אודות

Hello,

ID: My name is David, I am 36 years old, i am married and I have 2 children

Work: Cellebrite.LTD

In the line of duty my responsibility is on the global systems of domain-wide society of international communications infrastructure of the company offices and security elements.
The responsibility includes providing professional solutions to all the problems the international connectivity of the offices to the main office in Tel Aviv, escalation for execution tasks and enable remote teams in various branches.
responsible for information security topics at all branches including the main branch in Israel
Additionally, responsible for the top-level Web site of the company from the basic level of infrastructure servers, communication, and connectivity to the level of operations mission
As well responsibility of the role is to keep all systems work without downtime and maintain necessary relevant teams in favor of returning the system to normal in case of a malfunction.

Studies: I completed my certificate of computers and electronics engineer at 2002, in addition
I made a lot of courses and certificate at IT world, for example: RHEL, MCSE, MCITP, CCNA, CCNA Security CIO, MCSA etc...

I decided to build this website to share my knowledge and information of IT world, And to get Your questions and indecision of IT's issue.

So feel free to ask me any questions do you like, about Networking, System, Security and new technologies.

נושאים

CISSP Domain 1 (2)

Linkdin

• My linkdin

עדכונים בתחום הטכנולגי

• geektime

• gadgets

• PC Magazine

• אנשים ומחשבים

CISO zone

• Botnet Discovery

• dnsdumpste

• security-audit

• hybrid-analysis

• pentest-tools

• secure list

• sky boxsecurity

• Useful_Websites_For_Pentesters

Security zone

• Real time monitor

• Discover the world

• owasp

• cyber criminals

• Israel National Cyber

• Wonder How To

• Security cloud - CSA

Cisco Router Basic Command

11/05/2014 10:11

David

************************ router's hostname ************************************

router#hostname R1

************************ router's banner **************************************

R1(config)#banner motd "this is yoram router"

************************ router's password ************************************

R1(config)#anable password [password] - old way to configure password but with no encription

R1(config)#service password-encryption - encripting all passwords

R1(config)#enable secret [password] encript privillage mode password with MD5 Alogaritm

************************ configure console connection *************************

R1(config)#line console 0

R1(config)#password [password]

R1(config)#login

************************ configure telnet connection *************************

R1(config)#line vty 0 4

R1(config)#password [password]

R1(config)#login

************************ configure serial connection *************************

R1#show controllers s0/0/0 - display if the serial connection is dce or dte

R1(config)#interface serial0/0/0

R1(config-if)#clock rate 64000

R1(config-if)#ip address 10.0.0.0 255.0.0.0

R1(config-if)#description "serial connection to next router"

************************ configure interfaces *************************

R1#show ip interfaces brief - display interfaces briefly

R1(config)#interface fastethernet0/0

R1(config-if)#ip address 10.0.0.0 255.0.0.0

R1(config-if)#no shutdown - the interface on router is down when router is turning on

R1#show interfaces

R1#show ip interface brief

************************ ruining- config / STARTUP-CONFIG *******************

R1#show running-config

R1#copy running-config start-config - saving new configuration file to NVRAM

r1#show STARTUP-CONFIG

R1#earse startup-config - delete startup-config from NVRAM

R1#reload

************************ TFTP SERVER****************************************

R1#copy running-config tftp

R1#copy startup-config tftp

enter ip address or host name where configuration will be kept

enter the name of the file configuration will be kept in

************************ROUTING**********************************************

R1#show ip rout -display router's routing table

R1#show ip protocols -display router's routing protocols

******** CDP PROTOCOL********

R1#show cdp neighbors -display cisco equipmet that is connected directly to the router

R1#show cdp neighbors detail -display more detail about cisco equipmet that is connected directly to the router

R1(config)#cdp run - upload the protocole all over the router interfaces in case it was down

R1(config)#no cdp run

R1(config-if)#cdp enable - enabling the cdp protocol over spesific interface

R1(config-if)#no cdp enable

******** RIP PROTOCOL********

R1(config)# router rip - move into router global mode to start config rip protocol

R1(config-router)# network [interface IP address] - configure which interface run rip

R1(config-router)#passiv-interface [interface ] – disable interface from sending rout updates

R1#debug ip rip - capture rip activity

R1# undebug all – stop and display the capture

R1(config-router)# default-information originate – make the router to send default rout in the

routing updates

R1#show ip rip database -shows all RIP routes learned by router

******** EIGRP PROTOCOL********

R1(CONFIG)#ROUTER EIGRP _______ - Autonomous system number [1-65535]

R1(CONFIG-router)#network _______ - network ipwhich eigrp will work on

R1#show ip eigrp neighbors – display neighbors routers which work with EIGRP

R1#show ip eigrp topology – display best pathes (successors and feasible distance)

R1#show ip eigrp topology all - display all existing paths ( not only successors and FD)

R1#show ip eigrp topology _interface ip__ – This command lists the full list of distance

vector metrics available to EIGRP

R1(CONFIG-router)#eigrp log-neighbor-changes – should be in "on" state so DUAL takes down all neighbor adjacencies and then reestablishes them so that the effect of the no auto-summary command can be fully realized.

******** OSPF PROTOCOL********

R1(config)#router OSPF __process id__

Router(config-router)#router-id __IP-address__ - some IOS version do not support router-id command

R1(config-router)#network __ IP-address __ __wild card__ area __area number__

Router# clear IP OSPF process - if we want to change process id (likely you need reload router)

- Loopback interface configuration-

R1(config)#interface ___loopback number__

Router(config-if)#ip address __IP-address__ __ subnet-mask__

__________________________________

R1#show IP OSPF neighbors – display OSPF neighbors

R1#show IP OSPF

R1#show IP OSPF interface __interface name__

R1(router-if)# bandwidth __B.W.(kbps)___ - order to change bandwidth

R1(router-if)#IP OSPF cost __cost value___ - order to change bandwidth

******** ********************** ACCESS LIST****************************

Standard ACL

R1(CONFIG)#ACCESS-LIST [#][PERMIT |DENY] [source IP+ W.C.] !standard access list number must be 1-99!

Example:

R1(CONFIG)#ACCESS-LIST 1 permit 10.0.0.1 0.0.0.255

השמה של access list לממשק נבחר (משמש גם ל STD וגם ל EXT )

R1(CONFIG)#INTERFACE FA0/0

R1(CONFIG)#IP ACCESS-GROUP [IN | OUT]

EXTENDED ACL

R1(CONFIG)#ACCESS-LIST [#(100-199)] [DENY | PERMIT ][PROTOCOL (icmp,tcp,udp,ip)] [source IP +W.C.] [OPERATOR]

[SOURCE PORT(optional)] [DESTINATION IP+W.C] [OPERATOR] [DESTINATION PORT]

OPERATOR =LI <, GT>, EQ=,NEQ (NOT EQUAL)

Example:

R1(CONFIG)#ACCESS-LIST 101 permit TCP 10.0.0.1 0.0.0.255 ANY EQ 23

R1(CONFIG)#ACCESS-LIST 101 permit IP ANY ANY

ACL לחסימת SSH/TELNET – גישה מרחוק לראוטר

R1(CONFIG)#ACCESS-LIST 1 PERMIT 10.0.0.1 0.0.0.0

R1(CONFIG)#LINE VTY 0 4

R1(CONFIG-LINE)#ACCESS CLASS 1 IN

R1#SHOW ACCESS LIST

R1#SHOW IP INTERFACE FA0/0

***********************NAT*************************************

STATIC NAT

R1(CONFIG)#IP NAT inside source static _local IP_ _global IP_

R1(CONFIG)#INT FA 0/0

R1(CONFIG-IF)#IP NAT INSIDE

R1(CONFIG)#INT SERIAL 0/3/0

R1(CONFIG-IF)#IP NAT OUTSIDE

Dynamic Nat

R1(CONFIG)#access-list[1-99]permit source IP +W.C. הגדרת קבוצת כתובות פנימית

הגדרת קבוצת כתובות חיצונית

R1(CONFIG)#IP Nat pool[pool name]start -IP end –IP NETMUSK subnet musk we can also write the order:

R1(CONFIG)#IP Nat pool[pool name]start -IP end –IP prefix-length [/8,/16….]

חיבור בין הקבוצות:

R1(CONFIG)#IP Nat inside source list[ACL number]pool [pool name]

הגדרת כיוון ביצוע ה NAT

R1(CONFIG)#INT FA 0/0

R1(CONFIG-IF)#IP NAT INSIDE

R1(CONFIG)#INT SERIAL 0/3/0

R1(CONFIG-IF)#IP NAT OUTSIDE

NAT WITH OVERLOAD (PAT)

R1(CONFIG)#ACCESS-LIST[1-99] PERMIT SOURCE IP+W.C.

R1(CONFIG)#IP NAT SOURCE LIST [ACL NUMBER]INTERFACE [INTERFACE NAME]OVERLOAD

R1(CONFIG)#INT FA 0/0

R1(CONFIG-IF)#IP NAT INSIDE

R1(CONFIG)#INT SERIAL 0/3/0

R1(CONFIG-IF)#IP NAT OUTSIDE

Dynamic Nat WITH OVER LOAD

R1(CONFIG)#access-list[1-99]permit source IP +W.C. הגדרת קבוצת כתובות פנימית

הגדרת קבוצת כתובות חיצונית

R1(CONFIG)#IP Nat pool[pool name]start -IP end –IP NETMUSK subnet musk we can also write the order:

R1(CONFIG)#IP Nat pool[pool name]start -IP end –IP prefix-length [/8,/16….]

חיבור בין הקבוצות:

R1(CONFIG)#IP NAT SOURCE LIST [ACL NUMBER]POOL [POOL NAME]OVERLOAD

R1(CONFIG)#INT FA 0/0

R1(CONFIG-IF)#IP NAT INSIDE

R1(CONFIG)#INT SERIAL 0/3/0

R1(CONFIG-IF)#IP NAT OUTSIDE

SHOW/DEBUG

R1#DEBUG IP NAT

R1# SHOW IP NAT TRANSLATION

************************DHCP***************************

R1(CONFIG)#IP DHCP POOL[POOL NAME]

R1(DHCP-CONFIG)#NETWORK [NETWORK IP][S.M.] באיזו רשת יחולקו הכתובות, הראוטר מחפש ממשק ברשת שציינו

R1(DHCP-CONFIG)#default-router [IP address] CONFIGURE THE NETWORK DEFOULT G.W.

R1(DHCP-CONFIG)#DNS-SERVER [DNS IP ADDRESS]

R1(DHCP-CONFIG)# DHCP EXCLUDED-ADDRESS [NETWORK IP][S.M.] הגדרת טווח כתובות שלא יחולק

R1(DHCP-CONFIG)# DHCP EXCLUDED-ADDRESS 10.0.0.10. 10.255.255.255 למשל:

R1(CONFIG)#no service DHCP

R1#show IP DHCP binding displays all IP address to MAC address bindings that were provided by the DHCP service

R1# show IP DHCP server statistics displays counters regarding number of DHCP messages that were sent /received

R1#show IP DHCP pool This command summarizes the DHCP pool information

R1# show IP DHCP conflict

R1# access-list 100 permit ip host 0.0.0.0 host 255.255.255.255

R1# debug ip packet detail 100

The output in the figure shows that the router is receiving the DHCP requests from the client. The source IP address is 0.0.0.0 because the client does not yet have an IP address. The destination is 255.255.255.255 because the DHCP discovery message from the client is a broadcast. The UDP source and destination ports, 68 and 67, are the typical ports used for DHCP.

R1# debug ip dhcp server events reports server events, like address assignments and database updates. Also use for decoding

DHCP receptions and transmissions.

*****************************IPV6************************************

R1(CONFIG)#IPv6 UICAST-ROUTING the order activate IPv6 capabilities

R1(CONFIG)#INT FA0/0

R1(CONFIG-IF)#IPV6 ADDRESS 2001:1::1/64 EUI-64

R1(CONFIG)#SHOW IPV6 INT FA0/0

********* ACTIVATE RIPng *********************

R1(CONFIG)#IPV6 ROUTER RIP [NAME]

R1(CONFIG)#INT FA0/0

R1(CONFIG-IF)#IPV6 RIP [NAME] ENABLE

　

　

　

　

　

　

　

**************LAYER2 PROTOCOL- HLC,PPP******************************

R1(CONFIG)#INT FA0/0

R1(CONFIG-IF)#ENCAPSULATION HDLC

R1(CONFIG-IF)#ENCAPSULATION PPP

R1(CONFIG-IF)#NO ENCAPSULATION PPP ! the router will activate automatically HDLC!

*******PPP AUTHENTICATION**************

THE PPP AUTHENTICATION NEED TO BE CONFIGURE ON THE TWO ROUTERS WHICH HOLD THE SERIAL CONECTION

ON ROUTER1

R1(CONFIG)#HOSTNAME ROUTER1

R1(CONFIG)#USER NAME ROUTER2 PASSWORD [PASSWORD]

R1(CONFIG)#INT S0/0/0

R1(CONFIG-IF)#ENCAPSULATION PPP

R1(CONFIG-F)#PPP AUTHENTICATION [CHAP|PAP|CAP PAP|PAP CHAP]

ON ROUTER2

R1(CONFIG)#HOSTNAME ROUTER2

R1(CONFIG)#USER NAME ROUTER1 PASSWORD [PASSWORD]

R1(CONFIG)#INT S0/0/0

R1(CONFIG-IF)#ENCAPSULATION PPP

R1(CONFIG-F)#PPP AUTHENTICATION [CHAP|PAP|CAP PAP|PAP CHAP]

DEBUG

R1#DEBUG PPP AUTHENTICATION

　