bloggy hiatus

I'm taking some time off from blogtastic bloggity blogging. Not sure how long. Several weeks at the least.

What I'm reading this weekend

I've been reading posts from Ethereal Mind, having started out finding a site to the "Network Zen" post on standardization.

Random network history and make-up trivia

A chicks-in-tech factoid that amuses me and that a lot of folks don't seem to know is that one of the cofounders of cisco Systems, Sandra Lerner, took the proceeds from sale of her founder's stock and created a venture capital firm that, among other things, funded the creation of Urban Decay cosmetics.

DHCP snooping

Worried about rogue DHCP servers mucking with your network? DHCP snooping can help. For cisco catalyst switches, these docs might be helpful: understanding and configuring DHCP snooping and configuring DHCP features and IP Source Guard.

The abyss gazes also

It's easy to see how your packets are leaving your network, but hard to see what happens to them after that. Differences in routing and preferential traffic shaping mean that your traffic may take a very different route coming back as going out.

One way to get more information about what's happening is with "looking glass" servers. These provide snapshots of routing at various points around on the Internet so you can see what the path to your network looks like from out there.

There are a bunch of them out there, with some lists here and here.

Sniffing tools, and camera obscura

This Linux Journal article looks at the linux sniffing tools. It looks at the most common sniffing tool, tcpdump, but also has info on a few tools I wasn't familiar with like p0f, which attempts to do passive OS fingerprinting to see what versions of software are on your net and dsniff, which follows network traffic to look inside traffic like mail, web, etc. if you want to create your own wall of sheep.

And while I'm looking at security and unintended shared content, Schneier's blog has a post about unsecured webcams.

Some useful commands for the Juniper Netscreen CLI

"dbuf" is the debug output buffer. so "get dbuf str" will show you a stream of debug info, if you're doing a debug flow or something like that. If you need a bigger dbuf buffer, though, you can resize it with the command "set dbuf size ". The default is 32K, but you can make it bigger.

"get session" will show you all the sessions the netscreen is currently handling. For more or less detail, you have the following options:

dst-ip               destination ip address
dst-mac              destination mac address
dst-port             destination port number or range
id                   show sessions with id
ike-nat              show ike-nat ALG info
policy-id            policy id
protocol             protocol number or range
rm                   show sessions for resource management
service              show sessions with service type
src-ip               source ip address
src-mac              source mac address
src-port             source port number or range
tunnel               show tunnel sessions
vsd-id               get vsd-id specified sessions

So you can look at a specific session, or all sessions on a given port, or any number of other ways to drill down to the info you actually want.

Not listed in that set of options, however, is "info". "get session info" will give you the summary of session info that is the first two lines of the full 'get session' output. Useful if you just want to get an overview rather than the full firehose of sessions.