[SOLVED] Wireshark : Packet size limited during capture

Posted in FREEBSD, NETWORKING/IP ROUTING, RED HAT LINUX, SERVERS, WEBBLOG by edeguzman on March 17, 2012

Wireshark and tcpdump are the two of the most useful tools in debugging a certain issue. Every now and then I use tcpdump to capture network packets in linux or unix platform and use wireshark to analyze the captured packets. I can’t imagine myself debugging network related issues without those two tools, it will be crawling in the dark =)

Recently we have an issue pertaining to HTTP transactions and I have to use tcpdump to capture the packets to see the exact data send out to our server. I got the  tcpdump with the http transaction however in wireshark I got a message with “Packet size limited during the capture“, you can see below screenshot.

You can see my full article at below article.

http://www.mywealthyjourney.com/client-server-technology/solved-wireshark-packet-size-limited-during-capture

Multi-homed host

Posted in NETWORKING/IP ROUTING by edeguzman on September 17, 2008

If you had multiple LAN interface in your PC and want to connect to a multiple LAN without losing you internet connection. Then this is will be a guide for you.

* First configure your interfaces with the necessary IP addresses.
* Second set up one of your interfaces to have the default route. Note this   will be interface that you want to connect to your Internet.
* Third set up the other interface to have a static route entry pointing to its
nexthop (usually the router) and leave its default gateway blank.
* 4th verify connections. Issue an ICMP request (using ping) to your default
gateway and to the nexthop IP address.

My case was different. We had here two internet connections, the 1st connection was within the private LAN and other connection was for public used. Both connection is connected to different squid cache and has different firewall configuration on it. My internet connection was connected to the first connection but there are sites that I want to access in which they were being blocked. That’s why I need the second connection
just for internet use and the other connection for intranet use.

And the above procedure works fine for me. Command for configuring static entry.

route add 10.10.10.0 mask 255.255.255.0 192.168.1.1


If DHCP is used to assign IP addresses on the LAN, the DHCP server should be configured to not provide a default gateway.

Community no-export for the advertising route in BGP

Posted in NETWORKING/IP ROUTING by edeguzman on October 20, 2007

This configuration shows how to set a community attribute of no-export to your advertising route. Perhaps that you want that your route will only be given to your neighboring AS and you don’t want that route to be advertised to another AS. Basically it is just telling your neighboring that this route is only for you and you should adverstised to other AS. This is done by setting the community attribute no-export your advertising route. Below is the configuration.

router eigrp 100

passive-interface Serial0/0

network 192.168.199.0

no auto-summary

!

router bgp 100

bgp log-neighbor-changes

aggregate-address 192.168.192.0 255.255.248.0 attribute-map ORIGIN suppress-map VERMONT

redistribute eigrp 100

neighbor 192.168.1.253 remote-as 200

neighbor 192.168.1.253 send-community

neighbor 192.168.1.253 route-map COMMUNITY out

!

ip classless

ip route 192.168.192.0 255.255.248.0 Null0

ip http server

!

access-list 1 permit 192.168.195.0 0.0.0.255

access-list 1 permit 192.168.196.0 0.0.3.255

access-list 101 permit ip host 192.168.192.0 host 255.255.248.0

route-map ORIGIN permit 10

set origin incomplete

!

route-map COMMUNITY permit 10

match ip address 101

set community none

!

route-map COMMUNITY permit 20

set community no-export

!

route-map VERMONT permit 10

match ip address 1

!

The configuration shows that the router is advertising an aggregated route which has attribute-map and suppress-map. I will break down this configuration into pieces,

Aggregate-address , this command triggers an aggregated route to be advertised to the neighboring AS.

Attribute-map, this command sets attribute to the advertising aggregated route. The ORIGIN in the configuration is a route-map calling function which it will set the attribute. The ORIGIN route-map I specify in my configuration simply changing the default origin into incomplete.

Suppress-map, this command specifies a more specific route to be included in the advertising route. Of course a matching access list should be followed.

Notice in my configuration the command neighbor 192.168.1.253 route-map COMMUNITY out, this specifies a route-map calling function for COMMUNITY. The route-map under the COMMUNITY will match all the conditions. There area two route maps for COMMUNITY, the sequence 10 route map for COMMUNITY will be the first one to be process. It will match the access list 101 specified and if there’s a match it will set a none attribute for that route. If there’s no match it will go to the sequence 20 route map for processing, this will right away set the attribute of no-export community for the route entry.

BGP : Blocking a route entry to the Aggregating Address

Posted in NETWORKING/IP ROUTING by edeguzman on October 8, 2007

Suppose that there’s a route entry that has a community attribute of no_export or should I say that there’s a route entry that you don’t want to be part of the aggregating address. There’s a lot of reason on why you might consider a route entry to be not a part of the aggregating address. One reason is a route entry can have a different attribute that you want to preserve, like in an instant a route entry can have a community attribute of no_export in which this attribute is essential because it tells the router that a route entry having no_export should not be advertise in different AS. That’s why its not a good idea having that route entry to be part of the aggregating address.

Below is the sample configuration during my laboratory. I also observed the packet in the wire.

router bgp 200

aggregate-address 192.168.192.0 255.255.248.0 as-set summary-only advertise-map AllowRoute

neighbor 192.168.1.10 remote-as 500

neighbor 192.168.1.230 remote-as 400

neighbor 192.168.1.250 remote-as 300

neighbor 192.168.1.254 remote-as 100

!

ip classless

no ip http server

!

access-list 1 deny 192.168.197.0

access-list 1 permit any

route-map AllowRoute permit 10

match ip address 1

!

Observe that in my configuration there is an access-list in which it denies the route entry of 192.168.197.0 and permit any route entry other than 192.168.197.0. Basically this is the route entry 192.168.197.0 is the one that I don’t want to be part of the aggregating address.

There is also a route-map in my configuration, because this route-map is being called in the BGP process, if you see the advertise-map AllowRoute that is the calling function for the route-map. Basically in the route-map it just matches the access-list for all the routes that is being advertised for the neighboring peer. Now if there’s a route entry for 192.168.197.0 this will be blocked in access-list and not be advertised. This is just a simple way of doing it. There is a lot of ways of doing it especially to a large scale network.

BGP feature’s configuration

Posted in NETWORKING/IP ROUTING by edeguzman on October 6, 2007

Neighbor description – can be entered under an interface configuration. This is helpful because when the BGP configuration is already elaborate, this will serve you a reminder of who and where each neighbor. Can obtain to 80 characters.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 description ———–T1 to mynetwork.

Neighbor Password – two peers can have an authentication with password. Cisco IOS uses MD5 authentication when a neighbor password is configured.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 password

Neighbor advertisement-interval – this will change the default BGP update interval to a specified between 0 and 600 seconds. But this is not advisable to change the default unless you know the consequences. This is useful when there is large updates receiving in the neighbor. Convergence time will greatly affect changing this time.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 advertisement-interval

Neighbor version – when a neighboring peer cannot support the BGP-4. This command will negotiate to have its version be lower to compensate the version of the other peer.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 version

Neighbor maximum-prefix – this will limit the number of prefixes that a router will receive fro the neighboring peer. If the limit is exceeded then router closes the BGP session and cannot re-established its peer.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 maximum-prefix

Another config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 maximum-prefix 90 warning-only
This configuration will not close the BGP session but instead it will cause the router to generate log message. When the 90% of the maximum-prefix was reached it will then cause to log a message.

Neighbor shutdown – this will shutdown the neighbor connection in that sense there will be no TCP connection between the neighbor. This is useful when you only want to temporarily disconnect your peer.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Neighbor 192.168.1.1 shutdown

Timers bgp – this command will change the default time for keepalive and holddown intervals. The default time interval for keepalive is 60 seconds and holddown interval is 180 seconds. This command is useful if you want a fast detection of the unreliable peer. This command is necessary configured to every peer in the AS. Because there is still negotiation occur on the process of building an established state of the peer.

Sample config:
Neighbor 192.168.1.1 remote-as 500
Timer bgp

When there is changes done to BGP process, a reset connection is must be done to be able have an update BGP route that is affected by the changes in the BGP process. Below are the useful commands for resetting the BGP connection.

Clear ip bgp * – this command is issue in the privileged mode. This command will reset all of the router’s BGP connections.

Clear ip bgp 192.168.1.253 – this command will reset connection to the neighbor 192.168.1.253.

Clear ip bgp mygroup – this command will reset the connection to all members of the peer group name mygroup.

Note:
Resetting a connection will cause a Cease notification be sent to the neighbor. In that sense the TCP connection is closed and BGP routes will be then a withdrawn routes. A new BGP connection will be then be established. Resetting the whole connection will cause a serious consequences to the network. Reset only the affected neighbor to avoid possible problems in the network.

Cisco provides another way in resetting the connections. This alternative way will not tear down the TCP and BGP connection. This command will only cause a trigger update for the affected changes. Triggered update for this command can happened for outbound, inbound or both. Outbound is the out going traffic while the inbound is the incoming traffic. Below is the sample config.

Clear ip bgp 192.168.2.253 soft out – if you done a changes in your BGP process and the neighbor 192.168.2.253 is affected to the changes you made, use this command to cause and trigger update for that neighbor. This is an outbound type.

The configuration for inbound is different thing, because you need to configured in the BGP process the command neighbor x.x.x.x soft-configuration inbound before inbound command is used. Take not inbound is used when you done changes to your BGP process that affects the incoming traffic. The command clear ip bgp soft in is then used for every neighbor that is affected in the changes. For both inbound and outbound the command clear ip bgp x.x.x.x soft.

Note:
There is a drawback for using the soft reconfiguration, it uses a router’s memory to stored its updates for the inbound.