Manly Man IOS Features

IOS features for the bravest and most daring of IOS Warriors

If I was to write a movie script, on a Manly Man Sys Admin who would I use a base to draw from. It’s certainly not some of the total knobs that have been pushed on us by Hollywood casting agencies. Look how they had portrayed us with folks like Matthew Brodrick, Keanu Reeves, Johnny Lee Miller, Pierce Bronsan, etc... OK, Kevin Smith I understand but the others, Come on man!! Nope if I was to write a script about a Manly Man Sys Admin it would be based on one Dude. A Dude that broke the friggen mold on Manliness. A Dude that was so darn tough and hard core that he actually had to die in his sleep because that was the only way death could sneak up on him. That Man is Theodore (don’t call him Teddy) Roosevelt. Heck there is even a Manly man website dedicated to the Roosevelt lifestyle: Theodore Roosevelt was tough. He got shot in Milwaukee by a would be assassin and before he went to hospital he STILL stood up gave a 90 minute speech with the blood running. He is the only President to win the Medal of Honor and he and his son are only one of two Father-Son to win the MoH. He boxed (and lost sight in one eye because of it), was a brown belt in Judo and swam buck naked in the Potomac every morning (Of course I think Clinton did that..) So my question is simple; What IOS features would Theodore Roosevelt; IOS Warrior, Keeper of the Faith, Defender of the Perimeter, Cisco Certified Everything classify as Manly Man IOS features? But being a meat head with a strong back and weak mind is not good for anything except reality shows. Roosevelt is also considered the most well read of any President ever. So he knows his stuff and my guess is it would boil down to three awesome features he would use over other ones. Metro Sensitive Male, Men’s Health Lifetime Subscriber Feature 00x01: Access Control List ACL are certainly cool but they are not the answer to everything. It is certainly true that a network without ACL’s is a lab network. While ACL’s are great for policing out the headers of packets, they really bite for taken action of the data piece and truthfully, that is normally where the problem exists. If I am a hacker trying to slip a package thru your network, I would use a socket that normally used for other rare applications. Like client based SQL (AKA: Slammer) good luck blocking that with your girly man ACL. Roosevelt’s Bot Buster: Flexible Packet Matching The Bushido of IOS security features, Flexible Packet Matching (FPM) enjoys a liberty and massive flexibility that many other features do not; it is a framework more then it is a feature. FPM is like a Navy SEAL team, I deploy them in when absolutely positively nothing else will work, they do their job in secret and then they return to base. FPM is the same way. Since it is a framework I have to tell it what it is looking at for a baseline. If I want to look at an IP packet I have to tell the system what a valid IP packet looks like field by field. Now, this is a real piece of cake since Cisco has already wrote and defined these. They are called Protocol Header Definition Files (.phdf) and there is one for each protocol. As a rule of thumb, I download all of these and load them into flash. I just up arrow this command until I have loaded all five (IP, ICMP, Ether,TCP,UDP): TWTVrouter# config t TWTVrouter(config) load protocol flash:ip.phdf The next part is telling the system what and where it is looking for abnormal data. This called the Traffic Control Definition File. Cisco has a few online but they are old and should really just serve as an example. The I just fill in the blanks for what I am looking for. The possibilities are endless with FPM and I just barely barely scratched the surface here. For more info please go to: and check out my exclusive one hour FPM workshop “Defending Your Router in 256 bits or Less”: Zima Drinkers Packet Sniffing Methodology 00x02: SPAN port and WireShark Just like ACL’s there is a time in a place for this method of packet capture. Packet capture should be thought of as a troubleshooting method. Traffic monitoring on the other should be done with a passive tap. Permanently SPANning a port for IDS/IPS is not a good idea. It puts a huge tug on the CPU, it is not as accurate and easy to overrun. Roosevelt’s Newcastle Method: Embedded Packet Capture Go to the source! Embedded Packet Capture (EPC) is the onboard packet capture method that allows me to snag IPv4 and IPv6 right off the CEF path for analysis. Config’ing this Manly Man feature is a two part-er: - I have to tell the system where to store the data. This is called a Capture Buffer - I have to tell the system where to capture the data at. This is called a Capture Point. Now let’s light the candle on this feature! First thing I need to do is config the capture buffer. There are a TON of options here. As a rule of thumb this is the one I normally use: TWTVrouter# monitor capture buffer iospcap1 size 58 max-size 256 circular I have just told the system to config a buffer named "iospcap1" with a size limit of 256 bytes and to overwrite older entries. Now I config up my capture point to tell the system which port I want to grab data from: TWTVrouter# monitor capture point ip cef ipGE0/7 GigabitEthernet 0/7 both OK, here I am telling the system to capture IPv4 data in the CEF path. I give it the local name ipGE0/7. The capture port is GE 0/7 in both directions. Now I map the local name I gave to the capture buffer and the capture point with the command: TWTVrouter# monitor capture point associate ipGE0/7 iospcap1 Launch it!! I active the feature by turning on the capture point: TWTVrouter# monitor capture point start ipGE0/7 Last step is to get it off the system so I can check it out with my favorite packet decoder Wireshark. I am offloading the buffer to a tftp server. TWTVrouter# monitor capture buffer iospcap1 export tftp:// This is such a smokin’ awesome tool that you can pull out and use anytime and get great results. You can just bet that we will feature this on an upcoming episode of TechWiseTV. Until then check out this feature at: Hey You! Watching The Notebook and Eating Butter Free Popcorn Feature 00x03: Layer One Troubleshooting Cable plant problems are worse then a football weekend away at your in laws that only watch Fox news and Matlock. Chasing those ghosts thru a network is a real pain. Of course I could drop a few grand and get a Fluke analyzer which works great but still takes time to do. I could also just start replacing cables but many times messin’ around with older cables can now induce problems into cables that were working great before. Layer One problems suck. Roosevelt’s Rough Rider Recon Tool: Cable Test The built in Time Delay Reflectometer in IOS is one of the most under used tools in the entire code stack. Yet it can help solve a ton of cabling issues or dispel any mixed vendor connectivity finger pointing issues. This is a switching command and only works on tri speed copper ports (10/100/1000). Piece of cake to config this feature: TWTV3750# test cable-diagnostics tdr interface gigabitethernet 1/0/4 The system will echo back a response: TDR test started on interface Gi1/0/2 Then it will think about it for a few seconds and you can now view the results by running the show command: TWTV3750#show cable-diagnostics tdr interface gigabitEthernet 1/0/4 There are certainly a bunch more IOS stuff we could talk here, but hey I need to save that stuff so I can have more to write about later!! Give some of these tools a test drive in your lab and picture where you could have used them before to save some time or just earn some major league geek fame and glory points! Hey, I also want to give a shout out one of my favorite Cisco Warriors; Jennifer Geisler. Jennifer is now part of the TechWiseTV Team. She also moonlights on another series that I really enjoy called Fact or Fiction. Recently, she did an episode on; “Will the Nexus 7000 replace the Cat 6500 in the Data Center” she pinned down some goober Exec and held his feet to the fire! Check it out at: Jimmy Ray Purser Trivia File Transfer Protocol If you have watched a movie since 1951 no doubt you have heard a Wilhelm Scream. It has been used so many times it is now considered an insiders joke to use it in a movie at least once. Check out this clip of famous Wilhelm Screams and get in on the joke!


Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022