{{parent page="HomePage"}} ==Cisco 3-layered network model== {{image url="images/SG_INT.2.1.gif" title="cisco-network-model" alt="text"}} From http://www.mcmcse.com/cisco/guides/hierarchical_model.shtml == Cisco gears == [[CiscoSNMP SNMP config]] ==Network Probe== [[NetworkNmap Nmap]] == Software firewall == [[LinuxIptables iptables]] [[FreeBSDIpfw ipfw]] == Traffic shaping == [[LinuxTC tc]] ==Network Services== [[DNS DNS]] [[DHCP DHCP]] [[NetworkStunnel Stunnel]] [[NetworkOpenVPN OpenVPN]] == Other network stuff== [[ifconfig ifconfig]] [[DefaultGateway Default gateway in different subnet]] [[tcpdump tcpdump]] [[NetworkArpcache Arp caching]] === Getting vlan id === Need to see what vlan id an interface is connected to? %% tcpdump -nn -v -s 1500 -c 1 'ether[20:2] == 0x2000' -i eth0 # then do a broadcast ping, possibly on another screen %% On Solaris: %% snoop -d -x0 -v 'ether[20:2] = 0x2000' %% === Firewire networking === Firewire networking under linux is extremely easy. Tested on FC5 Note: On Fedora Core 7, firewall stack has been rewritten. Don't know what that means but the default kernel does not have eth1394 enabled. To use firewire networking, one need to re-compile the kernel. %% modprobe eth1394 echo "alias eth1 eth1394 >> /etc/modprobe.conf" ifconfig eth1 10.0.0.1 netmask 255.255.255.0 %% It's a little tricker to get firewire networking to work on FC6. I got the following after many attempts. Remember this will break when the kernel is upgraded. %% alias eth1 eth1394 install eth1394 modprobe -k raw1394; insmod /lib/modules/2.6.18-1.2798.fc6/kernel/drivers/ieee1394/eth1394.ko %% ===tcpdump to capture arp converstaion=== %% # tcpdump -ennqti eth0 \( arp or icmp \) | grep "00:16:d3:16:38:04" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 00:16:d3:16:38:04 > ff:ff:ff:ff:ff:ff, ARP, length 60: Request who-has 192.168.18.1 tell 192.168.18.150, length 46 00:16:d3:16:38:04 > ff:ff:ff:ff:ff:ff, ARP, length 60: Request who-has 192.168.18.50 tell 192.168.18.150, length 46 00:13:21:24:72:90 > 00:16:d3:16:38:04, ARP, length 60: Reply 192.168.18.50 is-at 00:13:21:24:72:90, length 46 00:16:d3:16:38:04 > ff:ff:ff:ff:ff:ff, ARP, length 60: Request who-has 192.168.18.13 tell 192.168.18.150, length 46 00:16:d3:16:38:04 > ff:ff:ff:ff:ff:ff, ARP, length 60: Request who-has 192.168.18.1 tell 192.168.18.150, length 46 00:16:d3:16:38:04 > ff:ff:ff:ff:ff:ff, ARP, length 60: Request who-has 192.168.18.1 tell 192.168.18.150, length 46 %% ===Network speed test with iperf=== On one node, start the server process %% iperf -s %% On another node, start the client process. -t parameter specifies how many seconds the test should run. %% iperf -c 1.2.3.4 -t 60 %%