Samstag, 27. November 2010

Recover Cisco Type-7 passwords

That't the first hints and tricks post - more will follow


A new customer of as also decided, that we should also maintenance his network, cause the old company did their job really bad - bad luck for them, good luck for us :)

But we were challenged with the problem that there were just bad documentation, and no baseline config - so on nearly every switch or router the config was different from the others :|

In the same manner, it was with passwords or keys - every guy, who configured the device, used his own password. Some guys aren't still working at the old company, others "can't remember".

So what to do - just bring down the network and reset everything?

Not with this little trick and if you are lucky the old network guys wasn't capable of using "secret" password:
  • If you see something like "username foo password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D" in the configuration you are lucky
  • Go to THIS great web site and enter the encrypted phase
  • Or if you are at a site, without internet access:
key chain blabla
key 1
key-string 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D
rt_abc#sh key chain blabla
Key-chain blabla:
key 1 — text “You really need a life.”

Freitag, 26. November 2010

Doing debugging - Part II

Okay - in my last debugging post, the main subject was Wireshark.

Although Wireshark is open source and nearly ported to any platform, there may be some guys like me, that prefer Linux without GUI or have any appliances which doesn't have one.

To make it short - your (and my) choice is tcpdump.

To capture the packets, you just need to enter in the console:

tcpdump -w /tmp/capture_any.cap -s 0 -i any

this will log anything from any interface to /tmp/capture_any.cap - the file is also open-able with Wireshark, for reviewing, comparing the log file etc.

If you need further information about the command syntax check the man page on your system or online.

Mittwoch, 24. November 2010

Doing debugging - Part I

Do you have ever discovered some strange behavior? Aren't the packets coming to their designated destination? Do you need to debug and endpoint where no firewall or other logging device is between the starting and the endpoint?

A great tool for this is Wireshark former known as Ethereal.

It's the best packet sniffer I know - you can capture everything what enters or leaves your NIC.

A full how-to would fill some books so I'll just give you the following tips:
  • Create capture filters wisely, but not too granular - if you log everything, and your host has a well performing 10Gbit Interface it will drain all your memory
  • Work granular with Display filters - they only act at the packages which were recorded by the capture filters
If you want to read some good books about it, to get all the basics or just to pimp your networking stuff related library I can recommend you two books:

One universal book about packet analysis is "Practical Packet Analysis" from Chris Sanders:
Link to Amazon

It covers not only Wireshark, it only explains some other really useful tools. I've bought it, and it's really worth the price.

If you would like to get just a Wireshark specific book - "Wireshark Network Analysis" from Laura Chappell should be your choice
Link to Amazon

I must admit, I haven't bought it yet, cause of the high price, but a co-worker of me admitted it's worth reading and buying it - I'll borrow it in the few days, check it out and if its worth, it will be mine too ;)


As usual - if you have any questions - comment!

Dienstag, 23. November 2010

Useful tools - Part II - NetSetMan

Another task you may perform if you start as a networking guy, will be to do some debugging jobs and you'll have to connect to many several network with it's own networking settings.

It can be really annoying if you have to change every time the specific network settings to gain access.

One real useful tool may be NetSetMan. It's freeware if you it non-commercial eg. at home, at university or otherwise non-commercial. If you use it commercial, there is als a pro version, which costs about 20$ - and it's worth of it.

Just take a look at the GUI:
I think it's self-explaining - you have you several tabs and can make different profiles.

If you have the pro version you have also unlimited profiles, can set domain and proxy settings.

So download now and give it a try :)


Questions or anything else? Comment!

Montag, 22. November 2010

Cisco IOS switch cleanup for Dummies

For some reason you may have to delete custom configuration from a switch - for example a trade-in or just if you throw away the good pieces and don't want to give other the opportunity to get your config.

You have to do the following steps:
1) connect to the switch - console/LAN - makes no difference
2) get privileged access aka jump into enable mode
3) determine which files are on the device
4) erase the config
5) erase other files
6) reboot
7) check the config if you are not sure

privileged mode

enable
show all items in flash:
dir flash:
erase startup-config
write erase
if vlan.dat exists:
delete flash:vlan.dat
if multiple-fs exists:
delete flash:multiple-fs
reload
after reboot to check:
sh run

Sonntag, 21. November 2010

Transfering easy & quick - TFTP Server for Windows

I'll start with a few basic tasks which should be performed when you start as a networking guy.

Usually the first things to do is to upgrade a few switches, routers etc.

To upgrade them there must be performed a few steps, which depends on your specific vendor, but one thing is everywhere the same - you'll need a TFTP Server to transfer the images to the switch.

Which should you use, which is easy to use etc?

My choice is Tftpd32 - it's easy to install, easy to use and it's opensource :).

After install you'll see an interface like this:

Screenshot of the Tftp32 interface
I think it's self explaining - you just have to chosse your root directory and are finished and can start with your updating/upgrading parts :)

It's avaible for 32- and 64-bit, if it matters.

If you have any questions - feel free to comment.