What is Cisco VTY?

Posted on December 15, 2022 by admin

vty stands for Virtual Teletype. What is Teletype?

The teletype, or teleprinter, is a device used for communicating text over telegraph lines, public switched telephone network, Telex, radio, or satellite links.
Wikipedia explanation of teletype

https://en.wikipedia.org/wiki/Teleprinter

This means vty is essentially like a virtual computer screen plugged into the router that we can remotely access.

Both SSH and Telnet use this virtual monitor to let you see the router/switch.

The command

line vty 0 4

Configures 5 of these virtual teletypes (vty’s) for us to use. Can think of it having 5 monitors connected to the router. When you SSH to it, you are claiming one of these monitors. Cisco devices support up to a maximum of 16. 0-15

Default Administrative Distances for Routes

Posted on December 14, 2022 by admin

Here is a list of default administrative distances.

Route Source	Default Administrative Distance
Connected Route	0
Static Route	1
eBGP	20
EIGRP	90
OSPF	110
RIP	120
iBGP	200

Default Administrative Distance

RSTP Alternative Port vs Backup Port

Posted on December 13, 2022 by admin

The following is some basic info on STP and RSTP. This list is not comprehensive. Refer to the link at the bottom of the page for more in depth details.

RSTP Priority

Default Priority is 32768 + VLAN ID

For example, if we are using vlan 10, then our default priority is 32768 + 10 = 32778

RSTP Priority can be set from 0 – 61440 in increments of 4096.

RSTP Port Roles

Ports can fill 1 of 4 roles.

Port Role	Description
Root Port	Port closest to the Root Bridge (Switches going to the Root switch)
Designated Port	Ports going away from the Root Bridge (To clients)
Alternate Port	A “backup” port for the Root port. If the Root Port fails, this port takes over
Backup Port	Essentially a backup port for the designated port

RSTP Port Roles

RSTP Port States

A port can be in one of 3 states. Well technically 4 states if you include down/unplugged.

Port State	Description
Discarding	Port discards packets (Alternate and Backup Ports)
Learning	Port learns MACs and doesn’t forward data
Forwarding	Port forwards data and learns MACs

RSTP Port States

RSTP Port Types

There are 3 port Types. Not to be confused with port States or Roles.

Port Type	Description
Point to Point	Switch to Switch
Point to Point Edge	Edge of Network. Connected to a PC, Printer etc.
Shared	Half Duplex, Port connected to a Hub

STP/RSTP Port Types

RSTP Timers

There are three RSTP timers. STP has the same timers, but the MaxAge is 10 seconds, and the Forward Delay is used for both Learning and Listening states which takes a total of 30 seconds to complete.

Timer Name	Default Value	Description
Hello Timer	2 Seconds	Time between Hellos created by Root
MaxAge	6 Seconds (Hello Timer * 3)	How long a Switch should wait before trying to readjust the network
Forward Delay	15 Seconds	Delay used for Learning/Listening in STP. Shouldn’t be necessary if legacy bridges are not used.

RSTP/STP Timers

Port Cost

There are technically two types of cost. The newer cost values were introduced so we could use faster ethernet speeds.

By default Cisco switches use the old cost values, but they can be changed to use the new ones.

spanning-tree pathcost method long

Ethernet Speed	Old Cost	New Cost
10 Mbps	100	2,000,000
100 Mbps	19	200,000
1 Gbps	4	20,000
10 Gbps	2	2000
100 Gbps	N/A	200
1 Tbps	N/A	20

STP/RSTP Path Cost

More information can be found at the following link.

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html

Named Error “option ‘dnssec-enable’ no longer exists”

Posted on December 12, 2022 by admin

After a recent update, the named service stopped working. When manually trying to restart the service it would just fail.

Running the named-checkconf command

sudo /usr/bin/named-checkconf -z /etc/named.conf

Returned the following error.

/etc/named.conf:37: option 'dnssec-enable' no longer exists

Looks like what happened is they removed the dnssec-option, but enabled it by default

The dnssec-enable option has been obsoleted and no longer has any effect. DNSSEC responses are always enabled if signatures and other DNSSEC data are present. [GL #866]

https://bind9.readthedocs.io/en/v9_16/notes.html#id118

So the option is invalid now and not needed.

To fix the issue, simply open up the /etc/named.conf file and delete the line that has ‘dnssec-enable’

AAA – What is the difference between Authentication, Authorization, and Accounting?

Posted on December 1, 2022 by admin

Authentication, Authorization, and Accounting or AAA is an framework that allows access to a computer network/resource,

Authentication

Authentication identifies the user. It’s from the Greek authentikos “real, genuine”. We can think of it as proving the identity of the user. Bob sits down at the computer and types in his password (Something he knows) and confirms that he is in fact Bob.

Authorization

Authorization is the privileges that the user has to the system. For instance, Bob is now authenticated to the computer, but he may only be authorized to access email and a web browser.

