute, but use the network 0.0.0.0 command to advertise the default route. In BGP, the network statement specifies the routes to be advertised, and not the interfaces like OSPF and EIGRP.

The difference between the two options, though, is in the BGP attributes.


! redistribute static and default-information originate
R2#show ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 8
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
1
2.2.2.1 from 2.2.2.1 (2.2.2.1)
Origin incomplete, metric 0, localpref 100, valid, external, best
! network 0.0.0.0
R2# show ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 12
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0×820
Not advertised to any peer
1
2.2.2.1 from 2.2.2.1 (2.2.2.1)
Origin IGP, metric 0, localpref 100, valid, external, best


The difference here is that advertising a local network marks the origin as IGP, but a redistribution marks it as incomplete. Look at step 5 of the BGP best path selection algorithm to see that IGP is preferred over incomplete (even though by the time origin is compared, weight, local preference, and AS_PATH length have already been compared)

So, the moral of the story is to watch how your default routes go into your routing protocol, because depending on the protocol, it’s handled differently.

Post from: CCNP Recertification

Default routes

Win training, books, gadgets and more with these five giveaways from Cisco Subnet and Microsoft Subnet

GORGEOUS GIVEAWAYS FOR CISCO SUBNET READERS

Your friendly Subnets (Cisco Subnet and Microsoft Subnet) have arranged for a bounty of beautiful May giveaways for our readers. Enjoy!

Read more

Cisco’s Paula Abdul moment

Paula Abdul's most recent gaffe on "American Idol" -- in which she inadvertently revealed that judges see performances before they go live -- may be contagious.

At Interop this week, a Cisco official let slip that a campus switching overhaul is in the works, under the code-name "Big Bang." It came about as Managing Editor Jim Duffy asked if Cisco has a "big bang" in store for the campus portfolio similar to product overhauls earlier this year in the data center and edge router lines.

Read more

Cisco returns UC volley with Nokia announcement

This week's news on the unified messaging front from Interop has been deafening, but one major player, Cisco, has been silent. Until today. Not to be outdone by announcements about Microsoft and Foundry, Cisco looked around and found something to announce: a progress report on its partnership with Nokia. The two said today that they reached the milestone of having more than 100 customers using their joint "mobile unified communications" technology.

Read more

The Sound of Silence

I just finished up a lunch meeting with a couple of engineers. Robb and I are starting to work up show ideas for season three of TechWiseTV. We always plan to make the show fresh and field ready so to do that we have to always be in the field. To that, I was meeting with some folks for some very fresh security content. The location had a bunch of TV's turned up full blast broadcasting everything from Dr. Phil to the 1958 Giants-Colts game.

I lost 30% of my hearing in Desert Storm but lucky for me, the hearing loss all in the high frequency range so it does not bother me that much...except in crowds. In crowds it is very difficult for me to hear what folks are saying. It all sounds garbled. At large gatherings, instead of saying; "huh?", "what?" and "can you repeat that please?" I just normally nod my head like some goober plastic nodding dog you would win at the county fair. I can not tell you how many things I volunteered for, that I actually did not realize!

Anyway, while that is an OK workaround in social situations, for business it will not work. So here is the problem: We need fresh content from the field. Most engineers like to share information over chicken wings and beer. Chicken wing and beer places almost ALWAYS have many very loud TVs. I can not accurately hear the content. My neck gets sore from too much nodding...

Enter TV B Gone from Cornfield Electronics.  If there was an Academy Award for the coolest geek/ninja tools, TV B Gone would sweep all categories. Basically, TV B Gone is a universal remote control that allows you to turn off (or on) any TV without the need to program it. Just press a button and within 60 seconds the TV turns off. I am averaging about 16 seconds for a set to click off. It does not damage a TV, it is just a very small universal infra red remote control, with one button...off! 

I reached into my bag, grabbed my small remote (hides in my hand) press the button and BLAM! TVs start clicking off. When I did it the first time, customers actually started applauding. The staff keep trying to turn it on, but I continued my TV DDOS until they stopped. Business meeting not only continued but it was enhanced because we were not distracted by the video and could communicate at a reasonable level. Ah yes, human interaction.  TV B Gone is MUST have in any geeks/ninja tool bag.

Jimmy Ray

Should we use Twitter with our Events?

