Is packet analysis a niche skill? Networking |
- Is packet analysis a niche skill?
- Good example of a network diagram with multiple sites?
- Thinking through equipment for deployment in a remote area with poor connectivity
- Unique cable labels & as-builts
- ISE Express vs ClearPass Onboard?
- Disaster relief / Civil protection
- Does Cisco catalyst 3850 support EVPN + VxLAN?
- ERSPAN decapsulation on Linux
- Trying to come up with a way selectively degrade performance for certain domains.
- Providing layer 2 services over layer 3 IP only network
- Why does traffic of vlan not allowed in 'switchport trunk allowed vlan' command pass through?
- Rough CPU requirements for gigabit throughput with IPS/IDS on?
| Is packet analysis a niche skill? Posted: 02 Aug 2020 02:38 AM PDT Mostly a lurker as I only recently landed my first job with a NOC recently - I'm a "network analyst" not an admin or engineer if that matters. Something I thought I might be doing often would be looking at pcaps and the like. Most if not all the time I have not needed to do this - generally boils down to layer 1-3 issues a physical issue or config issue. I find myself being at the level 1 support analyst never doing it. Pretty much it gets fixed without a packet capture or goes to a higher level analyst/team which I never see again as more tickets and calls come in. I ask in part because where I work they use netscout and observer. Along with wireshark. I am just left scratching my head a bit wondering if capturing and analyzing packets is more a niche skill then? Is learning how to read deeply into a pcap worthwhile or should I put my time and effort into say the CCNP or scripting for example? Personally I think its freakin cool, one of my favorite things in packet tracer was turning on the option to see how packets were being sent over network - seeing DHCP, STP, ARP, and all these packets just working over (or not working lol) the network its crazy to think about. EDIT: Thanks everyone for your answers and replies very interesting perspectives and ways I had not thought of! I would updoot more if I could! Enjoy this complimentary updoot to further my thanks! [link] [comments]  |
| Good example of a network diagram with multiple sites? Posted: 02 Aug 2020 09:33 AM PDT I'm looking to build a network diagram to show to some members of my team but networking isn't my area honestly, programming is. I'm trying to just find a good example with some details showing multiple sites being connected to a main "HQ" site along with all sites being connected to the cloud - I'm trying to find how the router would interact with firewalls and these sort of things, any ideas of the best place to find examples? edit: https://www.silver-peak.com/sites/default/files/images/what-is-sdwan/SD-WAN-diagram-s.png I would use this as a basic example but I'm trying to find a much more detailed example to build from [link] [comments]  |
| Thinking through equipment for deployment in a remote area with poor connectivity Posted: 02 Aug 2020 12:46 AM PDT The Constraints I've been working through a network I'm looking to deploy in an environment with poor infrastructure and unreliable connectivity and need equip that can meet the following needs:
The options I've been looking at Option 1: Getting something like a Teltonika RUTX09 as the primary router and running a Ubiquiti managed switch for all LAN activity. The good news is that the Teltonika covers most of what I need (including the GPS-based NTP server) however the hardware looks a little underpowered and I'm not sure how to run Suricata elsewhere in the network to filter all traffic. Option 2: Getting a separate LTE modem/gateway with passthrough and running Opnsense on a dedicated machine (e.g. Qotom) to handle the WAN failover as well as Suricata (and Ubiquiti managed switches). The only issue is I'm not sure how to accomplish the local GPS-based NTP server. From what I've seen so far, it looks like this route may also be more expensive and the general feeling I get is that the more moving parts, the more potential issues might crop up requiring onsite intervention. Any thoughts on what route may be the better option? Or perhaps new options I haven't considered yet? [link] [comments]  |
| Unique cable labels & as-builts Posted: 01 Aug 2020 07:12 PM PDT I do cable installs for large construction projects (hospitals, hotels, arenas etc). As an installer I'm trying to find a happy medium between my job and the networking guys that come after me. I've heard labeling each cable with a unique hexadecimal number is encouraged because it makes for easy and accurate identification of cables. However, I could also imagine it would be a bit daunting to look at an as-built to find a cable as it would be seemingly random numbers with no particular order. Is it better to stick to traditional 1,2,3,4 etc since their order on an as-built would be more intuitive and easy to find or are as-builts not really referenced that much and most of the tracing/ID work is based on faceplate/switch/panel labels anyways [link] [comments]  |
| ISE Express vs ClearPass Onboard? Posted: 02 Aug 2020 12:51 PM PDT How do they compare if using them primarily as a portal for users to install certificates on the laptops they use for work that can't get EAP-TLS wireless certificates distributed via domain auto enrollment or MDM push? Do they both have a way for IT to pre-approve specific devices (MAC address?) that can download the certificates or that can access the portal at all? Which has the best/easiest to understand UI for users to get the certificates installed on Windows and Mac laptops? Is there much cost difference purchasing/installing/maintaining between ISE Express and ClearPass Onboard? [link] [comments]  |
| Disaster relief / Civil protection Posted: 02 Aug 2020 12:49 PM PDT Hi Long time lurker. I'm a complete networking autodidact (MA in Social and Cultural Anthropology and a BA in Politcal Science...), currently working as an Incident Coordinator for a large ISP. I'm responsible for incident sniffing, for the initial troubleshooting on tickets for Enterprise products (IPVPN/MPLS, VoIP trunks, ...) and I'm responsible to coordinate between the cstmr, field techs, network engineers and 3rd parties. That basicly means I'm responsible for an incident from beginning to end, and also that I - from a network POV - need to be a jack of all trades (but my specialty seems to be SIP and related protocols). I also just started my journey to a CCNA cert. Just to broaden my horizon a bit I'm looking into ways I could apply these skills when it comes to disaster relief. Setting up voice and data networks after a flood or a hurricane for example. How is this done? What - if any - are the standards? Where do I need to look to get into this? Just FYI: I'm a EU citizen. Cheers KoffeePi [link] [comments]  |
| Does Cisco catalyst 3850 support EVPN + VxLAN? Posted: 02 Aug 2020 11:52 AM PDT I have bunch of cisco 3850 in stock and trying to find out whether they are support EVPN + VxLAN or not, i didn't find any good information on cisco website as we know its EOL. does anyone know about this hardware? Does Cisco catalyst 3850 support EVPN + VxLAN? [link] [comments]  |
| Posted: 02 Aug 2020 11:30 AM PDT Wondering if anyone has gotten this to work. I'm using Security Onion and have a CentOS7 VM as my sensor. I have ERSPAN configured in VMWare (Type II or Type III) on the VDS to traffic to the Linux sensor node's monitor NIC IP. This is working - I can see the ERSPAN traffic coming in: 18:21:46.442220 IP esxihost.internal > hunter-sensor: GREv0, seq 205937, length 161: gre-proto-0x22eb Per this site, I enabled IP_GRE, set up the monitoring interface, etc, but it doesn't seem to work. I never get traffic on mon0. https://brezular.com/2015/05/03/decapsulation-erspan-traffic-with-open-source-tools/ ip a show mon0 gives me 219: mon0@NONE: <NOARP,UP,LOWER\_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre 10.85.167.40 brd 0.0.0.0 inet 1.1.1.1/30 scope global mon0 valid_lft forever preferred_lft forever I've tried this a million times, redoing it, always doesn't work. It doesn't seem like it should be difficult to decapsulate ERSPAN traffic. Any thoughts or help would be GREATLY!!! appreciated. [link] [comments]  |
| Trying to come up with a way selectively degrade performance for certain domains. Posted: 02 Aug 2020 10:45 AM PDT I don't want to block legitimate but inappropriate domains, but am looking to make them excruciatingly slow or frustrating (eg intermittent, etc) to discourage their use by users on the network. Any best ideas on what level to be doing this? Router/ DNS, Firewall, etc? Been looking at QoS but it seems to be protocol/source based. [link] [comments]  |
| Providing layer 2 services over layer 3 IP only network Posted: 02 Aug 2020 08:32 AM PDT Hey y'all, We're a small WISP and have landed an opportunity that wants a backup private WAN built for their 80+ locations. Currently they have an AT&T VPLS. Their requirements are that we provide them a single layer 2 fabric that they connect their site routers to with a single head end at their data center, or main site. No VLAN tags will need to be passed from the sites No multicast No QoS 50-100Mbps per site Couple of questions/notes: Our network is IP only, no MPLS, although we do run a few VRF's at each tower. At first, we were thinking a site router would be required on our end for each of their sites. I was thinking something like a 2951 for each site and an ASR at the head end as it will be 1Gbps+. Now that I think about this more, since many sites will be at the same POP, it may make sense to have a VPLS/VXLAN router still each of our POP's to pass layer 2 between them (all POP's are layer 3 only, no L2 between them for our network so we'll have to encapsulate). Should we lean towards VPLS over GRE, or look at VXLAN here? Is there any reason each site should have their own router or, could we choose a VLAN per POP, then link those VLAN's together via VPLS/VXLAN? Or even EoMPLS over GRE? I lean towards VXLAN since it seems like it was built to natively encapsulate over layer 3. Then we'll just use an ASR at each POP. [link] [comments]  |
| Why does traffic of vlan not allowed in 'switchport trunk allowed vlan' command pass through? Posted: 02 Aug 2020 12:14 PM PDT I have a vlan 5 connected directly to core switch. I have another vlan 10 connected to firewall. Core switch is connected to firewall through inside interface. In trunk link between core and firewall, i have allowed only vlan 10 (i understand vlan 10 need to be allowed in trunk if all vlan's are now allowed in order to reach it's default gateway in firewall and then get routed to other subnets). EIGRP is running between core and firewall. When traffic has to go to internet from vlan 5, how is it's traffic allowed through trunk link to firewall when i have allowed only vlan 10 through the trunk? I just want to understand how this works. [link] [comments]  |
| Rough CPU requirements for gigabit throughput with IPS/IDS on? Posted: 01 Aug 2020 09:35 PM PDT So I've been using a UniFi USG-Pro4 in conjunction with a UniFi 24 port(with 250W for PoE) switch for some time now, and while I like it for the most part, I'm not happy with how I have to do some really off-cuff things with jsons to set up multiple IPs on the WAN interface(I have a static block of IPs from my ISP), and I'm at the point now where I need to have an IPS/IDS that doesn't hamstring my throughput, and I'm not a fan of UniFi's new approach (in the new UDM) of forcing you to associate your network with a UniFi account. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment