Friday, August 27, 2021

Remove encapsulation from pcap packets

 





Hello,

Recently I was troubleshooting some flows, and I needed to know what went trough a GRE tunnel. After reading some tutorials, especially including Wireshark (which did not work) I found the perfect tool to help you de-encapsulate your packet : ipdecap ( website - github )

1) Install

In theory, installation is simple. In practice, you will need to tweak a bit :

Packages needed = autoconf, automake, libtool, openssl, libpcap, libpcap-devel

Install procedure =

wget https://loicpefferkorn.net/ipdecap/ipdecap-0.7.tar.gz
tar xvzf ipdecap-0.7.tar.gz
cd ipdecap-0.7
sh autogen.sh
./configure
make
make install

But you might encounter errors such as :

ipdecap.c:28:45: fatal error: pcap/dlt.h: No such file or directory

I could not find the requested file on my server, so I went ahead in the src/ipdecap.c file and deleted the line. Afterwards it worked fine.

2) Use


It is relatively easy to use

  • Remove GREP encapsulation from packets located in gre.cap file, and write them in output.cap
    $ ipdecap -i gre.cap -o output.cap
  • If you have multiple tunnels encapsulated, just repeat the previous step.
  • Remove ESP encapsulation, configuration in esp.conf
    $ ipdecap -i esp.cap -o output.cap -c esp.conf

Merci a loicpefferkorn pour ce package !


Posted by at No comments:

Friday, August 13, 2021

Update F5 chassis licence

 

,


Updating a licence on a F5 Chassis can be a tricky time. Let's review the necessary steps:

0) PREPARE

0.1) VCMP cluster sync

Via tmsh/cli   [ ACTIVE node only ] 

show cm sync-status
show cm failover-status


run /cm config-sync to-group CLUSTERGROUP

0.2) Check VCMP Host status

 show vcmp guest all-properties | grep "Comment\|deployed\|Prompt"

0.3) Take a licency copy in case

bash
tmsh show sys license
cd /config
cp bigip.license  bigip.license.DATE
ls -la | grep license

0.4) If GTM is used, in case of standalone think to deactivate the nodes that will be licence updated, considering that wideips would point to multiple standalone units.

1) EXECUTION

1.1) On Standy unit

check standby units : show vcmp guest all-properties | grep "Comment\|deployed\|Prompt"
if you need to failover an ACTIVE node : run sys failover standby
F5 procedure: 

To re-activate the license with the Add-On registration using the manual activation method, perform the following procedure:
1. Log in to the Configuration utility. 
2. Navigate to System > License. 
3. Click Re-activate. 
4. Paste the Add-On registration key into the Add-On Key field and click Add. 
5. Click Manual. 
6. Click Next. 
7. Copy the dossier and connect to the F5 Product Licensing page at the following address: 
https://secure.f5.com
8. On the F5 Licensing Tools page, click Activate F5 product registration key for BIG-IP 9.x and later. 
9. Paste the dossier into the Enter your dossier field, and click Next. 
10. Copy the license returned by the F5 Product Licensing page and paste it into the License field in the Configuration utility.
11. Click Next. 

1.2) Failover the nodes within clusters

show cm failover-status

! If ACTIVE, failover

run sys failover standby 

! Check status : STANDBY

show cm failover-status


1.3) The ARP situation

You might want to monitor more precisely what happens to the ARP of all of your VS in your infrastructure where the L3 is managed when the failover is issued. If you still have ARP pointing to the STANDBY node, go into the L3 switch and clear everything :
clear ip arp <ip_address>  vrf <VRF_Name>

You should only be left with SELF-IPs after this step.


With all these steps you should be good to go. Of course your infrastructure will have differences, but that is what they pay you ! đŸ˜…
Posted by at No comments:

Thursday, April 22, 2021

Cisco Modeling Labs (new VIRL name) tips





Hello,

The modeling in networks is still in rough shape and exist in many different products. Today we focus on Cisco tool that I found very practical once you manage to set it up correctly and gain knowledge.

1) Gain access

Either you are a Cisco Partner or an individual, you can access CML either way. The price may vary. Then you get an ISO that you can install wherever you want, and a small setup defining the IP of the tool and setup users that will have access to it.


2) Use the lab


You have already defined Cisco nodes with various IOS available. Just drag and drop then press the green arrow just like a VM in VMWare and it will boot.

Keep in mind to define the number of interfaces needed before you boot it as it won't be changeable afterwards.

3) Reach it

 
There is a functionality call "breakout tool" that will allow you to reach each of your lab equipment via SSH or automation. I will detail here how to deploy on a linux VM :

From your CML main dashboard, click on "Tools", then "Breakout tool" to have access to the full documentation.

From your linux VM get the package, for example if your lab can be reached on 10.10.10.10:

wget https://10.10.10.10/breakout/breakout-linux-x86_amd64 --no-check-certificate

Then run the default UI of the tool:

./breakout-linux-x86_amd64 -listen 0.0.0.0 ui

Then you can access the UI and fill all the details such as username/password to connect to your CML.

If you encounter an error like:

Can't refresh data
Get "10.10.10.10/api/v0/keys/vnc": unsupported protocol scheme ""

Just add https:// before the IP address of the lab
 
Then you can get (refresh button) your labs details and then connect to running equipment from your linux VM using the 127.0.0.1 address and custom ports.

4) Import and Export

You can import very easily an already defined lab by using the import button available in your welcome screen in CML once logged in.

If you want to export your current lab you have some steps to check :
    - For each equipment in the lab, click on it, then go to "Edit configuration" and click on "Fetch from device"
    - Get out of equipment focus but still within your lab, click on the "Simulate" tab and the "Download lab". 

You will now have a .yaml file that you will be able to exchange or reuse elsewhere.

5) Add a VM from another technology

You can add other technologies in your lab in order to fully simulate a part of your network. Here are the steps you must go through :

    - Download virtual version of your technology, for example ISO or OVA.
    - Download and install QEMU to convert the vmdk file to .qcow2 format (only format recognized by CML 2.0)
    - copy (SCP) your .qcow2 to the CML server. Make sure you have enough disk space for this upload.
    - Create a node definition matching your technology (you often can find .yaml already defined on internet) selecting your .qcow2 disk image
    - The node is now available to use in your lab

6) Useful links:

 
 
 


Posted by at No comments:
Labels: , , ,
Location: Montréal, QC, Canada
Subscribe to: Comments (Atom)