I am not exactly sure how this is going to work out yet. The idea has been out for a while as I found a one year old post at jjprojects blog with some great examples of where this has already been successfully tested. The difference now, a year later could be that I see twitter reaching a tipping point already (a good thing)... no my wife still thinks it is silly for me to care about what Jimmy Ray is having for dinner or that Hideo is falling asleep on a conference call... but for the people I care about, I think this is interesting (plus they both post a TON of funny stuff).

The idea behind an event, be it our monthly show or perhaps when we are at a live event such as Networkers, RSA or VoiceCon. Would it not be cool to have a central, mobile enable chat conversation that bring like minds together? Time will tell.

Get on Twitter and add TechWiseTV. We can now be tracked at www.twitter.com/TechWiseTV

Jimmy Ray and I are still personally on Twitter as well: @JimmyRay_Purser and @RobbBoyd (note the 3 b’s in this version of my name...)

Further reading:

1. How the Twitter support page describes it
2. Patrick Ruffini tested one twist on this with the Iowa Caucus
3. I can’t currently test this but Fireball appears to be an interesting Mashup of tools we might find useful in the future. They are ‘sleeping’ currently as they only tested during the Web 2.0 expo. Blog entry on it.

Robb

StillSecure to port routing/security app to Cisco’s ISR

StillSecure has decided to put its money where its mouth is and port an application to the Cisco Integrated Services Router. Cisco recently announced that the ISR can be made into a Linux application server with the addition of a Cisco Application eXtension Platform (AXP) blade card.

Read more

With friends like Microsoft, does Cisco need enemies?

Cisco's rival Foundry Networks will partner its way into the unified communications market with Microsoft, the company said on Tuesday. Or, to be more specific, Foundry will be targeting enterprise customers by pitching a "best of breed" approach to UC that features its hardware, with technology from Microsoft, Mitel and Sun Microsystems layered on top, Foundary said.

Read more

Concentrate on the Message

As many of you know we banned PowerPoint on the TechWiseTV show early in the first year... but to be fair, the issue is not PowerPoint, its how it has commonly been used.  Many of you already know this too well... we are all guilty of getting lazy and creating heavily bulleted, text laden presentations because it then becomes easy for these things to be a crutch we can rely on during the presentation.   But as most of us fundamentally understand, the focus during the presentation should be on the presenter, not the supporting tools (powerpoint and the like).

We must all do ourselves a favor and avoid distracting elements.   This is why I love this Lewis Black appearance on CNN.  Although this is over 2 years old I believe, I had never seen this until today and it perfectly illustrates these principles of a clean focus on the message by skewering CNN and their scroll of information.

One of the best authors to read as well as follow along with his blog is Garr Reynolds. He has a great book called presentationzenn and is very active with his blog by the same name.  Garr does a much better job than I on laying out these principles and giving you practical things to do and examples of people to follow.  Content from his book include the all important Preparation, Design & Delivery.

Check it out... and don’t get sucked in to creating more sucky presentations. 

sucky |ˈsəkē|
adjective ( suckier, suckiest) informal
disagreeable; unpleasant : her sucky job.

Cisco Support Wiki

This is good stuff - you know how much we like wiki’s. I like what Cisco is doing here... what do you think? 

Here is the announcement: 

Collaborate, Co-create, and Innovate on New Cisco Support Wiki

Cisco is launching a collaborative support Website that will scale to provide important information to help you manage your network. This new external beta Website for Cisco customers, partners, and employees enables interaction in real time and access to the most up-to-date support information submitted on Cisco products, services, and solutions. In addition to threaded discussions, the Cisco Support Wiki enables dynamic information sharing and the co-creation of Web content to form a more robust and diverse information repository.

Launching with more than 36,000 pages of content, information includes:
- A full collection of Cisco equipment and technologies
- The TAC Case Collection
-  A full index of Cisco terms
- TS Web content

Web 2 … Oh … Security?

I often lament that I personally feel like Jimmy Ray saves his best articles for bMighty.com where he now has many of THE MOST popular articles. This title he used cracks me up as does his open... you must link below for the full article... but this should give you a good taste!

Web 2... Oh... Security?

