Under Construction

Coming Soon

Packet Capture - Cisco vs Juniper

Cisco 
monitor capture fileName interface portNumber both 
monitor capture fileName match any
monitor capture fileName buffer size 10
monitor capture fileName start
monitor capture fileName stop
 
***export to flash: or bootflash:***
monitor capture fileName export location flash:fileName.pcap
 
Juniper
Monitor traffic interface <interface> extensive write-file /var/tmp/<file-name>
CTRL + C to stop the capture
Monitor traffic interface <int> write-out /var/tmp/name.pcap

Wireless Cheat Sheet - Aruba AOS vs. Cisco IOS-XE commands

Aruba AOS vs. Cisco IOS-XE commands

Purpose	Aruba AOS	Cisco IOS XE
View AP database (see what APs are up/down plus MAC addresses)	show ap database long	show wireless stats ap join summary
View AP uptime	show ap database long or show ap active	show ap uptime
View AP BSSIDs	show ap bss-table	show ap wlan summary show ap wlan summary | inc lighthouse.*Enabled show ap wlan summary | inc BSSID|lighthouse show ap wlan summary | sec <AP name> show ap name <ap name> wlan dot11 5ghz (only shows the BSSID MAC, not the name of the WLAN too)
View active APs with channel & power assignments	show ap active	show ap dot11 5ghz summary
View ipv4 user table	show ipv4 user-table	show wireless device-tracking database ip show wireless client summary detail
View ipv6 user table	show ipv6 user-table	show wireless device-tracking database ip show wireless client summary detail
View AP association table	show ap association	show ap wlan summary
View what VLAN a client was assigned to	show user ip <user's IP address>	sh wireless client mac <client MAC addr> detail show wireless client summary detail | section <mac addr>
View recent channel changes for an AP (due to radar, errors, interference reasons, etc)	show ap arm history ap-name <AP's name>	show logging profile wireless module radio-history-channel filter mac <AP mac addr>
View interference levels on all channels for an AP	show ap arm rf-summary ap-name <AP's name>	show ap name <AP name> auto-rf dot11 5ghz
View neighboring APs in the area, both APs we manage as well as any other ones in the area	show ap monitor ap-list ap-name <AP's name>	show ap name <AP name> neighbor summary show wireless wps rogue ap list mac-address <AP's mac addr> show ap name <AP name> auto-rf dot11 5ghz
Rename a newly joined AP via the CLI	ap-rename ap-name <AP's current name><new AP name>	ap name <AP's current name> name <new AP name>
View recent auth transactions	show auth-tracebuf	show logging profile wireless filter mac <AP's mac addr> but mostly does not exist
View client table for an AP	show ap debug client-table ap-name <AP's name>	show controllers d0 mostly does not exist
View RADIUS counters	show aaa authentication-servers radius statistics	show aaa servers
View switch & port that the AP is connected on	show ap lldp neighbors ap-name <AP's name>	show ap cdp neighbors
View datapath flows	show datapath session table	IPv4 flows: show flow monitor avc_ipv4_assurance cache format table IPv6 flows: show flow monitor avc_ipv6_assurance cache format table (shows only v4/v6 flows for the SSIDs/WLANs, not the wlc itself)
Reboot a single AP	apboot ap-name <AP name>	ap name <AP name> reset
Reboot all AP	apboot all local	ap reset site-tag <site tag>
See what profiles/tags are applied to APs	show ap-group <AP group> or show ap config <ap-name>	show ap tag summary
Debug a client	logging user-debug <MAC addr> level debugging	debug wireless mac <xxxx.xxxx.xxxx> to-file harddisk::<filename> (will run for 30 min by default) Afterwards: no debug wireless mac <xxxx.xxxx.xxxx> show logging profile wireless filter mac <xxxx.xxxx.xxxx> to-file harddisk::<filename> Example with additional filters by timeframe: sh logging profile wireless start last 1 hours filter mac f4d4.888d.acb5 to-file harddisk::stevetam-m1-16-mbp
Debug IP theft	n/a	Enable verbose logging (temporarily) set platform software trace wireless chassis active R0 sisf-all-modules verbose Wait around 15 minutes, then set log level back to notice: set platform software trace wireless chassis active R0 sisf-all-modules notice Collect the archive trace for the past X days request platform software trace archive last 1 day target <filename>
Debug 802.11r fast roams	show pmk ???	sh wireless client mac-address 8c86.1ebe.9547 mobility history sh wireless stats mobility sh wireless stats authentication sh wireless stats client detail Not currently possible to manually delete a cached PMK from the wlc/AP
Deauth / disconnect a client	aaa user delete mac <client mac address>	wireless client mac-address <client mac address> deauthenticate
Check power supply status	show inventory	show inventory show environment show platform
Check fan status	?	show platform
Check CPU	show cpuload current show datapath utilization	show processes cpu sorted show processes cpu platform sorted
Clear a down AP from the wlc's AP database	From MM: To clear all down APs: clear gap-db lms lms-ip <wlc's v4 IP address> To clear a specific AP: clear gap-db ap-name <AP's name> or clear gap-db wired-mac <AP's MAC address>	clear ap mac-address <mac-address> join statistics (you'll have to use the Base or Radio MAC address instead of the Ethernet MAC address listed in show ap summary - available in 17.3.2 and newer only)
Running a packet capture on the wlc	packet-capture destination local-filesystem For a control path capture: packet-capture controlpath <tcp or udp><comma separated list of ports to capture> For a datapath capture for a specific client: packet-capture datapath mac <client mac address> Stop the packet capture after it's done: no packet-capture controlpath <tcp or udp><comma separated list of ports that were captured> or no packet-capture datapath <client mac address>	If filtering by v4 traffic: ip access-list extended CAP-FILTER permit ip host <x.x.x.x> any permit ip any host <x.x.x.x> If filtering by v6 traffic: ipv6 access-list CAP-FILTER permit ipv6 host <x:x:x:x:x:x:x> any permit ipv6 any host <x:x:x:x:x:x:x> monitor capture MYCAP clear monitor capture MYCAP interface Port-channel 1 both monitor capture MYCAP control-plane both monitor capture MYCAP buffer circular size 100 monitor capture MYCAP match any monitor capture MYCAP limit pps 1000000 monitor capture MYCAP access-list CAP-FILTER Or, filter by client MAC instead: monitor capture MYCAP inner mac <CLIENT_MAC> monitor capture MYCAP start DO THE TEST, THEN: monitor capture MYCAP stop SAVE/EXPORT THE CAPTURE TO A FILE ON harddisk: monitor capture MYCAP export harddisk:my-test-packet-capture.pcap
Restart RRM / Force a run for new channel settings to take effect	n/a	ap dot11 5ghz rrm dca restart
Validate whether an external antenna is currently connected to a 9130AXE or 9120AXE	n/a	show ap name <AP name> config slot 0 show ap name <AP name> config slot 1 or show ap name <AP name> config dot11 5ghz
Clear all config & reset the AP to factory defaults via console	interrupt boot sequence, then: factory_reset	capwap ap erase all
Verify redundancy port state	n/a	Check what kind of SFP is installed (in 17.3 and later): show platform hardware slot R0 ha_port sfp idprom Check the link state of the redundancy port (in 17.5 and later): show platform hardware slot r0 ha_port interface stats Run a test ping on the redundancy port (in 17.5 and later): test wireless redundancy rping
Check AP temperature	n/a	ssh to the AP directly and run show thermal-control-summary
See how the APs / site tags are load balanced across the various wncd processors	n/a	show wireless loadbalance ap affinity wncd X
Use AVC commands to see application traffic stats	n/a	show avc client xxxx.xxxx.xxxx top 10 applications downstream show avc client xxxx.xxxx.xxxx top 10 applications upstream show avc client xxxx.xxxx.xxxx top 10 applications aggregate show avc wlan <WLAN name> top 10 applications downstream show avc wlan <WLAN name> top 10 applications upstream show avc wlan <WLAN name> top 10 applications aggregate show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 downstream show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 upstream show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 aggregate
Check datapath utilization	n/a	show platform hardware chassis active qfp datapath utilization summary show platform hardware chassis active qfp datapath utilization
Run a command on an AP from the wlc	n/a	term mon ap name <AP name> remote enable ap name <AP name> remote command "show xxxx" ap name <AP name> remote disable
Determine what 5 GHz channels are supported by an AP on the wlc in the region/country	n/a	term mon ap name <AP name> remote enable ap name <AP name> remote command "show controllers dot11Radio 1" (look for the output under Allowed Frequency) ap name <AP name> remote disable or, enable ssh for the APs in the ap profile and run the above show controllers dot11Radio 1 commmand
Show interesting wireless client stats, including IP theft counter	n/a	show wireless stats client detail (can filter on "IP theft")
Retrieve archive traces	n/a	request platform software trace archive last 1 day target harddisk:<filename>
Retrieve always on logs for a particular client	n/a	show logging profile wireless start last X hours filter mac xxxx.xxxx.xxxx to-file harddisk:<name of file to save to>
Check negotiated ethernet speeds (for mGig verification)	n/a	sh ap ethernet statistics
Clearing ISSU upgrade process if stuck after a failed ISSU upgrade. *Use with caution and preferably afterhours, as this may require reload, and/or unexpected bahavior.	n/a	#config t (config)#service internal (config)exit #clear install state #show issu state detail *to confirm that the previouly stuck ISSU upgrade is now cleared.
Verify that Primary/Secondary controllers are set for APs on ra-wlcs	n/a	show ap config general | inc Cisco Controller|AP Name
Check the status of the standby wlc	n/a	show chassis rmi show platform software rif-mgr chassis standby R0 resource-status show redundancy states

CS50 Python Project

 #### IP Calculator ####

 #### Video Demo:  https://www.youtube.com/watch?v=TDjcJ8xvxI0

 #### Description:

    This project created an IP calculator which takes an IP from the user then calculate subnet, gateway, mask, assigned VLAN and network realm. The user can enter as many IPs as they want until they decide to exit the program by Control + C on the keyboard. The data entered will be recorded in a CSV file and once the program is terminated, these data will be printed to a table format similar to the table below.

I could have started with standalone methods and a main function, but I really want to incorporate a class along with instance methods to demonstrate and cement what I learned in Lecture 8 - Object Oriented Programming. In addition, for the purpose of utilizing built-in libraries I'm using 'ipaddress' and 'rich', and their relevant objects - IPv4Network, IPv4Address from ipaddress and Table, Console from rich. In particular, Console is similar to 'print' but it allows me to print the network information in a table format.

Inititally I structured the nested try-except clauses in the class contructor but then I realize it's not a good practice to have many syntaxes there. The constructor should really be as simple as possible to just instantitate the object. Hence I decided to bring that block of code to a 'staticmethod' inside the class which seems to make the whole code much cleaner to read in my humble opinion.

Secondly, I was using regex 're.search' to find the pattern for the corresponding subnet from the IP provided by the user - see example below - but it does not look realistic in working environment and the regex is loose as '192.999.999.999' can still match.

if re.search(r"^192.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}", str(self.subnet)):

    self.vlan = 10

    self.network_name = 'Office Network'

As a result, I decided to utilize the existing 'ipaddress' for ranges.

if self.ip in IPv4Network("10.0.0.0/16"):

    self.subnet = IPv4Network("10.0.0.0/16")

    self.vlan = 10

    self.network_name = "Office"

def __str__(self) is used to print out the network details without using multiple prints. get_mask() and get_gw() is self-explanatory as they are built-in to the IPV4Network object.

def write_to_csv() is created to write the network information to a CSV file. Notice that output.tell() == 0 is there before the file is being written and it's basically a check to only write the defined headers only if the file is empty.

def print_table() uses both Table and Console object to write the network information in a table format. I define the title, the colors and name for each column in the table then read the csv file created previously to feed the data for Console to print the CS50 Networks table.

As mentioned above, def prompt_user() is just a static method inside the class to prompt the user to enter an IP address of their device until Control-C is pressed to exit the program gracefully. 'subnet' object is instantiated here 'subnet = CS50_Network(prompt)' and 'print(subnet)' triggers the call to the str method to print all the network details - see example below - then the data is stored in a csv file.

Your subnet is 10.2.0.0/18

Gateway is: 10.2.0.1

Subnet Mask is: 255.255.192.0

VLAN: 30

Network Name: Wireless

Invalid IP will pop up if the IP does not reside in any of the network blocked listed below the constructor and the program will reprompt the user for their device's IP. Once the user is done providing all their IPs, they can hit Control-C to exit the program. The table will be printed first before the program is gracefullly shut down.

In the main function, 'CS50_Network.prompt_user()' basically call the static method inside the class to kickstart the program.