Tag Archives: Networking

Ossim & Netflow

I have started to use OSSIM, to monitor network issues and security.

My first steps with OSSIM have been with Netflow module (nfsen).

This is a mini Howto, to configure Nfsen in OSSIM server, to monitor Cisco Routers.

Configure netflow in Cisco Router
config t
interface FastEthernet 0/0 (or whatever you want)
ip route cache-flow

ip flow-export destination “dst ip” “dst port”
ip flow-export source “src interface”
ip flow-export version 5

ip flow-cache timeout active 1
ip flow-cache timeout inactive 15

write mem

Whit this, We already configured our device

Configure Nfsen

Then We have to add this device in nfsen.conf:

%sources = (
‘Router’ => { ‘port’ => ‘9567’, ‘col’ => ‘#0000ff’, ‘type’ => ‘netflow’}

Afther this we have to reconfig nfsen:

/usr/nfsen/bin/nfsen reconfig

Now, I have started to configure OSSEC and Snort modules. When I have a good results I will post another howto with this modules.

Provisioning Linksys SPA922

When I started in the world of Asterisk, one of the important things to deploy a VoIP network is the segmentation of the network VLANs to separate voice and data. When I started two years ago, only knew two options:

– Use different network but this implies duplicate the number of the switches (much money and in my opinion unprofessional).
– Use VLAN’s to separate the networks. This option is better although requires much administrative work whenever there is change a site computer or telephone.

I was investigating the way this is done automatically and it seems that something went.

Here I leave an example implementation.

In this scenario We are going to configure a system to provisioning Linksys Phones (SPA922). Firts We have to configure our network LAN with 2 vlans (or more) to separate the data and voice network. We have used Cisco Switches (Catalyst 2960 and 3750).


The IP range ov Vlans are this:

Vlan 1 -> data network ->
Vlan 2 -> voice network ->

We need to have two DHCP servers, one in each vlan. In the vlan 1 we have configured one DHCP server (Windows 2003 Server) which will be the principal DHCP server. This is the configuration:

003 Router
006 DNS Servers
015 DNS Domain Name testing.lan.com
044 WINS/NBNS Servers
046 WINS/NBNS Node Type 0x8
066 Boot Server Host Name (TFTP Server)

In the other Vlan (voIP), we have Asterisk server with DHCP server and TFTP Server. These are the configs:

apt-get install dhcpd

/etc/dhcp3# vim dhcpd.conf

subnet netmask
option domain-name-servers;
option routers;
option subnet-mask;
option broadcast-address;
option tftp-server-name "";
default-lease-time 600;
max-lease-time 7200;


apt-get install atftpd

/etc/default# vim atftpd

OPTIONS="--daemon --port 69 --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr --mcast-ttl 1 --maxthread 100 --verbose=5 /tftpboot"

The tftp server configuration file indicates that the config are int tftpboot directory where we have configured the general config file for all phones and the especific config files to the phones too.

/etc/tftpboot# vim spa922.cfg


<Profile_Rule ua="na">/spa922-MAC/spa922-$MA.cfg</Profile_Rule>

<!-- SYSTEM -->
<Primary_NTP_Server ua="na"></Primary_NTP_Server>
<Time_Zone ua="na">GMT+01:00</Time_Zone>

<!-- TIMERS -->
<Interdigit_Long_Timer ua="na">25</Interdigit_Long_Timer>

<!-- SIP -->

<Use_Auth_ID_1_ ua="na">No</Use_Auth_ID_1_>

<Dial_Plan_1_ ua="na">([1345]xxxS0|6xxxxxxxxS0|9xxxxxxxxS0|xx.)</Dial_Plan_1_>
<Enable_IP_Dialing_1_ ua="na">No</Enable_IP_Dialing_1_>

<Enable_VLAN ua="rw"> yes </Enable_VLAN>
<VLAN_ID ua="rw"> 2 </VLAN_ID>


Network Link Redundancy

Folow these steps to create a Link redundancy in a server with two ethernet cards in Debian 4.0Etch.

– 1. apt-get install ifenslave (ifenslave-2.6)

– 2. Create a file called aliases-bond in /etc/modprobe.d/ with the next content:

|alias bond0 bonding|

|options bond0 mode=1 arp_internal=2000 arp_ip_target=”the gateway”|

– 3. load bonding with this command -> modprobe bonding

– 4. add “bonding” to /etc/modules

– 5. Edit /etc/network/interfaces

|auto bond0|

|iface bond0 inet static|

|pre-up modprobe bond0|

|hwaddress ether “the mac address of one of the ethernet card”|

|address “ip address”|

|netmask “subnet mask”|

|gateway “gateway”|

|dns-nameservers X.X.X.X  X.X.X.X|
|up ifenslave bond0 eth0 eth1|

|down ifenslave -d bond0 eth0 eth1|

It Works!!


%d bloggers like this: