Friday, September 2, 2016

Wireshark: capturing Skype traffic only + to filtering out communication with Microsoft servers

If we want to keep an eye on our Skype traffic to see the IPs of our Skype contacts, we can set up a very simple filer udp.srcprt==SKYPEPORT. Skype seems to exchange keepalive messages with all contacts currently showing as green (online) or yellow (away).

However, Skype also exchanges keepalive messages with the Microsoft servers and does alot of housekeeping stuff in the background, and the traffic to and from the Microsoft servers is very voluminous, and makes it hard to see traffic coming and going to and from our online contacts.

For example, in the image below, the conversation with a couple of MS servers is taking up half of the available screen area.


That is fine, but if you have Wireshark scan the traffic continuously, you can end up with hundreds of those server chit-chat messages obscuring the traffic to individual Skype users. 

Cleaning up the traffic with a display filter

To screen out the traffic to any known MS servers, I simply turn on the Wireshark with my display filter being udp.srcprt==SKYPEPORT (in my case it is udp.srcport == 36327 ), and I record about 30 minutes worth of traffic. I then take note of the most commonly used IPs (which are probably server traffic). 
  • For example, I have 10 entries for 157.56.52.44, which belongs to Microsoft, etc. 
  • I also notice that I have entries for 157.56.52.44, 157.56.52.65, 157.56.52.89, 157.56.52.108, etc. So,the subnet 157.56.52.0/24 can be assumed to be taken by MS servers.

Next, I notice that I have 157.55.56.151, 157.55.58.154, 157.55.36.15, etc also being server traffic. So, I conclude that subnet 157.56.0.0/16 also seems to be dedicated to MS servers.

So, it is now possible for me to filter out all traffic going to the subnet 157.56.0.0/16. So, my filter will be ((udp.srcport == 36327 ) &&!(ip.addr == 157.55.0.0/16) . If I keep analyzing the remaining displayed traffic, I will find additional patterns of traffic that indicate various IPs assigned to MS servers. As soon as I find an IP belonging to a MS server, I put a filter on that entire /24 subnet.

For my traffic, I ended up filtering out the following subnets:
  • 111.221.77.0/24
  • 157.55.0.0/16
  • 157.56.0.0/16
  • 65.55.0.0/16
  • 64.4.0.0/16
Here is the full display filter for these subnets:
(((((udp.srcport == 36327 ) && !(ip.addr == 111.221.77.0/24)) && !(ip.addr == 157.55.0.0/16)) && !(ip.addr == 64.4.0.0/16)) && !(ip.addr == 157.56.0.0/16)) && !(ip.addr == 65.55.0.0/16)

Here is the resulting capture:



For this capture, a total number of packets captured was 4601, and number of displayed packets is 61, so now we can easily see on just one or two screens ONLY those packets that are of real interest (they show IPs of Skype users in our contact list). Now it is much easier for us see the data we are targeting.


10 minutes interval for keepalive packets

If I am need to find out an IP of a particular Skype user, this user will
1) need to be in my contact list
2) need to be on status Available or Away (I think! I am not sure if the logged off users show up)

If those two conditions are met, I can turn on Wireshark, install my "interesting traffic" filter, and just watch the packets roll in. Based on my observation, the keepalives are set to ALL Skype contacts that are Available or Away with the interval of about 10 minutes.



So, if you do nothing but sit and quietly capture packets for 30-40 min, you should be able to get a list of IPs of all reach-able users in your contact list.

You can then filter by conversation if you want traffic to a particular IP grouped together for you.


Setting up capture filter

If you really do run Wireshark for 40 minutes, you may end up with a very heavy capture file with tens of thousands of packets and a file size of 80MB or more. This is not needed if you are not interested in examining any other traffic from that capture.

So, I recommend installing a capture filter, so Wireshark only captures Skype traffic and nothing else. This should reduce your capture file size dramatically.

So, whatever your Skype port is, just create a new capture filter port SKYPEPORT (in my case, port 36327), and apply that capture filter to the interface from which you are capturing

 




I ran Wireshark with this capture filter for 2 hours this morning, and my total number of packets captured is 1916. Total file size is 277Kb. I was able to capture about 78 IPs, which makes me think that even IPs of users not online were captured, because only about 15 of my friends were Available or Away at that time.



So, the bottom line is that if the user of your interest is in your Skype contacts, you can capture his/her IP even without entering into voice or video conversation.

Tuesday, August 30, 2016

Spam message from LinkedIn

Spam from LinkedIn. Ugh!

------------

Groups
Engineering Jobs, Construction Jobs, Oil and Gas Jobs around the World....
Announcement in Engineering Jobs, Construction Jobs, Oil and Gas Jobs around the World....
Free CV Evaluation
announcerFullName
Jon Hobbs CertRP - R Engineering Jobs
Commercial Director at R Job Network Limited
Get your English CV evaluated by a professional CV expert. You'll receive specific suggestions for improvement within three days.

More Info / Get your CV Evaluation - Click Here -https://www.cvnow.co.uk/cv-review/?pt=fzGkLIx4ChsF1&utm_medium=referral&utm_source=R+Job+Network

CVNow has created a safe and secure CV evaluation system. Once you upload your CV, it will be evaluated by a professional CV expert. They will email you feedback based on your CV within three days. We have helped thousands of professionals improve their CVs and land great jobs.

But don't take our word for it. Upload your CV now -https://www.cvnow.co.uk/cv-review/?pt=fzGkLIx4ChsF1&utm_medium=referral&utm_source=R+Job+Network
Respond Now
View
Don't want to hear from the manager? Unsubscribe here
This email was intended for Elena Garrett (####). Learn why we included this.
If you need assistance or have questions, please contact LinkedIn Customer Service.
© 2016 LinkedIn Corporation, 2029 Stierlin Court, Mountain View CA 94043. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn.

Sunday, August 28, 2016

Getting Skype user IP via Wireshark - VoIP does not leave out of Skype port

In the previous few attempts to capture Skype use IP via Wireshark, I have used the filter udp.srcport==36327, with 36327 being my Skype port.




Recently, I had an experience when another user could not see Skype conversation at all via the Skype port. The voice call via Skype was generating a ton of UDP segments, but all of them going through what appeared to be Microsoft server (IP 104.44.195.138) from UDP local port 28450, with STUN protocol assisting with the conversation




Filtering for UDP port 36327 (manually set in Skype settings) showed no packets leaving that port during the entire 4 minute Skype voice conversation






So, it appears that voice conversation via Skype goes through the some other service or some other VoIP service, other than Skype's own port.







Wednesday, August 3, 2016

Checking Skype user IP using CMD netstat -nbt - truth or myth?

There are several online tutorials (some of YouTube) that claim that they can check a Skype user IP address using CMD.

One tutorial which I tried to replicate was here:
https://sinister.ly/Thread-Finding-IP-Address-Through-Skype-CMD

The jist of the instruction is to open CMD as an administrator, and then use netstat -nbt

So, I am testing this theory. I am online right now with a friend, whose IP is 108.239.16.221. I also have about 20 other friends showing online at the moment. Lets see what CMD sees.

Here is my output from     netstat -nbt 



Number one, as you can see, IP 108.239.16.221 is NOT in the results for Skype connection. Second, upon closer look, the IPs that do come up are Skype and Microsoft IPs. I am guessing, their servers.

So, -nbt command is NOT for locating connections to individual Skype users.


See proof below.
65.55.164.215 IP address location & more:
IP address [?]:65.55.164.215 [Whois] [Reverse IP]
IP country code:US
IP address country:ip address flag United States
IP address state:Virginia
IP address city:Washington
IP postcode:22747
IP address latitude:38.7163
IP address longitude:-78.1704
ISP of this IP [?]:Microsoft Hosting
Organization:Microsoft Hosting
Host of this IP: [?]:blu406-m.hotmail.com [Whois] [Trace]
Local time in United States:2016-08-03 23:53

91.190.217.44 IP address location & more:
IP address [?]:91.190.217.44 [Whois] [Reverse IP]
IP country code:LU
IP address country:ip address flag Luxembourg
IP address state:Luxembourg
IP address city:Luxembourg
IP address latitude:49.6117
IP address longitude:6.1300
ISP of this IP [?]:Skype Communications Sarl
Organization:Skype Communications Sarl

65.52.108.74 IP address location & more:
IP address [?]:65.52.108.74 [Whois] [Reverse IP]
IP country code:US
IP address country:ip address flag United States
IP address state:Virginia
IP address city:Boydton
IP postcode:23917
IP address latitude:36.6676
IP address longitude:-78.3875
ISP of this IP [?]:Microsoft bingbot
Organization:Microsoft bingbot


64.4.23.147 IP address location & more:
IP address [?]:64.4.23.147 [Whois] [Reverse IP]
IP country code:US
IP address country:ip address flag United States
IP address state:California
IP address city:San Jose
IP postcode:95141
IP address latitude:37.3394
IP address longitude:-121.8950
ISP of this IP [?]:Microsoft Corporation
Organization:Microsoft Corporation

23.99.210.20 IP address location & more:
IP address [?]:23.99.210.20 [Whois] [Reverse IP]
IP country code:US
IP address country:ip address flag United States
IP address state:Iowa
IP address city:Des Moines
IP postcode:50307
IP address latitude:41.6005
IP address longitude:-93.6091
ISP of this IP [?]:Microsoft Corporation
Organization:Microsoft Azure


I was told that it should be possible to track the IP in CMD during a file transfer (if I send that user a file), and it may be possible, but I do not know how to initiate the netstat fast enough for it to capture the file transfer in process. Unless I send a really large, the transfer seems to go through too fast for me to open netstat in time.

However, I did get to the desired resut (the accurate IP info) using Wireshark packet capture,

I got the idea from this video:
https://www.youtube.com/watch?v=jgKbO9R76yM

Followiing the same steps, I was able to see the needed IPs as soon as I initiated a call to the user. However, sending a file or simply an instant message through Skype was still producing packets, so I was able to see the packets leaving through the Skype port as long as my Skype kept seeing the user online. 



The filter I applied looked like this: ip.src==192.168.43.54 and udp.srcport==36327. 

I went back to CMD and did netstat -nbt, and I did not see port 36327 (the port my Skype was using for that connection) being listed as in use, even during an active Skype session.

Saturday, July 30, 2016

Cisco4 3.5.1.2 Packet Tracer - Skills Integration Challenge - PPP with CHAP

Cisco4 3.5.1.2 Packet Tracer - Skills Integration Challenge - PPP with CHAP

I could not get the IP Cloud to work, so I removed the IP cloud and made a direct link from R1 to Server


R1



hostname R1

no ip cef
ipv6 unicast-routing
!
no ipv6 cef

!
username R2 password 0 cisco
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 209.165.200.226 255.255.255.252
 duplex auto
 speed auto
 ipv6 address FE80::1 link-local
 ipv6 address 2001:DB8:B:1::2/64
 ipv6 ospf 1 area 0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 ip address 10.1.1.2 255.255.255.252
 encapsulation ppp
 ppp authentication chap
 ipv6 address FE80::1 link-local
 ipv6 address 2001:DB8:A:A::2/64
 ipv6 ospf 1 area 0
!
interface Serial0/0/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 10.1.1.0 0.0.0.3 area 0
 network 209.165.200.226 0.0.0.0 area 0
 default-information originate
!
ipv6 router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip flow-export version 9
!
ipv6 route ::/0 GigabitEthernet0/0
!
!





R2


hostname R2
!
no ip cef
ipv6 unicast-routing
!
no ipv6 cef

username R1 password 0 cisco
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.193 255.255.255.224
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:A:1::1/64
!
interface GigabitEthernet0/0.15
encapsulation dot1Q 15
ip address 192.168.1.1 255.255.255.128
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:A:15::1/64
!
interface GigabitEthernet0/0.25
encapsulation dot1Q 25
ip address 192.168.1.129 255.255.255.192
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:A:25::1/64
!
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.1.225 255.255.255.224
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:A:99::1/64
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
ppp authentication chap
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:A:A::1/64
ipv6 ospf 1 area 0
clock rate 2000000
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 192.168.1.193 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
network 192.168.1.129 0.0.0.0 area 0
network 192.168.1.225 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
!
ipv6 router ospf 1
router-id 2.2.2.2
log-adjacency-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
ip flow-export version 9
!

ipv6 route ::/0 Serial0/0/0




SWITCH


hostname Switch
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 99
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 86
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 86
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 86
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 86
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 86
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 15
!
interface FastEthernet0/8
switchport access vlan 15
!
interface FastEthernet0/9
switchport access vlan 15
!
interface FastEthernet0/10
switchport access vlan 15
!
interface FastEthernet0/11
switchport access vlan 15
!
interface FastEthernet0/12
switchport access vlan 15
!
interface FastEthernet0/13
switchport access vlan 15
!
interface FastEthernet0/14
switchport access vlan 15
!
interface FastEthernet0/15
switchport access vlan 15
!
interface FastEthernet0/16
switchport access vlan 15
!
interface FastEthernet0/17
switchport access vlan 15
!
interface FastEthernet0/18
switchport access vlan 15
!
interface FastEthernet0/19
switchport access vlan 25
!
interface FastEthernet0/20
switchport access vlan 25
!
interface FastEthernet0/21
switchport access vlan 25
!
interface FastEthernet0/22
switchport access vlan 25
!
interface FastEthernet0/23
switchport access vlan 25
!
interface FastEthernet0/24
switchport access vlan 25
!
interface GigabitEthernet0/1
switchport access vlan 86
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 86
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
no ip address
!
interface Vlan25
no ip address
!
interface Vlan86
no ip address
!
interface Vlan99
ip address 192.168.1.226 255.255.255.224
!
ip default-gateway 192.168.1.225
!
!

!

Tuesday, July 19, 2016

8.3.1.2 Packet Tracer - EIGRP IPv4 and IPv6 Skills Integration Challenge

8.3.1.2 Packet Tracer - EIGRP IPv4 and IPv6 Skills Integration Challenge


This one took me a long time because I could not summirize the ipv6 addresses. I had to go do some practice exercises with IPv6 CIDR (https://www.ultratools.com/tools/ipv6CIDRToRange) before I finally got on the right track.


Here is how I did my summary for IPv6

Networks
2001:DB8:1:1:A100::/72
2001:DB8:1:1:A200::/72
2001:DB8:1:1:A300::/72
2001:DB8:1:1:A400::/72

The normal network range for ipv6 is /64, so here 12 extra bits are borrowed

2001:DB8:1:1: = 16+16+16+16 = 64
A100:: /= 16+16+1616
A100 through A400 = 4 (1010)+4 (1through 4) +4 (0000)+4 (0000)   = 16 bits
Address A100 = 1010 0001 0000 0000
Address A200 = 1010 0010 0000 0000
Address A300 = 1010 0011 0000 0000
Address A400 = 1010 0100 0000 0000
The common bits in this address are 1010 0, which is 1+1+1+1+1 =5 bits

2001:DB8:1:1: = 64 bits
+ 5 bits of 1010 0...
64 bits + 5 bits = 71 bits, starting with 0

Summary address is 2001:DB8:1:1:A000::/71

For networks
2001:DB8:1:1:BB80::/76
2001:DB8:1:1:BB90::/76
2001:DB8:1:1:BBA0::/76
2001:DB8:1:1:BBB0::/76

If the network mask is 76, and the normal network range for ipv6 is /64, so here 10 extra bits are borrowed
2001:DB8:1:1 = 64 bits
BB80::/= 16+16+16+16 bits
BB80  through BBB0 = 4 (B) + 4(B) + 4 (???) + 4 (0) = 16 bits

BB80 = 1011 1011 1000 0000
BB90 = 1011 1011 1001 0000
BBA0 = 1011 1011 1010 0000
BBB0 = 1011 1011 1011 0000
The common bits for this address are 1011 1011 10, which are 4+4+2 = 10 bits

2001:DB8:1:1 = 64 bits
1011 1011 10 = 10 bits, starting with 1 0  in positions 8 and 4, which means that the summary network will start with 80
64 bits + 10 bits = 74 bits

Summary address 2001:DB8:1:1:BB80::/74


===============

R1


hostname R1

interface Loopback8
ip address 172.31.0.1 255.255.255.128
!
interface Loopback9
ip address 172.31.0.129 255.255.255.128
!
interface Loopback10
ip address 172.31.1.1 255.255.255.128
!
interface Loopback11
ip address 172.31.1.129 255.255.255.128
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.31.6.2 255.255.255.252
ip summary-address eigrp 1 172.31.0.0 255.255.248.0 5
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
eigrp router-id 11.11.11.11
network 172.31.6.0 0.0.0.3


!




R2


hostname R2

interface Loopback1
ip address 10.10.0.1 255.255.255.0
!
interface Loopback2
ip address 10.10.1.1 255.255.255.0
!
interface Loopback3
ip address 10.10.2.1 255.255.254.0
!
interface Loopback4
ip address 10.10.4.1 255.255.252.0
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
no ip address
clock rate 2000000
shutdown
!
interface Serial0/0/1
ip address 10.10.8.2 255.255.255.252
ip summary-address eigrp 1 10.10.0.0 255.255.240.0
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
eigrp router-id 22.22.22.22
network 10.10.8.0 0.0.0.3



 network 10.10.0.0 0.0.15.255




IPv4-Edge


hostname IPv4-Edge
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.31.6.1 255.255.255.252
clock rate 64000
!
interface Serial0/0/1
ip address 10.10.8.1 255.255.255.252
clock rate 64000
!
interface Serial0/1/0
ip address 209.165.200.226 255.255.255.224
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
eigrp router-id 33.33.33.33
redistribute static
network 172.31.6.0 0.0.0.3



 network 10.10.8.0 0.0.0.3




R3

hostname R3
!

ipv6 unicast-routing

interface Loopback0
no ip address
ipv6 address 2001:DB8:1:1:A000::1/72
ipv6 eigrp 1
!
interface Loopback1
no ip address
ipv6 address 2001:DB8:1:1:A100::1/72
ipv6 eigrp 1
!
interface Loopback2
no ip address
ipv6 address 2001:DB8:1:1:A200::1/72
ipv6 eigrp 1
!
interface Loopback3
no ip address
ipv6 address 2001:DB8:1:1:A300::1/72
ipv6 eigrp 1
!
interface Loopback4
no ip address
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
no ip address
ipv6 address 2001:DB8:A001:7::2/64
ipv6 eigrp 1
ipv6 summary-address eigrp 1 2001:DB8:1:1:A000::/71 5
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ipv6 router eigrp 1
eigrp router-id 11.11.11.11

no shutdown



R4


hostname R4
!
ipv6 unicast-routing
!
interface Loopback8
no ip address
ipv6 address 2001:DB8:1:1:BB80::1/76
ipv6 eigrp 1
!
interface Loopback9
no ip address
ipv6 address 2001:DB8:1:1:BB90::1/76
ipv6 eigrp 1
!
interface Loopback10
no ip address
ipv6 address 2001:DB8:1:1:BBA0::1/76
ipv6 eigrp 1
!
interface Loopback11
no ip address
ipv6 address 2001:DB8:1:1:BBB0::1/76
ipv6 eigrp 1
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
no ip address
clock rate 2000000
shutdown
!
interface Serial0/0/1
no ip address
ipv6 address 2001:DB8:A001:6::2/64
ipv6 eigrp 1
ipv6 summary-address eigrp 1 2001:DB8:1:1:BB80::/74 5
!
interface Vlan1
no ip address
shutdown
!
ipv6 router eigrp 1
eigrp router-id 22.22.22.22
no shutdown

!



IPv6-Edge


hostname IPv6-Edge

ipv6 unicast-routing

interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
no ip address
ipv6 address 2001:DB8:A001:6::1/64
ipv6 eigrp 1
clock rate 64000
!
interface Serial0/0/1
no ip address
ipv6 address 2001:DB8:A001:7::1/64
ipv6 eigrp 1
clock rate 64000
!
interface Serial0/1/0
no ip address
ipv6 address 2001:DB8:CAFE:1::2/64
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ipv6 router eigrp 1
eigrp router-id 33.33.33.33
no shutdown
redistribute static
!
ip classless
!
ip flow-export version 9
!
ipv6 route ::/0 Serial0/1/0

Tuesday, July 12, 2016

5.2.2.3 Packet Tracer - Troubleshooting Single-Area OSPFv2 Instructions

Problems with the original settings:
R1:
incorrect network statement for s0/0/1

R2:
incorrect network statement for s0/0/1
missing default route
missing default-information originate statement on the ospf 1

R3:
incorrect network statement for s0/0/0
incorrect network statement for s0/0/1
incorrect hello-timer on s0/0/1



R1:


hostname R1
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.16.3.1 255.255.255.252
clock rate 64000
!
interface Serial0/0/1
ip address 192.168.10.5 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 172.16.3.0 0.0.0.3 area 0
network 172.16.1.0 0.0.0.255 area 0
network 192.168.10.4 0.0.0.3 area 0




R2:


hostname R2
!
interface Loopback0
ip address 10.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0
ip address 172.16.2.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 172.16.3.2 255.255.255.252
!
interface Serial0/0/1
ip address 192.168.10.9 255.255.255.252
clock rate 64000
!
interface Serial0/1/0
ip address 209.165.200.225 255.255.255.224
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 172.16.2.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.3 area 0
network 192.168.10.8 0.0.0.3 area 0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
!
i



R3:

hostname R3
!
interface Loopback0
ip address 10.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.10.6 255.255.255.252
clock rate 64000
!
interface Serial0/0/1
ip address 192.168.10.10 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.4 0.0.0.3 area 0
network 192.168.10.8 0.0.0.3 area 0

!

Wednesday, June 8, 2016

3.2.2.4 Lab - Troubleshooting EtherChannel

This lab took me almost 4 hours to complete.
What I had to correct - mismatch in allowed vlans, mismatch in protocol versus mode, mismatch in port-channels.

Problems encountered:

  1. allowed vlans under show interface trunk did not match those shown on show run, and to correct I had to strip all trunk settings and start anew. 
  2. grouping protocols were staying incorrectly assigned. Like it would show Po1 PAgP, f0/3 Active, F0/4 Active, and on the next channel it would say Po2 LACP, f0/1 Desirable, f0/2 Desirable. And nothing except for deletion of port-channel itself would fix this mismatch. And after I fixed it, it would go straight back to incorrect mode/protocol combination under show etherchannel port-channel, while showing nothing wrong under show running
  3. spanning-tree is showing port channels AND their bundled links separately, attempting to block one of the links on each port-channel. In the process it somehow also managed to have 2 root switches for the same vlans. Until I fixed the mismatch in channel protocols, spanning-tree was looking weird.


I do not know what %%EC-5-COMPATIBLE: Fa0/3 is compatible with port-channel members
 means, but it kept popping up. Right now PCs are pinging one another, so whatever %%EC-5-COMPATIBLE: Fa0/3 is compatible with port-channel members means, it is not obstructing the connection.



Switch 1


hostname S1
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
channel-group 1 mode active
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
channel-group 1 mode active
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
channel-group 2 mode desirable
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
channel-group 2 mode desirable
switchport mode trunk
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Port-channel 1
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
switchport mode trunk
!
interface Port-channel 2
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.1.11 255.255.255.0

!



Switch 2


hostname S2
!
!
!
!
!
spanning-tree mode pvst
spanning-tree vlan 1,10,99 priority 24576
!
interface FastEthernet0/1
switchport trunk native vlan 99
channel-group 1 mode active
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk native vlan 99
channel-group 1 mode active
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
channel-group 3 mode desirable
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
channel-group 3 mode desirable
switchport mode trunk
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Port-channel 1
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
switchport mode trunk
!
interface Port-channel 3
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99

ip address 192.168.1.12 255.255.255.0



Switch 3


hostname S3
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk native vlan 99
channel-group 3 mode desirable
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk native vlan 99
channel-group 3 mode desirable
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10
channel-group 2 mode desirable
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10
channel-group 2 mode desirable
switchport mode trunk
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Port-channel 2
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10
switchport mode trunk
!
interface Port-channel 3
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,99
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.1.13 255.255.255.0
!

!

Tuesday, June 7, 2016

3.2.1.4 - Configuring EtherChannel

https://static-course-assets.s3.amazonaws.com/ScaN503/en/course/files/3.2.1.4%20Lab%20-%20Configuring%20EtherChannel.pdf



Switch 1


hostname S1
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk native vlan 99
channel-group 2 mode active
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk native vlan 99
channel-group 2 mode active
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
channel-group 1 mode desirable
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
channel-group 1 mode desirable
switchport mode trunk
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Port-channel 1
switchport trunk native vlan 99
switchport mode trunk
!
interface Port-channel 2
switchport trunk native vlan 99
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99

ip address 192.168.99.11 255.255.255.0




Switch 2

hostname S2
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk native vlan 99
channel-group 2 mode active
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk native vlan 99
channel-group 2 mode active
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
channel-group 3 mode active
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
channel-group 3 mode active
switchport mode trunk
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Port-channel 2
switchport trunk native vlan 99
switchport mode trunk
!
interface Port-channel 3
switchport trunk native vlan 99
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.99.12 255.255.255.0
!

!

Switch 3

hostname S3
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk native vlan 99
channel-group 3 mode active
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk native vlan 99
channel-group 3 mode active
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk native vlan 99
channel-group 1 mode auto
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk native vlan 99
channel-group 1 mode auto
switchport mode trunk
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Port-channel 1
switchport trunk native vlan 99
switchport mode trunk
!
interface Port-channel 3
switchport trunk native vlan 99
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.99.13 255.255.255.0

!






3.2.1.3 - Configuring EtherChannel

https://static-course-assets.s3.amazonaws.com/ScaN503/en/course/files/3.2.1.3%20Packet%20Tracer%20-%20Configuring%20EtherChannel%20Instructions.pdf

Switch 1


hostname S1
!
!
!
!
!
spanning-tree mode pvst
spanning-tree vlan 1 priority 24576
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
channel-group 1 mode desirable
switchport mode trunk
!
interface FastEthernet0/22
channel-group 1 mode desirable
switchport mode trunk
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
channel-group 2 mode active
switchport mode trunk
!
interface GigabitEthernet0/2
channel-group 2 mode active
switchport mode trunk
!
interface Port-channel 1
switchport mode trunk
!
interface Port-channel 2
switchport mode trunk
!
interface Vlan1
no ip address

shutdown



Switch 2


hostname S2
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
channel-group 3 mode passive
switchport mode trunk
!
interface FastEthernet0/24
channel-group 3 mode passive
switchport mode trunk
!
interface GigabitEthernet0/1
channel-group 2 mode active
switchport mode trunk
!
interface GigabitEthernet0/2
channel-group 2 mode active
switchport mode trunk
!
interface Port-channel 2
switchport mode trunk
!
interface Port-channel 3
switchport mode trunk
!
interface Vlan1
no ip address

shutdown



Switch 3

hostname S3
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
channel-group 1 mode desirable
switchport mode trunk
!
interface FastEthernet0/22
channel-group 1 mode desirable
switchport mode trunk
!
interface FastEthernet0/23
channel-group 3 mode passive
switchport mode trunk
!
interface FastEthernet0/24
channel-group 3 mode passive
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Port-channel 1
switchport mode trunk
!
interface Port-channel 3
switchport mode trunk
!
interface Vlan1
no ip address

shutdown