dokucama - network_stuff

checkpoint

Anonymous (anonymous@undisclosed.example.com) — 2024-06-20T09:05:07+00:00

Policy lookup (cli) (not possible?) Search policies text search box above

cryptocurrencies

Anonymous (anonymous@undisclosed.example.com) — 2025-03-22T12:13:00+00:00

Blockchain A blockchain is an immutable digital ledger that records every single transaction ever made. * Blockchain transactions are irreversible in that, once they are recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

cryptography

Anonymous (anonymous@undisclosed.example.com) — 2024-12-19T21:25:52+00:00

Asymmetric Key encryption: * Kpriv * Kpub ---------- OPENSSL/CERTIFICATES See crypto summary here:HERE To check the TYPE of certificate we have: openssl x509 -in jaime-cert.cer -inform [der/pem] -noout -text To READ the contents of a certificate:

cscaler

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

Allows the same kind of segmentation we can get in an EC2 instance (security groups, acl and so on) but in end user stations * Requires cscaler agent running on the computs * cscaler has their own cloud * they offer there: authentication, firewall (inspection) and metrics

cumulus

Anonymous (anonymous@undisclosed.example.com) — 2024-09-22T16:47:52+00:00

cheatsheet ---------- Install packages: sudo -E apt-get update sudo apt-get install iperf ---------- CUMULUS MULTICAST: net add interface swp1 igmp join 224.10.2.1 # for an interface to join a group net add pim rp 10.1.0.5 224.10.2.0/24 ! The above works and 'net show mroute' shows state

cybersecurity

Anonymous (anonymous@undisclosed.example.com) — 2024-09-18T14:28:19+00:00

Data Types * Regulated: Data governed by laws (e.g., GDPR, HIPAA) that mandates its protection. * Example: Personal health records or financial transactions. * Trade Secret: Proprietary information that provides a competitive edge; it’s not publicly known and is protected by law.

dell-force10

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

FN-IOM - (Force 10 Networks) PE-FN-410S-IOM * VLT (Cisco vpc or juniper MCLAG): * VTL mode : all configurationsexcept VLAN membership are automated. Port 9 is dedicated to the VLT interconnect in this mode. << This is a problem because we are already using it for uplink

ecmp

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

* BGP multipath: for links in different PEs. Uses maximum-paths eibgp 3 (cisco); maximum-paths 2 ecmp 2 (arista) * BGP additional paths: this is normally through a single links. Command: additional-paths send/receive (cisco); bgp additional-paths send any

esxi

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

ENABLE SSH. ESXI GUI: CHECK VERSION AND LOOK FOR A CHEATSHEET: ] vmware -v VMware ESXi 6.5.0 build-5969303 VM LIST esxcli vm process list # List VMs, name , drives, etc etc NETWORK SHOW https://www.tunnelsup.com/networking-commands-for-the-vmware-esxi-host-command-line/ esxcfg-nics -l Name PCI Driver Link Speed Duplex MAC Address MTU …

eveng

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

---------- ---------- Installed eve-ng installed as vm under KVM and “Virtual Network (NAT)“ To access KVM via my laptop's virtual-manager (while in ocna), we just use ssh and the ssh proxy settings in .ssh/config: ## us-ashburn-1 V2 Host 10.195.* 10.197.* *iad1.mycompany2datacloud.com *iadshared1.mycompany2datacloud.com !bastion-62-* *ash.oci.mycompany1.co.uk *iad.oci.mycompany1.co.uk ProxyCommand ssh bastion-iad.mycompany2datacloud.com -W %h:%p

f5

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

* Local Traffic Manager, directs different types of protocol and application traffic to an appropriate destination server * WebAccelerator™ * BIGIP+LTM+APM (Local Traffic Manager + Application Security Manager) TMOS is the f5 operating system: CLI utilities (to configure it)

flow_information

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

FLOW INFORMATION * SFlow UDP-6343 * Netflow (v5, v9) UDP-2055 or UDP-9996 * IPFIX Neflow vanilla configuration CSR1000v flow exporter Flow-exporter destination 10.10.11.143 source GigabitEthernet1 transport udp 9995 template timeout 180 # every 3 minutes the router sends 'options template' which includes the sampler rate. This allows 'embedded sampling' to be requested by collector template data timeout 180 # 'data' and 'options'. the lack of templates just means it takes X …

flowspec

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

FLOWSPEC IN CISCO NCS5500 show bgp ipv4 flowspec summary ! To see the current flowspec established sessions ! show flowspec afi-all detail ! To see what flowspec rules are currently applied AFI: IPv4 Flow :Dest:25.1.102.1/32,Proto:=17,Length:>=500&<=1550 Actions :Nexthop: 25.3.9.3 (bgp.1) Statistics (packets/bytes) Matched : 0/0 Dropped : 0/0 ! show policy-map transient type pbr pmap-name __bgpfs_default_IPv…

