💉 K2's Daily CLIs doze

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466

# Revert your config without reload in 5 ...  
# https://networkproguide.com/cisco-configuration-archive-rollback-the-undo-button/

CISCO-SW# conf t
CISCO-SW(config)#archive
CISCO-SW(config-archive)#path bootflash:
CISCO-SW(config-archive)#maximum 5
CISCO-SW(config-archive)#exit
CISCO-SW(config)#end
CISCO-SW#wr
CISCO-SW#term mon
CISCO-SW#configure terminal revert timer 1
Rollback Confirmed Change: Backing up current running config to bootflash:-Jul-25-15-02-21.613-1
Enter configuration commands, one per line.  End with CNTL/Z.
CISCO-SW(config)#hostname NPGT
NPGT(config)#end
NPGT#
*Jul 25 15:03:21.723: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: bootflash:- Jul-25-15-02-21.613-1
*Jul 25 15:03:22.235: Rollback: Acquired Configuration lock.
CISCO-SW#



# Monitor Capture -- pretty cool ;)


! why doesn't tacacs work?
! what are these weird %SESSION_MGR-5-FAIL log messages on the trunk link?
! why is there a policy on the trunk interface when running "sh access-session int gi1/0/48 detail"?
! how is the policy PMAP_DefaultWiredDot1xOpenAuth_MAB_1X getting set?  "sh run int gi1/0/48"
! and "sh derived-config int gi1/0/48" doesn't show any AAA configuration?
int gi1/0/48
  no access-session monitor

! pause or sleep when bouncing an interface
! note:  leaving this configured all of the time can cause problems.  if you try to configure something with a password or
! key later, say because you are updating the RADIUS and TACACS keys, and the key had a $ (dollar sign) int it,
! it will be interpreted by the shell processing as a variable.
! have fun figuring out why your new RADIUS and TACACS key doesn't work.
shell processing full
!
int gi1/0/1
 shutdown
 switch access vlan 2
 sleep 5
 no shutdown

! clear stack-port counters
! CLEAR ALL THE THINGS!  meme
sh switch stack-port detail
clear counters

! have that annoying stack cable with lots of CRC errors because the onsite tech didn't seat the cable properly?
! disable the stack port until they can go back and fix it.  helps keep the switches in the switch stack from
! unexpectedly reloading on their own.
! interestingly, the CRC errors will still increase even though the stack port is down.  even if you disable both ends of the cable.
switch 1 stack port 1 disable

! reload command, the console port, and switch stacks
! the reload command will cause another switch in the stack to become the active switch and then reload the entire stack.
! the new active switch will remain the active switch even after the reload, ignoring any switch priority configuration.
! annoying, right?  (note:  this behavior is probably IOS XE version specific )  this means you lose console access to
! the switch stack until you or someone else can move the console cable to the active switch.
! fix, use the redundacy reload shelf command
cat03--#reload
Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]

Chassis 1 relo
The network connection was aborted by the local system.  <-- This is a console server message.

cat9300#redundancy reload shelf
Reload the entire shelf [confirm]
Preparing to reload this shelf

Chassis 2 reloading, reason - Reload command
Sep 21 11:49:59.621: %PMAN-5-EXITACTION: F0/0: pvp: Process manager is exiting: reload fp action requested
Sep 21 11:50:01.903


Initializing Hardware......  <-- Look ma, normal bootup messages.

! The reload reason will change in the output of sh logging onboard switch 1 uptime detail
! reload command
cat9300#sh logging onboard switch 1 uptime detail
. . .
12/31/2023 13:37:00   Reload Command                0     0     1     17    0

! redundancy reload shelf command
cat9300#sh logging onboard switch 1 uptime detail
. . .
12/31/2023 00:13:37   Admin reload CLI              0     0     1     17    0

# Sample EEM script
! This EEM script below will trigger if the used memory from “show platform software status control-processor brief” is reaching 95% of total: 3871936
event manager applet HighMemUtil auth bypass
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.12 get-type next entry-op gt entry-val 3678339 exit-time 20 poll-interval 5
action 1.0 syslog msg "------HIGH MEMORY Utilization detected--------"
action 1.1 cli command "enable"
action 1.2 cli command "terminal length 0"
action 1.3 cli command "show version | append flash:mem-eem.txt"
action 1.4 cli command "show processes memory sorted | append flash:mem-eem.txt"
action 1.5 cli command "show processes memory platform sorted  | append flash:mem-eem.txt"
action 1.6 cli command "show platform software status control-processor brief | append flash:mem-eem.txt"
action 1.7 cli command "Show platform software mount | append flash:mem-eem.txt"
action 1.8 cli command "show processes memory platform accounting | append flash:mem-eem.txt"
action 2.1 cli command "terminal default length"
action 2.2 cli command "end"


# Switch Stack Port Issues/Errors

sh switch stack-ports detail
sh platform hardware fed switch 1 fwd-asic register read register-name SifRacDataCrcErrorCnt-0
sh platform hardware fed switch 1 fwd-asic register read register-name SifRacRwCrcErrorCnt-0
sh platform hardware fed switch 1 fwd-asic register read register-name SifRacInvaldRingWordCnt-0
sh platform hardware fed switch 1 fwd-asic register read register-name SifRacPcsCodeWordErrorCnt-0
sh platform hardware fed switch 1 fwd-asic register read register-name SifMessageStatus
sh platform software stack-mgr switch 1 r0 sdp-counters 
!
sh platform hardware fed switch 2 fwd-asic register read register-name SifRacDataCrcErrorCnt-0
sh platform hardware fed switch 2 fwd-asic register read register-name SifRacRwCrcErrorCnt-0
sh platform hardware fed switch 2 fwd-asic register read register-name SifRacInvaldRingWordCnt-0
sh platform hardware fed switch 2 fwd-asic register read register-name SifRacPcsCodeWordErrorCnt-0
sh platform hardware fed switch 2 fwd-asic register read register-name SifMessageStatus
sh platform software stack-mgr switch 2 r0 sdp-counters 
!
sh platform hardware fed switch 3 fwd-asic register read register-name SifRacDataCrcErrorCnt-0
sh platform hardware fed switch 3 fwd-asic register read register-name SifRacRwCrcErrorCnt-0
sh platform hardware fed switch 3 fwd-asic register read register-name SifRacInvaldRingWordCnt-0
sh platform hardware fed switch 3 fwd-asic register read register-name SifRacPcsCodeWordErrorCnt-0
sh platform hardware fed switch 3 fwd-asic register read register-name SifMessageStatus
sh platform software stack-mgr switch 3 r0 sdp-counters 
! stack discovery protocol counters
sh platform software stack-mgr switch active R0 sdp-counters

# Firmware Related

! verify images
verify flash:cat9k_iosxe.17.03.05.SPA.bin
verify /md5 flash:cat9k_iosxe.17.03.05.SPA.bin

! password recovery
! Hold mode button, release -> rommon

Switch: SWITCH_IGNORE_STARTUP_CFG=1
Switch: boot

!
copy start run
conf t
(config)# no system ignore startupconfig switch all

! DNS information
sh ip dns view

! parser_cmd logs
sh platform software trace message ios switch 1 r0 | in parser_cmd
show logging process iosrp | in parser_cmd

! is traffic being evenly distributed across the physical interfaces in an etherchannel?
! probably not
sh interfaces po1 counters ethernet

! test etherchannel load-balancing
sh platform software fed switch active etherchannel 1 load-balance ipv4 192.0.2.2 192.0.2.1 

! test ECMP load-balancing
show ip cef exact-route 192.0.2.2 192.0.2.1

! auto-LAG
port-channel auto

! identify connected devices
sh device classifier attached

! device classifier profiles
sh device classifier profile type builtin

! device-tracking
sh device-tracking database details

! use a switch to do an snmp get on another switch
! OID for whyReload
cat9300(config)# snmp-server manager 
cat9300(config)# end
cat9300# snmp get v2c 198.51.100.20 cisco oid 1.3.6.1.4.1.9.2.1.2.0
SNMP Response: reqid 1, errstat 0, erridx 0 
 lsystem.2.0 = PowerOn

! list TCAM utilization
sh platform hardware fed switch 1 fwd-asic resource tcam utilization 

! my favorite uptime and reload reason command
sh logging onboard switch 1 uptime detail

! IOS 17
show tech-support confidential # hides confidential data from TAC

! list some of the hidden show commands
! there are quite a few things under show platform that need TAC or BU documentation
show tech-support all | include "show "

! list interfaces with drops
cat9300# term shell
cat9300# sh int | grep "GigabitEthernet|output drops" | grep -v "drops: 0"

! interface up / down time information
sh int gi1/0/7 link

! list the number of times an interface has flapped, divide result by 2
sh logging | count 2/0/40.*(up|down)

! stack cables have serial numbers
show logging onboard switch active environment detail | in STACK

! commands TAC had me run to verify a memory leak bug
terminal length 0
show version
terminal exec prompt timestamp
show processes memory sorted
show processes memory platform sorted
show platform software status control-processor brief
show platform software mount switch active r0
show memory allocating-process totals 
show memory statistics
show platform resources
show platform software process list switch active r0 sort memory
show process memory platform accounting
show logging
!
show platform software memory smd switch active r0 brief
!