Web 2.0 is here to stay and while it's cool, its security is tricky -- but not to worry. Jimmy Ray Purser will show you how to let your smaller business take advantage of the latest technology and stay safe

Most hard-core networking geeks out there today avoid buzzwords like I avoid tofu, bean sprouts, and light beer. Buzzwords are not technologies that I can go out there and deploy per se; they're terms to make analysts sound smarter than they actually are. Web 2.0 has really taken on a life of its own in the kingdom of buzzwords. I use Web 2.0 to help me get management behind projects they normally wouldn't endorse.

For example:

Scene: In an office surrounded by motivational posters, management books on a shelf, a think-outside-the-box in-box under the desk, a "No I in the word Team" poster framed on a white Formica desktop ... a knock on the door ...

Engineer: "We need to upgrade our firewall to increase our posture against the latest multilayer attack bots concentrating on Layer 7 applications in our DMZ."

Manager heard: ... Static: ... "I need money for something I cannot define."

Manager: "We just do not have the budget. But make our network secure anyway."

Now add buzzwords: Engineer: "We're not ready for Web 2.0! Our firewall just cannot support the applications!"

Manager thinks: Yikes! I will be the laughingstock of the county club! I must act fast!."

Manager: "OK, then upgrade the firewall as soon as possible. Nice job catching this."

Full Article @ bMighty

Real or Not…

I am sittin' here watching Pro Wrestling "Backlash" pay per view with my son. 39 bucks of my cash to the WWE empire. My son invited some of his wrestling pals over to watch it also, and truthfully, it is worth 50 bucks to watch them get into the match and fight each other. Man they get rough and I am hoping that they do not turn that young kid aggression on me! Here comes John Cena and these kids are fighting like hunger dogs over a single pork chop.

Gets me to thinking about skills and how they can be used without wisdom. These boys are punching each other in the cods, doing hair slams on the carpet. I am thinking I should be using my parental skills now but it is hard because I enjoy the show just too much. Many times it is just that behavior that trips up many script kiddies today. I am not a big fan of of data hackers because they are really posers which also is something they have tonight's show...

To me, hacking is leadership. Hackers think outside of the box and look for solutions to unsolvable problems. Like good leaders that lead from the front no problem or situation is too tough. Robb Boyd is a good example of a leader. I have worked with Robb for a couple years now, and he is truly a take charge kinda dude without being a whanker. He leads from the front which is also a form of hacking. I like to consider myself a hacker, data yeah sure that is just another vector to explore but really all things. For example, I had a neighbor bring over a Linksys router that was bricked. They were going to throw it in the trash, but, I said let me give it a shot.

When equipment is trashed, this is no risk hacking. I want to work on the JTAG ports. I broke out my Wiggler cable and started my research. The biggest time consumer is mapping the ports. Lucky for me the Linksys routers are based on Broadcom CPUs which are a type of MIPS32 processor. Broadcom has implemented EJTAG version 2.0 in their chips. This allows the use of DMA transfers via JTAG which, while slow, is faster than the implementation of EJTAG v2.5 and v2.6 which do not support DMA transfers. Very helpful since de-bricking can take hours at serial speeds. Maybe I should look at the Raven cables that run on USB for my next JTAG hack.

Anyway... long to short... I recovered the router and learned more about hardware in the process. That is what hacking is all about. Not just data, but all kinds of things. Hacking to me is a mindset. Not a process. Hackers that follow a process become script kiddies, leaders that follow a process become managers and a new champion is crowned....

Jimmy Ray

Microsoft is slightly leading Cisco on UC products but the whole market needs interoperability

Infonetics Research recently completed a survey of 80 North American companies that had implemented unified messaging to see what plans they had to go for the whole enchilada and rollout unified communications. The study found that the market is in the midst of a battle of the titans, with Cisco and Microsoft fighting for the lead and Microsoft slightly ahead. The study, "User Plans for Unified Communications: North America 2008," attempts to determine the market potential and product requirements.

Read more

Soft market to hurt Interop?

Interop convenes next week under the pall of soft US enterprise spending and the resultant drag on network financials.

Juniper is the latest to feel the weight of the sluggish market. The company just posted a solid quarter that exceeded Wall Street expectations, but it was due mostly to sales to service providers. Juniper's Service Layer Technology group, comprised mostly of enterprise products like the NetScreen VPN gear, was down 9% sequentially due especially to softness in federal government sales.

Extreme, meanwhile, was downgraded by JMP Securities this week after posting a disappointing fiscal third quarter. Extreme blamed the miss on customers delaying purchases.

Read more