fortinet

Anonymous (anonymous@undisclosed.example.com) — 2024-11-19T15:23:54+00:00

* Fortinet NSE 7 * FortiManager (fmg) * Fortigate (fw) * FortiAuthenticator * FortiGuard (TODO) * FortiAnalyzer (logging) ---------- Deploying FortiX: To identify the hardware: get system status * [cheat_sheet] (with cli commands) * console

frr

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

INSTALLATION * Install any of the supported base linux. eg: Debian/Ubuntu * Follow this steps: * Uncomment net.ipv4.ip_forward=1 in /etc/sysctl.conf and then apply with: sysctl -p * If possible to access via console, remove all the network configuration from the linux level.

haproxy

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

BASIC CONCEPTS External Link /etc/haproxy/haproxy.cfg We define acl and backends. Then acl define what backend we use. use_backend blog-backend if acl_url_blog ---------- OPERATION: Restart: /etc/rc.d/init.d/haproxy restart ---------- MONITORING From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections.

huawei

Anonymous (anonymous@undisclosed.example.com) — 2024-04-10T14:29:39+00:00

Layer Models Brief Description Access S5720 Series Versatile switches commonly used for various applications. S6720 Series High-performance switches with advanced features. S6730 Series Scalable switches suitable for large-scale networks.

iot

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

IOT LPWAN LoRa + LoRaWAN = LPWAN HOME REALM * Bluetooth LE External Link * Zigbee

irr

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

IRR SANITATION SEE THIS ABOUTMANRS \\ This is a hands-on guide and this is the HE algorithm explained step by step Link * IRR fields (from ripe): * THESE ARE OBJECTS (big blocks) AND HAVE FIELDS: as-block, as-set, aut-num, domain, filter-set, inet6num, inetnum, inet-rtr, irt, key-cert, mntner, organisation, peering-set, person, poem, poetic-form, role, route, route6, route-set, rtr-set

jpuppet

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

PUPPET FOR JUNOS JPUPPET: * Introduction: * VLANS EXAMPLE: * Forum: GUIDE * Official version : * Less official version:

juniper

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

DHCP IN JUNOS: Apply this whole config, included dhcp server address. Seems not to work on fpx interfaces: set interfaces ge-0/0/7 unit 0 family inet dhcp-client client-identifier prefix host-name set interfaces ge-0/0/7 unit 0 family inet dhcp-client lease-time 86400 set interfaces ge-0/0/7 unit 0 family inet dhcp-client retransmission-attempt 6 set interfaces ge-0/0/7 unit 0 family inet dhcp-client retransmission-interval 5 set interfaces ge-0/0/7 unit 0 family inet dhcp-client server-address …

kubernetes

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

KUBERNETES IS AN ORCHESTRATOR FOR CONTAINERS: Hierarchy: Cluster > Node > Pod + private worker nodes * Container engine (podman(rhel, lxc or docker) runs the containers * k8s orchestrates them K8s is a container orchestrator, designed for creating clusters and hosting pods, its networking model meets exactly those needs. The service mesh (or network layer) ensures that communication between different services that live in containers is reliable and secure.

linux_network_internals

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

LINUX KERNEL NETWORKING: Linux has Two main APIs for networking: * Ethtool is for physical link management (speed, duplex, buffers etc.) * Netlink is for the rest. Every network device is represented as a netdev object in the kernel. * NETLINK (successor of ioctl): api (no restapi), system call. Is the way ip route talks to the kernel. socket family is a Linux kernel interface used for inter-process communication (IPC) between both the kernel and userspace processes, and between diffe…

linux

Anonymous (anonymous@undisclosed.example.com) — 2024-10-06T17:17:15+00:00

BASIC IP OPERATIONS Assign static IP and gateway (not permanent) ip address add 10.0.0.3/24 dev eth0 ip addr add 192.168.12.1/24 dev lo # this is for a loopback address CREATE NEW INTERFACE (permanent): Annotate name and hw address ip link show Generate UUID:

lld_notes

Anonymous (anonymous@undisclosed.example.com) — 2024-02-17T06:43:14+00:00

# RA * Introduction: like in situation, motivations (in case of solving an issue, etc..) * Business context. * Use cases. * To-be 'process' * as-is landscape. * Integrations ---------- # Index 1 * Project Delivery * Pre-requisites

