I am not after a crazy tool.
Few requirements really.
- UDP + TCP syslogging.
- Archive feature to minimize space consumption.
- easy to use, i just need a gui i can search in for devices and within a timestamp really.
Right now we are having Observium for monitoring, and meanwhile it could work with the syslog, it is just not really ment to be used for +500 devices syslogging into it.
Hey all,
I'm looking for a tool to help map and monitor Layer 2 data flows for my OT application.
I deal with electrical substation networks and the protocols are heavily L2 oriented (most being multicast). Think IEC-61850, IEEE 1588 PTP, PRP, the usual substation stuff.
One issue we have is visibility over the links and visualizing the flow of data from one device to another to present it to the electrical engineers and technicians. This is very much unlike corporate networks with IP data flows.
I can do this by hand by looking up the LLDP neighbours for each bridge and ensuring the neighbour is indeed the one I expect, pull the ports statistics to get data rate and health and put it all in a nice drawing. But I haven't found a tool that would display this information graphically and in real-time and automatically.
This information is intended for substation techs so they can see at a glance on the SCADA link stats, ports status and act quickly and monitor trafic volume to see if it matches the expected values (trafic is predictable and constant). Their are not trained network engineers but they have received training for IEC-61850 which is network-heavy and Layer-2 based.
So, as per cisco's configuration guide:
The GDOI protocol is protected by an ISAKMP Phase 1 exchange. The GDOI key server and the GDOI group
member must have the same ISAKMP policy. This Phase 1 ISAKMP policy should be strong enough to
protect the GDOI protocol that follows. The GDOI protocol is a four-message exchange that follows the Phase
1 ISAKMP policy. The Phase 1 ISAKMP exchange can occur in main mode or aggressive mode.
The ISAKMP Phase 1 messages and the four GDOI protocol messages are referred to as the GDOI registration,
and the entire exchange that is shown is a unicast exchange between the group member and the key server.
Interestingly I did a packet capture between something weird their are no ISAKMP Messages and I know that all the data is being in the UDP payloads with the port 848 (GDOI), but why it works like this? I saw no packets with ISAKMP Header it's just plain udp with port 848 and the payload as plain data(in hex ofcours), I didn't get it what kind of encryption is this??
Hey,
While checking out NfTables, I have noticed it allows you to catch ARP packets and IP packets before routing decisions and re-assembly (netdev familly)
Out of curiosity, does anyone do that and what for? Netdev to block everything that doesnt come from a specific IP/network?
I work at an MSP as the network/firewall guy and we are onboarding a new client. Client’s IT manager (network guy there) was fired, and his replacement doesn’t know every detail of their corporate network, so we’re coming in to help.
My job is to learn everything about this network, especially when it comes to switching (Dell) and the firewall (Sophos).
I have 2 years of experience, but it’s my first time having to “map” every detail of a network of this size.
Luckily, there are tons of documentation (Excel spreadsheets with rack layouts, IP addressing, VLANs, but not much about topology).
Do you have any strategies for these cases? My current idea is to begin focusing on where the data flows (is the firewall a “router on a stick” or are the switches doing routing too?) and details that can bring down the network, like STP.
I really wish I had a more senior network person to learn from, but I’m pretty much on my own here.
My organization will be integrating NVIDIA equipment soon and I’m looking to get ahead of the curve. I’ve looked at the NVIDIA-NCA-AIIO (associate level) and NCP-AIN (professional “network cert”. I’ve been adding study material for both to my NotebookLM and was wondering if anyone was going down a similar path.
Hi Guys,
I’m looking for a solution to restrict Linux endpoints from connecting through GlobalProtect.
Has anyone implemented this before or have any recommendations/best practices? Any advice would be appreciated.
Thanks
Anyone here work as a Solutions Architect at Nvidia? Currently in the pipeline to be an SA focusing on Ethernet and wanted to hear what your experiences have been working at Nvidia. Also how was the whole interview process?
TL;DR Debating between a comfy, well-paid paperwork centric job, or a higher paced "dream" network role. Not sure which one would have the higher upside/job market.
I've been doing IT for about 11 years now. Started off interning, moved to a helpdesk role, studied for and passed my CCNA, then over time I ended up doing Sysadmin/Netadmin work at my local Power utility, where I've been at for 5 years now.
The role I currently have is very basic. I Patch our Network/Server equipment monthly, complete NERC CIP paperwork whenever any work is completed, I assist in any projects that come up throughout our company, and overall just help stay compliant with NERC CIP. We can WFH 3 days a week (all 5 days if we really wanted to), and the pay is very good. $109k this year, and every year we receive pay raises until we get to the company standard for Senior Engineers, which I should get to within the next 3 years ($144k /yr). Overall it's VERY slow pace and pays very well. Some might consider it the perfect job - we don't have a high turnover rate and usually people that join the team end up retiring here. But recently I've realized just how boring this paperwork/compliance stuff is.
Our job is very repetitive. Patch > paperwork > dive into a project for a week > and then its time to patch equipment again. Besides patching our Network equipment, I don't get to dive into networking the way I thought I would. I've always wanted to do Network Engineer work and design/troubleshoot networks - which I rarely do here.
Within our company we recently had an opening for a Network/Telecom Engineer position post which was offered to me. The Network team is always very swamped and actually behind on many projects, the pay could be similar - but more than likely will be starting out less, and less annual pay bumps. They have a 25% travel requirement, meaning I'd lose the comfort of WFH and watching TV while getting paid like I do in my current role. But I'd be doing the Network Engineering that I've always wanted to do.
I guess my question to you guys is - What would you do? Which position do you believe will have the hire upside in the future? If I were to eventually switch companies, is there a higher job market for Network Engineers, or for NERC CIP Sysadmins? Would I be dumb for leaving this "perfect" job for a higher paced role?
How are you handling Quic, DNS over TLS in your enterprise network, I see Palo Alto, Zscaler are recommending blocking it and falling back to HTTP/2,
But Chrome is aggressively pushing for adoption, and fallback mechanism is not mandatory, so soon enough , there is applications that will be broken by this blockage,
Appreciate your input rom experince.
Looking at possibly moving from a Systems Admin role (network, IoT, server VMs, just about anything computer related) to a Network Security and Firewall Engineer role that seems like it would mainly be network/firewall tickets and occasional projects. Looking for insights into day to day of a Network Security and Firewall Engineer. If you've been in this role or similar what does a day or week look like and did you get bored?
Since my current role is so ubiquitous I am worried about getting bored of the repetition or lack of challenge in a possibly more siloed role. The new position would be $10-$20 more an hour so seems like the better move just don't want to get stuck in something I may not like.
Hey guys, trying to get some brutal honesty here to help me explain the western market reality to my management.
I work at an optical communication OEM factory in Wuhan.
My management has this frustrating mindset: "Our products pass strict R&M testing, we have full ISO/FCC certifications, AND our factory-direct price is a fraction of the local price. Western datacenters should be lining up to buy from us directly!"
I keep telling them that in the real world, price and raw specs aren't everything. I know companies like FS.com cracked the code by building local warehouses and offering local support. But for a pure factory without a local EU/US footprint, what is the absolute biggest dealbreaker for you when a Chinese OEM reaches out?
Is it:
I'm not here to drop links or sell anything. I genuinely just want to gather real-world feedback from actual network engineers so I can put it in my report. What would it actually take for you to buy direct from the source?
Hello to the network specialists.
I'm currently struggling with a setup that looks like this:
Magenta 5G Outdoor Router -> Mikrotik CRS326 -> Clients, NAS, ...
The Magenta modem is set to bridge mode, and I'm also obtaining a public IP via DHCP on the Mikrotik (/30 network; business connection).
The MT326 has only the following configuration:
Internet access works without any issues on the clients. What doesn’t work is a PING from the MT directly to, for example, 1.1.1.1 if the packet is <60 bytes. So everything between 60 and 1500 bytes works.
A PING from the outside to the public IP, which should actually terminate directly at the MT, also fails, regardless of the data packet size.
Magenta denies that anything is being blocked or restricted on the modem, but I don’t really believe them.
Has anyone else encountered this issue before?
I'm looking for a low-cost but acceptably reliable UPS for a small office with 1x Cisco C1101-4P and 1x 24 Port PoE Switch.
Is something like the CyberPower OR600ERM1U any good?
I'm studying to obtain the AWS solutions architect associate cert and learning how the OSI model from a good teacher that teaches it bottom up has just been so fun. It makes so much sense and I love how you start learning how the layers connect.
Hi all,
I’m currently working as a NOC Engineer at an ISP company. I completed my B.Tech from a tier-3 college and am currently pursuing a part-time M.E. in Communication Systems. I have around 3 years and 7 months of experience in the networking field.
But honestly, I feel stuck in my current role. I’m not getting enough exposure to advanced technologies or meaningful hands-on experience, and sometimes I feel like I’m wasting valuable years of my career. Despite gaining experience, I still find it difficult to move into a better role with better growth opportunities.
I wanted some genuine advice from experienced professionals in the industry:
I’m willing to learn and put in the effort, but I don’t want to spend more years without proper career growth.
I would really appreciate honest suggestions from professionals who have gone through a similar phase.
I’m sure a lot of us listen to packet pushers, has anyone had a chance to listen to heavy strategy 132 yet; it came out today…
If so… I’d like to ask your thoughts on the zero trust firewall chat from Johna… if it was anyone else, I’d call her views emm.. career limiting..
Bit of a theoritical query i guess, but has anyone had any experience of an OT network running on cloud? Or perhaps partial integration to cloud. I havent done anything like that but future thinking of the opportunities if any.
Thinking about it from an oil company and an underground mining standpoint also.
Plenty of vendor stuf online but anyone have personal experience out there?
For those running hybrid environments with heavy public cloud usage:
Are you monitoring the AWS/GCP/Azure overlay/cloud networking layer itself, or mostly just the underlying compute and traditional network infrastructure?
If you are monitoring cloud networking, what telemetry sources and tooling are you using? Cloud-native APIs/flows/logs, ELK, TIG, Splunk, something else?
Trying to learn ACI and setting up the ACI Simulator on my Windows machine using Hyper-V. I extracted the .vmdk from the official Cisco OVA, converted it to a .vhdx, and built the VM.
It boots up fine, but I hit a wall with two issues:
I've attached it to an External Virtual Switch. I suspect the VMDX conversion stripped out or broke the TTY serial console settings that APIC relies on, or the network interfaces aren't mapping cleanly to Hyper-V adapters.
Has anyone gotten the simulator to behave nicely on Hyper-V? Or should I just give up on native Windows virtualization and spin up VMware Workstation Player?
Appreciate any advice!