Skip to main content

Posts

Showing posts from 2010

IPIP tunnel creator via bash

1: #!/bin/bash 2: # 3: # Tunnel ipip Automation 4: # Creator: Shiran Guez 5: # 6: TUN_ETH="eth0" 7: IP_DEST_EXT="" 8: TUNNEL_IP_SRC="" 9: TUNNEL_IP_DST="" 10: _CREATE_ () { 11: echo "Please enter the name of your local interface [eth0 is default]: " 12: echo "[ To Skip enter >>>skip<<< ]" 13: while :; 14: do 15: read COMM_ETH 16: if [ "$COMM_ETH" == "skip" ] ;then 17: break 18: elif [ "$COMM_ETH" == "eth0" ] ;then 19: break 20: else 21: ifconfig "$COMM_ETH" >/dev/null 22: if [ $? -eq 0 ] ;then 23: TUN_ETH="$COMM_ETH" 24: break 25: else 26: echo "You have entered a wrong ethernet interface" 27: echo "Please try again: " 28: fi 29: fi 30: 31: done 32: localip=$(ifconfig $TUN_ETH | grep Bcast…

OT : mp4 to mp3 conversion tool

Hi All I have decided to share with you something I did for my self as I found my self doing many conversion of mp4 to mp3 for my iPhone, i did an automation script that takes the path of a directory or file and convert all mp4 to mp3.#!/bin/bash# mp4tomp3## Cool Tool created to automate the conversion process of mp4 files to mp3## Creator : Shiran Guez## Created under ubuntu but should work on any linux distribution # That have ffmpeg installed##CONVERTER_PATH=$1if [ -z $1 ] ; then CONVERTER_PATH=$(echo "`pwd`")fiif [ -d $CONVERTER_PATH ] ; thenfor i in *.mp4do ffmpeg -i "$i" -f mp3 -ab 192000 -vn $(echo $i | sed 's/.\mp4/.\mp3/') done echo "Done"else file $CONVERTER_PATH | grep "MPEG v4"if [ $? -eq 0 ] ;then ffmpeg -i "$CONVERTER_PATH" -f mp3 -ab 192000 -vn $(echo $CONVERTER_PATH | sed 's/.\mp4/.\mp3/')else echo "That is not a valid format of mp4 file to convert" echo…

eBgp-Multihop vs. ttl-security

Today I have answered one of the Cisco CCIE groupstudy questions on the relation between the two features.To understand the relation first lets explore what each feature job and purpose in life:
eBgp-multihop – like in IGP the default ttl for packets is 1 and that is to ensure delivery only to the directly connected network node, but unlike IGP eBgp is often (in real networks) established via interface loopback and because packet generated / sourced from Interface loopback going out the router using its next hop interface that break the communication as 1-1 = 0 and 0 TTL mean packet can’t be delivered to destination, so what to do?!
increase TTL (is the answer :-)) 
using the eBgp-multihop is like simply indicating what TTL should be set to the packet to ensure delivery to the desired network ttl-security – so we now understand the eBgp affect packet going out of our system by manipulating its TTL,
How do I prevent neighbor coming 10 hops away from me?!
you set the ttl-secu…

OT : DropBox Very Cool

I have discovered that service just last week and my life was changed since then, dropbox provide a share with all your PC’s with versioning of files and other very cool features.How many times you transferred a file from your home pc to work pc or the other way around and if you like me that have 2 pc at work laptop and 2 pc at home well… I hope you get the picture :-)https://www.dropbox.com/referrals/NTk3NTUxNzY5

How I Started?!

My first encounter with Cisco was at year 2000 when I had just started in a small startup as MS sys admin, the company wanted to develop some proprietary voice codec as that was not very successful they wanted to channel there knowledge to make money and VoIP calling cards was the way, in 2000 it was something very fresh and not high quality (very buggy) but the main goal was to save for the card distributers and make some money.So why am I telling you all thins, I realized that I have never did a VoIP article although that was one of the first topics I learned and worked with Cisco products, I think I should dedicate some words to that part of my past.May be I will start and tell you how our first setup  looked like back then component wise and lets see where it takes us, so “what we had there” (small joke for all Israeli):Israel Side
3640 with 4 E1 voice cards module IOS was I think 12.0 or 12.1 with voice feature set (sorry cant remember)
US Side (Hudson 60)
Nortel PBX c…

