Recover the FTP password via TCPDUMP

I always keep my frequently used files in my FTP server, at the same time, and i have my password saved in my FTP client in my laptop as well. So when i need to login to my FTP server from another machine, i was like “hmm…. what was my password now?”

Since FTP is run via plain text, there is no encryption at all. So i have recovered my password via TCPDUMP and the username and password are “everyone”.

Continue reading

Cisco ASA – Site to Site IPSec VPN with dynamic IP address

Setting up a policy based site to site IPSec VPN tunnel with static IP address is quite stright forward in Cisco ASA, but what if one of the end point is using dymanic IP address?

In this lab, I will be using 2 virtual ASA (9.6(2)) to create a site to site IPSec VPN tunnel, as well as setting up Cisco VPN client in one of the ASA with static IP address.

The ASA-F14 is the one with static IP address, and the ASA-F16 is using dynamic IP address.

20161221-mpls-2vrfs

Continue reading

MPLS VPN – routes sharing between 2 different VRFs across the MPLS network

The beaut of MPLS VPN is to have multi tenants running over the same MPLS core network and each tenant are prevented to access other tenants networks. But what if the 2 different tenants want to connect to each other?

In the lab below, we have 2 different tenants and they are 1120020010 (RT:200010) in Router 12 and 1030010010 (RT:100010) in Router 03. By default, the ASAs connected to these VRFs cannot communicate since they are in 2 different VRF network. In this case, I will be using Cisco IOS and Juniper MX to let 2 different VRFs to connect together.

20161221-mpls-2vrfs

We could check the existing configuration and the route table in Router 03 and Router 12

Continue reading

Cisco ASA – simple 1 to 1 NAT and firewall policy setup

For those who had been working with Cisco routers, setting up a Cisco ASA stateful policy is as simple as setting up an ACL.  By default, ASA would drop any TCP connection that doesn’t have a session record created with a sync packet. In that case user doesn’t require to a setup ACL for return traffic like working with routers.

In this example, we have 192.168.104.250/32 as the server in the DMZ and have the have NAT 1 to 1 incoming traffic mapping applied to allow internet user accessing the http service only.

The IP address of the firewall is 10.50.2.10/29, and we will assign the mapping of the server to another external IP address of 10.50.2.11

20161215-vasa-lab-nat Continue reading

MPLS – check the label switching path with Juniper Junos and Cisco IOS

How yall doing guys. It has been some times putting anything new to my blog. I think I will put some more materials that focus on troubleshooting wise stuffs. This time, I will present the way to check the label switching path or routing path of the MPLS VPN traffic that run on top of the OSPF and LDP protocols.

Here is the Topology. The lab is build with both Cisco IOS (C1000v) and JunOS. There is 2 subnets in the VRF which are 192.168.104.0/24 and 192.168.109.0/24 and they are located in the R3 and R10 respectively.

20161215-mpls-lab

 

Continue reading

Networking – layer 2 communication.

Compute networking sometimes gives new ITers a feeling of confusion and complication when they start learning networking, this post will simply explain it in laymen terms and provide a basic concept and some basic configuration on Cisco productions for reference.

So what is layer 2 communication? What does it provide or allow us to do? What is networking HUB and what can it do? What is the different between network switches? What are LAN and what are VLANs? (This post will explain the ethernet network only) Continue reading

Cisco packet tracer

I have starting picking up one of the official network similator these days to learn about the ASA. The last time I used it was 7 years ago, and it didn’t have much of the routers n features r allowed to be simulated compare to the decent version. Some of the readers might think why would I start playing with packet tracer with there r many of the option in the market like GNS3. It s simply because it allows me to be lazy for setting up labs without going through the instability issues.

The newest version of packet tracer as of 2016 Oct, it has wifi, ASA, router, n switches can be used for simulation. Although it doesn’t cover all the features from the production environment, it still allows users n anyone who s new to Cisco to get a feeling of it. The best part of the tracer is to check the packet behaviours with a decent 4G ram device, which cannot be done with GNS3 running wire shark (not really cant be done, but it would be slow enough to piss everyone off). Continue reading