Subnetting Notes for Beginners

Here are some notes on IP subnetting for beginners.

1 and 1 = 1, everything else = 0.

An IP v4 IP address is 32 bit and made up of four octets, each 8 bits long. The minimum octet value is 0 and the maximum octet value is 255. 4 x 8 = 32.

The decimal notation to binary chart for IP subnetting is: 128, 64, 32, 16, 8, 4, 2, 1 The sum of which is 255 (128+64+32+16+8+4+2+1). 128 is the first 1 in binary chart, 1 is the last.

To convert a IP address from decimal to binary separate each octet, e.g.

203 = 128+64+8+2+1 or 11001011
170 = 128+32+8+1 or 10101001
50 = 32+16+2 or 00110010
1 = 00000001

1 and 1 = 1
1 and 0 = 0
0 and 1 = 0
0 and 0 = 0

If your IP address is and your subnet mask is you can find the network address as follows: Continue reading “Subnetting Notes for Beginners”

How to Calculate TCP throughput for long distance WAN/MAN links

So you’ve just turned up your new high-speed link between Data Centers but are unpleasantly surprised to see relatively slow file transfers across this high speed, long distance link. Before you call Cisco TAC and start trouble shooting your network, do a quick calculation of what you should realistically expect in terms of TCP throughput from a one host to another over this long distance link.

Note: This post is specifically for colleagues located in Asia who continue to complain about a 2 mbit glass window in their uploads to the US, 300 milliseconds away.

When using TCP to transfer data the two most important factors are the TCP window size and the round trip latency. If you know the TCP window size and the round trip latency you can calculate the maximum possible throughput of a data transfer between two hosts, regardless of how much bandwidth you have.

Formula to Calculate TCP throughput:

TCP-Window-Size-in-bits / Latency-in-seconds = Bits-per-second-throughput

So lets work through a simple example. I have a 1Gig Ethernet link from Chicago to New York with a round trip latency of 30 milliseconds. If I try to transfer a large file from a server in Chicago to a server in New York using FTP, what is the best throughput I can expect?

First lets convert the TCP window size from bytes to bits.  In this case we are using the standard 64KB TCP window size of a Windows machine. Continue reading “How to Calculate TCP throughput for long distance WAN/MAN links”

How do I upgrade an IOS tar file on a 2950 Catalyst switch?

The following tip is similar to the one on the Router IOS image transfer. It is highly recommended that you are familiar with Router IOS image transfer procedure (including the troubleshooting) before attempting Switch IOS image transfer, especially when it comes to troubleshooting.

As a warning, you won’t enjoy recovering a switch that has no valid IOS image on its flash memory. The procedure to recover is more complicated and somewhat complex than router IOS image recovery.

1) In order to transfer the tar file you need a TFTP program. One example is located at »Cisco Forum FAQ »How to prepare TFTP server

When you are done downloading the tar file confirm the md5.

2) Issue dir flash: to verify you have enough space.

SW1#dir flash:

Directory of flash:/ Continue reading “How do I upgrade an IOS tar file on a 2950 Catalyst switch?”

EtherChannel between a Cisco switch and a Dell PowerEdge server

Problem: My production Dell PowerEdge file server has a single Broadcom Gigabit connection to a Cisco Catalyst 3750 switch on the internal network. I’m seeing average through put of around 100 MB/sec (~800 mbit) and am concerned about link saturation and performance bottlenecks. How can I increase the bandwidth between my file server and the internal network without complicated layer 3 load balancing or DNS dual homing?

Solution: Using the Broadcom Advanced Control Suite included with Dell’s PowerEdge servers and Cisco’s native EtherChannel capability, I can trunk up to eight (8) LAN connections between my Dell server and Cisco switch. This allows me to have a single LAN connection of up to 8 Gbit (or 80 Gbit if using 10 Gigabit cards) between my server and the network core. All 2 to 8 links will operate as a single pseudo interface with a single MAC address. When an EtherChannel is configured to a Cisco stack (vs. a single switch), I can have link redundancy in that if a single switch fails, my link will continue to operate.

How To: This article is an outline of the configuration requirements for an EtherChannel between a Cisco Catalyst switch and a Dell PowerEdge server. Whilst this configuration can apply to other server platforms (e.g. HP, IBM) this article focuses on the Broadcom Advanced Control Suite which ships with most Dell servers using Broadcom Gigabit network interfaces and Cisco Catalyst switches. First of all, an EtherChannel is a port trunking (link aggregation being the general term) technology used primarily on Cisco switches. It allows grouping several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast Ethernet, Gigabit Ethernet or 10 Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.

Continue reading “EtherChannel between a Cisco switch and a Dell PowerEdge server”

UCSniff 3.0 Released – VoIP/IP Video Sniffing Tool

UCSniff is a Voice over IP (VoIP) & IP Video Security Assessment tool that integrates existing open source software with several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free and available for anyone to download, under the GPLv3 license.


UCSniff was created as a Proof of Concept (POC) demonstration tool and a method of creating awareness around VoIP/UC threats. It can be used by VoIP/UC Administrators to test their own VoIP or Video Infrastructure in a pilot before vulnerabilities are rolled into production. It can also be used by security professionals as a method of convincing IT decision makers that security best practices should be applied to VoIP/UC in the same way that they are applied to other TCP/IP based, client-server applications.

New Features

  • Real time VoIP and Video monitoring.
  • New codec support, G729, G726, G723.
  • GUI version of Windows and Linux.
  • TFTP MitM Modification of IP phone settings.
  • New VideoSnarf tool – Converts offline RTP pcap file to media file.
  • Windows VLAN implementation, for VLAN Hopping in Windows.

Download UNCShiff 3.0 here.