Port Mirroring or Monitoring Cisco 857 Router
If you want to check what traffice is going on or you want to use Wireshark with your router cisco 857 so Clients are connected to port Fa0 and and your Wireshark Machine is connected to Fa1 then use below command.
Conf t
monitor session 1 source interface Fa0
monitor session 1 destination interface Fa1
you can also use VLAN 1 as your source to capture everything
I am very impressed by the collective smarts of the security community and I highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!
a good website for internet security tools information http://sectools.org/
Kuwait Internet Service Providers DSL Parameter
KEMS
Connection Type: PPPoA
VPI: 0
VCI: 35
IP Control: Dynamic IP
DNS Server: 196.1.69.98 196.1.69.99
Fast Telco
Connection Type: PPPoA VC-Mux
VPI: 1
VCI: 100
IP Control: Static IP
DNS Server: 62.215.6.51, 62.215.6.52
QualityNet
Connection Type: PPPoA (DSL), PPPoE (fiber)
VPI: 8
VCI: 35
IP Control: Dynamic IP
DNS Server: 195.226.224.72, 195.226.224.74
United Network
Connection Type: PPPoE
VPI: 0
VCI: 33
IP Control: Dynamic IP
DNS Server: 194.54.222.220
IP address calculation rule
How to get Block size of given subnet mask
Subnet mask -256
Example:- Given subnet mask = 255.255.255.248
Block Size will be 256 – 248 = 8
Usable IPs will be 8 – 2 = 6
Because first IP will be used for Network ID and Last IP will be used for Broadcast
How to get Block Size of given Bit
32 Bit – given Bit = x bit Block Size (2) the power x bit
For Example:- Given IP address range is 8.12.172.100 /29
Block Size will be 32 bit – 29 bit = Block size 3 bit (2)3 = 2x2x2 = 8
So there will be 8 subnets To get first IP subnet Block 256 / Block Size
For Above Block Example 256 /8 = 32
1- Block 0 – 31
2- Block 32- 63
3- Block 64 –95
4- Block 96 – 127
5- Block 128 – 159
6- Block 160 – 191
7- Block 192 – 223
8- Block 224 – 256
Common Access list for Small office Cisco Routers
Below are the commonly used access list to prevent virus attack on your Cisco Router.I have used this access-list to prevent virus attacks on SOHO routers as small offices and homes which is not having Cisco Firewalls.
access-list 129 deny udp any any eq 135
access-list 129 deny tcp any any eq 135
access-list 129 deny tcp any any eq 137
access-list 129 deny tcp any any eq 138
access-list 129 deny tcp any any eq 139
access-list 129 deny udp any any eq 445
access-list 129 deny tcp any any eq 445
access-list 129 deny tcp any any eq 777
access-list 129 deny tcp any any eq 778
access-list 129 deny tcp any any eq 707
access-list 129 deny udp any any eq 666
access-list 129 deny tcp any any eq 1022
access-list 129 deny tcp any any eq 1023
access-list 129 deny udp any any eq 1434
access-list 129 deny udp any any eq 2048
access-list 129 deny tcp any any eq 2688
access-list 129 deny udp any any eq 4000
access-list 129 deny tcp any any eq 2556
access-list 129 deny tcp any any eq 2745
access-list 129 deny tcp any any eq 4444
access-list 129 deny tcp any any eq 4751
access-list 129 deny tcp any any eq 5554
access-list 129 deny tcp any any eq 5557
access-list 129 deny tcp any any eq 5556
access-list 129 deny tcp any any eq 9996
access-list 129 deny tcp any any eq 17771
access-list 129 deny tcp any any eq 6789
access-list 129 deny tcp any any eq 54112
access-list 129 deny tcp any any eq login
access-list 129 deny tcp any any eq finger
access-list 129 deny udp any any eq netbios-ss
access-list 129 deny udp any any eq netbios-ns
access-list 129 deny udp any any eq netbios-dgm
access-list 129 deny ip host 0.0.0.0 any
access-list 129 deny ip 127.0.0.0 0.255.255.255 any
access-list 129 permit ip any any
How to configure DSL connection on Cisco Router 820
Below are the configuration I have tasted for Fast Telco DSL Connection in Kuwait. Change the DNS PVC and Username password according to your ISP.
Router# sh startup-config
Using 1318 out of 131072 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging rate-limit console 10 except errors
no logging console
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
ip dhcp pool local
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 62.215.6.5
!
no ip dhcp-client network-discovery
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
description LocalNetwork
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 1/100
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer1
mtu 1400
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname username
ppp chap password 7 Password
ppp pap sent-username username password 7 Password
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
stopbits 1
line vty 0 4
!
scheduler max-task-time 5000
end