When In Doubt, Capture Packets

While NetFlow--the subject of my last three posts--is a tool that I use constantly for getting visibility into network traffic, sometimes you need to look at complete packet contents. I have a saying at work: "When in doubt, capture packets." The first few times (or maybe few dozen times) you troubleshoot a problem by using raw packet captures, it'll be confusing and time consuming.

Read more

NetFlow Part 3

In the previous post, we looked at the NetFlow top-talkers feature, which is probably the quickest way to get traffic-level details about what's happening on a router in real time. There have been a couple of comments from people wanting to know more about NetFlow versions, and other NetFlow commands. I want to stay focused on stuff that the average mid-level engineer can do without purchasing additional tools, so to close out our NetFlow series of posts we'll take a look at some of the CLI features related to NetFlow version 9.

Read more

NetFlow Top Talkers

In the last post, we discussed some of the basic ideas behind NetFlow, which is sort of like the Swiss Army Knife of network visibility tools. In this post, keeping with the spirit of "quick-and-easy" ways to improve your productivity, we'll look at some of the CLI tools for use with NetFlow.

Read more

NetFlow Part 1

NetFlow is one of those tools that's been around forever, but until the last few years it hasn't received a lot of attention outside of service provider and large enterprise networks. Recently, there have been a lot of NetFlow tools released by various vendors that are aimed at the mid-sized business market. What I'd like to do here is briefly introduce NetFlow for those who might not be familiar with it, then talk about how to use it from the IOS command line without needing to install any additional server-based tools.

Read more

Finding IP Addresses

One of my favorite writers in the IT world in general, and in the security world in particular, is Richard Bejtlich of Taosecurity and General Electric. One of the main points that Richard makes again and again in his books and blog posts is that visibility is (or should be) one of the key factors in any type of security design, regardless of whether you're designing network, host, or application components.

Read more

More Useful Output Modifiers

In my introductory post, we looked at some of the more obscure output modifiers, such as the "redirect" and "append" filters. In this post, we'll look at some of the more common ones. Most people who have been around IOS for a while know about the "begin", "include", and "exclude" modifiers. The utility of these tools is limited primarily by one's creativity, but at the risk of blogging the obvious, I want to show some of my favorites.

Show Only Interfaces with Assigned Addresses

Read more

Introductions and IOS Output Filters

First off, let me introduce myself and the blog. I'll be guest blogging for the month of May. I'm a network engineer for a mid-sized company in Colorado. I've been in IT for about 15 years, with about 10 years devoted to network infrastructure, focusing mostly on Cisco products. During this time I spent four years as a Cisco instructor for Global Knowledge, teaching all the CCNA and CCNP courses. Before stating in the infrastructure world, I did system administration, mostly in the UNIX/Linux realm. I got my CCIE in Routing & Switching in 2007.

Read more