What is Multicast Reverse Path Forwarding (RPF)?

Introduction Reverse path forwarding (RPF) is a technique used in modern routers for the purposes of ensuring loop-free forwarding of multicast packets in multicast routing and to help prevent IP address spoofing in unicast routing. [1] Within this article, we will look at multicast RPF, and look into why it is needed along with how it … Read more

OSPF – The Neighbor Relationship

Introduction In order for OSPF-enabled routers to exchange information, they must form an adjacency (relationship) with their neighbor. Within this article, we will look at the process and various steps involved (Figure 1). Requirements Before the OSPF router even starts to try and form an adjacency, OSPF must know/determine the following: Router ID – The … Read more

What is IGMP?

Introduction IGMP (Internet Group Management Protocol) is a Layer 3 protocol (IP protocol number 2) and is a key component (Figure 1) to IP multicast. The role of IGMP is to notify a local multicast router when a host wants to receive multicast traffic for a specific group. Figure 1 – Summary of Multicast Components. There are 3 versions … Read more

Interface to Network Security Functions (I2NSF)

Interface to Network Security Functions (I2NSF) is a working group within the IETF formed to define a set of interfaces and data models for monitoring and managing network security functions hosted across multiple sites. I2NSF states, Network security functions (NSFs) are provided and consumed in increasingly diverse environments. Users of NSFs could consume network security … Read more

Stretched L2 Domains + VMotion

Issues with Layer2 across DCs Ideally, data centers do not share fate. But extending L2 creates a common broadcast domain in 2 data center. Now, we are sharing fate Traffic patterns become sub-optimal Where does the default-gateway live? In the local DC? Or remote? Traffic to load balancer to pool member, but pool member lives … Read more

LLDP (Link Layer Discovery Protocol)

Unlike CDP, LLDP is a, non Cisco propriety, discovery protocol. LLDP is disabled by default. Global R1(config)# lldp run Timer/Holdtime lldp timer 5 lldp holdtime 15 Show R1(config)# do show lldp neigh  

How to Build Packet Analysis Reports via the CommandLine

If you want to perform any form of packet analysis/reporting there is, really, only one program to use. Yep you guessed it, Wireshark. However as Wireshark is a GUI based program, it raised the question, How do you build a packet analysis report via the commandline ? Within this article we will show you 2 … Read more

HTTP Pipelining vs Domain Sharding

The other day I was reading about the benefits and new features within HTTP 2.0. One of the key features to HTTP2.0 is the ability to interleave (i.e multiplex) multiple requests and responses across a single TCP connection. Resulting in Domain Sharding being considered counterproductive. However, based on how Domain Sharding and HTTP Pipelining can … Read more

How to Graph TCP Delta Times in Wireshark

Wireshark provides the ability to calculate the amount of time between packets. This data can then be used within the IO graphing tool of Wireshark to create a visual representation which can be used when troubleshooting networking issues. Within this article we will show you how to create the TCP delta column, the TCP preferences … Read more

HTTP Caching – HTTP 1.0 vs HTTP 1.1

Introduction Caching is one of the key optimisation methods in HTTP. It can reduce both network overhead and page load times, resulting in an improved experience for the client.  Within this article we will look the various headers and options available in both HTTP 1.0 and HTTP 1.1. HTTP 1.0 The caching mechanism within HTTP … Read more

How do I Graph HTTP Response Times in Wireshark ?

Wireshark offers a huge range of features, allowing you to display the data and results captured at the packet level. This article will show you how to graph the HTTP response times of your capture. i.e the time taken to receive the HTTP response once the HTTP request has been Acknowledged. Steps Goto ‘Statistics’ / … Read more

HTTP – What does ‘Transfer-Encoding : Chunked’ mean?

Content-Length The content-length header informs the client of the byte length of the HTTP body. This is typically used for HTTP 1.1 (i.e persistent connections) to ensure the client knows when the current response/request is complete so that the connection can be reused for further requests. Transfer-Encoding Chunked However in certain cirucumstances the server may … Read more

What is the Vary HTTP Header used for ?

The Vary Header The vary header is sent within the servers response to the client and instructs any intermediary caches to cache a separate instance based on the headers specified within the vary header. Encoding Headers As our example is based around the following HTTP headers, here is a quick summary of each, Content-Encoding (HTTP … Read more

How can I list all IPs relating to a single AS ?

Within this article we will show you how to list all IP`s relating to a single AS. STEPS First of all get the IP address for the domain. [root@server]$ whois 173.252.110.27 | grep OriginAS OriginAS:       AS32934 Finally run another whois against the AS to obtain a list of IPs. origin=$(whois `dig facebook.com +short | head … Read more

Optimize Throughput of a VPN across a WAN-based Link

How can I optimize the throughput of a VPN across a WAN based link ? I was recently asked this question the other day by a client, after seeing the results (in which the transfer speeds were nearly tripled) I thought it would make an interesting article. Background My client had a VPN (Site to … Read more

What are NS Record’s ?

NS (Name Server) Records are used within the Domain Name System (DNS) to determine which name servers are authoritative for a domain. NS records also provide name server delegation. Example Within this example we have a domain named example.com. The parent zone (.com) will contain the NS records for this zone.  Now, if we wanted to … Read more

Path MTU Discovery (PMTUD) / Path MTU Black Holes

What is MTU ? When sending traffic across a network, computers use something called an MTU (Maximum Transmission Unit). This (network interface) setting dictates the size of the largest frame it can send across the network. Below shows the MTU default, Network MTU(Bytes) X.25 576 IEEE 802.3/802.2 1492 Ethernet 1500 FDDI 4352 Token Ring 17914 … Read more

Spanning Tree Protocol

1. INTRODUCTION The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and ensuing broadcast radiation. 2. ROLES Spanning Tree defines 3 port roles. They are: Root Port Designated Port Blocking (Alternative Port) 3. … Read more

IP Version 6 (IPv6)

IPv4 is the current protocol used for sending data over the internet. The main issue with IPv4 is its limited address space. With the amount of available IPv4 address rapidly shrinking IPv6 overcomes this by introducing 128 bit addresses and a much larger address space to that of IPv4. 1. Changes Introduced by IPv6 Summary … Read more

IPv4 Subnetting Notes

The other day someone asked me to explain subnetting. It had been a while so I dusted off my CCNA books and attempted to answer his questions. So I thought this would be an ideal time to jot down some notes for future reference. This isnt a tutorial or guide but just some some notes … Read more

How does traceroute calculate asymmetric routing ?

This was a question i raised a while ago but never ended up getting round to creating an article. So as we know the basics of traceroute is that it sends out a bunch of UDP packets each packet with a TTL 1 higher then the previous one. When the hop receives the packet and … Read more

What is a Floating Route ?

A floating route uses a higher preference to ensure that it is used a primary route.  In the event of the floating route being removed from the routing table (due to Dynamic Routing or an Interface going down) the other route takes preference and is used. set route [dst ip]/[mask] vrouter [vr name] preference [perf]

BT Line Diagonstics

When troubleshooting ADSL issues there are 2 tests that you can do to help you troubleshoot your problem. They are : Quiet Line Test Unplug any extension phones, extension cables, answer machines or fax.. Plug a normal touch tone phone directly into the BT master socket. Dial 17070, press option 2 (quiet line test) You … Read more

ADSL Explained

ADSL (Asymmetric Digital Subscriber Line) is a technology (method) for the transmission of data across a standard phone line. It does this by using frequencies that are not used by standard telephone calls. This is where the term “Broadband” comes from as a broad band of frequencies are used to transmit high speed data and … Read more

What is NAT-T ?

NAT-T (NAT Transversal) allows for IP-ESP packets to transverse devices which introduce NAT.The problem with IPSec is that it uses the IP-ESP protocol naively. The ESP protocol doesn’t have “port-numbers” like TCP and UDP so NAT does not know how to translate the traffic because NAT/PAT is based on port numbers. With NAT-T the ESP … Read more

SSH Tunneling

In this article we will be covering SSH port forwarding also known as SSH tunneling. As previously discussed in our previous article Proxing Web Traffic across a SSH Tunnel using SSH Dynamic Port Forwarding, SSH port forwarding (or tunneling) re-routes TCP/IP connections through an established SSH connection. Being encapsulated within SSH provides security benefits along … Read more

Proxy Web Traffic across SSH Tunnel with SSH Dynamic Port Forwarding

SSH port forwarding (or tunneling) re-routes TCP/IP connections through an established SSH connection. Being encapsulated within SSH provides security benefits along with the ability to route traffic through firewalls using just port 22 (SSH). In this example we will proxy our web traffic via our remote server across an established SSH connection. This is achieved … Read more

TCP Flags Definition and Operation

  URG This flag indicates that the packet contains urgent data that should be processed as soon as possible. This flag is used to provide two virtual channels within one TCP connection. The URG flag is also known as out-of-band. This is usefful for a sender to present data that can overtake any bytes queued … Read more

Instant Messaging

Instant Messaging is a Global Communications Medium for Business and Consumers. 85% of organizations report that they use IM for business usage and there are a reported 400 million global IM users.IM though does present a number of security issues. Unprotected IM is vulnerable to viruses and spam. In addition to this its ability to … Read more

SMTP (Simple Mail Transfer Protocol)

SMTP is an Application layer protocol (RFC 821,1982). Being a completely ASCII text based communication protocol, any binary or not text based attachments must be encoded before it can be sent using SMTP. To allow users to send rich content is MIME (Multipurpose Internet Mail Extension) was introduced. MIME is an Internet standard that extends … Read more

What is Akamai ?

Who are Akamai ? Akamai Technologies was founded in 1998 to provide a distributed computing platform for global Internet content and application delivery. The word Akamai in Hawaiian means smart or intelligent. Akamai has developed a global array of interconnected servers that cache content supplied by its Internet customers. This way the content is physically … Read more

FTP – Active vs Passive

File Transfer Protocol (FTP) is a network protocol used to transfer data from one computer. In order to download and upload files to an FTP site, you need to connect using an FTP client/server. FTP runs exclusively over TCP and listens on port 21 (command port) by default. Data is transferred across a separate data … Read more

Notes – MTU and PMTU

This is by no-means a full guide to MTU or PMTU but a small collection of notes. Protocol Overhead VLAN Tag (Dot1q) 4 Bytes MPLS 4 Bytes IP 20 Bytes TCP Header 20 Bytes UDP Header 8 Bytes ICMP Header 8 Bytes Example To send a ping with a full 1500 byte packet , you … Read more

DNS / nslookup – How to find the root servers ?

DNS servers are based on a recursive look up as you can see below. Below you can see XP forwarding the request to its DNS server. The DNS Server then recursively resolves the DNS request. Once it has the answer to the Clients request, it forwards the answer back to the client. A great tool … Read more

Cabling Connectors

Below is a reference for the various cabling connectors, Fibre LC (Local Connector)   F Type MT-RJ   SC (Standard Connector) ST (Straight Tip)

RSTP vs STP

In application software v6.0 and later, the Rapid Spanning Tree Protocol (RSTP) replaces the 802.1D Spanning Tree Protocol (STP). STP is pretty slow at recovering from a failure in the network. RSTP was created to decrease this recovery time. When a switch is running RSTP, a port can change from blocking to forwarding more quickly … Read more

What is the Cisco Discovery Protocol (CDP) ?

The Cisco Discovery Protocol (CDP) is a proprietary layer 2 network protocol developed by Cisco Systems that runs on most Cisco equipment and is used to share information about other directly connected Cisco equipment such as the operating system version and IP address. Globally (config)# cdp run(config)# no cdp run Interface To disable, (config-if)# no … Read more

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial