Click

Network Administration Workstation

This is the 1st step of creating the Free Network Administration Workstation.

I was trying to create a free Network Administration Workstation for office network with help of my freinds too.
as we try some trail softwares and they end up with costy expereance so we think about something be free of course Linux
we tried with CentOS-07, Ubuntu 16.04, Ubuntu 14.04 aka Trusty.

we found Trusty is good for this
It was the easiest OS to install packages for this application.
So this post is about installing the RRD-Tool (Round Robin Database Tool) Cacti which collects time series data such as

    1.network bandwidth
                2.temperature
                3.CPU load of network devices


and which is used to monitor up/down status of devices/links with SNMP and which can act as a Syslog server too.


after you install Ubuntu 14.04 desktop Don't upgrade the system to latest version


 lets start it

 Be the root user 1st..
sudo su

 Enter the following commands to upgrade the packages..
apt-get update
apt-get upgrade

 Install Apache web server, MySQL database, PHP..
apt-get install apache2 mysql-server php5 libapache2-mod-php5

Process will halt to ask for a MySQL root password



Install RRD-Tool
apt-get -y install rrdtool

Install SNMP
apt-get -y install snmp snmpd

Install Cacti
apt-get -y install cacti cacti-spine


Process will halt again to ask for the configuration parameters for the database..

Select apache2 then 



Hit Yes


Enter the MySQL root password you gave in a previous step




Enter a password for cacti to register with the MySQL database
Start the SNMP service..
/etc/init.d/snmpd start

 Now open the web browser and go to the following link
http:///cacti   or http://127.0.0.1/cacti








so follow those two steps and finished it



Enter the username: admin
                password: admin

It will then ask to reset the password. Now you can give the password you want



To speed up the Poller process, select spine from Console -> Cacti Settings -> Poller




lets add monitor plugin

Monitor plugin lets you to view the up/down status of your host will sound an alarm when the devices go down using icmp pings or snmp up time

Be the root user 1st
sudo su
Get the plugin
wget "http://docs.cacti.net/_media/plugin:monitor-v1.3-1.tgz"
Rename the downloaded file
mv plugin\:monitor-v1.3-1.tgz monitor-v1.3-1.tgz
Move the file to the plugins folder
cp monitor-v1.3-1.tgz /usr/share/cacti/site/plugins
Change the directory to the plugins folder
cd /usr/share/cacti/site/plugins
Unzip the folder

tar -zvxf monitor-v1.3-1.tgz



Now log in to Cacti and go to Console -Plugin Management
You will see something like below



Click on blue icon in actions column



Now the plugin is added.
You will see a new tab for the plugin next to Console -Graphs

Log in to Cacti and go to Console - Devices






Click Add at the upper right side corner

Now fill the blanks as following. Give the IP address of the Host name
Tick Monitor Host

Select ICMP Ping as Downed Device Detection - ICMP Ping as Ping Method
Select Version 2 as SNMP version

Give your Community String to SNMP Community

Save

Now let's see the router side configurationbGive the Community String with read-only rights..
R(config)#snmp-server community TEST r0
To allow SNMP traps to be sent to Cacti
R(config)#snmp-server enable traps
R(config)#snmp-server host version 2c TEST



I will add a video of working NMS later


By at No comments:

ICMP Protocol


ICMP

Internet control message protocol

It’s not for data transferring... It really designed for routing. Like to check
“Did I drop any packet’s….”

                        * It does the error handling in the network
                        * It debug the errors and show the message

IP protocol had no error reporting or correcting mechanis




Who send who recivee….






 ICMP messages use the following format





 The most important ICMP message types


Datagram
       no call setup phase
       more flexible
       more reliable in cases of switching node failures
       difficult to control network’s state and provide quality of service
         Virtual circuits

       network can provide sequencing
       traffic engineering can be applied, enabling more practical provision of quality of service (QoS) support
       less reliable in cases of switching node failures





§  The protocol is used to report problems with delivery of IP datagrams within an IP network.
§  It can be sued to show when a particular End system is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc.
§  The protocol is also frequently used by Internet managers to verify correct operations of End Systems and to check that routers are correctly routing packets to the specified destinations.
§  The Internet Protocol (IP) is used for host-to-host datagram service in a system of  interconnected networks called the Catenet.
§  The network connecting devices are called Gateways.
§  These gateways communicate between  themselves for control purposes via a Gateway to Gateway Protocol (GGP).
§  Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing.
§    ICMP, uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and must be implemented by every IP module. 



ICMP functions 

Assist Troubleshooting: ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.

Announce Timeouts: If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

ICMP Applications
Ping
Traceroute

Connectivity Testing with PING
The PING utility is actually an ICMP Echo process.
An ICMP Echo Request packet consists of an Ethernet header, IP header, ICMP header, and some undefined data.
This packet is sent to the target host, which echoes back that data,
The ICMP echo request is a connectionless process with no guarantee of delivery.
Most PING utilities send a series of several echo requests to the target in order to obtain an average response time.
These response times are displayed in milliseconds.
These times should be considered a snapshot of the current round-trip time.

The PING utility included with Windows 2000 sends a series of four ICMP echo requests with a one-second ICMP Echo Reply Timeout value





§  The echo requests consist of 32 bytes of data (an alphabetical pattern)
  in a fragmentable IP packet


The command-line parameters used with PING can affect the  appearance and functionality of ICMP Echo packets.

Path Discovery with TRACEROUTE

The TRACEROUTE utility identifies a path from the sender to the target host using ICMP echo requests and some manipulation of the TTL value in the IP header.

 Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an ICMP Time-Exceeded message to the sender.

Traceroute determines the address of the first hop by examining the source address field of the ICMP Time-Exceeded message.

To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the Time-Exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host or until the maximum TTL is reached.

To determine when a datagram reaches its destination, traceroute sets the UDP destination port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP Port Unreachable error message to the source. The Port Unreachable error message indicates to traceroute that the destination has been reached.






· RouterA prepares an ICMP echo request message, encapsulates it in an IP packet having Source address=172.16.1.1, Destination address=192.168.7.2 with Time-To-Live (TTL) value=1, Destination UDP port= anything not used (usually greater than 30000) and forwards it.

· RouterB, upon receiving this packet, decrements one unit from TTL value, hence TTL becomes 0, which means that it has to drop this packet. It replies back to the sender with an ICMP Time exceeded message, including its source address in the SA field of the IP header (SA=172.16.1.2).

·  RouterA receives the response and prints out on the screen the first hop (IP address=172.16.1.2).

·  Afterwars, RouterA sends the same echo request message with TTL value=2.

·  RouterB decrements it by one and forwards it to RouterC which decrements by one again (TTL=0), forcing it to return an ICMP time exceeded message with SA=192.168.1.2.

RouterA now prints out the second hop on screen (IP address=192.168.1.2).
Finally RouterA sends an ICMP echo request with TTL value=3 which is terminated on RouterD. The latter passes the packet to the transport layer where the wrong UDP port number causes RouterD to issue an ICMP Port Unreachable message.
RouterA upon receiving this message from RouterD knows that it has reached the final hop which prints out on screen and stops sending any more messages.








What is a Ping (ICMP) flood attack

A ping flood is a denial-of-service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. When the attack traffic comes from multiple devices, the attack becomes a DDoS or distributed denial-of-service attack.









By at No comments:

Fortigate Firewall - How To get Email alerts

with predefined  log settings















By at No comments:

Installing and Configuring Fortinet VM in VMware Workstation


For excrement I was try to paly with office firewall but I felt it is risky then I found the vm version of the firewall

So I have tried to install it on VM and I am sharing it here now.
Firstly, install VMweare workstation

Then I have downloaded the firewall image from Fortinet web site, if you need it I can share it with you.

After open the VM get the image OS to it
And select only one Ethernet interface for it
Also verify the Ip address of the VMware interface to adding  the IP to firewall image
User name is admin and use blank for for password
So we can configure the port now

                Show system interface
                Config system interface
    Edit port1
    Setip 192.168.12.200/255.255.255.0
    Set allowaccess http https ssh ping fgfm telnet
    
End
Then open your browser and tyrp the Ip
You can log to your firewall VM now



By at 1 comment:
Subscribe to: Posts (Atom)

What is SIP trunking

What is SIP trunking..  (Session Initiation Protocol trunking) SIP trunking is a service that a communication provider offers. it uses the S...

  • BACKUPPC INSTALLATION AND CONFIGURATIONS
    BACKUPPC INSTALLATION AND CONFIGURATIONS BackupPC is a backup solution that can be configured to back up remote Linux and Windows systems...
  • Flash For EVONY 2021
    Flash is now officially dead.   with this way you can still use Flash. if you have any problem while installing or working on this please fe...
  • Network topology
    Physical topologies The mapping of the nodes of a network and the physical connections between them – i.e., the layout of wiring, cables...