Chasing Packets in GNS3 & Production Environment, Part 1: Capturing packets using built-in Live Wireshark Capture in GNS3 1.4.4

Why do you want to do this lab?

You can capture any interesting packets and analyse for your learning purpose, analyzing packet captures can give you the real inside of how the packets are working on the devices and on different segments of the network. Simply reading the books and learn about how packets work behind the scenes is a little like trying to learn something as if you are three wise monkeys (see no evil, hear no evil, speak no evil).

On the real production, you can use other methods to capture interesting packets. Some examples are IOS Embedded Packet capture and tee off the configuration to a TFTP server, use a sniffer using spanning port or remote spanning port. Also, use more advanced method of Cisco NAM (Network Analyzer).

In this part, I will quickly show you how to whiz up a simple lab and capture some packets on GNS3 and Wireshark live capture within, GNS3. In the next section, I will demonstrate IOS Embedded Packet capture and teeing off to a TFTP server. Lastly, I will demonstrate packet capturing using spanning port and remote span.

Prerequisite 1: GNS3 1.4.4 pre-installed on Windows PC/laptop

Prerequisite 2: IOU VM ova deployed and integrated with GNS3

Prerequisite 3: Familiar with VMware workstation and Windows loopback configuration




Step 1: Add devices as below and make all connections. When you add the devices, your GNS3 topology will look like this. Remember to use dummy switches to make connection between your virtual machines and your host PC loopback to your IOU switches.


Step 2: Configure your routers and switches similar to the configuration found in  the attached zip file.






Step 3: Capture packets using various link positions



If you run into the following error, you will have to go to GNS3 setting and update the path of Wireshark.


=> Error: SW3: Could not start the packet capture reader: [WinError 2] The system cannot find the file specified: None

Changing path in GSN3 preferences:

C:\Program Files\Wireshark\wireshark.exe” ==> C:\Program Files (x86)\Wireshark\wireshark.exe


Step 4: Wireshark will open automatically and start capturing all the traffic on the link you have selected.

e.g.) TCP/IP packet capture example


e.g.) Voice packet capture using soft phones (On virtual machines) between two work stations and CUCM.


Now you can set up any server and clients and study how TCP/IP, UDP work behind the scenes. Jump straight in and try to enjoy your study!


Note: This lab can be completed on a single PC, Save Electricity, save Money, save Time, SAVE THE PLANET.





Notes on Cisco QoS: Clearing the fog – Part 2. Quality issues

Quality of Service

QOS = Method of giving priority to some specific traffic as moving over the network.

The basic aim of QoS is to have a consistent and predictable performance on your network.


1 qos intro

General characteristics of today’s Converged Network:

  • Small voice packet compete with bursty data packets, many different applications are using network as services
  • Critical traffic must get priority over less critical traffic, without QoS, default behavior is First In First Out (FIFO)
  • Voice and video traffics are time-sensitive
  • Outages are not acceptable


Converged Network Quality issues:

  • Lack of Bandwidth
  • Packet Loss
  • Delay
  • Jitter



2 Bandwidth Measure.png

  • Maximum available bandwidth is the slowest link on the traffic paths
  • On the same physical links (traffic paths), multiple flows compete for the same bandwidth, multiple applications sharing the same bandwidth
  • Lack of bandwidth causes performance degradation on network applications



Packet Loss

3 Tail Drop due to Queue Congestion

Packet loss due to Tail Drop: Queue only can so much packets and once it is full and more packets arrive at the tail end of the queue before the queue is emptied (due to link congestion etc.), the packets will be dropped, and this behavior is called ‘Tail Drop’. If the tail drop occurs to the time sensitive traffics such as voice and video, the effects are immediately felt by the users on the flow. If this happens to data traffic, it may interrupt file transfer and corrupt the file.




4 Types of Delay

  • Processing Delay – time taken by router to process packets from an input interface and put them into the output queue of output interface
  • Queuing Delay – time a packet resides in the output queue of a router
  • Serialization Delay – time taken to place bits on the wire
  • Propagation Delay – time taken for packets to cross links from one end to the other end




5 Jitter

  • Packets from a source will reach a destination with different delay times
  • Congestion on the network will cause jitter
  • Congestion can occur at a router interface/Service Provider network if the circuits are not properly provisioned


CCNA Switching Lab 1-0: The set up

We will try to prepare a lab where we can configure and test different features of Cisco Routers and Switches. For the purpose of saving time and minimize our on-going efforts to set up each lab, two multi-purpose lab typologies will be configured, namely one for routing and another for switching. Once the lab is set up, it can be used in multiple scenarios and a lab can be configured on the fly to teach us the required technologies. This section is the switching part and will be titled ‘CCNA Switching Lab 1-x’, where x represents the lab number. In the same manner, the routing labs will be titled ‘CCNA Routing Lab 1-x’.

Lab prerequisite: You have followed my blog or other people’s blog, or watched YouTube and set up your GNS3 with IOU at some stage.

Step 1: As shown below, add four IOU routers and four IOU switches.

사용자 지정 2


Step 2: Connect all of your switches and routers

사용자 지정 1


Now you are ready to do some Switching labs. 🙂

사용자 지정 3







CCNA Routing Lab 1-0: The set up

We will try to prepare a lab where we can configure and test different features of Cisco Routers and Switches. For the purpose of saving time and minimize our on-going efforts to set up each lab, two multi-purpose lab typologies will be configured, namely one for routing and another for switching. Once the lab is set up, it can be used in multiple scenarios and a lab can be configured on the fly to teach us the required technologies. This section is the routing part and will be titled ‘Routing Lab 1-x’, where x represents the lab number. In the same manner, the switching labs will be titled ‘CCNA Switching Lab 1-x’.

Lab prerequisite: You have followed my blog or other people’s blog, or watched YouTube and set up your GNS3 with IOU at some stage.

I have drawn a lab topology  we are trying to configure and mimic:

사용자 지정 8

Step 1: As shown below, drop four IOU routers, two IOU L2 switches and one GNS3 native GNS3 Frame Relay Switch.

활성화 윈도우 4

Step 2: Add DLCIs in FR1 to prepare for Frame Relay Switch ready for connection.사용자 지정 3

Step 3: Connect all devices as shown below. and now you are ready to start your first Routing lab.

활성화 윈도우 1






Simple TSHOOT notes: 1 VLANS

Quick VLAN Review
– VLAN lives in L2 Broadcast Domain
– Correct L2 configuration is a must for a stable network, if L2 is not working correclty then L3 won’t work.
– Data/Voice(a.k.a AUxiliary vlan) VLANS, seperate vlans for voice is recommended on enterprise network
– VLAN 1 = default VLAN, not tagged, Trunked Native vlan. As best practice, VLAN 1 is disabled
– Any unused ports are moved to a dummy VLAN as a security measures
– Extended Range VLANS 1006- 4094, if required but this range is hardly used

Hot tip:
– Extended Range is only available if your switch is in Transparent mode.
– If you try to create VLAN in client mode, your switch will throw up “error”, you must be in server mode to create VLANs

Switch VLAN Configuration in a nutshell:

conf t
vlan 100
vlan 200

int fa0/3
switchport mode access
switchport access vlan 100
switchport voice vlan 200

int fa0/24
switchport mode trunk
switchport trunk vlan 99

Useful commands:
show interface status                   <<< displays interface status
show vlan brief                               <<< does the vlan exist and which ports participate in respective vlans
show interface fa0/3 switchport <<< get all of details of VLAN on a particular switchport
show vlan id                                      <<< shows vlan ID
show int trunk                                  <<< shows trunk interface
show monitor                                   <<< shows monitoring ports

CCNA Data Center 640-911 DCICN – Note 18, IPv6 Introduction

This is my first blog in 2016, I have been on holiday mode as I have been on one the longest annual leave in my life. Hope you understand the family commitment when you and your kids are on summer holiday (here in Sydney, Dec/Jan/Feb is blazing summer).


IPv6, the history and does it really matter to you or anyone?

The simple answer is YES, then why? The single biggest driver behind the development and introduction of IPv6 is  a long prediction of lack of usable IPv4 IP addresses since the explosion of World Wide Web (www) in 1995. The www development goes back to 1991 and then the introduction of grandfather web browser, Mosaic was first introduced in 1993. By year 1995, one third of IPv4 addresses were consumed, by year 2000, half of all IPv4 addresses were use.

As reviewed in previous notes, IPv4 consists of 32 bit address structure and theoretically that should give us 2 to the power of 32 IP addresses, that is 4294967296 IP addresses or roughly, 4.3 billion IP addresses . But not all IP addresses are usable such as the reserved IP addresses for private network use as well as the Class E addresses reserved for development and testing purposes. In other words, only around 2.5 billion IP addresses are true usable addresses. If you just check out our world’s population today (, China = 1.407 billion and India = 1.2912 billion people,), just looking at top two countries’ population figures, you can feel the IPv4 address shortage on your skin. The trend is that the world’s network has been doubling in size every year for the past 15 years. (

With the advancement of new technologies comes the rapid deletion of available IPv4 IP addresses. Anything that’s related to mobile communications and entertainment as well as all other areas seems to be needing more and more IP addresses for everyday use. In the past, it was expected that all the IPv4 addresses would be depleted by 2011 but it is 2016 and we are still using IPv4 address without much thought, all thanks to the counter measures put into place to slow down the IPv4 IP address deletion. e.g.) The fine art of sub-netting, a practical use of DHCP and IP Natting.


 Quick note on history of IPv6:

1990 – IETF had predicted that all class B IPv4 IP addresses will be deleted by 1994
1991 Nov – IETF formed  ROAD (ROuting and ADress) Group in Santa Fe, US.
1995 – IPNG (IP Next Generation) Workgroup had written and submitted ‘RFC 1883’, this RFC has become the foundation of current IPv6.
1996 – 6Bone was introduced. 6Bone was a test-bed for IPv6 vulnerabilities connecting 57 countries across 1100 sites.
1999 – IPv6 Forum was launched to standardize the use of IPv6
2006 Jul 06 – 6Bone was decommissioned after 10 years of testing.
Current – Majority of IP products are manufactured with IPv6 capabilities and compatibility. IPv6 is slowly phasing out IPv4 around the world.



Quick note on 10 Advantages (Characteristics) of IPv6:
1. Larger IP address space than IPv4, 32 bits based IPv4 vs 128 bits based IPv6
2. Better end-to-end connectivity than IPv4
– peer-to-peer application connections such as games, video conferencing, file sharing and VoIP
– No need to use NAT as the shortage of addresses is thing of IPv4
3. Plug-n-Play feature of IPv6
– plug-and-play auto-configuration, e.g.) DHCPv6
4. Simplified Header structures leading to faster routing
5. Better security features
– use of IPSec (a built-in feature)
6. Improved QoS features
7. Improved Multicast and Anycast abilities
8. Better mobility features
9. Ease of administration over IPv4
10. IPv6 follows the key design principles of IPv4


In the next section, we will look at some characteristics of IPv6 and then in the final section of IPv6, I will demonstrate IPv6 in a simple lab. Happy blogging, reading and all the best with your learning and career in 2016.

Notes on Cisco QoS: Clearing the fog – Part 1. Basic Introduction

  1. What is Quality of Service (QoS) ?

Analogy 1: QoS is a network tool which can be implemented to effectively transport more critical traffics over IP, which gives critical traffic a priority over less critical traffic.

Analogy 2: QoS is a method of giving a priority to some specific data traffic going across our network.

  • Give VoIP, Video traffic more priority than ftp file downloading traffic
  • Some critical Data such as Citrix etc.


  1. Converged Network Quality Issues

Today’s enterprise network Characteristics:

  • Benign small voice packet flows compete directly with busty data packet flows.
  • Voice load and voice application data (traffic) tolerate minimal variation in delay, packet loss or jitter. The voice quality degradation is immediately felt by the users.
  • Give critical traffic higher priority
  • Voice and video are real-time, hence time-sensitive
  • Outage/packet drops are not acceptable


Some issues from Converged Network:

  • Lack of bandwidth – If more traffic is pumped through the network more than the network can handle, there will be congestions and packet loss.
  • Packet Loss – If input queue pumps too much packets into an interface, output queue fills up, the packet is dropped.
  • Delay –
    • Processing delay – The time it takes for a router to take the packet from an input interface, examine it and put it into the output queue of the output interface
    • Queuing delay – The time a packet resides in the output queue of a router
    • Serialization delay – The time it takes to place the “bits on the wire”
    • Propagation delay – The time it takes for the packet to cross the link from one end to the other


  • Jitter –
    • Packets from the source will reach the destination with different delays
    • Jitter is generally caused by congestion in the IP network
    • The congestion can occur either at the router interfaces or in a provider or carrier network if the circuit has not been provisioned properly


To overcome these converged network quality issues, QoS tool(s) must be used based on each network.


Some Cisco recommended QoS tool types and their characteristics:

A. Best effort

– Out of box, if you do not configure your devices, it is using best effort

– Business network with no QoS policies

– Infrastructure does not support QoS



B. Integrated Services (IntServ)

– Aims to reserve bandwidth along a specific path in the network

– Guarantees end-to-end bandwidth for mission-critical applications such as VoIP and Citrix

– End-hosts signal their QoS requirements to the network (Signalled QoS model)

– Every communication stream needs to request resources from the network.

– Edge routers use Resource Reservation Protocol (RSVP) to signal and reserve bandwidth


Some disadvantages of IntServ:

– Every device along the network must be fully RSVP aware and have ability to process QoS

– Reservations in each devices along the path need to be periodically refreshed, adds traffic and overhead along the network

– “Soft-states” or bandwidth reservation increase memory and CPU requirements on devices along the path

– Adds complexity to the network which makes network infrastructure difficult to maintain


C. Differentiated Service (DiffServ)

– Designed to overcome the limitations of Best-Effort and IntServe model, while maintaining the ability to provide an almost guaranteed QoS

– Routers and switches are configured to service multiple classes of traffic with different priorities. Bandwidth, delay and prioritization are configured on a hop-to-hop basis along the network infrastructure, making diffServ cost-effective and scalable

– For DiffServ QoS to work, network traffic must be divided into classes that are based on the company’s requirements

– Network devices identify traffic as it passes through them and enforce the configured policies, making sure that each class/service is served as instructed