Looking for 100g packet capture solutions Networking |
- Looking for 100g packet capture solutions
- How to discern what is throttling the link?
- T-Mobile Home Netherlands now using DTAG Internet exchange instead of AMS-IX
- Are there any good VDSL modems people recommend for small business?
- Running out of DHCP Leases on /23
- Pulling My Hair Out - Network or SSL Problems?
- Need to connect about 250 wireless devices
- Cable grooming in network closet
- How would you protect this floor mounted fiber patch panel?
- Segmenting a network
- Bad crimp
- Configure VTY lines using ansible
- Mist vs Meraki wireless
- Client VPN in Cloud?
- Apple intermittently breaks TLS sessions to App Store/iTunes on all devices within my network. What is going on?
- ISP & Networking
- FreeRadius w/ DaloRadius, need PEAP authentication for wireless (ubiquiti wpa2 Enterprise)
- Loopbacks for management: Good idea or not?
- Can you explain AWS/GCP VPCs to me? Here's my understanding..
- Wireless bridge client, Cisco, and other options.
- ARP poisoning to imitate another device
- Networking 40,000 square feet and 10 non profits.
- Boston Area Cabling Costs
- Questions about the IPv4 block market and IPv4 block leasing.
| Looking for 100g packet capture solutions Posted: 29 Oct 2019 10:45 AM PDT I have researched several vendors and the prices are generally north of $300k. One solution is intriguing to me - fmad.io, hoping to hear some feedback from existing users. Pricing seems reasonable, I could probably get 2 capture units for half the price the others are asking. Currently using Riverbed Netshark with a 4 x 10G capture card in combination with their Packet Analyzer and like it a lot but not willing to spend the coin on the next gen appliance. Not a huge fan of DIY packet capture box but I could try n2disk, just not sure I could pull it off myself. Any suggestions are welcome. [link] [comments] |
| How to discern what is throttling the link? Posted: 29 Oct 2019 06:15 AM PDT Hello you. I have a site to site link utilising pfsense openvpn. When trying to transfer data across the link, I seem to be capping at 100mbs despite all the links being 1gbs. I have run jperf and that returns the same connection speed. Trying to think of a good way to determine where the throttling is occurring but can't think of a way. Any suggestions would be welcome? CPU seems to be within a reasonable threshold when running the transfer so I do not think it is that either. [link] [comments] |
| T-Mobile Home Netherlands now using DTAG Internet exchange instead of AMS-IX Posted: 29 Oct 2019 11:25 AM PDT Since last Friday T-Mobile home in the Netherlands started re routing all internet traffic first to the German DTAG exchange owned by its parent company. It used to be routed to the AMS-IX In Amsterdam. I'm interested why this led to such an increase in latency and big bandwith throttling. Were they really this under prepared? I'm very interested in a reply from a professional. This just seems really odd for them to do and I have no clue how this would decrease their costs. [link] [comments] |
| Are there any good VDSL modems people recommend for small business? Posted: 29 Oct 2019 05:53 AM PDT We have a VDSL connection here in Australia, over the NBN (National Broadband Network). Rated speed is 100 Mbps down, and 40 Mbps up. The ISP has supplied us with a ZTE H268A ADSL/VDSL modem. Behind this is a Netgate XG-7100 running pfSense 2.4.4-p3. However, the modem can be flakey sometimes - we've had a few occasions where the connection will go incredibly slow (i.e. 3-4 minutes to load google.com) - and we have to power-cycle the modem to fix things. And when we tried to put it in bridge mode (with a pfSense router behind it) - the connection would work for a day or so, then we'd need to power-cycle it. The GUI interface is also slow and frustrating. Is there a VDSL modem that people would suggest? We don't necessarily want the cheapest, but something that's reliable, performs well, and has good manageability. (I can't seem to find any VDSL modems with console access, or out-of-band control). I see the Draytek Vigor 165 is meant to be good, or the older Draytek Vigor 135 or 132? Any other brands/models that are good? There's a list of "officially" supported modems here: https://whirlpool.net.au/wiki/fttn_registered_modem_router#vdsl2_modem_routers_isp_settings And the list of features they have to support are here - vectoring support is required: [link] [comments] |
| Running out of DHCP Leases on /23 Posted: 29 Oct 2019 01:17 PM PDT Hi, We have been running out of DHCP leases on a regular basis on our main VLAN 10 which has a /23 subnet with a 12 hour lease. This is the main VLAN for all employee work laptops as well as employee test devices in our company. We have additional VLANs for our camera system, VOIP and Guest Wifi network. A majority of our devices are connected to VLAN 10 via Wi-Fi on two separate SSIDs (Corp and Device). There are very few devices connected via ethernet on VLAN 10. Mainly only our sales department connects via ethernet, but they are also connected to the Corp SSID, so they are essentially using twice the amount of leases. The rest of our company connects via Wi-Fi to the Corp SSID. As our company expands I anticipate the need for more VLAN and a better solution to our current setup. I am considering a few solutions and was hoping to get some feedback and suggestions on best practices. Network Setup: Potential solutions: -Since most of our devices connect via Wi-Fi, create a new VLAN for floor 1 and floor 2, then adding a VLAN tag on our MR access points, separating them based on the floor location of the MR APs (would this cause roaming issues between floors?) -Moving the Device SSID to a different VLAN (would only free up about 70 leases) -Move Sales department to a new VLAN (would have to change the VLAN on switch ports, then add a VLAN tag to the APs in their location) -Adding additional VLANs based on ethernet location in the building I would appreciate any feedback or suggestions as we have been constantly running out of IPs for our organization and as the company expands, so does the need for more IPs. Thank you [link] [comments] |
| Pulling My Hair Out - Network or SSL Problems? Posted: 29 Oct 2019 11:47 AM PDT Is it an indicator of deeper network problems if I can't get any websites to load unless I manually set the OS MTU to 1200 (down the from default of 1500 in Windows Server 2016) ? Most of thinks this must be an SSL problem but I can't be sure. I have 3 Windows Server 2016 servers on the customer network. The start of this rabbit hole was WSUS being unable to perform an initial sync to the Microsoft Update servers. The initial sync always fails with a long error message, but the important part is "An existing connection was forcibly closed by the remote host. An unexpected error occurred on a send. Unable to read data from the transport connection." Wireshark shows a successful 3 way TCP handshake, then my server sends an SSL Client Hello with TLS 1.2, and then the remote server immediately sends a RST packet. This happens about 22 times in 3 seconds before the WSUS GUI gives the error I quoted. https://www.google.com also will not load. I see in Wireshark that IE sends SSL Client Hello with TLS 1.2, gets a RST packet, then tries TLS 1.0, and gets another RST packet. I tried IE, Chrome, and Firefox. Reddit and Microsoft's update catalog website (https://www.catalog.update.microsoft.com) won't load, WSUS can't sync with Microsoft's update servers, Firefox and Chrome can't self-update. In IE I added the sites to the trusted zone, as well as disabled "IE Enhanced Security Configuration". The date and time are correct, the server is configured to sync it's time to an NTP server. Websites like cnn.com, msnbc.com, nytimes.com, and foxnews.com all load successfully, albeit with some errors, "Revocation information for the security certificate for this site is not available. Do you want to proceed?", *.demdex.net, *.adtech.advertising.com The customer is saying there's nothing wrong with their network and there's no SSL or layer 7 filtering. They say their ISP doesn't have any SSL or layer 7 filtering either. Is this likely a network problem? Or is it more likely an application layer problem with security/cipher settings (TLS 1.0 / TLS 1.1 / TLS 1.2 / SSL 3.0 / etc) in the OS or browsers? Is there any way to detect if any SSL and/or layer 7 inspection/interception is happening? I have a web server on the general internet where I could run a packet capture and compare to a packet capture from the source if that could tell me anything. There must be some kind of SSL inspection/interception going on here, right? But I can't find any hard evidence to push my case with. [link] [comments] |
| Need to connect about 250 wireless devices Posted: 29 Oct 2019 07:07 AM PDT Hi there, first of all I don't really have knowledge about networking. I'm an AV guy and I need to setup a wifi connection for about 250 devices (cellphones/tablets). It's a temporary installation for one day. It's only for online votations so they're not gonna use a lot of bandwidth. What kind of router would I need and is there any settings I need to tweak? Thank you very much! [link] [comments] |
| Cable grooming in network closet Posted: 29 Oct 2019 09:24 AM PDT So i have been assigned a task to re-groom cables in one of our n/w closets. I have to use 3 ft patch now making the closet neat and tidy. In this process i would be using the patch panel port just above/below the respective switch port. This will lead to description/configuration mismatch(Configuration for 90% of the ports are same ). The description is the cubicle number along with the patch panel number.What is the best way you guys suggest. [link] [comments] |
| How would you protect this floor mounted fiber patch panel? Posted: 29 Oct 2019 06:54 AM PDT https://i.imgur.com/ywfpT2M.jpg Most of the fiber patch panels were installed on the floor like this... positioned perfectly by everyone's foot. Anyone any suggestions on something that would protect the patch panel from slight kicks or shifting under desk debris? [link] [comments] |
| Posted: 29 Oct 2019 12:42 PM PDT Backstory: I am not a network engineer, nor really a tech director. I was given the job because I find tech fun to work with and now they want more then I know. So in the interest of finding people more qualified to speak too, I would like some help in making sure I understand that the following would be possible. Current District Setup: The district receives a 20 Mbps pipe into the district office that is then farmed out to 2 other buildings in the district. It is a flat network, so everyone shares that 20 Mbps connection. Possible Setup: I would like to divide the network to dedicate a certain amount of the pipe for each building. I would like 7 Mbps to go to 1 building to use, 7 Mbps to go to the other building to use and 6 to stay at the District. It would be great if each building could "borrow" spare Mbps from the other locations, but will always have a minimum of that amount for their building. What would be the best way to accomplish this? VLans? QoS? What information would you need to know if I was going to try and explain this to a network engineer, what more would they need to give me a quote? (Or am I completely off base that this is possible above and I need to go with something else.) *switches are Cisco Catalyst 2960-x series (Cross posted in r/sysadmin and r/k12sysadmin, they suggested posting here) [link] [comments] |
| Posted: 29 Oct 2019 10:08 AM PDT Is it possible to crimp a cat5 or cat6 cable too hard? I have been having issues with cables I am making, non of them seem to work. [link] [comments] |
| Configure VTY lines using ansible Posted: 29 Oct 2019 06:33 AM PDT Hi I am configuring VTY lines on some devices with AAA. But the ios_config module always changes the configuration when it is already configured. The reason is the configuration will be split up i 2 or more parts by the IOS: My problem is on some devices the vty lines are split up into more than this. Any good advice on how to avoid this? Or do I have to make an "show run | inc line vty" and loop through it in my task? [link] [comments] |
| Posted: 29 Oct 2019 04:18 PM PDT I want to know what you think about these 2 brands especially if you have experience with 20 - 50 APs a site and in diverse situations (distribution centers, office spaces, dense lab environment). If you had 1 and are thinking about switching why? If you have used both even better, what did you like or dislike? Is the AI used in the Mist product just hype, legit or in the middle? One thing I like so far about both is firmware update/revert in a more modular controlled way instead of updating controller wide and rebooting. Thanks for your input. [link] [comments] |
| Posted: 29 Oct 2019 11:43 AM PDT Currently our employees VPN into physical Sonicwall devices at our headquarter office. My organization is looking to move our Client VPN solution for our global network into the Cloud to eliminate the single point of failure. Basically, users will VPN to a public-facing instance hosted in AWS that then has routes to all of offices and remote sites across the globe. Traffic would be sent from AWS over either site-to-site VPNs (remote sites) or directly connected via MPLS (offices). Does anyone have anything like this setup? What are some obvious disadvantages or reasons not to do this, if any? If this is something you have, what solution are you using? We are looking into OpenVPN AMIs but wanted to know if there are other recommended options. Thanks! [link] [comments] |
| Posted: 29 Oct 2019 03:21 PM PDT For the past week or so, I've been pulling my hair out trying to figure out what is going on. I have a MacBook, some iPads, iPhones, Apple TVs, etc. on a network. These devices have all had issues downloading content from the App Store (most noticeably app updates) and streaming iTunes TV shows/movies. After ruling out the devices by resetting some, sign out/in iCloud, and changing WAN MAC to force my ISP to issue a new WAN address just in case there's some WAF business going on and I ended up on some blacklist. I'm running pfSense, and have resorted to turning off Suricata, disabling all traffic shaping rules, and building a fairly open outbound firewall policy while trying to troubleshoot this. System clocks are accurate (so no cert validity issues there) and I've even reproduced this in an ordinary web browser (more about this below). If I take the iPhones and put them on LTE, the issue goes away...so this isn't a global issue or an account/Apple ID issue. It's somehow isolated to my environment. So I started taking some packet captures, because there's clearly something strange going on as I've ruled out everything I can think of that could interfere. The packet captures show a device setting up TLSv1.2 on port 443 with a Client Hello, the pcap is missing a Server Hello every time, but instead an ACK with a key exchange and server hello done, then my client sends a RST ACK. But...why? So I took the hostname (p28-buy.itunes.apple.com) out of the SNI extension and tried to simply connect in Firefox with dev tools open. Same thing, so it's not just the Apple SSL/TLS libraries causing this. I should also note, this doesn't happen 100% of the time. I can usually reproduce it roughly 9 out of every 10 times. As someone who supports and troubleshoots this stuff for a living, I feel like I should be qualified to diagnose this but I'm absolutely perplexed and out of ideas. Does anyone have any thoughts, things to try, or look at? Here's a capture of an HTTPS session from Firefox trying to connect. [link] [comments] |
| Posted: 29 Oct 2019 02:26 PM PDT I need some help on designing a failover situation. I have two locations that are currently connected via Ubiquiti radios with internet coming into location 1. We plan on having a second internet connection coming into location 2 and the goal is to be able to fail-over between the two internet connections and for both locations to be online if the connection between the two locations fails. I know that I will need a router/firewall at both locations, but I'm not certain what will be needed for the WAN fail-over. Unfortunately running cable or fiber is not an option, so will I need a separate wireless connection for each WAN & LAN? A total of 3 wireless connections? Is there some sort of Point to Point wireless solution that could be carved up like VLANs for this that is not crazy expensive? [link] [comments] |
| FreeRadius w/ DaloRadius, need PEAP authentication for wireless (ubiquiti wpa2 Enterprise) Posted: 29 Oct 2019 07:31 AM PDT Hey guys I'm using the default config on the lastest Debian. I'm using freeradius 3.0 from what I can tell and all the guides I can find are for older versions. How can I enable PEAP? With mschap v2? Radius works fine on my ddwrt router but doesn't work at all for my airmax (ubiquiti devices) which I can only assume is due to 802.1x AUTH PEAP related. My googlefu turns up nothing. [link] [comments] |
| Loopbacks for management: Good idea or not? Posted: 28 Oct 2019 05:01 PM PDT Maybe this is a dumb question but here goes. We're using management vlans for our network devices. Some are L2 only but most are L3 now. I know that some people use loopback interfaces instead. I know this has some advantages, the most appealing to me being that it never goes down and can be easily routed dynamically (we are using eigrp.) But my concern is this. Let's say I designate a /24 space for these IPs. If they're all /32's, isn't that going to bog down all my routing tables? Each one will have to be a separate entry. Is a big number (hundreds) of routes just for management kind of a bad idea? Am I missing something, or would it be wise to use loopbacks sparsely for this reason? What kind of management schemes are you guys using? thanks [link] [comments] |
| Can you explain AWS/GCP VPCs to me? Here's my understanding.. Posted: 28 Oct 2019 08:08 PM PDT I am learning CCNA concepts and networking concepts since past couple of months. Correct me if I am wrong. Apologies in advance if this question makes no sense We can subnet our local router and assign the fast ethernet port that subnet IP and mask. If there are two fast ethernet ports we can create two subnets and connect them to two switches. So, is VPC just like that? When I create a VPC in say AWS, AWS spins up/powers up a router for me? And when I create subnets in that VPC, a command similar to 'ip address 10.0.1.0/24 s/0/0' is being run on the router that was created? Thanks for reading. Have a good day. Edit: Thank you all for responding. Looks like I have some reading to do about overlay networking. Also, now I understand that there are no physical devices being spun up at the time of creation of VPCs. [link] [comments] |
| Wireless bridge client, Cisco, and other options. Posted: 29 Oct 2019 12:55 PM PDT My goal is to configure a portable device that has no support for wireless networking as a wireless device. My intent was to purchase a simple wireless bridge that can be connected directly to the wired NIC on the device and connect to existing wireless as a client. So then I figured maybe I can do this with the pile of extra cisco LAPs that I have laying around. The problem with this is that the only way I can find to do that according to Cisco, is by setting up an AP as a dedicated bridge and then using another AP as the remote client. This won't work for me because the intent is to move the device all over the network -not just use it in one place. I can't seem to find a way to set up a cisco LAP as a bridge client only, without having a root bridge dedicated for it to talk to. Or maybe I should just buy something outside cisco land for this? [link] [comments] |
| ARP poisoning to imitate another device Posted: 29 Oct 2019 08:18 AM PDT From the perspective of keeping my network secure, I'm curious about the ins and outs of ARP poisoning & how that (or perhaps something else I'm not thinking of) can be used to imitate another computer. I'm fully aware of being able to poison the ARP table to imitate a computer on the same subnet. Beyond that is where my knowledge gets fuzzy. My understanding is that someone would not be able to imitate (via MiTM) a computer on another subnet because once the traffic gets to the router, MAC address info would be stripped off. First, is that complete and accurate information? And second, is there still a way to act as a computer on another subnet somehow, or at least set up a TAP to that computer, by spoofing the gateway perhaps? I'm talking as a rogue client on the network, not a network admin who could obviously set up a TAP if they wanted to. I've tried to figure out in my head if that would work because if you gave yourself the MAC of the gateway, how would you, yourself, forward that traffic on, or even get traffic back since the device(s) a hop away would be connected to the gateway so therefore the response traffic wouldn't get to your MiTM computer, right? Lastly, how would trunk ports enter into the mix? Could you pose as a computer on another trunked subnet somehow if you're on a trunk port or does the "gateway stripping the necessary information" rule still apply? Some of the answers I'll get back will undoubtedly get a "duh" to myself once I see it, but I'm thinking out loud and trying to not make my brain hurt by thinking about all angles of this at once, and hoping people with better applied knowledge of this scenario can just rattle off the answers to me. (Thanks) Bottom line, is I want to know the capabilities of a client being able to intercept traffic to, or somehow act as, a computer on another subnet/VLAN and either what would go into that, or if that's totally not doable due to how L3 works. [link] [comments] |
| Networking 40,000 square feet and 10 non profits. Posted: 28 Oct 2019 07:05 PM PDT I need to rebuild the network of a 4 story, 40,000 sq ft building with 10 non profits ranging from 1-5 machines to a small college with 200 machines. Right now each non profit gets their own internet service independently from two or three internet providers. Two of the biggest non profits are bringing in a single gigabit fibre optic line and many of the smaller organizations want to join in as it will be a considerable savings to the network expenses. The building was built in the 70s and networked worked in the mid 2000s. I have a good idea how I think it should be done, for the day-to-day cabling. But I'm curious how the experts in here wood setup the routers and switches. I'm thinking going with a fibre optic switch because we should have 6 or 8 IP addresses and then giving big organizations their own routers. And and grouping all the smaller organizations with virtual LANS off a single router. Any thoughts would be appreciated. Thanks. [link] [comments] |
| Posted: 29 Oct 2019 10:27 AM PDT Just got a quote from a contractor that averages about $500 per drop for some access points and projectors we need to add our network. This is just to run about 30-40 ft from our wiring closets. We have drop ceilings in most locations and other floors have plenty of access so it's a pretty easy job. Everything terminates to Systimax wiring blocks. It's been over a decade since we rewired the building to CAT 6 so maybe I'm behind the times, but $500 a drop seems pretty excessive to me even in downtown Boston. Am I just behind the times or am I getting screwed? [link] [comments] |
| Questions about the IPv4 block market and IPv4 block leasing. Posted: 28 Oct 2019 11:00 PM PDT I been trying to research the IPv4 block leasing market, I couldn't find much info about it. I been told it's a bad idea to lease out IPv4 blocks. I also been told the major problem with leasing out IP blocks is spammers. Hopefully someone here knows something about it. I'm not talking about ISPs leasing IP blocks to their customers. I'm talking about 3rd parties leasing to people for use on their ISP or their server host. 1) What is the market value of IP blocks that have been used for spam? 2) What percent of the time are leased blocks used for spam? 2) What's a normal rate of return for leasing out IP blocks? 4) Generally, how long are the leases? 5) How big is the leasing market? 6) Is there anything else I should know? [link] [comments] |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment