Quantcast
Channel: SPAN Archives – CiscoZine
Viewing all 84 articles
Browse latest View live

How to analyze traffic with SPAN feature

0
0
Usually when we admin a network, we need to know what are the protocols used more frequently, and why not, discover if someone are using improper P2P software; so we can use SPAN. The Switched Port Analyzer (SPAN) feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. For example, if you want to capture Ethernet traffic that is sent between host A and host B, you must implement SPAN feature. In this diagram, the sniffer is attached to a port (destination SPAN port) that is configured to receive a copy of [...]

How to decode G.729

0
0
I have decided to write this tutorial (only for test purpose) to show how it is simple decode a G.729 stream using SPAN port, Wireshark, VoiceAge G.729 decoder and Audacity software. What is G.729? G.729 is an audio data compression algorithm for voice that compresses digital voice in packets of 10 milliseconds duration. It is officially described as Coding of speech at 8 kbit/s using conjugate-structure algebraic-code-excited linear prediction. Because of its low bandwidth requirements, G.729 is mostly used in Voice over Internet Protocol (VoIP) applications where bandwidth must be conserved. Standard G.729 operates at a bit rate of 8 [...]

IP traffic export: how to mirror traffic on a router

0
0
The Switched Port Analyzer (SPAN) feature, which is sometimes called port mirroring or port monitoring, selects network traffic, from a switched port, for analysis by a network analyzer. Unfotunately this feature works only on switches or switches Layer3. And in a router, what can I do to copy the traffic? In a previous article, I explained the Embedded Packet Capture, a powerful feature to capture data packets directly on the NVRAM. Another good solution is the ‘IP traffic export‘. Introduced in 12.3(4)T IOS, the IP Traffic Export feature allows users to configure their router to export IP packets that are [...]

Switchport capture: a good alternative to SPAN port

0
0
Do you remember the article “How to analyze traffic with SPAN feature“? The SPAN port is a feature that mirror traffic (on physical or virtual port) to a specific port. In general, behind this ‘destination’ port can be a traffic analyzer (wireshark, ntop and so on…), an IDS or other appliances. The SPAN feature is a good tool but it has two limitations: The number of SPAN sessions that can be configured is limited. A destination port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This [...]

Cisco Unity Express Multiple Vulnerabilities

0
0
The Cisco Unity Express software contains two important vulnerabilities: CVE ID: CVE-2013-1114: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site scripting attacks.  The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted requests. However, all affected versions of the software have reached End of Software Maintenance or Last Day of Support. CVE ID: CVE-2013-1120: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks.  The vulnerabilities are due […]

NAT Virtual Interface aka NVI, what is that?!

0
0
Not everyone knows that from IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface; NVI removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT. How to use NVI? It’s easy! You must use the command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’. For instance, if you use legacy statement: Ciscozine(config)#interface range fastEthernet 0/0 Ciscozine(config-if-range)#ip nat inside Ciscozine(config)#interface range fastEthernet 0/1 Ciscozine(config-if-range)#ip nat outside Ciscozine(config)#ip nat inside source static 172.16.0.6 […]

February 2013: four Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability Cisco Unified Presence Server Denial of Service Vulnerability Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Vulnerable Products The following products are […]

Cisco Video Surveillance Operations Manager 6.3.2 – Multiple vulnerabilities

0
0
Part of the Cisco Video Surveillance Manager product suite, the Cisco Video Surveillance Operations Manager enables the efficient and effective configuration and management of video throughout an enterprise. It provides a secure web portal to configure, manage, display, and control video in an IP network, and provides the ability to easily manage a large number of security assets and users, including media server instances, cameras, encoders, and event sources, as well as digital monitors. # Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities # Google Dork: intitle:"Video Surveillance Operations Manager > Login" # Date: 22 Feb 2013 reported to the […]

March 2013: seven Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability Cisco IOS Software IP Service Level Agreement Vulnerability Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco IOS Software Protocol Translation Vulnerability Cisco IOS Software Network Address Translation Vulnerability Cisco IOS Software Internet Key Exchange Vulnerability Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco IOS Software contains a memory leak vulnerability that could be […]

PBR: Route a packet based on source IP address

0
0
Everyone knows that the routing table lists the routes to particular network destinations, but is it possible define the next-hop based on source ip, packet size or other criteria? Obviously yes! Policy-based routing (PBR) provides a tool for forwarding and routing data packets based on policies defined by network administrators. In effect, it is a way to have the policy override routing protocol decisions. Policy-based routing includes a mechanism for selectively applying policies based on access list, packet size or other criteria. The actions taken can include routing packets on user-defined routes, setting the precedence, type of service bits, etc. Policy-based routing […]

