Monday, March 1, 2010
Friday, February 26, 2010
Unix Traceroute and Windows Tracert
Traceroute is a command which is used to trace the route of a packet through a TCP/IP network.
traceroute is a Unix command. Under Microsoft Windows, the traceroute command has been renamed `tracert`. Unix `traceroute` and Microsoft Windows `tracert` are designed to accomplish the same task, but differ in the way they display output, in the way they send test packets, and in the number of command line options they provide.
If you're visiting a Web site and pages are appearing slowly, you can use traceroute to figure out where the longest delays are occurring. Traceroute utilities work by sending packets with low time-to-live (TTL) fields. The TTL value specifies how many hops the packet is allowed before it is returned. When a packet can't reach its destination because the TTL value is too low, the last host returns the packet and identifies itself. By sending a series of packets and incrementing the TTL value with each successive packet, traceroute finds out who all the intermediary hosts are.
General Operation
If you execute the traceroute ip-address command on a source device (such as a host, or a router acting as a host), it sends IP packets toward the destination with Time To Live (TTL) values that increment up to the maximum specified hop count. This is 30 by default. Typically, each router in the path towards the destination decrements the TTL field by one unit while it forwards these packets. When a router in the middle of the path finds a packet with TTL = 1, it responds with an Internet Control Message Protocol (ICMP) "time exceeded" message to the source. This message lets the source know that the packet traverses that particular router as a hop
There are some differences with the way the traceroute command is implemented in the various operating systems this document discusses.
Cisco IOS and Linux
The TTL for the initial User Datagram Protocol (UDP) datagram probe is set to 1 (or the minimum TTL, as specified by user in the extended traceroute command.
Microsoft Windows
The MS Windows tracert command uses ICMP echo request datagrams instead of UDP datagrams as probes. ICMP echo requests are launched with incrementing TTL, and the same operation as described in Cisco IOS and Linux occurs.
traceroute is a Unix command. Under Microsoft Windows, the traceroute command has been renamed `tracert`. Unix `traceroute` and Microsoft Windows `tracert` are designed to accomplish the same task, but differ in the way they display output, in the way they send test packets, and in the number of command line options they provide.
If you're visiting a Web site and pages are appearing slowly, you can use traceroute to figure out where the longest delays are occurring. Traceroute utilities work by sending packets with low time-to-live (TTL) fields. The TTL value specifies how many hops the packet is allowed before it is returned. When a packet can't reach its destination because the TTL value is too low, the last host returns the packet and identifies itself. By sending a series of packets and incrementing the TTL value with each successive packet, traceroute finds out who all the intermediary hosts are.
General Operation
If you execute the traceroute ip-address command on a source device (such as a host, or a router acting as a host), it sends IP packets toward the destination with Time To Live (TTL) values that increment up to the maximum specified hop count. This is 30 by default. Typically, each router in the path towards the destination decrements the TTL field by one unit while it forwards these packets. When a router in the middle of the path finds a packet with TTL = 1, it responds with an Internet Control Message Protocol (ICMP) "time exceeded" message to the source. This message lets the source know that the packet traverses that particular router as a hop
There are some differences with the way the traceroute command is implemented in the various operating systems this document discusses.
Cisco IOS and Linux
The TTL for the initial User Datagram Protocol (UDP) datagram probe is set to 1 (or the minimum TTL, as specified by user in the extended traceroute command.
Microsoft Windows
The MS Windows tracert command uses ICMP echo request datagrams instead of UDP datagrams as probes. ICMP echo requests are launched with incrementing TTL, and the same operation as described in Cisco IOS and Linux occurs.
Thursday, December 10, 2009
Cisco IPS/IDS products for CCIE Security
Hi All,
For those of you interested in knowing how the Risk Rating System work on the Cisco IPS/IDS products for CCIE Security, here is a good video to review.
http://www.cisco.com/web/learning/le31/le46/cln/qlm/CCSP/ips/risk-rating-system-overview-3/player.html
For those of you interested in knowing how the Risk Rating System work on the Cisco IPS/IDS products for CCIE Security, here is a good video to review.
http://www.cisco.com/web/learning/le31/le46/cln/qlm/CCSP/ips/risk-rating-system-overview-3/player.html
Thursday, December 3, 2009
SSL VPN - Configuration Examples and TechNotes
http://www.cisco.com/en/US/products/ps6657/prod_configuration_examples_list.html
IPsec Virtual Tunnel Interfaces
How to Configure IPsec Virtual Tunnel Interface
- Configuring Static IPsec Virtual Tunnel Interfaces, page 8
- Configuring Dynamic IPsec Virtual Tunnel Interfaces, page 10
- Configuring Per-User Attributes on a Local Easy VPN AAA Server, page 12
Configuring Static IPsec Virtual Tunnel Interfaces
This configuration shows how to configure a static IPsec VTI.
SUMMARY STEPS
1. enable
2. configure terminal
3. crypto IPsec profile profile-name
4. set transform-set transform-set-name
5. interface type number
6. ip address address mask
7. tunnel mode ipsec ipv4
8. tunnel source interface
9. tunnel destination ip-address
10. tunnel protection IPsec profile profile-name [shared]
Configuring Dynamic IPsec Virtual Tunnel Interfaces
This task shows how to configure a dynamic IPsec VTI.
SUMMARY STEPS
1. enable
2. configure terminal
3. crypto IPsec profile profile-name
4. set transform-set transform-set-name
5. interface virtual-template number
6. tunnel mode mode
7. tunnel protection IPsec profile profile-name [shared]
8. exit
9. crypto isakamp profile profile-name
10. virtual-template template-number
Configuring Per-User Attributes on a Local Easy VPN AAA Server
To configure per-user attributes on a local Easy VPN AAA server, perform the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. aaa attribute list list-name
4. attribute type name value [service service] [protocol protocol]
5. exit
6. crypto isakmp client configuration group
7. crypto aaa attribute list list-name
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html
Tuesday, November 17, 2009
Subscribe to:
Comments (Atom)