How to Capture Traffic on Cisco ASA / PIX (sniffer) |
To capture traffic on a Cisco ASA or PIX firewall the capture command can be used. Example: Capturing traffic on ASA/PIX You want to capture traffic from/to host 10.100.100.1 located behind the dmz interface. The access-list is optional and is used to filter to interesting traffic pix1(config)# show capture Commands to show capturing results: Command to clear captured traffic: Command to save results to tftp server: copy capture:cap1 tftp://10.1.1.1/dmzhost.txt To save results in pcap format: Command to disable capturing: pix(config)# no capture cap1
This can be very helpful in troubleshooting connectivity issues. I most recently used this to troubleshoot VoIP issues for a customer. |
I recently implemented the Zenoss Enterprise appliance for the City of Houston Airport System to monitor over 250 Cisco network devices located at George Bush Intercontinental (IAH), William P. Hobby (HOU), and Ellington Airport (EFD).
Why Zenoss? According to the CTO of the Houston Airport System, Matt Hyde, the implementation of Zenoss “will give us greater visibility and control over our network devices and reduce our current monitoring costs”. He goes on to say that “within sixty days, we were able to make the switch to [Zenoss] and will pay for the cost of the new system with just two months of network monitoring savings. Total annual cost reductions are over 500%. Rarely do we ever get an ROI of that magnitude and we would not have achieved these savings without the help of Pate Consulting [implementing Zenoss].”
The appliance was nicely assembled in a 1U rack-mountable server. After plugging in the necessary keyboard, mouse, monitor, power, and network cables I powered it on and watched it proceed to boot CentOS 5.3
Aside from the necessary ‘yum update’, all I had to do was configure the correct time, time zone, assign a valid IP address, and setup an SMTP server (if you want Zenoss alerts sent via email, of course). As usual, I recommend Postfix.
Install and configure Postfix:
[root@host]# yum install postfix
[root@host]# vi /etc/postfix/main.cf
Change myhostname to a valid hostname in your environment
Make postfix startup on boot
[root@host]# chkconfig –level 2345 postfix on
[root@host]# service postfix start
Make sure that Postfix and Zenoss are running:
[root@host]# service postfix status
[root@host]# service zenoss status
Once we do that, then its on to the easy part – Zenoss Web Interface.
After adding all 5 networks, Zenoss automatically scanned them flawlessly.
As should be the case, the Cisco SNMP community string was not the Zenoss default ‘public’. This would cause problems if not corrected.
To solve this problem, I edited the SNMP community string in the /Network/Router/Cisco and /Network/Cisco class templates so that any device added to these classes would automatically inherit the correct community string.
Click on “Devices” on the left side menu then select the device class Network. Now, select the device class Router, then Cisco. At this point, the breadcrumb navigation should be “/Devices/Network/Router/Cisco”. This can be found just below the Zenoss logo. Click on the zProperties tab for this class. Change zSnmpCommunity to the new value. Just for good measure, go ahead and put your new community string in the zSnmpCommunities text area as well and save changes. From now on, every device you add to the /Network/Router/Cisco device class will inherit the new snmp community string. This is a lot of work for a few devices, but if you’re adding 250 devices this “feature” is a time-saver!
Overall, I was impressed with the Zenoss appliance and the City of Houston benefited from the power and flexibility of Zenoss.
Forgot your Cisco router password? Did you know you can change them without losing your configuration? In this brief how-to, I will walk you through it. In order to perform a password recovery, you will need to reboot the router a couple of times. This means downtime, but it is a good sacrifice to make in order to get your passwords reset.
First, hook up the DB9 end of the standard light blue serial cable to your serial port. The other end of the cable should plug into the port labeled “Console” on the back of the Cisco router. If you do not have a serial port, then you’ll need to go purchase a USB-to-serial adapter cable and install it on your computer.
Now that your hardware is connected, establish a serial connection with the router.
The settings you need are:
Baud: 9600
Data bits: 8
Parity: No
Stop bits: 1
Flow Control: None
On Windows, I use putty for this connection. Yes, putty can be used to make serial connections as well as telnet/ssh. Hyperterminal works great as well. On Linux, I use minicom and on FreeBSD/OpenBSD, I use cu (cu -s 9600 -l /dev/cuad0).
Reboot the router and press the Break key to interrupt the boot sequence.
For break key sequences, refer to this Cisco link:http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note0…
Type confreg 0x2142. This tells the router to bypass NVRAM during bootup. In other words, your existing configuration won’t be loaded. The good news is that it won’t be deleted either.
Type reset to reboot the router. Answer No when prompted to run setup.
Type copy start run. This loads your startup configuration into memory. Now, if you type a show run config, you’ll see the router configuration. Also, you should notice that your router name is now in the prompt instead of the default “Router”.
Change the enable secret – “enable secret new_password”
Change the register back to 0x2102:
config-register 0x2102
When the router reboots it will load the old configuration with the new password.
Save the password so that it will be persistent during reboots, type copy run start
Reboot the router by typing reload at the enable prompt.
Now, keep that password in a nice safe place – in your head does not count. I keep mine saved in a safe place for future retrieval and I make sure my customers have a copy as well. Remember, passwords are nice until you forget them.