Need to monitor traffic on old cisco router - cisco

I have an old 2800 series router with ios 12.4(10) that I need to monitor traffic on an interface. Issue is the version of ios installed doesn't support traffic capture. I would love to update ios, but I'm not the one running the project. I didn't find any methods on capturing for my version of ios.
My solution was to run tcpdump on the node to the switch. Only problem is, that server doesn't have tcpdump and I cannot install it. Next solution is to compile from source and run tcpdump from usb (proving to be a bit tricky). My next approach is to remotely log into the router, view the traffic, and save to a file. I don't know the command to do that unfortunately and all the commands on the cisco support site are for newer ios versions.
I'm no networking guru and I'm very unfamiliar with ios commands. I need a way to monitor the traffic between the node and the router.
FYI:
When I say monitor, I mean I want to see the header, destination, port, etc. not just a packet accounting.

I don't think the router can do what you're asking. However if you are using a cisco switch to connect your router to your host, you can mirror (it's called 'Span port' on new switches) a port or a vlan to another port and sniff the data there.
As I don't know your switch model, I can only point you to this cisco doc that lists the config for all of them.
Hope this helps,
Alex

What is the exact model? I thought 2800 should be a router, not a switch.
If it is a router, you can use netflow to see IP and ports(but not full header), another option is debug ip packet, however you must be careful not to kill the router by extensive debugging.

Related

Yabe on Linux unable to locate bacnet device

I have a Win11 laptop and I installed Yabe and was easily able to explore bacnet objects on my home thermostat. I'm trying to duplicate this on a Linux Laptop. My issue is that Yabe is not finding my thermostat on the Linux machine.
I'm running Linux Mint 21 Cinnamon 5.4.12. I installed Mono and downloaded Yabe. I am running with command "mono ./Yabe.exe". The Win11 laptop rules out thermostat setup/network issues. In the Yabe log window I get a message that says "error loading plugins". I did't try to install any plugins so I don't know where this is coming from and I'm not sure if it's even the root cause. Initially I just left the Yabe folder in my downloads folder. I also moved it to /usr/bin but that didn't solve anything. Any suggestions would be appreciated. I would really like not to have to use Win11 as it is a memory hog.
A similar question was raised on sourceforge but the answers have not helped me.
https://sourceforge.net/p/yetanotherbacnetexplorer/discussion/general/thread/1e78874922/?limit=25
Thank you for the suggestions. I ran Wireshark capture with filter "udp and port 47808" and received i-Am 100001 from the thermostat at 192.168.0.150 which is the static address I assigned. Like I said, since I literally have a Win-11 laptop sitting beside this one with Yabe installed and it sees the thermostat just fine, that rules out most network router issues. Also, I currently have the Linux firewall turned off. I believe it must be some bug with the Yabe installation on this version of Linux. I keep wanting to get away from Windows and rely solely on Linux and then I run into issues like this that make me realize why it's not universally adapted in industry.
At least for Windows, I believe that the plug-in DLLs are not strictly necessary/important; and you could drop the relevant plug-in DLLs alongside the 'YABE.exe' binary (- within the same folder); I've included a picture of plug-in DLLs' filenames.
Is both the (BACnet) client machine and server/thermostat machine using a public IP address, or at least a private IP address within the same subnet/network address range?
Have you got a Linux (and/or Windows) firewall blocking communication?
Can you see the 47808 port # open using the 'NMap' tool?
Also - for generic reference, an answer of mine for a half-similar question (- some points are could also be relevant here):
Things worth considering :-
Tools such as YABE, VTS and Wireshark - to learn from the success cases/successful instances of communication.
The network card (NIC) that your tools and/or libraries are using/selecting to send the ('service' request) messages - e.g. definitely don't mix routable addresses with non-routable 'private' addresses (between the BACnet 'client' IP & the 'server' IP).
(UDPv4-only) 'Broadcasts' will only work upon the local network (- if a BBMD is not present & correctly set-up to relay the broadcast on to another part/hop of the "internetwork"/connected networks).
If you're unlucky - with a particular device, your client port just might have to be 47808/0xBAC0; and just possibly for the broadcasts too.
Also try directed/'unicast' traffic/'service' requests too - e.g. attempting to read the device object instance # (DOIN) of a target device; check you've got/are specifying the correct DOIN when targeting/firing a request at a device.
Does the target device have a BACnet router or BACnet gateway in front of it (- therefore would also need the inclusion of a DNET & DADR paired values as part of addressing it)?
If so, are you talking the same variant of BACnet, e.g. IP - as in BACnet/IP between both the (BACnet) 'client' & 'server'/serving device?
If it's a commercial/enterprise device, does it have a IP whitelist - to allow for the processing of incoming requests?

how to enable wsl to respond to broadcast ping request

I was using WSL to run ROS commands, and at a point i had to enable system to respond to broadcast icmp requests (for a multi master kind of a setup) i.e. on linux i had to make sure
cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
returns 0. but WSL does not contain such a file, so i was thinking of enabling it on windows. All the sources i have gone through suggest me to add a rule to firewall but my system is not responding to broadcast ping even when my system's firewall is turned off(domain, private and public have been turned off same with my buddy who is no the same network). i am using an android phone's mobile hotspot to check this.
it would be great if someone could help me on this.
thanks in advance.
I asked something similar
I don't know how to do it purely on WSL. But on windows you have to start the "TCPSVCS.EXE" process. located on System32

Monitoring switch port (service) per interface

My actual goal is to monitor the traffic going through a zyxel USG60 switch (v4.15). For that I use zabbix.
The problem I got is that I actually monitor the interfaces of the switch, but I need to go deeper (if you know what I mean), in the term that my boss asked me if I could monitor on each interface, the different traffic port by port (I mean service, like port 80 is for http), to check precisely who is using bandwidth and for what.
I tried to see if snmp can do that, but it seems it didn't go further the interface level. Since I don't know where to start or search, I need your help and advice.
One last precision, the monitoring server will be run under ubuntu 14.04 .
You need to collect additional data using NetFlow/sFlow protocols to get the detailed traffic information.

Receive realtime data from phone

I am using an android app that streams real-time accelerometer data to the specified ip address of a server. I have written a "server" in C running on Linux which is running in VMware.
I am connected to the hotspot created by the Windows7(Host machine) running the VMware Workstation.
So my question is how do I connect the virtual-machine to same network as the hotspot so that I can get the phone and the "server" program on the same network and stream data to the server program?
I use VirtualBox, but I'm guessing the settings are very similar in VMWare Workstation.
You probably need to do one or both of these things:
1) Port Forwarding. If your app is hitting port 80 (or whatever port), you'll need to tell VMWare that any hits coming in to the host machine on that port get forwarded to the VM. Of course, your VM will have to be listening on that port. I'd suggest using a high port number (over 1024) to minimize conflicts, and avoid annoying root/admin issues using a low port number.
2) Hopefully that gets you there. If not, you may need to change the virtual adapter settings on the VM. NAT mode is a good first try. If not, there are other modes (bridged, internal, host-only) you can tinker with. (Not sure if VMWare uses different names)
That's probably all you need for the topology you describe -- Android device connected directly to the same subnet as the host machine. If not, perhaps your hotspot routes all client traffic to the gateway (i.e. out to the Internet), without allowing direct access to localhost. If so, maybe there are settings for that. If not, ngrok is your new best friend.
It is SUPER easy and allows you to tunnel traffic from anywhere on the Internet to a specific service running on your machine. This would sidestep some of the issues above.
If you want to take your Android device to another network (e.g. cell network), then ngrok is absolutely the way to go, particularly for development and prototyping. This lets you avoid issues with DNS, routing, firewalls, etc.

Need Packet filtering and packet editing api for windows

As the title says, i need a packet filtering (Firewall) and packet editing API for windows
I did a lot of google search and find some packet filtering API
like
1.Winpcap
2.WIPFW
3.Pktfilter
but nothing for packet editing, seems like i have to write a kernel level driver to achieve this...I know some programming but dont know how to program a driver
I know that i can do this in linux using iptables.
is there is anything equivalent to iptable in windows?
is there is any API for windows to do packet filtering (Firewall) and editing the packet?
(basically i trying to edit the source ip in packet's ip header so that i can make the packets to use different network interface)
I don't want to write any kernel level driver for that because i don't know how to do that.
Somebody help me.
From XP onwards, Windows has come with a firewall.
XP, 2k & 2k3 can be configured on the cli using "netsh firewall ...." and on later versions of Windows, it's "netsh advfirewall ....".
Here's a link with an intro - http://blog.commandlinekungfu.com/2009/05/episode-30-twiddling-with-firewall.html.
You could write a powershell script also to integrate with the Windows firewall. Here's some sample configuration http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx

Resources