Debug ip packet with no output
Jul.08, 2010, under Networks
If you are working on a Cisco, it can be very useful to see details of the traffic going through it. Occasionally you can use a mirrored (SPAN) port to do this, but if you have exotic interfaces or are using Dynamips this can be more difficult. The “debug ip packet” command will dump packet information straight into your terminal. Occasionally though you will have traffic going through the device but no output shows up in the debug, whats that all about?
Well actually there are a couple of gotchas to bear in mind when doing this. The first is easy and you’ll probably be hitting yourself – if you are in a vty session (eg you are connected via telnet or ssh) you don’t see the console messages by default. Use the terminal monitor command to view the debug messages:
Router#terminal monitor
The second issue is a bit less obvious (unless you’ve read the command description carefully). Only packets which are process-switched are included in the debug – this makes sense if you think about it because unless they are process switched the CPU never sees them. To see the traffic in your debug you need to somehow disable CEF which can be done globally or on a per interface basis:
Router(config)#no ip cef Router(config)#int fa 0/0 Router(config-if)#no ip route-cache
If you do it on a per interface basis you need to do it on both the ingress and egress port of the traffic you want to capture, otherwise you will only see it in one direction.
As a final warning, think very carefully before disabling CEF on a production router! You could very easily overload the processor and crash the router.
On Certifications and their Target Audience
May.17, 2010, under Networks
If you work in a technical field, chances are you will have had to earn some vendor certifications. Personally I hold certs from Cisco, Microsoft and Red Hat, with VMware and Riverbed soon to follow. When you start doing these you tend to just go with the flow and learn what they tell you to learn – after all who are we to argue with the wisdom of the technical Gods at company x? Once you’ve done a few though you will find the odd exam where something just isn’t quite right with regards to the content and the target audience. I’m going to pick on Cisco here because I’ve done quite a few of their exam tracks (CCNA, CCNP) and am currently working on another (CCDA). This is applicable to most vendors however.
First a bit of background about Cisco exams. They are organised into three tiers, Associate, Professional and Expert, which correspond to CCxA, CCxP and CCIE tracks respectively. Each tier has different tracks, such as Routing, Security, Voice, Wireless, etc. You can see all the tracks here, and note I don’t count CCENT. The idea is that you start as an Associate in your track, move up to Professional, and if you are really hardcore finally end on Expert. The foundation for pretty much every track is the CCNA – last I checked you had to have this before you could move onto the other tracks.
So lets look at the CCNA exam. If you haven’t done any networking before its not an easy exam to pass, a lot of things are covered and it can get pretty technical. It also has the problem that it doesn’t seem to be aimed at anyone in particular, and you don’t come out of it with knowledge that you can apply to real world problems. On paper it looks great, it covers a lot of ground and all the pieces are there, but it doesn’t show you how to combine them to make something useful. This is not to be disparaging of people who’ve done the cert because it takes a lot of work, instead I speak from experience. It wasn’t until I did the CCNP and gained some real world experience that I learnt how to put the different pieces together. I don’t want to say the CCNA is a useless cert, but it’s hard to tell who the target audience is. A small business won’t need things like managed switches or routing protocols, and a medium to large one will require much more knowledge to set up than you gain in the CCNA. The sweet spot where a CCNA is useful is incredibly narrow. But thats ok because there is also a design syllabus, the CCDA. This should tell us how to pull things together and design our network right?
Not quite. To use a common phrase, I’d describe the CCDA as covering topics which are a mile wide and an inch deep. To make things even worse, almost all the topics in it are Professional level material. A large part of the exam could be seen as ‘CCNP lite’, with the rest corresponding to ‘CCSP lite’ and ‘CCVP lite’. For me this is pretty easy, I’ve done the CCNP, know a fair bit about the security side of things and just need to learn a little more voice. For a CCNA though, this is a huge expansion of what they know. I would have been massively confused if I had looked at this syllabus straight from doing my CCNA. Even worse none of the topics are covered in any great detail, so by the end of the course while they might understand what they should be doing, they have no idea how to do it. I was expecting the CCDA to be fully focused on pulling together the topics in the CCNA and expanding on them with some basic resilient designs which would suit a small to medium business. The syllabus does cover this (in very small detail), but then adds a load more advanced stuff which is totally inappropriate for the people who would potentially be sitting it. I wouldn’t go so far as to say CCNP level knowledge is necessary to do the CCDA, but I can’t see how you would put the CCDA topics into context without it.
Unfortunately you can only make these kind of observations once you are at a much higher level than the target audience by which point it is moot. Until you get there all you can do is realise that sometimes the people who set the syllabus don’t know best, and if you learn everything they say and it still doesn’t quite click it is just as likely their fault as it is yours.
Netbackup tape inventory
May.05, 2010, under Sysadmin
One of the strange things about the netback Windows GUI is that theres no way to manually inventory a stand alone tape drive. To do this you need a bit of command line knowledge. You’ll mainly need to do this to import media from other servers or media which has been used previously in different backup software. For a stand alone drive the command is as follows, but you can use this on libraries too.
(Standalone drive inventory)
vmphyinv {-n drive_name | -u device_number} [-h device_host]
[-non_interactive] [-verbose]
C:\Program Files\VERITAS\Volmgr\bin>vmphyinv.exe -u 2 -h tapesvr
Proposed Change(s) to Update the Volume Configuration ===================================================== Logically add new media BE????. Logically update EMM database, if required.
Update volume configuration? (y/n) n: y
Added new media BE0000 on host tapesvr. Added media ID BE0000 to EMM database.
C:\Program Files\VERITAS\Volmgr\bin>
You get the device number from the activity monitor->drives screen. Once you run this command Netbackup will start to read the images on the tape, you can see this on the catalog->results screen. Once this is complete the media will appear on the catalog->search screen ready for the phase 2 import.
The ‘Why Not’ Rule
May.02, 2010, under Random
Everyone knows someone like the person I’m about to describe. I’m talking about the person who you can never get to go to social events, who always has some kind of excuse as to why they can’t go. This may even be you already, or you are at least slipping that way. The general rule seems to be that the older you get the less you can be bothered – and you are in fact turning into a ‘boring old person’, going against all the commitments you made not to do so when you were younger. It seems a lot easier to just stay in and watch a film than it is to go out somewhere, especially after a long day at work.
Theres an easy way to avoid this, which I call the ‘Why Not’ rule. Whenever someone invites you to something and you start to feel that resistance to it, you will invariably start to come up with an excuse as to why you can’t go. What you need to do is stop at this point, and start asking yourself Why Not? Is this a legitimate reason, or is it just that I can’t be bothered? Once you’ve gone through all the possible reasons you can’t go and examined them, you will either be left with a legitimate reason or you will be left with no reason. If you are left with no reason then get your backside out of the house!
This isn’t to say that you should reply yes to every request, sometimes we do just need to recharge on our own. What you should do is set a level which you think is reasonable, say agreeing to 50% of requests, and stick to it. Very few people can manage with no time to themselves, so don’t go too far the other way.
When coming up with reasons for and against, a valid reason can be anything from other arrangements to not being able to afford it. Invalid reasons are things like theres something on the TV you want to watch (can’t you record it?) or you are too tired (unless you are falling asleep on your feet, you will wake up once you get there) – if you are making these kinds of reasons then you are straying into the realm of the boring old person.
So what is so wrong about being a boring old person? The first thing that happens is that you just stop getting invited to things, why bother since you will just say no? As a result of that you don’t have as many opportunities to see your friends, you fall out of touch and eventually all those close friends you had become acquaintances, and eventually forget you. I have seen this happen to people. The other problem with it is that if you don’t go out, how are you going to meet new people and try new things? Just try saying yes a few times, it will be worthwhile.
Neptune’s Pride Strategy And Tactics Tips Part 4
Apr.05, 2010, under Gaming
This is the last post in my series about strategy and tactics in Neptune’s Pride. Here I’m going to explain a few things about the trading system which might not be clear, and a few ways you can use it to manipulate the game. Finally I’ll talk about star garrisons. If you’re already pretty familiar with the game I suspect you will get more value out of this post than the others
(continue reading…)
Neptune’s Pride Strategy And Tactics Tips Part 3
Apr.03, 2010, under Gaming
Welcome to part 3 of my guide to Neptune’s Pride! This time I’m going to be talking about your economy, industry and technology
Neptune’s Pride Strategy And Tactics Tips Part 2
Apr.02, 2010, under Gaming
This is the next part of a series where I discuss how to play Neptune’s Pride. In this part I’m going to cover diplomatic relations with other players – you are very unlikely to win a game if you play in isolation so this is incredibly important.
Neptune’s Pride Strategy And Tactics Tips Part 1
Mar.31, 2010, under Gaming
I’ve previously written about the browser based game Neptune’s pride, and having played a few games now I’m going to share some of the tricks and nuances of the game I’ve come across. I won’t be covering the basic stuff like capturing planets since this can be read from the game’s help page. The first part of this will cover an area of the game that causes a great deal of confusion for new players, the combat system. Once you’ve read this those confusing defeats where your 10 ships were beaten by 1 should make make more sense.
Windows 7 command line USB partitions
Mar.19, 2010, under Sysadmin
There is a very annoying issue in Windows, in that it doesn’t let you have more than one partition on a USB drive. There was a workaround for this in XP, but I haven’t been able to get it working in the newer versions. In addition if you have a multi partition USB device and try to use Windows to format it via disk management, you will run into more difficulties where it can only manage the first partition. I can’t help with the first problem, but here is how you solve the second.
Silverlight Cross Domain Requests
Mar.14, 2010, under Random
I’ve been playing with a little Silverlight app which requests data from an XML webservice on a remote server. Ths is the first time I’ve done this and like most people I fell into the trap of not setting up my crossdomainrequest.xml file. This is a file you need to put on the remote server in the root directory, and it basically permits Silverlight to access the data on the server. If you haven’t set this up correctly you will be seeing a lot of the dreaded System.Security.SecurityException
There is a lot of info out on Google about this which has sample xml files, however none of them were working for me and I spent quite a bit of time scratching my head. I eventually came across this document which gave me a clue as to what I was doing wrong – basically my silverlight app was running on http but the site I was pulling data from was https. In order for this to work you need an extra line in the xml to permit ‘cross-scheme’ access, ie an http site accessing an https one. The xml which got me up and running was this:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Save this as crossdomainrequest.xml at the root of your web server, but bear in mind that this allows full access and so you might want to edit it to lock it down (again, lots of other turorials on this). Its annoying that I had to spend a good couple of hours sorting this. Looking around its a very common issue and the error messages could be a lot more helpful in pointing you in the right direction