network-freak

TCP-AO is a new authentication method proposed through RFC5925, The TCP Authentication Option to enhance the security and authenticity of TCP segments exchanged during BGP.  It supports both IPv4 and IPv6 traffic Benefits of TCP-AO Support multiple stronger algorithms, such as HMAC-SHA1 and AES-128 to create an internal traffic key and message digest. Add a new user-configured key to re-generate internal traffic keys for an established connection and a mechanism to synchronize key change between BGP peers Nokia Configuration /configure system security  keychain "aes-128-cmac-96-keychain"                 tcp-option-number                     send tcp-ao                     receive tcp-ao                 exit                 direction                     uni                         send                             entry 20 key “key”algorithm aes-128-cmac-96                                 begin-time 2023/04/03 08:22:32 UTC                             exit                      

 In this blog, I will explain the benefits of the MD5 concept and how to configure it on Cisco, Juniper, and Nokia Router TCP-MD5 MD5 is used to protect the BGP session between the peers to form the secured session over the public Network.  TCP MD5 option supports only one key for a connection. Further, it only supports the MD5 algorithm. The MD5 algorithm takes the “secret” from the key and the TCP segment for encryption and generates a message digest. This message digest is then copied to the MD5 digest field in the TCP segment and is sent to the receiving device. Cisco XR router bgp 300  neighbor 192.168.1.1   password encrypted 011D03104C0414042D4D4C Juniper edit protocols {                                  bgp {         group nokia {                neighbor 192.168.0.1 {                     authentication-key "key"; ## SECRET-DATA                     }        Nokia /configure router  protocols {                                  bgp {       group "juniper"      

Hi Everyone, In the blog, I am going to explain how TTL security is useful in BGP Session protection. Time to Live will be added to every packet and it will be reduced at each hop it transfers. Consider someone who wants to hack your BGP session and will send the spoofed  BGP packets and try to negotiate with your BGP session. to avoid this kind of spoofing we use TTL Security TTL security is a mechanism that evaluates the TTL value of incoming IP packets to ensure that they have not been faked. The IP TTL value will be set to 255 by directly connected BGP peers, making it impossible to relay spoof Internet protocol with TTL=255 through non directly connected interfaces. Cisco XR router bgp 100  neighbor-group ebgp   ttl-security  ! neighbor 192.168.1.1   remote-as 100   use neighbor-group ebgp   address-family ipv4 unicast   !  ! Juniper  protocols {                                  bgp {         group nokia {             type external;             neighbor 192.168.0.1 {              

How to Capture and Analyze packets with the tcpdump command on Docker Containers   Docker Containers are running on top of Linux so we have more flexibility in capturing the packets that are exchanged between the docker containers. Containerlab at the end of a lab deployment reports that it created the containers with the names Capturing the packets from an interface requires having that interface name and its network namespace (netns) We use the netns command  to identify the IP links associated with them and capture the packet for further analysis Using netns command we got the namespace of the container and use namespace and check the link associated with that container in specific  Use tcpdump command to capture the packet coming to e1 for analysis Command-List: i p netns ip netns <namespace> ip link Local Capture ip netns exec $lab_node_name tcpdump -nni $if_name Remote Capture ssh $containerlab_host_address "ip netns exec $lab_node_name tcpdump -nni $if_name"

 How to Install EVE-NG on Laptop Up and Running Prerequisites for Installation of EVE NG on laptop  1. Download VMworkstation Player or Oracle Virtual box  https://www.vmware.com/au/products/workstation-pro/workstation-pro-evaluation.html https://www.virtualbox.org/wiki/Downloads 2. After successful installation of the VM manager download the EVE-NG OVA image https://www.eve-ng.net/index.php/download/ 3. Upload the EVE-NG OVA Image using VM Player (Click pen a Virtual Machine) 4. Change the VM setting to NAT or VMNET8  5. Start the VM and login to the Eve-ng VM, during the first time login will prompt with hostname and password to configure default hostname # eve default username # root default password # eve 6. Get the IP address from the VM and use the IP address to access your eve-ng default username # admin default password # eve 7. Create your own LAB and start your practice into the master in networking

How to add Cisco IOU Image on Eve-ng Up and Running Step 1# Download Linux L2/L3 adventerprise Image  Step 2# Upload the downloaded image to the EVE path /opt/unetlab/addons/iol/bin/ using WinSCP or Filezilla Step 3# Fix the permission for the added image using the below command /opt/unetlab/wrappers/unl_wrapper -a fixpermissions Step 4# Create an iou keygen file Copy the Cisco IOU Image Script provided below and add to the script vim /opt/unetlab/addons/iol/bin/ioukeygen.py Esc:wq Step 5# Fix the permission for the Python script chmod –x vim /opt/unetlab/addons/iol/bin/ioukeygen.py Step 6# Run the license generator script  /opt/unetlab/addons/iol/bin/ioukeygen.py copy the license generated by the script Step 7# Create iourc license file for your EVE vim /opt/unetlab/addons/iol/bin/iourc Paste the output captured in Step 6 Step 8# Fix the permission and start practicing your lab by adding the image on eve-ng web /opt/unetlab/wrappers/unl_wrapper -a fixpermissions Cisco IOU Image Script