machine_learning

Anonymous (anonymous@undisclosed.example.com) — 2025-05-12T18:52:49+00:00

ML ; network-for-ML-workload NOTES ABOUT MACHINE LEARNING AND ARTIFICIAL INTELLIGENCE AI * Training pending to watch/read: * Basic algebra / vectors: min25 v2 Notes: Vectors and matrices are basic for machine learning. * Supervised learning: tagging. *

microwave

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

* MICROWAVE BANDS: * .. * Ku 8-10GHz (urban links (above 10GHz , rain is a problem) * K 18-27 (~1cm) * .. * MODULATIONS

mtunotes

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

MTU NOTES AND PMTU NOTES Check out this ipspace-article

netapp

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

NETAPP version storage show disk <--to show the disk and the filer that 'owns' them system controller show # to see the FAS version ---------- CLUSTER/NODE HEALTH: NFS vserver export-policy rule show # under 'Client Match' column is the IPs os the servers mounted!! exportfs config dump -v config_file system node service-processor show

netbox

Anonymous (anonymous@undisclosed.example.com) — 2025-07-04T16:41:14+00:00

NETBOX IPAM: (TODO: Document mycompany2 ipam system with API) * DCIM: data center infrastructure management tool * Source of truth / Source of record: System with authoritative status for the data. Note is single source of truth for a data domain

netscaler

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

Netscaler NS12.0 (Build 57.153.nc) in NSMPX-15000-50G Port configuration (front and back panel): External Link. : 4x40GE QSFP+ and 8x10GE SFP+ ports. * CHEAT SHEET: * * Cluster commands: * sh cluster instance 1 * sh cluster node 0-1 * MY NOTES on ns10 :

openwrt

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

UCI commands: unified configuration interface. configuration is split into several files located in the /etc/config/ directory. You can edit the configuration files with a text editor or modify them with the command line utility program uci. ----------

palo_alto_lab

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

* eveng requirements: * PANOS: 8 vCPUs + 16G * each gateway : 2 vCPUs + 4G * * Oracle OCI instance: * 24 G + 6 oCPUs

palo_alto

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

USER --https-- PANORAMA(vm-ver10) -- sgzdmzfw01(PA-5050) -- ldzdmzfw01(PA-5050) ---------- UI: * Contexts * Commit from panorama. We can stage multiple changes and stage OOH, * Policies (pre and post rules)

product_sunsetting

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

TIMELINE: * EOL: is when the manufacturer announces the end of production for a certain device. Usually, within three to six years from the launch of a product * Deprecated * Sunset * End of Grace * EoSa : End of sale for the product. *

ptp

Anonymous (anonymous@undisclosed.example.com) — 2025-06-17T15:01:56+00:00

Precision Time Protocol (PTP) – A Deep Dive for Network Engineers Precision Time Protocol (PTP), defined in IEEE 1588, delivers sub-microsecond and even nanosecond-level time synchronization across a network. Compared to NTP, which typically provides millisecond-level accuracy, PTP is hardware-assisted and deterministic.

pxeboot

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

Key points in this article (Junos)link * Interesting folders: * /var/lib/tftpboot/ * /var/lib/tftpboot/pxelinux.cfg/ * /var/www/repo/html/ks-70-em1.ks # whatever is referenced in the centos7.menu above * /etc/dhcp/dhcpd.conf

sase

Anonymous (anonymous@undisclosed.example.com) — 2024-05-07T16:07:43+00:00

SASE (Secure Access Service Edge) ~ SD-WAN with security Is a cloud-based model combining network security functions with WAN capabilities (like SD-WAN) to support dynamic secure access to organizational resources. It is ideal for businesses with dispersed workforces needing secure and efficient connections to applications, irrespective of user or resource location.

scapy

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

yum install pip yum -y install python-pip yum install epel-release yum install python-pip pip install --upgrade pip pip install --pre scapy[basic] Lots of examples Here Other ways of generating traffic: # A-end yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install pv -y dd if=/dev/urandom bs=1000 count=1000 | pv -L 10M | nc 10.80.8.1 4444 # B-end yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install nmap nc -kl 4…

sd-access

Anonymous (anonymous@undisclosed.example.com) — 2025-01-07T21:56:04+00:00

CISCO SD-ACCESS - LAB NOTES * Catalyst Center (DNA, controls ios-xe) needs a lot of resources. Like x40 cpus 150G * They've released an OVA for DNA center but very weighty (x200 micro services / containers ) * So don't use the OVA file. Take the installer that Cisco gives you to reinstall their physical appliances, which is just an ISO. Mount a VM with the requirements that I just stated. See this

sd-wan

Anonymous (anonymous@undisclosed.example.com) — 2025-01-22T17:38:06+00:00

SD-WAN TL;DR: SD-WAN maps applications to links based on performance and security requirements. IPSec tunnels secure traffic over public internet links but are a supporting feature, not the primary focus of SD-WAN. viptela * Fortigate * Palo Alto-prisma

service_mesh

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

Intimately related to k8s and microservices * Is an infra layer to connect services (via application layer (restapi,URLs..). All in the application layer, we don't worry about l1,l2,l3. Network connectivity is abstracted and gave it for granted.

sonic

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

Sonic NOS uses Redis, which is no more than a no SQL dB that runs purely in memory

sso

Anonymous (anonymous@undisclosed.example.com) — 2024-12-19T22:08:03+00:00

SAML-SSO vs OAUTH-SSO: What is and Identity Provider IdP? OpenID and SAML are associated with federated services, OAuth: Setup: A project is created with a Unique ID and with the URL to which users are redirected after sign-in to the OAuth provider. That ID is then stored in the SP. In the case of Google, this uses an OAuth a user connects to the Service Provider (SP) and the SP (e.g. apache) checks if there is a session for the user. If not then it generates a unique

tcpdump

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

TCPDUMP NOTES tcp_notes To write the tcpdump output in pcap format. If we Add capital W, that means rotate: tcpdump -ni eth0 -s0 -w /var/tmp/capture.pcap tcpdump -ni eth0 -w /var/tmp/trace -W 48 -G 1800 -C 100 -K # 48 files, either every 1800 seconds (=30 minutes) or every 100 MB, -K don't verify checksum tcpdump -nni bond1 -w /var/tmp/trace -W 1 -G 20 -C 100 -K tcpdump -e -r sflow_2022_new.pcap # to read an existing pcap (remove -e if not interested in ethernet headers)

tcpnotes

Anonymous (anonymous@undisclosed.example.com) — 2024-10-14T12:44:36+00:00

TCP NOTES This is announced during the tcp handshake: * MSS is announced (not really negotiated but just announced). * Window scaling is also announced. The default window size is 64kB which is far too small. That's way window scaling is ON 99% of the times.

transit-marseille

Anonymous (anonymous@undisclosed.example.com) — 2025-08-16T14:42:11+00:00

Interxion Marseille (MRS1-MRS5) Campus

transit

Anonymous (anonymous@undisclosed.example.com) — 2025-08-16T14:44:38+00:00

NEW SWITCH DEPLOYMENT, BASIC ACCESSORIES, NEVER FORGET!! * DATACENTER * (1) RACK PDUs * CISCO ORDER * (2) REDUNDANT PSU ---- * (3) CORRECT POWER CORDS * (4) MOUNTING RAILS! * (5) STACKING CABLES (VSS) 5.1 9300LM HAVE SPECIAL EXPENSIVE T3 TYPES AND NO STACKPOWER

vpn_troubleshooting

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

Cisco * * * * * Juniper SRX *

vyos

Anonymous (anonymous@undisclosed.example.com) — 2023-11-02T14:38:15+00:00

* based on vyatta fork of the os community edition (2013). now fully independent *

wifi

Anonymous (anonymous@undisclosed.example.com) — 2025-03-15T11:01:24+00:00

* BSSID ( Basic Service Set Identifier ): MAC physical address of the AP or wireless router that is used to connect to the WiFi * STA (Station): Is the end station. The wifi client. WIFI TROUBLESHOOTING * Optimizations * Radio settings:

wireshark-troubleshoot

Anonymous (anonymous@undisclosed.example.com) — 2024-07-02T10:47:48+00:00

Guidelines for Investigating Latency Issues with Wireshark Initial Setup * Load the PCAP Files: Open Wireshark and load the provided PCAP files for both application and database endpoints. * Time Synchronisation: Ensure the clocks on both endpoints are synchronised. If not, account for any time differences when analysing traffic.

wireshark

Anonymous (anonymous@undisclosed.example.com) — 2025-07-10T21:21:56+00:00

WIRESHARK NOTES tcp_notes + Cheatsheet This is to caprutue and show in wireshark live traffic. Running on a linux based router like openwrt: tcpdump -i eth0 -U -s0 -w - 'not port 22' | /Applications/Eve\ Wireshark.app/Contents/MacOS/Wireshark -k -i - # To pull live traces from home openwrt router tcpdump -nni any -U -s0 'port 22 and not host 10.33.3.6' -w /var/tmp/trace -W 48 -G 1800 -C 100 -K

zscaler

Anonymous (anonymous@undisclosed.example.com) — 2024-09-02T09:00:33+00:00

Allows the same kind of segmentation we can get in an EC2 instance (security groups, ACL and so on) but in end user stations. Zscaler has their own cloud. they offer there: authentication, firewall (inspection) and metrics Agents * Requires Zscaler agent running on the computers