! information collected by device-sensor
sh device-sensor cache interface gi1/0/7

! cat9k beacon
! turn on the super bright blue LED for the hardware team
hw-module beacon slot 1 on
sh beacon all
hw-module beacon slot 1 off

! spanning tree problems, lots of topolgy changes
sh span de | in ^ VLAN|Times:

! punted packets
sh plat software fed swi act punt cause summary
sh plat software fed swi act punt rates interfaces 
sh plat software fed swi act punt packet-capture status
sh plat software fed swi act cpu-interface

! cts
sh cts
sh derived-config int gi1/0/20
sh cts interface gi1/0/20
sh cts authorization entries
sh cts policy sgt
sh derived-config | se cts

! it's interesting to see the changes in the file structure with the different IOS versions
show platform software chasfs r0

! this use to work at some point
! someone is fixing their file permissions
sh platform software file contents r0 /tmp/chassis/local/rp/chasfs/rp/0/0/etc/issue

! log logins
conf t
 login on-failure log
 login on-success log
 end
!
sh login failures

! log config changes, also needed for the revert timer
archive
 log config
  logging enable
  logging size 500
  notify syslog contenttype plaintext
  hidekeys
!
sh archive log config all

! why doesn't tacacs work?  
! what are these weird %SESSION_MGR-5-FAIL log messages on the trunk link?  
! why is there a policy on the trunk interface when running "sh access-session int gi1/0/48 detail"?
! how is the policy PMAP_DefaultWiredDot1xOpenAuth_MAB_1X getting set?  "sh run int gi1/0/48" and "sh derived-config int gi1/0/48" doesn't show any AAA configuration?
int gi1/0/48
  no access-session monitor
 
====================== CAT 3850 ======================

# Interface Discards ?

sh int te1/0/3
sh int te1/0/3 | in drops:
sh policy-map int te1/0/3
sh controllers ethernet-controller tenGigabitEthernet 1/0/3
sh controllers ethernet-controller tenGigabitEthernet 1/0/3 | in Excess Defer
sh int te1/0/3 controller
sh platform hardware fed switch 1 qos queue stats interface te1/0/3
sh diagnostic events
sh diagnostic result switch 1 test 7 detail
sh platform hardware fed switch 1 fwd-asic drops exceptions asic 3
sh platform hardware fed switch 1 qos queue config interface te1/0/3
sh platform hardware fed switch 1 qos dscp-cos counters interface te1/0/3
show platform hardware fed switch active sdm prefer # Shows sdm template

show platform hardware fed switch 1 fwd-asic drops exceptions | ex _0_

# test etherchannel load-balancing
sh platform software fed switch active etherchannel 101 load-balance ipv4 192.0.2.2 192.0.2.1

# Want 3850 to crash ( run it a couple dozen times... ) ?
term shell
for xx in `interface Ethernet`; do echo $xx `show int $xx controller | cut -c 1-33 | grep Excess Defer`; done

! this is the command I should have been using
sh controllers | in Gig|Excess Defer

! 3850 beacon
! turn on the super bright LED for the hardware team
conf t
  hw-module beacon on switch 1

! why do have so many drops and discards?
conf t
qos queue-softmax-multiplier 1200

! list interface qos queue configuration
sh platform hardware fed switch active qos queue config interface tenGigabitEthernet 1/0/1


====================== CAT 9500 ======================


! MPLS testing
show mpls forwarding exact-route label 100 ipv4 source 192.0.2.2 destination 192.0.2.1 detail

! SDP - Stack Discovery Protocol
! LMP - Link Management Protocol
!   L2 traffic to maintain the SVL
! FSS - Front Side Stack - another name for StackWise Virtual
! Nif-mgr = Network Interface Manager
! FED = Forward Engine Driver
sh platform software fed switch active fss counters
sh platform software fed switch active fss err-pkt-counters latency
sh platform software fed switch active fss err-pkt-counters seqerr

!
sh errdisable flap-values

!
sh romvar

!
sh plat hard fed swi active qos queue stats internal cpu policer

!
sh plat soft infrastructure lsmpi
sh plat soft infrastructure lsmpi punt
sh plat soft infrastructure lsmpi punt | ex 0              0              0              0              0              0


! log discriminator, filter log messages
! in this case, stop transceiver low power receive warnings from flooding logging
logging discriminator LOWPOWER severity drops 3 facility drops SFF8472 mnemonics drops THRESHOLD_VIOLATION 
logging buffered discriminator LOWPOWER 1024000
logging console discriminator LOWPOWER
logging monitor discriminator LOWPOWER
logging source-interface GigabitEthernet0/0 vrf Mgmt-vrf
logging host 198.51.100.9 vrf Mgmt-vrf discriminator LOWPOWER

! list TCAM utilization
sh platform hardware fed active fwd-asic resource tcam utilization

! my favorite uptime and reload reason command
sh logging onboard switch 1 rp active uptime detail

! BGP nexthop table
sh ip bgp attr nexthop rib-filter

! BGP stuff
route-map REPLACE_AS permit 10
     set as-path replace {any | as-path-string}

! BGP stuff
neighbor 192.0.2.1 path-attribute discard 26 in
neighbor 192.0.2.1 path-attribute treat-as-withdraw 26 in

! BGP stuff
bgp bestpath as-path multipath-relax

! FED CPU packet capture
clear platform hardware fed active cap trigger
debug platform hardware fed active capture trigger ipv4 1.1.1.1 1.1.1.2 icmp
debug platform hardware fed active capture trigger int hu1/0/52 ingress
debug platform hardware fed active capture start
sh platform hardware fed active capture trigger
sh platform hardware fed active capture status
sh platform hardware fed active capture packet
sh platform hardware fed active capture detail ingress
sh platform hardware fed active capture detail egress
!
sh platform hardware fed active capture psv ingress
sh platform hardware fed active capture psv egress

! some commands TAC had me run for what turned out to be a bad ASIC core
show platform software infrastructure punt
show platform software infrastructure detailed packet
show platform software infrastructure lsmpi driver 0
show platform software infrastructure lsmpi driver 1
show platform software fed active punt cause summary
show platform software fed active punt cpuq brief
show platform software fed lsmpi stat
!
sh controller ethernet-controller hu1/0/51 phy detail
sh controller ethernet-controller hu1/0/52 phy detail
show platform software fed active ifm mapping
show platform software fed active xcvr lpn 51 link_status 
show platform software fed active xcvr lpn 52 link_status 
diagnostic start module 1 test 4 port 51
show diagnostic result module 1 test 4 detail

! if you want to dig around in the underlying Linux system
sh platform software mount
sh platform software mount switch 1 r0 dir /etc
sh platform software file contents switch 1 r0 /etc/passwd

! EIGRP statistics of active states
sh ip eigrp topology detail-links 

P 0.0.0.0/0, 1 successors, FD is 28416, tag is 12345, serno 4431798, Stats m(22)M(58783)A(8007)c(14)
  m = min duration
  M = max duration
  A = average duration
  c = count of times active state was entered

! MPLS testing
show mpls forwarding exact-route label 100 ipv4 source 192.0.2.2 destination 192.0.2.1 detail

! SDP - Stack Discovery Protocol
! LMP - Link Management Protocol
!   L2 traffic to maintain the SVL
! FSS - Front Side Stack - another name for StackWise Virtual
! Nif-mgr = Network Interface Manager
! FED = Forward Engine Driver
sh platform software fed switch active fss counters
sh platform software fed switch active fss err-pkt-counters latency
sh platform software fed switch active fss err-pkt-counters seqerr

! 
sh errdisable flap-values

! 
sh romvar

!
sh plat hard fed swi active qos queue stats internal cpu policer

!
sh plat soft infrastructure lsmpi
sh plat soft infrastructure lsmpi punt
sh plat soft infrastructure lsmpi punt | ex 0              0              0              0              0              0

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

! The flexible netflow equivalent of the old ip flow top-talkers
flow monitor NETFLOW_OUTPUT
 des Monitor IPv4 Output Flows
 record netflow ipv4 original-output
!
flow monitor NETFLOW_INPUT
 des Monitor IPv4 Input Flows
 record netflow ipv4 original-input
!
int gi0/0/0
 ip flow monitor NETFLOW_OUTPUT output
 ip flow monitor NETFLOW_INPUT input
!
end
!
!
sh flow monitor NETFLOW_OUTPUT cache sort highest counter packets top 30 format table
sh flow monitor NETFLOW_INPUT cache sort highest counter bytes top 20 format table
!

! transceiver information
sh hw-module interface gi0/0/5 transceiver idprom detail
sh inv
sh hw-module subslot 0/0 transceiver 2 idprom detail

! reload reason history
sh redundancy history reload
sh logging onboard uptime


# Policy Based Routing 
## default is IP routing but this can alter default behavior if we apply policy on that interface.
## Eg: Say we want to change the nexthop behavior from 10.10.10.10 to 20.20.20.20 for clients on 192.168.10.0/24 incoming from G0/0 on router(R1)

R1# conf t
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  route-map CLIENTS-TO-INET
    match ip address 100 # Many other criterias
    set ip next-hop 20.20.20.20 # Can also choose interface etc
  int g0/0
    ip policy route-map CLIENTS-TO-INET
  show route-map
  show ip policy # shows policy attached on the router

# Cisco Express Forwarding (CEF)
## Old way of IOS was to use "Process Switching", processor is involved with every packet flow. Debug uses process switching.
## CEF is line card forwarding that uses FIB (best routes from RIB). ASIC is used. This is different that route-cache aka fast-switching.
## Multicast, loopbacks and IP starting from 0 are not supported on CEF. CEF will punt it to fast-switching or process switching.
conf t# ip cef # Enables CEF
show ip cef
show adjacency detail #shows mac of self and connected interface
show processes cpu # Eg 1%/0%, first % is overall CPU and second % is interrupts. Pipe to "| in IP Input"
show int g0/1 stats
conf t# int g0/1# ip route-cache # Enables route-cache of fast switching.

! online insertion and removal
sh hw-module subslot all oir
hw-module subslot 0/2 oir power-cycle
hw-module subslot 0/2 stop
sh hw-module subslot 0/2 oir

! 4G LTE NIM
sh cellular 0/2/0 all
sh running-config | swe Cellular
sh running-config controller cellular 0/2/0
sh ip route | in Cellular
sh int cellular 0/2/0

! show transceiver RX and TX power
sh hw-module subslot 0/0 transceiver 0 status

! embedded packet capture
monitor capture CAP interface GigabitEthernet0/0/1 both
monitor capture CAP match ipv4 protocol tcp any any
monitor capture CAP start
monitor capture CAP stop
show monitor capture CAP buffer brief
show monitor capture CAP buffer detailed 
monitor capture CAP export tftp://10.0.0.1/CAP.pcap
no monitor capture CAP

! MLPPP links
show hw-module subslot 0/2 oir
show ppp all
show ppp summary
show ppp ?
show interface multilink1
show interface Serial0/2/0:0
show interface Serial0/2/1:0
show interface Serial0/2/2:0
show interface Serial0/2/3:0
show controllers T1 0/2/0
show controllers T1 0/2/1
show controllers T1 0/2/2
show controllers T1 0/2/3

! sd-wan reload history
show sdwan reboot history

! why did it take me so long to learn this?
logging dmvpn

! sdwan stuff
sh sdwan policy from-vsmart
sh sdwan policy access-list-associations
sh sdwan policy access-list-counters
sh sdwan running-config | se access-list
sh sdwan bfd session
sh sdwan bfd history
sh sdwan control connections
sh sdwan control connection-history

! tcp adjust-mss status
sh ip tcp adjust stats interface gi0/0/0

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

! Have a file that doesn't respond to the delete command
! Command is considered a bug in CSCty07275
! The fix created bug CSCus97711, because the command stopped working
filesys delete /var/tmp/somesuperlarge.log

! md5sum
show file bootflash:n7700-s2-kickstart.7.3.0.DX.1.bin md5sum
! troubleshoot interface discards
sh int e1/39 | in discard
sh queuing interface e1/39
sh hardware internal ns buffer info pkt-stats
sh hardware internal buffer info pkt-stats detail
!
sh hardware qos ns-buffer-profile 
NS Buffer Profile: Mesh optimized
!
conf t
 hardware qos ns-buffer-profile ultra-burst 

! Nexus ethanalyzer
! Only captures control plane traffic
! Use a SPAN for data plane traffic
ethanalyzer local interface inband capture-filter "icmp" detail 

! troubleshoot command
show troubleshoot l3 ipv4 192.0.2.2 src-ip 192.0.2.1 vrf default 

! test NXOS ECMP 
! N9k, fabric module needs to be specified
show routing hash 192.0.2.2 192.0.2.1 module 21

! route-map redistribution staistics
show ip eigrp route-map statistics redistribute bgp 64496

! LIST ALL THE COMMANDS
sh cli list
which

! reset reason
sh system reset-reason

! BGP convergience information
sh bgp convergence detail vrf all

! increase the size of event history
ip eigrp event-history rib size large

! if you want to dig around in the underlying Linux system
show system internal flash
show system internal dir /var/log/external/
show system internal file /var/log/external/messages | less

! nexus becon feature
! turn on the super bright LEDs for the hardware team
(config)# int e1/1
  beacon
!
blink chassis
blink fan
blink module
blink powersupply
!
locator-led chassis
locator-led fan
locator-led module
locator-led powersupply
!
sh locator-led status
!
no locator-led chassis! nexus becon feature
(config)# int e1/1
  beacon
!
blink chassis
blink fan
blink module
blink powersupply
!
locator-led chassis
locator-led fan
locator-led module
locator-led powersupply
!
sh locator-led status
!
no locator-led chassis

! change the MAC address used with Spanning-tree BPDUs sent out on VPCs 
! - from 0026.fxxx.0000
! - to 0026.0bf1.fxxx
! - where xxx is the VPC number in hex
mac-address bpdu source version 2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# Basic Commands (Must Know)
# ==========================
show ap summary
show wlan summary
show interface summary
show client detail 34:02:86:96:2f:b7
# ==========================


# https://neverthenetwork.com/notes/wlc_cli

show client state summary # shows clients with state 

# ================= AP Stuck Downloading ===========================

# IOS APs when are upgraded or downgraded either from 9800 or AirOS WLC will get stuck in an image download loop and thereby fail to join WLC (AireOS or C9800) due to failure to validate image signing after December 4th, 2022."
## Environment: AP models including 700/800/1700/2700/3700/1552/1572
## Cause: Code signing certificate has expired
## Resolution: This issue is resolved beginning in AireOS code versions: 8.5.182.7 (Special Release - unknown how long the code will be available) 8.10.183.0 
## Workaround if unable to update code on controllers:
## Step1: SSH to WLC
Show ntp config and make note of which servers are configured
show time
## Step 2: Delete ntp servers and set date/time to before 12/4/2022
config time ntp delete 1
config time ntp delete 2
## This command is not present in some earlier code levels. If this command is not available, use the "config time ntp server <index> 0.0.0.0 command.
config time manual 11/11/22 00:00:00 
## Re-initiate the registration/download process for the AP with one of the following:
## Step 3: SSH to AP and issue 
capwap ap restart
## Bounce the switchport
## Wait 30 minutes for APs to update and rejoin.
## Status can be checked from wlc with `show ap image` status and/or from ap with `show logging`
## After all problematic APs have rejoined and updated, re-enable ntp using the servers that were noted earlier
config time ntp server 1 172.20.160.160
config time ntp server 2 172.25.112.16
## Note: Unless running a fixed release, this can happen anytime an AP has to update code
## Related Resources
## https://www.cisco.com/c/en/us/support/docs/wireless/aironet-700-series-access-points/218447-ios-ap-image-download-fails-due-to-expir.html
## https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd80290

