If I was to write a movie script, on a Manly Man Sys Admin who would I use a base to draw from. It’s certainly not some of the total knobs that have been pushed on us by Hollywood casting agencies. Look how they had portrayed us with folks like Matthew Brodrick, Keanu Reeves, Johnny Lee Miller, Pierce Bronsan, etc... OK, Kevin Smith I understand but the others, Come on man!! Nope if I was to write a script about a Manly Man Sys Admin it would be based on one Dude. A Dude that broke the friggen mold on Manliness. A Dude that was so darn tough and hard core that he actually had to die in his sleep because that was the only way death could sneak up on him. That Man is Theodore (don’t call him Teddy) Roosevelt. Heck there is even a Manly man website dedicated to the Roosevelt lifestyle: http://artofmanliness.com
Theodore Roosevelt was tough. He got shot in Milwaukee by a would be assassin and before he went to hospital he STILL stood up gave a 90 minute speech with the blood running. He is the only President to win the Medal of Honor and he and his son are only one of two Father-Son to win the MoH. He boxed (and lost sight in one eye because of it), was a brown belt in Judo and swam buck naked in the Potomac every morning (Of course I think Clinton did that..) So my question is simple;
What IOS features would Theodore Roosevelt; IOS Warrior, Keeper of the Faith, Defender of the Perimeter, Cisco Certified Everything classify as Manly Man IOS features?
But being a meat head with a strong back and weak mind is not good for anything except reality shows. Roosevelt is also considered the most well read of any President ever. So he knows his stuff and my guess is it would boil down to three awesome features he would use over other ones.
Metro Sensitive Male, Men’s Health Lifetime Subscriber Feature 00x01:
Access Control List
ACL are certainly cool but they are not the answer to everything. It is certainly true that a network without ACL’s is a lab network. While ACL’s are great for policing out the headers of packets, they really bite for taken action of the data piece and truthfully, that is normally where the problem exists. If I am a hacker trying to slip a package thru your network, I would use a socket that normally used for other rare applications. Like client based SQL (AKA: Slammer) good luck blocking that with your girly man ACL.
Roosevelt’s Bot Buster:
Flexible Packet Matching
The Bushido of IOS security features, Flexible Packet Matching (FPM) enjoys a liberty and massive flexibility that many other features do not; it is a framework more then it is a feature. FPM is like a Navy SEAL team, I deploy them in when absolutely positively nothing else will work, they do their job in secret and then they return to base. FPM is the same way. Since it is a framework I have to tell it what it is looking at for a baseline. If I want to look at an IP packet I have to tell the system what a valid IP packet looks like field by field. Now, this is a real piece of cake since Cisco has already wrote and defined these. They are called Protocol Header Definition Files (.phdf) and there is one for each protocol. As a rule of thumb, I download all of these and load them into flash. I just up arrow this command until I have loaded all five (IP, ICMP, Ether,TCP,UDP):
TWTVrouter# config t
TWTVrouter(config) load protocol flash:ip.phdf
The next part is telling the system what and where it is looking for abnormal data. This called the Traffic Control Definition File. Cisco has a few online but they are old and should really just serve as an example. The I just fill in the blanks for what I am looking for.
The possibilities are endless with FPM and I just barely barely scratched the surface here. For more info please go to:
http://www.cisco.com/go/fpm
and check out my exclusive one hour FPM workshop “Defending Your Router in 256 bits or Less”:
http://bit.ly/RAaAL
Zima Drinkers Packet Sniffing Methodology 00x02:
SPAN port and WireShark
Just like ACL’s there is a time in a place for this method of packet capture. Packet capture should be thought of as a troubleshooting method. Traffic monitoring on the other should be done with a passive tap. Permanently SPANning a port for IDS/IPS is not a good idea. It puts a huge tug on the CPU, it is not as accurate and easy to overrun.