L2L IPSec Tunnel ASA to IOS

I would like to share with you a case I got that allowed me to explore the ASA, as I am no ASA expert I hope that is not to dumb and will provide some added value but if not then ok I will share it anywayFor the case study here lets say there is no network beside the diagram you will see bellowFirst I would like to share configuration and some debug commands (and there output).###ASA crypto isakmp enable <outside-if-name>
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400

access-list IPSec-traffic extended permit ip <SOURCE_NET_SERVER_FARM> <DESTINATION_NET_HOSTS>
crypto ipsec transform-set TS esp-des esp-md5-hmac
crypto map IPSEC 10 match address IPSec-traffic
crypto map IPSEC 10 set peer <C2800-DST-IP>
crypto map IPSEC 10 set transform-set TS
crypto map IPSEC interface <outside-if-name>
tunnel-group <C2800-DST-IP> type ipsec-l2l
tu…

RIP V2 Analysis

it is very basic stuff but will give you some prospective on how the RIP process works on Cisco router.
When you start the RIP process initially until you define the first network under it you will not see any process runningas you can see from above print once I have entered a network 3 process came up, RIP Router the main process RIP send and RIP Timers each name is simply enough self explanatory. now after I have added my own network I will send a request for receiving the full routing table How do you know that this is a request well just by looking into the wireshark you can see he did the hard work for you but actually it is not that hard as the first byte is either 1 or 2. 1 for request, 2 for response the whole algorithm is laying on this 2 messages, another interesting part about this message is that the metric is set to 16 witch is infinity in RIP world.now, once I start adding more network’s to be advertised the router start sending response packet every almost 30 seconds…

Some IPv6 Basics

IPv6 is one of my favorite topics as it looks very complex but it is really nice and easy.easy deployed easy to manageIPv6 Header as you can see constructed of 8 bit – Version 8 bit - Traffic Class (also known as TOS byte) 20 bit – Flow Label 20 bit - Payload Length 8 bit – Next Header 8 bit – Hop Limit (similar to TTL idea) 128 bit – S. Address 128 bit – D. AddressTotal 40byte headerCompare it to the IPv4 Header:You can see a smaller header 20byte but much more complex and with the options it can be extended up to 60byte so that is much more then IPv6 Ok now I would like to get to some demonstration of how easy just to get you the taste of IPv6 On my PC (OS-Win7) i didn't configure any IPv6 manually, by default OS win7 and most linux distributions are IPv6 enabled once installed, what that mean you ask?! It mean ipv6 link local address is configured automatically, now for those of you that are new to IPv6 you will ask me, what is link local IPv6 address?! Link Local – it is a no…

[ OFF TOPIC ] Wet iPhone

Few days ago I have been driving my motorcycle back from work to my home, there was at the time an unexpected pouring rain, needless to say I was wet to my bones When I have arrived home I saw that my iPhone suffered a wet shower, I didn’t know if it damaged my iPhone as it was functioning, so I went to sleep. the next day I tried to open my phone and my precious iPhone refused to function properly, the screen was really dark, I started to cry (not really) then I went to my friend to search for a solution, I saw that someone had saved his blackberry using a bawl of rice, I was skeptic and started to plan the funeral but I have inserted my precious to a bawl of rice (Persian rice), then after almost 2 nights I have opened my iPhone and like magic it started speaking to me again.conclusion: driving in motorcycle in the rain can damage your iPhone!A bawl off rice can be more then a Chinese side dish

[ OFF TOPIC ] VMWARE ESX Clone

Ok, I wish to share with you a tool I created and is helping me in my day to day work. for thouse of you that are using ESX or ESXi (especialy the ESXi as it is free) without the Virtual Center you probebly noticed that there is no clone option, now it is no problem for us tech people to overcome this problem, but some times we are lazy (dont tell that to anyone).I have done a simple shell script that run under the ESX or ESXi console (in the ESXi there is the unsupported console) please noice as I written it very fast and for my use it has almost no tolerance for user error so play with care. Get it here

TCP Over Satellite communications

First I would like to say it has been a very long time since my last article, but now I am in the mode for writing so I would like to share my expireance with TCP and Satellite Communication challanges. I am working at Expand Networks and one of our advantages is in optimizing TCP communication in challanging enviorments such as Satellite, so what is so challanging you ask?? The Satellites we use for communication are up in the sky ~35000 kilometer away from ground also called GEO Sat Communication between ground station to the Satellite easly impacted from enviorment (clouds, rain, snow, solar events...)Satellite is a shared resourceAll the Satellite set a big challange in TCP communication, one of the main is RTT (round trip time), the other is packet loss due to channel error's the satellite may encounter.To overcome this challanges we use some of the avilable TCP enhancments avilable such as: proxying the TCP session and in the session over the satelite increasing Window Siz…