tcp timestamps
TCP timestamps notes:
- rfc1323
- Timestamps: TSval 4125101209, TSecr 0 (SYN)
- Timestamps: TSval 15477599, TSecr 4125101209 (SYN/ACK)
- No timestamps with RST pkts (Linux 2.6.31 stack)
- No timestamps with SYN&SYN/ACK (windows … need to be tested with win7)
- Bad: rttm only when the tcp window is low. Not realistic. Lead to introducing “aliasing” artifacts into the estimated RTT. Must be used with all segments
- Part of TCP options
- Linux stack 2.6.31 appears to not start timestamp counter as the PC booted up (3 hours delay during my testing)
- TCP timestamp can lead to slow network applications issues
- About the TCP timestamp generation (not covered by RFC1312) : http://tools.ietf.org/html/draft-gont-tcpm-tcp-timestamps-03
- disect (tcp timestamp covert channel) http://www.mit.edu/~gif/covert-channel/src/
- Arbitrary TCP ISN timestamps http://lkml.org/lkml/2008/2/15/244
- TCP timestamp can lead to false result under linux when syn cookies enabled
-
If more than 1 tsval is rcvd before echoed back:
- delayed ack (btw must be less than 0.5s): answer by the first tsval received
- ACK out of order segment (congestion): answer by the last pkt received
to be completed
DNS host and nslookup behavior
Whatever you type a dot by the end of the requested domain or not, the DNS crafted on the networks will be dot free.
host ns2.proxad.net = host ns2.proxad.net.
Don’t waste your time, remove the dot
During rollerskating session, old people ‘r always funny when they don’t insult you: “The next time u should go to olympics games”
traceroute nanog version
Determine route of packets in TCP/IP networks (NANOG variant)
This is the traceroute program maintained by Ehud Gavron. It is based on
the Van Jacobson/BSD traceroute and has additional features like AS lookup,
TOS support, microsecond timestamps, path MTU discovery, parallel probing
and others. The NANOG traceroute upstream FTP archive can be found at
ftp://ftp.login.com/pub/software/traceroute/
pello@Networker:~$ sudo traceroute-nanog -uAOP www.dailymotion.com
traceroute to www.dailymotion.com (195.8.215.139), 64 hops max, 40 byte packets
1 192.168.0.254 (192.168.0.254) [AS7531] nobody@invalid 28.513 ms 28.509 ms 28.514 ms
2 78.238.158.254 (78.238.158.254) [AS12322] hostmaster@proxad.net 71.040 ms 71.050 ms 71.054 ms
3 * * *
4 th2-crs16-1-be1104.intf.routers.proxad.net (212.27.56.153) [AS12322] hostmaster@proxad.net 71.328 ms 71.577 ms 71.854 ms
5 free-pni2.xe3-0-0.th2.par.as8218.eu (212.27.40.82) [AS12322] hostmaster@proxad.net 71.862 ms 72.079 ms 72.506 ms
6 xe2-2-0.tcr1.gs.par.as8218.eu (83.167.56.176) [AS8218] support@neotelecoms.com 72.755 ms 73.051 ms 73.477 ms
7 * * *
8 v204.dist-02.std.dailymotion.com (195.8.214.165) [AS41690] hostmaster@dailymotion.com 73.742 ms 73.986 ms 73.990 ms
9 www.dailymotion.com (195.8.215.139) [AS41690] hostmaster@dailymotion.com 74.464 ms 74.254 ms 74.650 ms
pello@Networker:~$
IPv6 is 0.172% with 2gbps at DE-CIX - we are the 28th of February 2010 … let’s meet in 2 years to see the diff!
Cisco 3750 notes
Some notes about 3750:
- show policy-map interface / Counters = 0 (CSCec08205)
- reset stackwise cable if there is a stack port failure
to be completed
Aggregate links notes
Some notes about aggregates links:
- If 2950 goes into bridging loops when trying to aggregate links then use the following command: channel-group 1 mode desirable non-silent
- Enterasys = lag / Cisco = etherchannel
- using src-dst-ip to continue to think about configuration and troubleshooting at Layer 3 instead of having to switch between Layer 3 and Layer 2 as you examine and think about the packet flows through the network
to be completed
Cisco VSS notes
Troubleshooting VLAN issues:
- sh idb all
- sh mmls gc vdb
- sh mmls mltl
- sh mmls mltl stati
- sh vlan
- rem com standby-sp sh idb all (slave chassis)
- rem com standby-sp sh mmls gc vdb (slave chassis)
- rem com standby-sp sh mmls mltl (slave chassis)
- rem com standby-sp sh mmls mltl stati (slave chassis)
- rem com standby-rp sh vlan (slave chassis)
to be completed
Francois Ropert lives near Paris (France) and likes to deep dive from L1 to L7 design architectures and network (in)security
