My contract with o2 was 23 months through a 24 month contract, so decided to get a 4S when I renew. Ordered at around 18:30 last night, and was amazed to find it arrive at work today at 14:00! Boshed in the SIM from my current iPhone 4 (it’s a work handset, personal SIM), and I’m away. Superb service. Thanks o2.
Bandwidth by user..
10 11 2011Absolutely crying out for some at-a-glance monitoring of bandwidth usage by IP address, which we don’t currently have. The nearest I do have is a bandwidth graph on my Checkpoint SG82, and PRTG monitoring bandwidth on the switchport that connects to the active node of the Checkpoint cluster.
However, during a period of intense bandwidth usage, I found a way of doing this pretty satisfactorily that wasn’t *too* time consuming, albeit a lot more time consuming than looking at a list of IPs sorted by bandwidth usage.
My method was to take a packet capture of a few minutes from the firewalls, then open in Wireshark, and sort by “Destination IP”. This may not always point out a specific culprit, but in this case, there was one IP address that stood out massively from the others.
I identified the user by IP address from my DHCP server, and gave him a call asking him if he was using software with potentially high bandwidth usage.
This was the case, and stopping the application running resulted in a drop from 57Mbps to just over 30 in a minute, and down to 20 within 10 minutes. Result. No users were harmed during this exercise ;)`
Comments : Leave a Comment »
Tags: bandwidth, monitoring, user, wireshark
Categories : Wireshark
More DHCP woes
3 11 2011DHCP is the simplest of technologies, but my most recent issue with it showed up what’s either an out and out bug or just some strange nuance.
Server was running 2003, with DNS, AD and DHCP roles. It had 3 scopes, one for our staff network, one for phones and one for our office tenants – the scopes correlated with the three VLANs on the network.
During our domain migration earlier this year, I deactivated the staff scope (the server was on our old domain), and activated it on a newly built server running just the DHCP role. I’d also created the other scopes on the new server, but this took extra configuration, and as the hosts on the other two scopes weren’t domain hosts, I left them using the old DHCP server.
We had been using the scope for quite a while but an issue came to light whereby an extraneous DNS server (previously, but no longer valid) was being assigned to hosts upon boot. Do an ipconfig /release then ipconfig /renew, though, and you’d only get the correct DNS server assigned. The whole time, the DHCP server reported by the clients was the new one. I went over the config of the new DHCP server with a fine toothed comb (well, as much as you can – like I said, DHCP is incredibly simple, and there’s not too much to configure for a basic setup), and there was definitely no trace of the extraneous IP address.
As this was all happening in a branch office, I had built a virtual Windows 7 machine there for troubleshooting remotely.. this was where I was testing and seeing this issue occurring. I even went to the lengths of removing the network card and re-adding, just in case it was myseteriously “remembering” the previous config. No joy.
I whipped out Wireshark and captured all packets during the release / renew and could see the fact that only the correct DNS was being served up by the new DHCP server.
I also installed Wireshark on the new DHCP server, and carried out a capture for the entire boot process of the host machine. Filtering results by “bootp”, rather than a specific host, I then saw a packet from the IP address of the old DHCP server.. checking the packet confirmed that it was dishing out the two DNS servers, including the extra one.
I removed the extra DNS server IP address from the scope on the old server, which I’d checked and double checked was disabled, and bish bash bosh, the extra IP was no longer dished out.
So somehow, although the clients were reporting the correct DHCP server was being allocating IP data, rather than the old one, and the scope was disabled on the old server, it was still dishing out the extra DNS server.
I’ve now moved the phone VLAN over to the new DHCP server, but have to add a new network card to the DNS server (also an AD server) before I can turn the old server off completely. Really strange stuff.
Anyone else had any instances of this or similar?
Comments : Leave a Comment »
Categories : Uncategorized
Where next?
3 11 2011Been in a bit of a no mans’ land since passing the ICND2, in terms of what to study for next.
I’ve so far purchased:
* CCNA Voice CBT
This is mostly a “need” – the member of my team that administers our Call Manager phone system is leaving, so thought I’d swot up on it. Unfortunately, I’m finding it pretty hard going in terms of keeping my interest – too much “historic voice” stuff which I’m not too interested in. In addition, the 2008 syllabus focusses on Communications Manager Express and the UCM 500, whereas I have the full blown Communications Manager, with an Express in our satelite office for failover purposes.
I’ve now swapped this video series out for the 2011 series, which apparently has less of the historic voice stuff, and also includes the full blown Comms Manager.
* A CCNA Security Book
This was purely out of interest – security training’s never going to be a waste of time, after all. This is keeping me much more engaged than the above, even though it’s a book, and the above is CBT (my favourite training method).
* A Linux Professional Institute book
This exam was one of my learning objectives for the year – going broad on learning rather than deep (which I think I’d prefer – that’ll be the objective for 2012) – wow, much harder going than even the CCNA Voice – certainly for the first chapter. Just a million file manipulation commands to memorise to start with – snore! Seems to get a little more interesting within a few chapters though. I highly doubt that I’ll be getting myself up to exam standard for this (apart from the fact there’s only about 6 weeks til Christmas) – I just find the Cisco stuff much more engaging.
* Practical Packet Analysis with Wireshark
I was obviously aware of Wireshark, but hadn’t really used it for any more than interface familiarisation purposes. But during the process of troubleshooting some firewall issues with my firewall consultants, I began to see the true potential of it. Wireshark is amazing – used it to help troubleshoot and fix various issues now, when before I wouldn’t have even thought of it. This book was great in helping to understand the various functions, and focusses on really useful real world scenarios.
I also have the CCNP SWITCH and TSHOOT videos from CBTNuggets – the SWITCH syllabus is great, as you have to go to that level to learn about L3 switching and all the cool redundancy / load balancing features. TSHOOT is great too, an amazingly valid way of testing knowledge.
I think I’ll be hitting these guys next year.
So quite a mish-mash of different subject areas. I think I’m going to continue to watch the 2011 syllabus CCNA Voice videos, whilst reading the CCNA Security book – before deciding which exam to do and really get down to studying for it. I’ve already read through the Wireshark book several times – and I envisage there being quite a few more as a refresher.
Comments : Leave a Comment »
Tags: CCNA, exams, security, study, voice
Categories : Uncategorized
Jims' Network Diary - musings of a network admin 