April 2013: ten Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published ten important vulnerability advisories: Multiple Vulnerabilities in Cisco NX-OS-Based Products Cisco Device Manager Command Execution Vulnerability Multiple Vulnerabilities in Cisco Unified Computing System Cisco Network Admission Control Manager SQL Injection Vulnerability Cisco TelePresence Infrastructure Denial of Service Vulnerability Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Multiple Vulnerabilities in Cisco Firewall Services Module Software Multiple Vulnerabilities in Cisco ASA Software Cisco Prime Network Control Systems Database Default Credentials Vulnerability Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution Multiple Vulnerabilities in Cisco NX-OS-Based Products Cisco Nexus, Cisco […]

Using IP SLA to change routing

0
0
Cisco IP SLAs is a part of Cisco IOS that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring for measuring network performance. With Cisco IOS IP SLAs, service provider customers can measure and provide service level agreements, and enterprise customers can verify service levels, verify outsourced service level agreements, and understand network performance. Cisco IOS IP SLAs can perform network assessments, verify quality of service (QoS), ease the deployment of new services, and assist with network troubleshooting. IP SLAs collects a unique subset of these performance metrics: Delay (both round-trip […]

Reload in X? Why don’t you rollback or replace the configuration?

0
0
Do you remember the article ‘How to schedule a reload‘? This feature (reload in ‘x’) is useful when you must apply a critical configuration on a remote device, for instance new route or new acl. In fact, if you happen to lose connection to device after a change, you must wait the device reload to reconnect to it. This can be a solution but there is a better solution: the replace/roolback feature. Introduced in 12.3(7)T IOS, the Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This […]

May 2013: two Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Vulnerable Products Cisco TelePresence Supervisor MSE 8050 running software versions 2.2(1.17) and earlier are affected by this vulnerability. Details A vulnerability in the network stack of the Cisco TelePresence MSE 8050 Supervisor […]

June 2013: five Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Multiple Vulnerabilities in Cisco Web Security Appliance Multiple Vulnerabilities in Cisco Email Security Appliance Multiple Vulnerabilities in Cisco Content Security Management Appliance Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Multiple Vulnerabilities in Cisco Web Security Appliance Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: Two authenticated command injection vulnerabilities Management GUI Denial of Service Vulnerability Vulnerable Products All models of Cisco Web Security Appliance running a vulnerable […]

July 2013: five Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Cisco WAAS Central Manager Remote Code Execution Vulnerability Multiple Vulnerabilities in the Cisco Video Surveillance Manager Multiple Vulnerabilities in Cisco Intrusion Prevention System Software Multiple Vulnerabilities in Cisco Unified Communications Manager Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, […]

How to save configurations using SNMP

0
0
Everyone knows there are software to get the configuration using SNMP; but how can you copy the configuration if you don’t have any tool? Let me explain what is SNMP before show you how to implement it. Simple Network Management Protocol (SNMP) is an “Internet-standard protocol for managing devices on IP networks”. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP uses an extensible design, where the available information is defined by management information bases (MIBs). MIBs describe the […]

August 2013: six Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published six important vulnerability advisories: Cisco Secure Access Control Server Remote Command Execution Vulnerability Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability Cisco TelePresence System Default Credentials Vulnerability OSPF LSA Manipulation Vulnerability in Multiple Cisco Products Cisco Secure Access Control Server Remote Command Execution Vulnerability The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted […]

WhoisUP v0.2 released!

0
0
One year ago, I had published Whoisup v0.1, a script that monitors hosts via ICMP and shows the status in a web page. The script had obtained a good success, so I have decides to continue the WhoisUP project. The version 0.2 has several improvements: Fixed some bugs in the core.php script and in the CSS file Added the warning latency value Added the width index page Added the maintenance mode Added the compact view Added the the core.php check Below a brief analysis of these improvements: Fixed some bugs in the core.php script and in the CSS file: the script is […]

September 2013: eleven Cisco vulnerabilities

0
0
The Cisco Product Security Incident Response Team (PSIRT) has published eleven important vulnerability advisories: Cisco IOS Software Queue Wedge Denial of Service Vulnerability Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability Cisco IOS Software DHCP Denial of Service Vulnerability Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password […]
Viewing all 84 articles
Browse latest View live




Latest Images