Chasing Packets in GNS3 & Production Environment, Part 1: Capturing packets using built-in Live Wireshark Capture in GNS3 1.4.4

Why do you want to do this lab?

You can capture any interesting packets and analyse for your learning purpose, analyzing packet captures can give you the real inside of how the packets are working on the devices and on different segments of the network. Simply reading the books and learn about how packets work behind the scenes is a little like trying to learn something as if you are three wise monkeys (see no evil, hear no evil, speak no evil).

On the real production, you can use other methods to capture interesting packets. Some examples are IOS Embedded Packet capture and tee off the configuration to a TFTP server, use a sniffer using spanning port or remote spanning port. Also, use more advanced method of Cisco NAM (Network Analyzer).

In this part, I will quickly show you how to whiz up a simple lab and capture some packets on GNS3 and Wireshark live capture within, GNS3. In the next section, I will demonstrate IOS Embedded Packet capture and teeing off to a TFTP server. Lastly, I will demonstrate packet capturing using spanning port and remote span.

Prerequisite 1: GNS3 1.4.4 pre-installed on Windows PC/laptop

Prerequisite 2: IOU VM ova deployed and integrated with GNS3

Prerequisite 3: Familiar with VMware workstation and Windows loopback configuration




Step 1: Add devices as below and make all connections. When you add the devices, your GNS3 topology will look like this. Remember to use dummy switches to make connection between your virtual machines and your host PC loopback to your IOU switches.


Step 2: Configure your routers and switches similar to the configuration found in  the attached zip file.






Step 3: Capture packets using various link positions



If you run into the following error, you will have to go to GNS3 setting and update the path of Wireshark.


=> Error: SW3: Could not start the packet capture reader: [WinError 2] The system cannot find the file specified: None

Changing path in GSN3 preferences:

C:\Program Files\Wireshark\wireshark.exe” ==> C:\Program Files (x86)\Wireshark\wireshark.exe


Step 4: Wireshark will open automatically and start capturing all the traffic on the link you have selected.

e.g.) TCP/IP packet capture example


e.g.) Voice packet capture using soft phones (On virtual machines) between two work stations and CUCM.


Now you can set up any server and clients and study how TCP/IP, UDP work behind the scenes. Jump straight in and try to enjoy your study!


Note: This lab can be completed on a single PC, Save Electricity, save Money, save Time, SAVE THE PLANET.





Notes on Cisco QoS: Clearing the fog – Part 2. Quality issues

Quality of Service

QOS = Method of giving priority to some specific traffic as moving over the network.

The basic aim of QoS is to have a consistent and predictable performance on your network.


1 qos intro

General characteristics of today’s Converged Network:

  • Small voice packet compete with bursty data packets, many different applications are using network as services
  • Critical traffic must get priority over less critical traffic, without QoS, default behavior is First In First Out (FIFO)
  • Voice and video traffics are time-sensitive
  • Outages are not acceptable


Converged Network Quality issues:

  • Lack of Bandwidth
  • Packet Loss
  • Delay
  • Jitter



2 Bandwidth Measure.png

  • Maximum available bandwidth is the slowest link on the traffic paths
  • On the same physical links (traffic paths), multiple flows compete for the same bandwidth, multiple applications sharing the same bandwidth
  • Lack of bandwidth causes performance degradation on network applications



Packet Loss

3 Tail Drop due to Queue Congestion

Packet loss due to Tail Drop: Queue only can so much packets and once it is full and more packets arrive at the tail end of the queue before the queue is emptied (due to link congestion etc.), the packets will be dropped, and this behavior is called ‘Tail Drop’. If the tail drop occurs to the time sensitive traffics such as voice and video, the effects are immediately felt by the users on the flow. If this happens to data traffic, it may interrupt file transfer and corrupt the file.




4 Types of Delay

  • Processing Delay – time taken by router to process packets from an input interface and put them into the output queue of output interface
  • Queuing Delay – time a packet resides in the output queue of a router
  • Serialization Delay – time taken to place bits on the wire
  • Propagation Delay – time taken for packets to cross links from one end to the other end




5 Jitter

  • Packets from a source will reach a destination with different delay times
  • Congestion on the network will cause jitter
  • Congestion can occur at a router interface/Service Provider network if the circuits are not properly provisioned


CCNA Data Center 640-911 DCICN – Note 18, IPv6 Introduction

This is my first blog in 2016, I have been on holiday mode as I have been on one the longest annual leave in my life. Hope you understand the family commitment when you and your kids are on summer holiday (here in Sydney, Dec/Jan/Feb is blazing summer).


IPv6, the history and does it really matter to you or anyone?

The simple answer is YES, then why? The single biggest driver behind the development and introduction of IPv6 is  a long prediction of lack of usable IPv4 IP addresses since the explosion of World Wide Web (www) in 1995. The www development goes back to 1991 and then the introduction of grandfather web browser, Mosaic was first introduced in 1993. By year 1995, one third of IPv4 addresses were consumed, by year 2000, half of all IPv4 addresses were use.

As reviewed in previous notes, IPv4 consists of 32 bit address structure and theoretically that should give us 2 to the power of 32 IP addresses, that is 4294967296 IP addresses or roughly, 4.3 billion IP addresses . But not all IP addresses are usable such as the reserved IP addresses for private network use as well as the Class E addresses reserved for development and testing purposes. In other words, only around 2.5 billion IP addresses are true usable addresses. If you just check out our world’s population today (, China = 1.407 billion and India = 1.2912 billion people,), just looking at top two countries’ population figures, you can feel the IPv4 address shortage on your skin. The trend is that the world’s network has been doubling in size every year for the past 15 years. (

With the advancement of new technologies comes the rapid deletion of available IPv4 IP addresses. Anything that’s related to mobile communications and entertainment as well as all other areas seems to be needing more and more IP addresses for everyday use. In the past, it was expected that all the IPv4 addresses would be depleted by 2011 but it is 2016 and we are still using IPv4 address without much thought, all thanks to the counter measures put into place to slow down the IPv4 IP address deletion. e.g.) The fine art of sub-netting, a practical use of DHCP and IP Natting.


 Quick note on history of IPv6:

1990 – IETF had predicted that all class B IPv4 IP addresses will be deleted by 1994
1991 Nov – IETF formed  ROAD (ROuting and ADress) Group in Santa Fe, US.
1995 – IPNG (IP Next Generation) Workgroup had written and submitted ‘RFC 1883’, this RFC has become the foundation of current IPv6.
1996 – 6Bone was introduced. 6Bone was a test-bed for IPv6 vulnerabilities connecting 57 countries across 1100 sites.
1999 – IPv6 Forum was launched to standardize the use of IPv6
2006 Jul 06 – 6Bone was decommissioned after 10 years of testing.
Current – Majority of IP products are manufactured with IPv6 capabilities and compatibility. IPv6 is slowly phasing out IPv4 around the world.



Quick note on 10 Advantages (Characteristics) of IPv6:
1. Larger IP address space than IPv4, 32 bits based IPv4 vs 128 bits based IPv6
2. Better end-to-end connectivity than IPv4
– peer-to-peer application connections such as games, video conferencing, file sharing and VoIP
– No need to use NAT as the shortage of addresses is thing of IPv4
3. Plug-n-Play feature of IPv6
– plug-and-play auto-configuration, e.g.) DHCPv6
4. Simplified Header structures leading to faster routing
5. Better security features
– use of IPSec (a built-in feature)
6. Improved QoS features
7. Improved Multicast and Anycast abilities
8. Better mobility features
9. Ease of administration over IPv4
10. IPv6 follows the key design principles of IPv4


In the next section, we will look at some characteristics of IPv6 and then in the final section of IPv6, I will demonstrate IPv6 in a simple lab. Happy blogging, reading and all the best with your learning and career in 2016.