Archive for July, 2010

ARP (Address Resolution Protocol)

July 30, 2010 Leave a comment

ARP is one of the most used protocols and every netwoork engineer should have a good understanding of it. The purpose of ARP is to find out the hardware address for a host for which we know the IP. ARP is in no way bound to Ethernet, it will function for other layer 2 protocols also. The topology I have used is very simple, it’s my own wireless network at home. See the picture below:

In Windows, to see what is in the ARP cache type “arp -a”. In windows Vista/7 the entry is valid for about 30 seconds.

Since I already have an entry for (my router) I need to delete it to force an ARP request to be sent. I will capture the traffic with Wireshark. The command to do this is “arp -d”.

Lets look at an ARP header:

The numbers above the image are the octet boundaries, one octet is 8 bits. This can also be expressed as one byte. The first field which is 2 octets in size is hardware type. This field indicates what layer 2 protocol is being used, in this case Ethernet. This number will be one for Ethernet(0x0001). Protocol type is the layer 3 protocol in use which in our case is IP. IP has the number 0x0800. Hardware address length is one octet long and indicates the length of the hardware address. For Ethernet this is 6 bytes(48 bits). Protocol address length is the length of IP which is 4 octets. Opcode tells us what kind of ARP message this is, this will be a one for a request or a two for a reply. It can also be a three or four in the case of RARP (Reverse ARP).

Source hardware address and destination hardware address is in our case the MAC(Media Access Control) address. The protocol address is the source and destination IP address.

My computer now sends an ARP request (Opcode 0x0001). This is what it looks like: is the router and .65 is my computer. Notice that the frame is a broadcast since we don’t know the MAC-address of the router. This is what the frame looks like in detail:

The router then sends a reply which is unicasted, the router knows the computers MAC-address since it was in the frame that it received. The frame looks like this:

This is the more detailed version:

The router will save the MAC for the computer in it’s own cache. If we are asking for the hardware address of the router that means we are interested in communicating with it so it is more effecient to save the information then to send a new request from the router to the computer.

I hope this post has given you some more detail about how ARP works.

Categories: ARP, TCP/IP Tags:

Ghetto VGA cable

July 29, 2010 Leave a comment

This is a bit off topic but I just had to share this with you. I have a HP Elitebook 2530p laptop which I put in a dockingstation at work. Something is very weird with the dockingstation, when I connect the VGA cable to it my screen is flickering. The weird thing is if I remove the power adapter connected to the docking station the flickering stops. If I use the VGA cable directly connected to the laptop there is no flickering. Seems like the docking station is very sensitive to electro magnetic interference from the power adapter. Here are some pictures I took of it, I actually sawed the cable to get it to fit while my computer is docked.

Categories: Other Tags:

Call for educational IOS

July 29, 2010 1 comment

As many of you know, with IOS 15.0 Cisco has moved to one IOS per platform with different licenses for different features. This certainly means fewer versions to administer but it also means that the future for Dynamips/GNS3 isn’t looking so bright. There is a need in the certification community but also for testing designs to be able to emulate routers. It would be great if Cisco release an educational IOS or better yet an emulator that they official supported (Packet tracer doesn’t count). Please sign Greg Ferros petition at if you want to support this. I have already signed it.

Internetworking with TCP/IP done

July 29, 2010 Leave a comment

I finished this book yesterday. Overall a pretty good read although very academic and somewhat dated in certain areas. If you want to know more about TCP/IP this is a good book to read. I am also going to read some chapters from “The protocols TCP/IP illustrated”. I have done about 20-30 hours of reading so far. I will make a post of this at the end of the month.

Book list

July 24, 2010 3 comments

These are the books I am planning on reading:

Most of these I will read cover to cover and some I will only read parts of. I will do no labs for now. The second time over I will go with the blueprint. Read one section at a time in books, read in DocCD and configuration guides, do labs, maybe watch some videos. This will take a lot of time but should give me a good foundation to stand on. This means I will probably not take the written before getting relatively close to the lab exam.

Categories: Book list, Books Tags: ,

Halfway through Internetworking with TCP/IP

July 23, 2010 Leave a comment

I am roughly halfway through this book right now by Douglas E. Comer. The book is called Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture (4th Edition). I am finding it a good read so far. It talks about the history of the Internet with ARPA-net and NSF-net and describes most of the protocols that have been used and that are used today. It has some good explanations on TCP where it describes TCP slow start and other features of TCP. As a part of my studies for the CCIE I am keeping a count of how much time I study. If anyone is interested I will post the numbers later on. So far I have done about 15 hours of reading.

Ubuntu on a stick

July 20, 2010 Leave a comment

Since I have started studying for the CCIE I needed a lab. I don’t have the space/money to get a dedicated home lab so I have to use Dynamips and GNS3 instead.

It is well known that Dynamips runs better on Linux, I am by no means experienced in Linux but Ubuntu is very easy to run. Since I wanted to use the laptop I have at work I didn’t want to risk doing a dual boot and messing up the MBR or something like that. Booting on a live-cd would work but then I wouldn’t be able to save anything.
Instead I installed Ubuntu on an USB memory stick. The capacity of it is 2GB which means I can have 1GB for installing stuff and saving topologies etc.

Start by downloading Ubuntu. I have 4GB RAM so I used the 64 bit version.
Follow the instructions on Ubuntus homepage which means downloading Universal USB Installer.

I used these settings:

Make sure you don’t have anything important on it before you do the format. You want to use persistence if you want to be able to save on the USB. If you have a larger USB you can choose
a larger filesystem so you have more space available.

When the installer is done you can boot from the memory stick. You might have to change the boot order in BIOS if Ubuntu doesn’t start.

I then followed this guide.

If you extract the files to / the .net file will be correct if you are using the same IOS. If you are using another version you have to update the .net file.
The important thing is to run multiple hypervisors which will be done if you use the .ini that is supplied.

Following this guide I was able to run 15 routers at about 60-70% CPU and around 1.5GB RAM. My laptop is a HP Elitebook 2530p Core 2 Duo L9600@2.13GHz with 4GB RAM installed. I run Windows 7 when I don’t
lab and now I can boot Ubuntu from an USB when I want to lab without having to mess with my regular harddrive. If you have any issues post them in comments and I will try to give feedback.

Categories: GNS3, Technology Tags: , , ,