Authorization and Authentication can get confusing. In simple terms

Authentication – Who are you?
Authorization – What you have access to.

Accounting

Accounting is the auditing or logging arm of AAA. It is for answering the 5 Ws Who did what, when, where, and how. For instance, accounting could log that Bob checked his email at 9:30AM, Improved his mind by reading posts on incredigeek.com for a couple hours, then checked email again before shutting the computer down.

Hopefully that is a short helpful explanation of AAA. For more information, check out the following links.

https://afteracademy.com/blog/authentication-vs-authorization/

https://en.wikipedia.org/wiki/AAA_(computer_security)

SCP can’t copy file “.//cap.pcap: Broken pipe”

Posted on December 1, 2022 by admin

This error can show up on Windows if you have already copied a file with the same name. To fix the issue, just copy it to a file with a different name. Change cap.pcap to cap1.pcap and so forth as needed.

scp user@192.168.1.20:/tmp/tcp.pcap .\cap1.pcap

Change VLAN ID Ubiquiti Radio from SSH

Posted on November 29, 2022 by admin

First we’ll need to ssh into the device

ssh ubnt@192.168.1.20

Next lets open up the config file

vi /tmp/system.cfg

Now search for vlan and replace the vlan id with the appropriate number

In VI you can search by hitting / and then type in vlan

After you have changed all the vlan ids, save the file with esc, wq, enter.

Now we can save the config with

cfgmtd -f /tmp/system.cfg -w && reboot

Add Custom OID to device in LibreNMS

Posted on November 21, 2022 by admin

In the post, we’ll be adding a custom OID for a Ubiquiti Solar Charge Controller.

Find the device OID
Add the Custom OID in LibreNMS
Check the graph

Find the custom OID

Check out the following post if you are trying to add a Ubiquiti Solar Charge controller graph to LibreNMS. Otherwise you may need to do some googling around looking for the OID.

OIDs for UI / Ubiquiti Solar Charge Controller

Add Custom OID in LibreNMS

Go to your device -> Settings(Little Gear) -> Custom OID -> +Add New OID

Adding Custom OID in LibreNMS for Ubiquiti UI Charge Controller

Couple notes about the information.
– There needs to be a 0 after the end of the OID.
– Data Type needs to be Gauge, Not Counter. A gauge can go up and down. A counter just counts up.

Hit “Test OID” and you should get a little notification saying it got a value for the OID. In this case 25572.

Test Custom OID in LibreNMS for Ubiquiti UI Charge Controller

Now Hit “Save OID”

Check the Graph

Now LibreNMS should start graphing our Custom OID. You may need to give it a minute to start showing data.

The graphs show up under Graphs -> Custom OID

OIDs for UI / Ubiquiti Solar Charge Controller

Posted on November 21, 2022 by admin

Here is a list of OIDs for Ubiquiti’s solar charge controller. You can download the

Top interesting ones are

Battery Voltage 1.3.6.1.4.1.41112.1.11.1.1.2
Panel Voltage 1.3.6.1.4.1.41112.1.11.1.2.2

snmptranslate -Pu -Tz -m ./UBNT-MIB:./UBNT-SUNMAX-MIB
"org"                   "1.3"
"dod"                   "1.3.6"
"internet"                      "1.3.6.1"
"directory"                     "1.3.6.1.1"
"mgmt"                  "1.3.6.1.2"
"mib-2"                 "1.3.6.1.2.1"
"transmission"                  "1.3.6.1.2.1.10"
"experimental"                  "1.3.6.1.3"
"private"                       "1.3.6.1.4"
"enterprises"                   "1.3.6.1.4.1"
"ubnt"                  "1.3.6.1.4.1.41112"
"ubntMIB"                       "1.3.6.1.4.1.41112.1"
"ubntORTable"                   "1.3.6.1.4.1.41112.1.1"
"ubntOREntry"                   "1.3.6.1.4.1.41112.1.1.1"
"ubntORIndex"                   "1.3.6.1.4.1.41112.1.1.1.1"
"ubntORID"                      "1.3.6.1.4.1.41112.1.1.1.2"
"ubntORDescr"                   "1.3.6.1.4.1.41112.1.1.1.3"
"ubntSnmpInfo"                  "1.3.6.1.4.1.41112.1.2"
"ubntSnmpGroups"                        "1.3.6.1.4.1.41112.1.2.1"
"ubntORInfoGroup"                       "1.3.6.1.4.1.41112.1.2.1.1"
"ubntORCompliance"                      "1.3.6.1.4.1.41112.1.2.1.2"
"ubntAirosGroups"                       "1.3.6.1.4.1.41112.1.2.2"
"ubntAirFiberGroups"                    "1.3.6.1.4.1.41112.1.2.3"
"ubntEdgeMaxGroups"                     "1.3.6.1.4.1.41112.1.2.4"
"ubntUniFiGroups"                       "1.3.6.1.4.1.41112.1.2.5"
"ubntAirVisionGroups"                   "1.3.6.1.4.1.41112.1.2.6"
"ubntMFiGroups"                 "1.3.6.1.4.1.41112.1.2.7"
"ubntUniTelGroups"                      "1.3.6.1.4.1.41112.1.2.8"
"ubntAFLTUGroups"                       "1.3.6.1.4.1.41112.1.2.9"
"ubntSunMaxGroups"                      "1.3.6.1.4.1.41112.1.2.10"
"sunMaxCompliances"                     "1.3.6.1.4.1.41112.1.2.10.1"
"sunMaxGroups"                  "1.3.6.1.4.1.41112.1.2.10.2"
"ubntAirFIBER"                  "1.3.6.1.4.1.41112.1.3"
"ubntEdgeMax"                   "1.3.6.1.4.1.41112.1.5"
"ubntUniFi"                     "1.3.6.1.4.1.41112.1.6"
"ubntAirVision"                 "1.3.6.1.4.1.41112.1.7"
"ubntMFi"                       "1.3.6.1.4.1.41112.1.8"
"ubntUniTel"                    "1.3.6.1.4.1.41112.1.9"
"ubntAFLTU"                     "1.3.6.1.4.1.41112.1.10"
"ubntSunMax"                    "1.3.6.1.4.1.41112.1.11"
"sunMaxMIB"                     "1.3.6.1.4.1.41112.1.11.1"
"sunMaxBatteryStats"                    "1.3.6.1.4.1.41112.1.11.1.1"
"sunMaxBatCurrent"                      "1.3.6.1.4.1.41112.1.11.1.1.1"
"sunMaxBatVoltage"                      "1.3.6.1.4.1.41112.1.11.1.1.2"
"sunMaxBatPower"                        "1.3.6.1.4.1.41112.1.11.1.1.3"
"sunMaxBatTemp"                 "1.3.6.1.4.1.41112.1.11.1.1.4"
"sunMaxPvPanelStats"                    "1.3.6.1.4.1.41112.1.11.1.2"
"sunMaxPVCurrent"                       "1.3.6.1.4.1.41112.1.11.1.2.1"
"sunMaxPVVoltage"                       "1.3.6.1.4.1.41112.1.11.1.2.2"
"sunMaxPVPower"                 "1.3.6.1.4.1.41112.1.11.1.2.3"
"sunMaxOutPutStats"                     "1.3.6.1.4.1.41112.1.11.1.3"
"sunMaxOutCurrent"                      "1.3.6.1.4.1.41112.1.11.1.3.1"
"sunMaxOutVoltage"                      "1.3.6.1.4.1.41112.1.11.1.3.2"
"sunMaxOutPower"                        "1.3.6.1.4.1.41112.1.11.1.3.3"
"security"                      "1.3.6.1.5"
"snmpV2"                        "1.3.6.1.6"
"snmpDomains"                   "1.3.6.1.6.1"
"snmpProxys"                    "1.3.6.1.6.2"
"snmpModules"                   "1.3.6.1.6.3"
"zeroDotZero"                   "0.0"

Get battery voltage

We can get the battery voltage from the controller with the following SNMP walk command. Change the community “ubnt” to your SNMP community.

snmpwalk -c ubnt -v2c 10.96.1.9 1.3.6.1.4.1.41112.1.11.1.1.2

Return value is

SNMPv2-SMI::enterprises.41112.1.11.1.1.2.0 = INTEGER: 24990

You may need to add a zero if you are trying to add the OID in LibreNMS for a custom OID.

Custom OID not not working but snmpwalk test does?
byu/tb808 inLibreNMS

Install NetworkMiner on Kali Linux

Posted on November 18, 2022 by admin

The Network Miner tool is a handy little utility that works great on Windows. It sorta works on Linux. Doesn’t appear to be able to read the traffic coming off the interface, but you can drag and drop a pcap file on it. You can export a pcap file from wireshark, but it needs to be a pcap, not the newer default pcap Wireshark defaults to. Can change it in the “Save as:”

Install Prerequisites

sudo apt install mono-devel

Download and Configure

wget https://www.netresec.com/?download=NetworkMiner -O /tmp/NetworkMiner.zip
sudo unzip /tmp/NetworkMiner.zip -d /opt/
cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/

Should be ready to launch.

Launch Network Miner

mono /opt/NetworkMiner*/NetworkMiner.exe

Further Thoughts and Reading

You could potentially get a live view of what is going on by using the “Receive Pcap over IP”

Maybe use something like

tcpdump -i wlan0 | nc localhost 57014

The following links should help and provide more information.

https://www.netresec.com/?page=Blog&month=2014-02&post=HowTo-install-NetworkMiner-in-Ubuntu-Fedora-and-Arch-Linux

https://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner