Using Windows: scapy reads: meaningful interface-names ip-address but no netmask netifaces reads: full Ethernet/IP/IPv6-Information but no meaningful interface-names Mixing both, provides everything needed. Netifaces only Adding Scapy to get meaningful interface namesRead More →
I expected a nobrainer: The suggested URL to download the missing software is wrong (HTTP 404). Go to the Microsoft-Repository Tools for Visual Studio 2017 or use the direct link to vs_buildtools.exe …it’s about 1.2MB run „vs_buildtools.exe“ …it downloads ~ 70 MB Select „Workloads => Windows => [x] Visual C++ Build Tools“ => [Install] …it downloads 1.12 GB …and installs and … unlucky… reboot required Now netifaces can get installed:Read More →
After provisioning a new Cisco CSR1000V-Router this script waits until the router is fully deployed got it’s Management-IP-Address assigned via DHCP. and returns this Management IP-Address. Prepare First, install „netaddr“-package. needed to check, if the management-IP of the CDP-Neighbor is in the correct IP-Subnet the „wait-for-CDP“-Script Obviously far to much hard-coded stuff, just as an example 😉 waiting for a CDP-Neighbor to appear with the following properties: hostname „CSR-A“ an IP-Address within the network „192.168.56.0 /24“ at the interface VirtualBox Host-Only-Network Provision a new CSR1000V Router named „CSR-A“ Run the „wait-for-CDP-Neighbor“-Script In a second CMD-Box, and… Be patient, of course. Or store the returned IP-AddressRead More →
Watch and decode Cisco Discovery Protocol Packetes. CDP Monitor-Script Inspired by the Scapy ARP-Monitor i created an CDP-Monitor displaying hostname and an optional Management-IP-Address. Real-Life Example Run this script: Open another CMD-Window to spin up a new CSR1000V-Router: Go back to the „python“-Screen and wait: It works, the IOS-XE CSR1000V-Router is installed and it got it’s baseline-config applied: Hostname Interface set to „ip address dhcp“ CDP enabled takes some time, but these first CDP-Packets captured were not sent in 60s interval, so don’t be scared 😉Read More →
It’s hard to believe, how easy it is to capture (and to craft) LAN-Data using Python Scapy. I need to capture CDP-Packets and to extract information like the hostname of the sender and it’s IP-Address. As an modification of the „ARP-Monitor“-example taken from the manual Using scapy in your tools. Scapy Installation nothing special: pip install Python: Install Scapy Example: List all Interfaces of my Laptop Capture 10 Packets on a specific interface Capture CDP-Packets Decode CDP (with inactive dissector) Activate the CDP-Parser Capture again and display CDP-Information as cleartext Decode CDP-Hostname Decode CDP-Management-IP-AddressRead More →
How often had i to look up this in the web, always wondering about myself still using the Windows-CMD-shell… Should move on to powershell… store the output of another command in a variable Example: the „date“-command Copy the date into the variable „TTT“ Not elegant, not intuitive, not self-explanatory: This Shell Scripting language seems not to be made for daily usage 😉Read More →
To enable immediate remote-access to brandnew deployed virtual Cisco CSR1000V-Routers by scripts, ansible etc. it’s necessary to predeploy the startup-config at least with public-rsa-keys etc. Prepare Download and install the nice tool http://CDBurnerXP. This will install a companion cli-tool cdbxpcmd.exe along with the GUI-Version. It’ll be used to prepare an ISO-„CDROM“ containing the prepared „startup-config“-file. Prepare Prepare an IOS-XE Configuration file… Modify the existing script These commands create the ISO-File in the %LOC%-Path. Mount this ISO to the VM The contained config-file will get automatically applied when the router boots the first time. Run the VM the config-file gets applied access the router This dependsRead More →
In a lab environment it might be handy to quickly rollout new (virtual) routers without much manual intervention. The following script creates a VirtualBox-VM and boots it up. Prepare Install VirtualBox and have a CSR1000V-ISO-File ready. Execute The Inventory populates: Use it After another reboot the serial console can be accessed by a windows pipe: The pipe provides access to the serial-console:Read More →
It’s a two step process to get rid of insecure username/password-authentication. Generate a RSA keypair at your SSH-client btw. Cisco-IOS doesn’t support DSA-keys Configure your network device(s) to assign the (public-)key of this keypair to an user-account This user-account could get privileges from a Radius/TACACS+-Server which could provide access-logs, too. Generate RSA-Key: Windows as SSH-Client I prefer Putty, usually in form of „mRemoteNG“, so i use PuttyGen to generate the RSA keypair. Windows.Start => PuttyGen (x) RSA, 4096-bits are supported, use it [Generate] move the mouse to improve the randomgenerator change the „comment“ – for example replace it by an username add a passphrase –Read More →
Background: Python-Requests wants to verify https-certificates, which makes sense to me. – but my VCenter uses a self-signed Certificate Don’t think about ignoring certificate errors 😉 Prerequisites Download the certificate from the VCenter: Install the certificate: Now Python.requests validates the vCenter: Add the Export to ~/.bashrc at the end of the fileRead More →