Roosevelt’s Newcastle Method:
Embedded Packet Capture
Go to the source! Embedded Packet Capture (EPC) is the onboard packet capture method that allows me to snag IPv4 and IPv6 right off the CEF path for analysis. Config’ing this Manly Man feature is a two part-er:
- I have to tell the system where to store the data. This is called a Capture Buffer
- I have to tell the system where to capture the data at. This is called a Capture Point.
Now let’s light the candle on this feature! First thing I need to do is config the capture buffer. There are a TON of options here. As a rule of thumb this is the one I normally use:
TWTVrouter# monitor capture buffer iospcap1 size 58 max-size 256 circular
I have just told the system to config a buffer named "iospcap1" with a size limit of 256 bytes and to overwrite older entries.
Now I config up my capture point to tell the system which port I want to grab data from:
TWTVrouter# monitor capture point ip cef ipGE0/7 GigabitEthernet 0/7 both
OK, here I am telling the system to capture IPv4 data in the CEF path. I give it the local name ipGE0/7. The capture port is GE 0/7 in both directions.
Now I map the local name I gave to the capture buffer and the capture point with the command:
TWTVrouter# monitor capture point associate ipGE0/7 iospcap1
Launch it!! I active the feature by turning on the capture point:
TWTVrouter# monitor capture point start ipGE0/7
Last step is to get it off the system so I can check it out with my favorite packet decoder Wireshark. I am offloading the buffer to a tftp server.
TWTVrouter# monitor capture buffer iospcap1 export tftp://192.168.1.99/iospcap1
This is such a smokin’ awesome tool that you can pull out and use anytime and get great results. You can just bet that we will feature this on an upcoming episode of TechWiseTV. Until then check out this feature at:
http://www.cisco.com/go/epc
Hey You! Watching The Notebook and Eating Butter Free Popcorn Feature 00x03:
Layer One Troubleshooting
Cable plant problems are worse then a football weekend away at your in laws that only watch Fox news and Matlock. Chasing those ghosts thru a network is a real pain. Of course I could drop a few grand and get a Fluke analyzer which works great but still takes time to do. I could also just start replacing cables but many times messin’ around with older cables can now induce problems into cables that were working great before. Layer One problems suck.
Roosevelt’s Rough Rider Recon Tool:
Cable Test
The built in Time Delay Reflectometer in IOS is one of the most under used tools in the entire code stack. Yet it can help solve a ton of cabling issues or dispel any mixed vendor connectivity finger pointing issues. This is a switching command and only works on tri speed copper ports (10/100/1000). Piece of cake to config this feature:
TWTV3750# test cable-diagnostics tdr interface gigabitethernet 1/0/4
The system will echo back a response:
TDR test started on interface Gi1/0/2
Then it will think about it for a few seconds and you can now view the results by running the show command:
TWTV3750#show cable-diagnostics tdr interface gigabitEthernet 1/0/4
There are certainly a bunch more IOS stuff we could talk here, but hey I need to save that stuff so I can have more to write about later!! Give some of these tools a test drive in your lab and picture where you could have used them before to save some time or just earn some major league geek fame and glory points!
Hey, I also want to give a shout out one of my favorite Cisco Warriors; Jennifer Geisler. Jennifer is now part of the TechWiseTV Team. She also moonlights on another series that I really enjoy called Fact or Fiction. Recently, she did an episode on; “Will the Nexus 7000 replace the Cat 6500 in the Data Center” she pinned down some goober Exec and held his feet to the fire! Check it out at: http://www.youtube.com/watch?v=bkpL4YKhNJY
Jimmy Ray Purser
Trivia File Transfer Protocol
If you have watched a movie since 1951 no doubt you have heard a Wilhelm Scream. It has been used so many times it is now considered an insiders joke to use it in a movie at least once. Check out this clip of famous Wilhelm Screams and get in on the joke!
http://www.youtube.com/watch?v=4YDpuA90KEY
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.
The Leader in Network Knowledge
your writing
Your writing is atrocious. Learn English grammar including proper punctuation. Then take a writing class or two or even three. If you believe that have important things to say then you need to learn how to communicate.
Reply
Thank you for the feedback. Yeah, I know it really is bad, I have been told... Sometimes my editor Jeff Caruso even steps in and edits it! Here's the thing; When I am looking at taking time out for training, a writing class Vs a technical class...the technical class is always going to win. So unless the red/green squiggly line in Firefox gets better at spellin' and grammar, chances are slim that it'll improve much.
I am grateful you stuck it out and bared with the sucky grammar. My hope is the core of the message was good and you can use the stuff I brought up or make recommendations to the rest of the community on better tools/methods.
Thank you again for the feedback
Jimmy ray
You rock Jimmy Ray
I don't care about your grammar or spelling. The fact that you are who you are and make no bones or apologies for it is awesome. You're one of the few guys in tech that can pull off the accent, destroy the English language in your blog posts, and still bring a smile to the faces of your readers/viewers.
Keep up the great work Jimmy Ray, you have a lot of fans out there. Not many tech geeks are as down to Earth as you.
You are an idiot.
You are an idiot.
You are pathetic even on the Cisco layoff blog
Why don't you take your criticism somewhere else. Bitterness because you got severed from Cisco doesn't mean that you should take it out on this magazine.
say what?
Hey, "Your writing is atrocious."
You dropped a word. Didn't you really mean to write, "If you believe that have important things to say then you need to learn how to communicate," or something along that line?
Sorry, couldn't resist, er' excuse me; I'm sorry, I could not resist.
rick.
PS - great article.
"If you believe that have important things to say then you need"
"If you believe that have important things to say then you need" !!!!!!!!!!!!!!
first of all , me and i am sure other readers of Jimmy blog like his type of gummers and most importantly the valuable information he freely give to us.(if you will pay for a 4 boot camp and pay 5000$ you will get my point of view).i am from iran and while my native languages is not English but I really enjoy his blog even the last one .if you don’t know about the Navy Seals and FPM I recommend you first dig into the www.socom.mil for 400 or 500 time and then read ICND v.1 ( Cisco ACL basic ) for 1000 or maybe 2000 or maybe 3000 time.Ohhhh , maybe you are not even a network guy , if so what the hell you doing here ?
for clarifying the readers, the contents that jimmy talk about them are the great tools that is within your IOS but if you don’t read the Cisco IOS Configuration guide thoroughly , you don’t even know that these features are available for your Routers/Switches.check the Cisco “Turn it On” Program that jimmy talk deeply about these great features.
http://www.cisco.com/web/strategy/government/usfed_tio.html.
Ahh.if you think I am the Jimmy’s friend (I wish I can be) or His lover you are wrong. we are thousand miles away from each others and the only thing that i know about him is his great knowledge about Networking/Security , TechWise TV , his blogs and his ultimate fun about SOF.
now let talk about the FPM and some little update.if you are running Cisco IOS 124-15T7 or later you don’t need the PHDF files to downloaded from Cisco and sit on your router flash.they are built on the IOS and you just to need load them up (the Cisco FPM docs mentioned about the update).
While you are on Global configuration Mode , type :
load protocol system:fpm/phdf/ip.phdf
load protocol system:fpm/phdf/tcp.phdf
load protocol system:fpm/phdf/udp.phdf
load protocol system:fpm/phdf/icmp.phdf
Again, thanks Jimmy for his valuable topic that shared with us.
Ali
Reply to My Friend Ali
Thank you Ali!!! This is great info and I certainly consider us friends!
Jimmy Ray
Nice video on the 6500
As always, great stuff. For those of you that haven't clicked on the link, John McCool is the GM for both the Catalyst and Nexus lines.
BTW - you are excellent at conveying useful information in a way that many (if not most) people find engaging. DON"T CHANGE THAT!
Readers that prefer proper grammar can always check out the release notes.
Reply
Thank you for the kind words!!
Jimmy Ray
Post new comment