# ===================================================================

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

# System Related
get system status # shows uptime, serial, firmware etc.
diag hardware deviceinfo nic interface.

# VPN Related: --> Needs phase 1 or IKE first and then only Phase 2 (data traffic).
## Phase 1 tunnel --- aka --- (IKE_SA)
## IKEv1 is phase 1 negotiation process. It uses either main mode or aggressive mode. Main mode = 6 msgs Vs Aggressive = 3 msgs. So main mode is more secure but slow.
## IKEv2 has four packet exchange. There is no main mode or aggressive. It supports "NAT traversal" device behind NAT.
  ## 1) IKE_SA_INIT Initiator request (sent by FGT)
  ## 2) IKE_SA_INIT Responder response (got a response from the peer)
  ## 3) IKE_AUTH Initiator request <---------if negotiation failing at this point, check MTU value on peer. May be packet is lost along the route. (FGT sending the auth request multiple times)
  ## 4) IKE_AUTH Responder response
## Phase 2 tunnel --- aka --- (Quick Mode or CHILD_SA)
## Tunnel Mode:
## Routed Mode:



# Debug FlowTrace (This is best thing I've learnt) -- Policy LookUp Tool
# One time with TAC found out that reverse path check is failed during Source NAT so packet is dropped !
diag debug flow filter addr 172.16.200.128 #any source IP that's hitting forti
diag debug flow show iprope enable
diag debug flow show function-name enable 
diag debug enable
diag debug flow trace start 50


######################################################################################################################

# Case Study: 

## IKE not UP, Phase-2 Issues, and Policy ?
## Remote ASA phase 1 is not coming up no matter what. Turned out VPN interface was admin shutdown. Duh! how to find it out ?
## 
diagnose  vpn  ike  log filter dst-addr4  <Remote-Peer-IP Eg:14.18.18.96>
diagnose  deb app ike -1
di deb console time en
di deb e

## 2023-08-07 11:14:57.730132 ike 7:7d5b10946338ec5b/0000000000000000:43429045: negotiation failure
## 2023-08-07 11:14:57.730155 ike Negotiate SA Error: 2023-08-07 11:14:57.730160 ike 2023-08-07 11:14:57.730166 ike  [10389]
## 2023-08-07 11:14:57.998746 ike 7:Arbitrary-VPN:Arbitrary-VPN: IPsec SA connect 70 20.20.20.20->14.18.18.96:0
## 2023-08-07 11:14:57.998764 ike 7:Arbitrary-VPN: ignoring request to establish IPsec SA, interface is administratively down

# Now debug the flow with remote allowed IP:
di deb flow filter addr  192.168.208.2
di deb flow filter pr 1
di deb flow trace start 99
di deb e

## Check the Denied forward policy check
## 2023-08-07 11:36:43 id=20085 trace_id=104 func=print_pkt_detail line=5824 msg="vd-vpn:0 received a packet(proto=1, 14.18.18.96:46416->192.168.208.2:2048) from ## Arbitrary-VPN. type=8, code=0, id=46416, seq=68."
## 2023-08-07 11:36:43 id=20085 trace_id=104 func=init_ip_session_common line=5995 msg="allocate a new session-9e4986b2"
## 2023-08-07 11:36:43 id=20085 trace_id=104 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-172.20.233.89 via port34"
## 2023-08-07 11:36:43 id=20085 trace_id=104 func=fw_forward_handler line=655 msg="Denied by forward policy check (policy 0)"
## 2023-08-07 11:36:44 id=20085 trace_id=105 func=print_pkt_detail line=5824 msg="vd-vpn:0 received a packet(proto=1, 14.18.18.96:46416->192.168.208.2:2048) from ## Arbitrary-VPN. type=8, code=0, id=46416, seq=69."

## ASA to Fortigate needs multiple Phase 2 selectors, dont append everything on one.
## Don't forget to PFS disable and auto-negotiate enable. (Autonegotiate dont care about the timers.)
## Make one phase 2 at a time and bring it up. If you add all subnets in one phase 2, if one doesn't work, it will bring all phase 2 down.
config vpn ipsec phase2-interface
    edit "Arbitrary-VPN-Tunnel-01"
        set phase1name "Arbitrary-VPN"
        set proposal aes256-sha256
        set pfs disable
        set auto-negotiate enable
        set src-subnet 206.208.220.135 255.255.255.255 # This is DNAT IP, you can't use local IP if you are using DNAT.
        set dst-subnet 10.10.10.10 255.255.255.192
    next
end

## Make a policy if you are using DNAT or VIP. Then enable policy, then debug again.
## All source ip will go through RPF check to ensure routing is not conflicted originating from tunnel to its internal.

######################################################################################################################

# LLDP may not be enabled by default:

config system interface <interface>
set lldp-reception enable
set lldp-transmission enable
end

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

! CPU and memory usage
show process cpu-usage non-zero
show process cpu-usage sorted
show cpu usage
show memory

! Input / output information
show crypto accelerator statistics

! To get the current throughput 
clear crypto accelerator statistics
 -- wait 10 seconds --
show crypto accelerator statistics

! From [Global Statistics]
[ input bytes + output bytes ] * 8
-----------------------------------  = MBps
        1,000,000 * seconds

! Current Active sessions
show vpn-sessiondb

! License capacity
show vpn-sessiondb license-summary

! SNMP OID list
show snmp-server oidlist
 - hidden command

! IP traffic information, drops
sh traffic
sh traffic | in drop

! Threat detection information
sh threat-detection statistics top
sh threat-detection rate

! Local pool information
sh ip local pool User-Pool-192.0.2.0/21
sh ip local pool User-Pool-192.1.2.0/21

sh crypto protocol statistics all

! Session information
sh vpn-sessiondb anyconnect
sh vpn-sessiondb detail
sh vpn-sessiondb detail anyconnect
sh vpn-sessiondb detail anyconnect | in Drop
sh user-identity user active list
sh user-identity user active list detail

! User session Group policy, Anyconnect client version, 
! session duration, dropped packet count
sh vpn-sessiondb detail anyconnect filter name <username>

! accelerated security path
sh asp table socket | in SSL|DTLS

! multi-context ASA
changeto system
show context

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

# random stuff
maglev catalog settings validate
maglev catalog settings display
maglev catalog release_channel display -V
docker info | grep -e Stopped -e Prox
maglev catalog system_update_hook_bundle display -V
maglev catalog system_update_package display
maglev system_update_package status -V
maglev system_updater update_info
curl -k -v https://www.ciscoconnectdna.com

# Enable weak ciphers for older, "legacy" APs
magctl service tls_version --tls-min-version show
magctl service display kong
magctl service tls_version --tls-v1=enable kong
magctl service ciphers --ciphers-rc4=enable kong

# Restart Service
magctl service restart identity-manager-pxgrid-service

#Change Kong user name
maglev login -u 703489232

# Find the hardware model 
$ sudo lshw  -c  system | grep -E "product|serial"
    product: DN2-HW-APL-XL
    serial: FCH2336W00E

# SCP the files to Cisco TAC CASE:
- rca # generates RCA in a single node cluster
- scp /data/rca/maglev-192.168.99.3-rca-2022-01-03_18-17-26_UTC.tar.gz 692813975@cxd.cisco.com:
password: fzNrVTE6rr5nX6mK (Generate Token on the case and this is your pwd.)

# Package and App specific:
- maglev system status # Shows system version
System status:
  Current system version: 1.6.594

- maglev system_updater update_info
System update status:
  Version successfully installed : 1.6.594

- maglev package status # Shows all packages with version
- maglev catalog package display # shows recent version of packages
- magctl appstack status -fw # Shows watch for kubectl services "kubectl get pods -o wide --selector tier!=cron --all-namespaces | grep -Ev '([0-9]+)/\1'"
- magctl appstack status | grep running
- magctl appstack status | grep 0/
- maglev catalog package pull icap-automation:2.1.266.62815 # this pulls specific version of package
- maglev package deploy -R application-visibility-service:2.1.266.170289 # this will deploy specific version of package
- magctl service status # shows everything related to service
- magctl dns config show # DNS config --> One for cluster one for outside the world.
- Magctl service restart -d coredns # To restart specific service
- systemctl status kubelet

# Cluster scaling, you can check this command while other nodes are up and joining the cluster or while node have issues on the cluster.
- maglev service nodescale status # Check if all the services are scaled in the cluster
APPSTACK        SERVICE         CLUSTERED       ERROR               
--------------------------------------------------------------------
app-hosting     postgres        3/3                                 
fusion          postgres        3/3                                 
maglev-system   cassandra       3/3                                 
maglev-system   elasticsearch   3/3                                 
maglev-system   glusterfs       3/3                                 
maglev-system   influxdb        2/2                                 
maglev-system   mongodb         3/3                                 
maglev-system   rabbitmq        3/3                                 
maglev-system   zookeeper       3/3                                 
ndp             elasticsearch   3/3                                 
ndp             kafka           3/3                                 
ndp             redis           3/3    
- maglev service nodescale progress # shows scaling progress if not synced fully
- sudo maglev-config certs info # Shows all the certs and exp date
- df -h # Shows the disk free usage
- ntpq -pn # Not sure what it is

# Config Specific
- sudo maglev-config update #Imp Command to edit IP on cluster and internet link.
- sudo cat /sys/devices/virtual/dmi/id/chassis_serial # Show serial number
- etcdctl get /maglev/config/cluster/cluster_network # shows cluster IP
- magctl node display # gives cluster info
- etcdctl get nodes
- etcdctl member list
e2eea5788f27cdce: name=etcd-192.168.99.2 peerURLs=http://192.168.99.2:2380 clientURLs=http://192.168.99.2:2379 isLeader=false
eb26ca6a9c60cc25: name=etcd-192.168.99.3 peerURLs=http://192.168.99.3:2380 clientURLs=http://192.168.99.3:2379 isLeader=false
f702dfb05d959106: name=etcd-192.168.99.1 peerURLs=http://192.168.99.1:2380 clientURLs=http://192.168.99.1:2379 isLeader=true
- etcdctl cluster-health # Cluster Health
- kubectl get nodes 
NAME           STATUS   ROLES    AGE   VERSION
192.168.99.1   Ready    master   59d   v1.15.3-cisco
192.168.99.2   Ready    master   59d   v1.15.3-cisco
192.168.99.3   Ready    master   61d   v1.15.3-cisco


# Deletes all Pods that are not running or have issues ("magctl appstack status" checks it)
- kubectl get pods -A --all-namespaces --no-headers | grep -v Running | awk '{print "kubectl delete pod -n "$1,$2}' | while read -r cmd; do $cmd ; done


# More stuffs

magctl service logs -rf iosxe-db
magctl service restart -d iosxe-db
magctl service logs -rf iosxe-db
magctl service logs -rf iosxe-db |grep ERROR


_shell
magctl appstack status -f
magctl appstack status | grep ise
magctl appstack status | grep pxgrid
magctl service restart -d collector-ise
ntpq -pn
kubectl get pods -A --all-namespaces --no-headers | grep -v Running | awk '{print "kubectl delete pod -n "$1,$2}' | while read -r cmd; do $cmd ; done
docker rm -v $(docker ps -q -f status=exited)
magctl appstack status -f
magctl service logs - rf pxgrid-service | lql
magctl service logs -rf pxgrid-service | lql
magctl appstack status | grep pxgrid
magctl appstack status | grep ise
maglev login -k
maglev package status
maglev catalog package display
maglev catalog settings display
maglev catalog release_channel display -V
maglev system_updater update_info
kubectl get nodes
df -h
ntpq -pn
magctl appstack status
docker ps | grep redis_rediis
docker ps | grep redis_redis
docker exec -it 5d2e816b73e2 bash
exit
magctl appstack status | grep server
magctl service logs -r server-management | lql > server-management0829.log
less server-management0829.log
ip a | grep manage
ip a | grep -C3 manage
ip a | grep en
echo | openssl s_client -showcerts -connect 10.76.104.24:443
magctl service logs -rf server-manage | lql | tee server-managementfollow.log
magctl service logs -r server-management | lql > server-managementpostpassword.log
less server-managementpostpassword.log
magctl service logs -rf server-managemet | lql | tee servermanagementfollow2.log
magctl service logs -rf server-manageme | lql | tee servermanagementfollow2.log
magctl service restart -d server-management
magctl appstack status -fw
magctl service logs -rf server-manageme | lql | tee servermanagementfollow2.log
kubectl get pods -A --all-namespaces --no-headers | grep -v Running | awk '{print "kubectl delete pod -n "$1,$2}' | while read -r cmd; do $cmd ; done
docker rm -v $(docker ps -q -f status=exited)
magctl appstack status -f
magctl service restrat -d catalogs
magctl service restart -d catalogs
magctl appstack status -f
kubectl get nodes
maglev catalog release status dnac:2.3.3.7.72328-HF5
maglev catalog release status dnac:2.3.3.7.72328.HF5
maglev catalog release status dnac:2.3.3.7.72328.5
maglev catalog package pull device-onboarding:2.1.518.62248
maglev catalog release pull -r dnac:2.3.3.7-72328 -a all dnac:2.3.3.7-72328.5
maglev catalog release pull -r dnac:2.3.3.7.72328 -a all dnac:2.3.3.7.72328.5
maglev catalog release status dnac:2.3.3.7.72328.5
watch maglev catalog release status dnac:2.3.3.7.72328.5
magctl workflow status | grep -i pending -C 20
maglev catalog release status dnac:2.3.3.7.72328.5
maglev catalog package delete device-onboarding:2.1.518.62248
maglev catalog release status dnac:2.3.3.7.72328.5
maglev catalog package pull device-onboarding:2.1.518.62248
maglev catalog release status dnac:2.3.3.7.72328.5
maglev catalog package pull device-onboarding:2.1.518.62248
maglev catalog release status dnac:2.3.3.7.72328.5
maglev service nodescale status
maglev service nodescale progress
magctl appstack status -f
magctl node display
etcdctl cluster-health
kubectl get pods -A --all-namespaces --no-headers | grep -v Running
kubectl get pods -A --all-namespaces --no-headers
maglev catalog package display

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497

# Debug live and regex

This is super helpful, especially for those times I want to quickly check something without going through the whole setting up a webex with support hassle.

One we had to use recently to see database transactions:
set debug ibap on

Then to display the relevant messages:
show log debug follow /regex/

And when done:
set debug ibap off


# General Stuff

help
show version           #Version and serial number
show status            #Grid and HA status, hostname, Grid Master IP
show hardware_status   #temperature, power, fan
show uptime
show cpu               #memory, swap, io, system, cpu
show memory            #little more memory details, same as Linux command "free"
show disk
show disk_usage_sorted #hidden command
show ntp
show date
 
show license           #list of all licenses incl. epiration dates
set license            #paste a new license
set temp_license       #active 60-days trial licenses
 
set membership         #become a Grid member
set nogrid             #removes this member from the Grid
reboot                 #reboot the system (which also clears the caches)
shutdown               #give it a try ;)

show config { dns | dhcp | dhcpv6 }

show log [ syslog | debug | audit ]
show log [ syslog | debug | audit ] /regex/
show log [ syslog | debug | audit ] tail {number-of-line}
show log [ syslog | debug | audit ] follow [/regex/]

# ===================================================================

# Traffic Capture 

Infoblox > set traffic_capture on port all duration 60
Traffic capture started successfully.
Infoblox > show traffic_capture_status
Traffic capture is running.
4KB captured.
 
<wait until the capture is finished>
 
Infoblox > show traffic_capture_status
Traffic capture is stopped.
13KB captured.
 
Infoblox > set traffic_capture transfer scp 87.190.30.112 weberjoh -
Enter password:
WARNING: This operation may take a long time to complete
Do you want to proceed? (y or n):y
scp succeeds
ib1.weberdns.de_0_2019-02-19-12-31-03_tcpdumpLog.tar.gz is uploaded to scp server 87.190.30.112 successfully

# ===================================================================

# TCPDUMP

set expertmode
tcpdump -i eth2
#or with some options and capture filters:
tcpdump -i eth2 -vv "host 192.168.0.1 or 172.16.22.53"
Ctrl+c #to stop
set expertmode off

Infoblox > set expertmode 
 
"Disclaimer: The expert mode CLI commands are designed for advanced users. 
Ensure that you have proper knowledge and expertise when using these commands. 
Improper usage of commands may affect your system performance and stability." 
 
Expert Mode > 
Expert Mode > tcpdump 
Please specify the interface with the -i option. 
 
Expert Mode > tcpdump -i eth2 -v "host 87.190.30.114 or 213.61.29.182" 
tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 262144 bytes 
16:42:30.023465 IP (tos 0x0, ttl 64, id 9702, offset 0, flags [none], proto UDP (17), length 71) 
    192.0.2.177.19826 > 213.61.29.182.53: 8833 [1au] A? pa.weberlab.de. (43) 
16:42:30.031405 IP (tos 0x0, ttl 57, id 19465, offset 0, flags [none], proto UDP (17), length 1303) 
    213.61.29.182.53 > 192.0.2.177.19826: 8833*- 2/3/7 pa.weberlab.de. A 193.24.227.9, pa.weberlab.de. RRSIG (1275) 
16:42:30.034387 IP (tos 0x0, ttl 64, id 41623, offset 0, flags [none], proto UDP (17), length 71) 
    192.0.2.177.34258 > 87.190.30.114.53: 20807 [1au] AAAA? pa.weberlab.de. (43) 
16:42:30.044030 IP (tos 0x0, ttl 55, id 19194, offset 0, flags [none], proto UDP (17), length 836) 
    87.190.30.114.53 > 192.0.2.177.34258: 20807*- 0/4/1 (808) 
^C 
4 packets captured 
4 packets received by filter 
0 packets dropped by kernel 
 
Expert Mode > set expertmode off 
Infoblox > 
# ===================================================================

# Network & Interfaces

set network           #set basic LAN1 IP addresses and optionally become a Grid member
show network          #show LAN1/HA/Mgmt port IP addresses
 
set interface         #speed and duplex for LAN1/HA/Mgmt interfaces on hardware devices
show interface        #much more details for all interfaces (incl. tunnels!) such as packets, errors, etc.
 
ping { hostname | ip } [v6]        #well, that's ping ;) optionally via IPv6
traceroute { hostname | ip } [v6]  #traceroute via legacy IP or IPv6
show ipv6_neighbor all             #IPv6 neighbors (NDP) for all interfaces
show arp                           #ARP cache for all interfaces
reset arp                          #clear the ARP cache

# ===================================================================

# Anycast Routing

show ipv6_bgp [ route | neighbor | summary | community | config ]
show bgp [ route | neighbor | summary | config ]
 
show ipv6_ospf [interface | neighbor | database | route | config ]
show ospf [ interface | neighbor | database | route | config ]

# ===================================================================

# Maintenance Mode

set maintenancemode

show backup grid
delete backup grid { all | filename }
 
show coresummary
show cores
delete cores { all | filename }

! Sample for showing/deleting a backup:

Infoblox > set maintenancemode 
Maintenance Mode > show backup grid 
Backup files present on the system 
 
Filename                                        Size 
----------------------------------------------------- 
BACKUP_2019_02_02_03_00.tar.gz                17367 k 
BACKUP_2019_03_07_03_30.tar.gz                17842 k 
BACKUP_2019_03_08_03_30.tar.gz                17854 k 
BACKUP_2019_03_09_03_30.tar.gz                17854 k 
BACKUP_2019_03_10_03_30.tar.gz                17854 k 
BACKUP_2019_03_11_03_30.tar.gz                17854 k 
BACKUP_2019_03_12_03_30.tar.gz                17857 k 
BACKUP_2019_03_13_03_30.tar.gz                17879 k 
BACKUP_2019_03_14_03_31.tar.gz                17889 k 
BACKUP_2019_03_15_03_30.tar.gz                17899 k 
 
Maintenance Mode > 
Maintenance Mode > 
Maintenance Mode > delete backup grid BACKUP_2019_02_02_03_00.tar.gz 
Backup file BACKUP_2019_02_02_03_00.tar.gz deleted 
Maintenance Mode > 
Maintenance Mode > set maintenancemode off 
Infoblox > 

## Sample of coresummary on the Grid master (without any files ;)):

Infoblox > set maintenancemode
Maintenance Mode > show coresummary
+-------------------------------------------+-----------+-----------------------+
|                                     Member|Cores count|       Latest core file|
+-------------------------------------------+-----------+-----------------------+
|        infoblox.weberlab.de (194.247.5.15)|          0|                   None|
+-------------------------------------------+-----------+-----------------------+
|           ib1.weberdns.de (193.24.227.239)|          0|                   None|
+-------------------------------------------+-----------+-----------------------+
|             ib2.weberdns.de (194.247.5.16)|          0|                   None|
+-------------------------------------------+-----------+-----------------------+
|      ib3-report.weberdns.de (194.247.5.17)|          0|                   None|
+-------------------------------------------+-----------+-----------------------+
| ib4-recursive.weberdns.de (193.24.227.240)|          0|                   None|
+-------------------------------------------+-----------+-----------------------+
Maintenance Mode > 
Maintenance Mode > show cores 
Core files present on the system 
 
Filename                                        Size                     Date 
------------------------------------------------------------------------------ 
 
There are no core files. 
 
Maintenance Mode > 
Maintenance Mode > set maintenancemode off
Infoblox >

## Watch Processes
show process refresh {interval} {dns | dhcp | snmp | grid | mssync}

Infoblox > set maintenancemode
Maintenance Mode > 
Maintenance Mode > show process refresh 2 dns
Wed Apr 10 18:03:47 2019
Command invoked ==> show process refresh 2 dns
  PID  VIRT(kb)  RES(kb)  SHR(kb)   %CPU   %MEM     Uptime      Command
22162     7898m      29m      10m    0.0    0.2    0:00.03      named
22163     7898m      29m      10m    0.0    0.2    0:00.08      named
22164     7898m      29m      10m    0.0    0.2    0:00.11      named
22165     7898m      29m      10m    0.0    0.2    0:00.04      named
22166     7898m      29m      10m    0.0    0.2    0:00.02      named
22176     7898m      29m      10m    0.0    0.2    0:00.02      named
22190     7898m      29m      10m    0.0    0.2    0:00.00      named
22198     7898m      29m      10m    0.0    0.2    0:00.03      named
[Press <enter> to return to prompt]
q
Maintenance Mode >
Maintenance Mode > set maintenancemode off
Infoblox >

# ===================================================================

# DNS Related

show dns stats
show dns cache [name-of-the-view]
show dns cache_ex /regex/ [name-of-the-view]
show dns cache_size [name-of-the-view]

Infoblox > show dns cache_ex /weberlab/ 
weberlab.de.            86396   DS      13179 10 2 ( 
weberlab.de.            86396   RRSIG   DS 8 2 86400 ( 
weberlab.de.            56      DNSKEY  257 3 10 ( 
weberlab.de.            56      DNSKEY  256 3 10 ( 
weberlab.de.            56      RRSIG   DNSKEY 10 2 60 ( 
                                        20190505113757 20190405103757 13179 weberlab.de. 
weberlab.de.            56      RRSIG   DNSKEY 10 2 60 ( 
                                        20190505113757 20190405103757 36935 weberlab.de. 
fg2.weberlab.de.        56      A       194.247.4.10 
fg2.weberlab.de.        56      RRSIG   A 10 3 60 ( 
                                        20190505105415 20190405103758 36935 weberlab.de. 
Infoblox > 

# ===================================================================

# IPMI AKA LOM

Using the Intelligent Platform Management Interface port which is called Lights Out Management on Infoblox you can power on/off the device, get the sensor values, read out the system event log, and finally open a serial console session (which is great!). I am using ipmitool on Linux: sudo apt-get install ipmitool. Here are some samples:

Terminate the session with ~.

## Power off/on/status

troublemaker@ibp02troublet01:~$ ipmitool -H 192.168.102.35 -U ThisIsTheUser -P ThisIsThePassword -L OPERATOR -I lanplus power off 
Chassis Power Control: Down/Off 
 
troublemaker@ibp02troublet01:~$ ipmitool -H 192.168.102.35 -U ThisIsTheUser -P ThisIsThePassword -L OPERATOR -I lanplus power on 
Chassis Power Control: Up/On 
 
troublemaker@ibp02troublet01:~$ ipmitool -H 192.168.102.35 -U ThisIsTheUser -P ThisIsThePassword -L OPERATOR -I lanplus power status 
Chassis Power is on 

## Sensors

troublemaker@ibp02troublet01:~$ ipmitool -H 192.168.102.35 -U ThisIsTheUser -P ThisIsThePassword -L OPERATOR -I lanplus sensor 
CPU Temp         | 28.000     | degrees C  | ok    | 0.000     | 0.000     | 0.000     | 95.000    | 100.000   | 100.000 
PCH Temp         | 29.000     | degrees C  | ok    | 0.000     | 5.000     | 10.000    | 90.000    | 95.000    | 100.000 
System Temp      | 24.000     | degrees C  | ok    | -10.000   | -5.000    | 0.000     | 80.000    | 85.000    | 90.000 
Peripheral Temp  | 23.000     | degrees C  | ok    | -10.000   | -5.000    | 0.000     | 80.000    | 85.000    | 90.000 
VcpuVRM Temp     | 38.000     | degrees C  | ok    | -5.000    | 0.000     | 5.000     | 95.000    | 100.000   | 105.000 
DIMMA1 Temp      | na         |            | na    | na        | na        | na        | na        | na        | na 
DIMMA2 Temp      | 27.000     | degrees C  | ok    | -5.000    | 0.000     | 5.000     | 80.000    | 85.000    | 90.000 
DIMMB1 Temp      | na         |            | na    | na        | na        | na        | na        | na        | na 
DIMMB2 Temp      | 27.000     | degrees C  | ok    | -5.000    | 0.000     | 5.000     | 80.000    | 85.000    | 90.000 
FAN1             | 9700.000   | RPM        | ok    | 300.000   | 500.000   | 700.000   | 25300.000 | 25400.000 | 25500.000 
FAN2             | 9500.000   | RPM        | ok    | 300.000   | 500.000   | 700.000   | 25300.000 | 25400.000 | 25500.000 
FAN3             | 9500.000   | RPM        | ok    | 300.000   | 500.000   | 700.000   | 25300.000 | 25400.000 | 25500.000 
FAN4             | 9200.000   | RPM        | ok    | 300.000   | 500.000   | 700.000   | 25300.000 | 25400.000 | 25500.000 
FAN5             | 9500.000   | RPM        | ok    | 300.000   | 500.000   | 700.000   | 25300.000 | 25400.000 | 25500.000 
FAN6             | 9300.000   | RPM        | ok    | 300.000   | 500.000   | 700.000   | 25300.000 | 25400.000 | 25500.000 
12V              | 12.000     | Volts      | ok    | 10.173    | 10.299    | 10.740    | 12.945    | 13.260    | 13.386 
5VCC             | 4.948      | Volts      | ok    | 4.246     | 4.298     | 4.480     | 5.390     | 5.546     | 5.598 
3.3VCC           | 3.299      | Volts      | ok    | 2.789     | 2.823     | 2.959     | 3.554     | 3.656     | 3.690 
VBAT             | 3.103      | Volts      | ok    | 2.407     | 2.494     | 2.610     | 3.509     | 3.596     | 3.712 
Vcpu             | 0.804      | Volts      | ok    | 0.111     | 0.111     | 0.111     | 1.596     | 1.758     | 1.776 
VDIMMAB          | 1.173      | Volts      | ok    | 0.948     | 0.975     | 1.047     | 1.344     | 1.425     | 1.443 
0.95V VCCIO      | 0.960      | Volts      | ok    | 0.870     | 0.897     | 0.942     | 1.194     | 1.221     | 1.248 
1.5VSB           | 1.509      | Volts      | ok    | 1.320     | 1.347     | 1.401     | 1.644     | 1.671     | 1.698 
5VSB             | 4.896      | Volts      | ok    | 4.246     | 4.298     | 4.480     | 5.390     | 5.546     | 5.598 
3.3VSB           | 3.214      | Volts      | ok    | 2.789     | 2.823     | 2.959     | 3.554     | 3.656     | 3.690 
1.05V VCCSA      | 1.050      | Volts      | ok    | 0.861     | 0.888     | 0.960     | 1.086     | 1.149     | 1.176 
1.2V BMC         | 1.200      | Volts      | ok    | 1.020     | 1.047     | 1.092     | 1.344     | 1.371     | 1.398 
1.0V PCH         | 0.996      | Volts      | ok    | 0.870     | 0.897     | 0.942     | 1.194     | 1.221     | 1.248 
Chassis Intru    | 0x0        | discrete   | 0x0000| na        | na        | na        | na        | na        | na 
PS1 Status       | 0x1        | discrete   | 0x0100| na        | na        | na        | na        | na        | na 
PS2 Status       | 0x1        | discrete   | 0x0100| na        | na        | na        | na        | na        | na 

## System Event Log

troublemaker@ibp02troublet01:~$ ipmitool -H 192.168.102.35 -U ThisIsTheUser -P ThisIsThePassword -L OPERATOR -I lanplus sel list 
   1 | 01/25/2019 | 12:24:48 | Unknown #0xff |  | Asserted 
   2 | 01/25/2019 | 12:26:18 | Power Supply #0xc9 | Failure detected () | Asserted 
   3 | 01/25/2019 | 12:26:18 | Power Supply #0xc9 | Power Supply AC lost () | Asserted 
   4 | 01/25/2019 | 12:27:04 | Power Supply #0xc9 | Failure detected () | Deasserted 
   5 | 01/25/2019 | 12:27:04 | Power Supply #0xc9 | Power Supply AC lost () | Deasserted 
   6 | 02/13/2019 | 12:27:11 | Power Supply #0xc9 | Failure detected () | Asserted 
   7 | 02/13/2019 | 12:27:11 | Power Supply #0xc9 | Power Supply AC lost () | Asserted 
   8 | 02/13/2019 | 12:30:29 | Power Supply #0xc9 | Failure detected () | Deasserted 
   9 | 02/13/2019 | 12:30:29 | Power Supply #0xc9 | Power Supply AC lost () | Deasserted 
   a | 02/13/2019 | 12:32:57 | Power Supply #0xc8 | Failure detected () | Asserted 
   b | 02/13/2019 | 12:32:57 | Power Supply #0xc8 | Power Supply AC lost () | Asserted 
   c | 02/13/2019 | 12:37:28 | Power Supply #0xc8 | Failure detected () | Deasserted 
   d | 02/13/2019 | 12:37:28 | Power Supply #0xc8 | Power Supply AC lost () | Deasserted 

## Serial Console aka Serial over LAN (SOL)

troublemaker@ibp02troublet01:~$ ipmitool -H 192.168.102.35 -U ThisIsTheUser -P ThisIsThePassword -L OPERATOR -I lanplus sol activate 
[SOL Session operational.  Use ~? for help] 
 
 
 
Disconnect NOW if you have not been expressly authorized to use this system. 
login: admin_weberjoh 
password: 
 
               Infoblox NIOS Release 8.3.3-380481 (64bit) 
     Copyright (c) 1999-2017 Infoblox Inc. All Rights Reserved. 
 
                   type 'help' for more information 
 
 
Infoblox > show status 
Grid Status: ID Grid Master 
HA Status:      Passive 
Hostname:       dnsrz.weberlab.intern 
Infoblox > 
Infoblox > exit 
 
Good Bye 
 
 
Disconnect NOW if you have not been expressly authorized to use this system. 
login: 
 
~. [terminated ipmitool] 
                               troublemaker@ibp02troublet01:~$ 
troublemaker@ibp02troublet01:~$ 

# ===================================================================

# Support Bundle

set transfer_supportbundle scp <server-ip> <user-name> <user-password> [dest <file-name>] [core_files] [current_logs] [rotated_logs]
#Example:
set transfer_supportbundle scp 192.168.42.42 admin - core_files current_logs rotated_logs

# ===================================================================

# Dig & expertmode dig

Infoblox > dig 
 
Synopsis: 
 
   dig [@server_address] <hostname> [type] [opt...] 
      -- type can be any of the following 
         a, a6, aaaa, afsdb, any, apl, axfr, cert, cname, 
         dhcid, dlv, dname, dnskey, ds, gpos, hinfo, hip, 
         ipseckey, isdn, ixfr=serial_number, key, keydata, kx, loc, 
         maila, mailb, mb, md, mf, mg, minfo, mr, mx, 
         naptr, none, ns, nsap, nsap_ptr, nsec, nsec3, 
         nsec3param, null, nxt, opt, ptr, px, rp, rrsig, 
         rt, sig, soa, spf, srv, sshfp, tkey, tsig, txt, 
         unspec, wks, x25 
         The default is type "a" 
      -- opt is one or more of the following 
                 -x                  (shortcut for in-addr lookups; hostname is an IP address) 
                 -b address          (bind to source address) 
                 -y name:key         (specify named base64 tsig key) 
                 +vc                 (TCP mode) 
                 +norecurse          (Disable recursive mode) 
                 +short              (Disable everything except short form of answer) 
                 +nssearch           (Search all authoritative nameservers) 
                 +trace              (Trace delegation down from root) 
                 +cdflag             (Request server perform no DNSSEC validation) 
                 +dnssec             (Request that server sends DNSSEC records) 
                 +multiline          (Print records like SOA and DNSKEY in multi-line format) 
 
   dig [@server_address] <ip-address> inverse 
 
Description: 
 
   Perform a DNS lookup and print the results. 
 
Infoblox > 
Infoblox > dig weberlab.de 
 
; <<>> DiG 9.10.2-ECS-M3 <<>> +noedns weberlab.de 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40294 
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
 
;; QUESTION SECTION: 
;weberlab.de.                   IN      A 
 
;; ANSWER SECTION: 
weberlab.de.            60      IN      A       87.190.30.116 
 
;; Query time: 11 msec 
;; SERVER: 127.0.0.1#53(127.0.0.1) 
;; WHEN: Fri Mar 15 17:35:03 CET 2019 
;; MSG SIZE  rcvd: 45 
 
Infoblox > 

Infoblox > set expertmode 
 
"Disclaimer: The expert mode CLI commands are designed for advanced users. 
Ensure that you have proper knowledge and expertise when using these commands. 
Improper usage of commands may affect your system performance and stability." 
 
Expert Mode > dig 
 
; <<>> DiG 9.10.2-ECS-M3 <<>> 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50543 
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 
 
;; OPT PSEUDOSECTION: 
; EDNS: version: 0, flags:; udp: 4096 
;; QUESTION SECTION: 
;.                              IN      NS 
 
;; ANSWER SECTION: 
.                       257092  IN      NS      i.root-servers.net. 
.                       257092  IN      NS      m.root-servers.net. 
.                       257092  IN      NS      e.root-servers.net. 
.                       257092  IN      NS      h.root-servers.net. 
.                       257092  IN      NS      k.root-servers.net. 
.                       257092  IN      NS      c.root-servers.net. 
.                       257092  IN      NS      g.root-servers.net. 
.                       257092  IN      NS      b.root-servers.net. 
.                       257092  IN      NS      f.root-servers.net. 
.                       257092  IN      NS      d.root-servers.net. 
.                       257092  IN      NS      j.root-servers.net. 
.                       257092  IN      NS      l.root-servers.net. 
.                       257092  IN      NS      a.root-servers.net. 
 
;; Query time: 0 msec 
;; SERVER: 127.0.0.1#53(127.0.0.1) 
;; WHEN: Fri Mar 15 16:35:33 UTC 2019 
;; MSG SIZE  rcvd: 239 
 
 
Expert Mode > 
Expert Mode > dig -h 
Expert Mode > dig weberlab.de 
 
; <<>> DiG 9.10.2-ECS-M3 <<>> weberlab.de 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5968 
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 
 
;; OPT PSEUDOSECTION: 
; EDNS: version: 0, flags:; udp: 4096 
;; QUESTION SECTION: 
;weberlab.de.                   IN      A 
 
;; ANSWER SECTION: 
weberlab.de.            60      IN      A       87.190.30.116 
 
;; Query time: 10 msec 
;; SERVER: 127.0.0.1#53(127.0.0.1) 
;; WHEN: Fri Mar 15 16:36:36 UTC 2019 
;; MSG SIZE  rcvd: 56 
 
 
Expert Mode > 
Expert Mode > 
Expert Mode > set expertmode off 
Infoblox > 

# ===================================================================

# Factory Reset

reset database      #delete config but keep network settings and licenses
reset all           #delete config but keep licenses
reset all licenses  #delete EVERYTHING

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218

! computer name
hostname
[System.NET.DNS]::GetHostByName('')
$env:COMPUTERNAME
get-ciminstance -classname Win32_ComputerSystem
 - computer model number

! date / time
date /t
time /t
get-date

! interfaces and IP addresses
netsh interface show interface
get-netadapter
 - link speed

get-netadapter | ft Name, Status, LinkSpeed, VlanID
get-netadapteradvancedproperty
 - VLAN ID, wake on magic packet

netsh interface ipv4 show addresses
ipconfig
get-netipconfiguration

! DNS servers
netsh interface ipv4 show dnsservers
ipconfig /all
 - lists DNS servers

get-dnsclientserveraddress
ipconfig /registerdns
ipconfig /displaydns
ipconfig /flushdns
nslookup cnn.com
resolve-dnsname -name cnn.com
get-dnsclientcache
get-dnsclientcache | select entry,data | where {$_.entry -like "*feralpacket*"}
get-dnsclientcache -name *feralpacket*
get-dnsclientcache -name *feralpacket* | format-table -autosize

net stop dnscache
net start dnscache

! routing table
netsh interface ipv4 show route
netstat -r
route PRINT
get-netroute

! ARP table
arp -a
get-netneighbor
get-netneighbor -addressfamily ipv4

! DHCP
netsh dhcp show server
ipconfig /release
ipconfig /renew
ipconfig /displaydns
ipconfig /registerdns

! MTU
netsh interface ipv4 show subinterfaces
netsh interface ipv4 show interfaces level=verbose
get-netipinterface
ping -f -l 1400 192.0.2.1

! path MTU
netsh interface ipv4 show destinationcache

! discards, header errors, fragments, mtu
netsh interface ipv4 show subinterfaces level=verbose

! windows firewall
netsh advfirewall show currentprofile
get-netfirewallprofile
get-netfirewallprofile -name public | get-netfirewallrule
get-netfirewallportfilter
get-netfirewalladdressfilter

! connections and listening ports
netsh interface ipv4 show tcpconnections
netstat -a
netstat -an
get-nettcpconnection

! tcp / udp / ip / icmp statistics
netsh interface ipv4 show tcpstats
netsh interface ipv4 show udpstats
netsh interface ipv4 show ipstats
netsh interface ipv4 show icmpstats
netsh interface ipv4 show icmpstats | findstr /v " 0$"
 - do not display entries with a zero count

! wireless
netsh wlan show wlanreport
 - save report as an .html file
 - error message0x2 if you have both LAN & WLAN connected

netsh wlan show all

! ECN capability
netsh interface tcp show global
get-nettcpsetting

! IPSec
netsh ipsec dynamic show all

! test reachability
nslookup cnn.com
ping 192.0.2.1
ping 192.0.2.1 -t
test-netconnection 192.0.2.1
1..10 | % { test-netconnection 192.0.2.$_ } | ft -AutoSize
 - ping sweep

telnet 192.0.2.1 53
test-netconnection 192.0.2.1 -port 53
test-netconnection -computername 'FERALSQL' -port 1433
tracert 192.0.2.1
tracert -d 192.0.2.1
test-netconnection 192.0.2.1 -traceroute
pathping 192.0.2.1

! run command
invoke-command -scriptblock {ipconfig /all}

! active directory
get-addomain
get-addomaincontroller
get-aduser -identity feralpacket
get-aduser -identity feralpacket -properties *
 - LockedOut, PasswordExpired, PasswordLastSet
 
get-aduser -identity feralpacket -properties * | format-list LockedOut
get-adprincipalgroupmembership feralpacket | select name
get-adcomputer -identity heimdallr
 - Enabled
get-adprincipalgroupmembership feralpacket | select name | where-object {$_.name -like "*fs*"}
get-adgroupmember feralpacket_group_ro | select name

get-adcomputer -identity heimdallr -properties *

(Get-WmiObject -Class win32_computersystem | Select-Object -ExpandProperty username).split('\')[1]
  ! logged in users, just the username
(Get-WmiObject -Class win32_computersystem | Select-Object -ExpandProperty username)
  ! logged in users, ADDOMAIN\username
quser
query user
query session
qwinsta
query process
qprocess

gpresult /r

! uptime
wmic path Win32_OperatingSystem get LastBootUpTime
get-wmiobject win32_operatingsystem | select-object LastBootUpTime
get-ciminstance -classname win32_operatingsystem | select LastBootUpTime


! ping set of IP addresses
for %x in (
192.0.2.1
192.0.2.23
192.0.2.123
192.0.2.234
) do ping -n 2 %x | findstr /C:"Reply" /C:"Received"


! Windows 10 builtin packet capture tool
! Run CMD as Administrator
c:\WINDOWS\system32> pktmon.exe

! Configure filters
pktmon filter add -p 20
pktmon filter add -p 21
pktmon filter add -i 10.1.1.1
pktmon filter add -t ICMP
pktmon filter add -d IPv4
pktmon filter list

! List the NICs
pktmon comp list

! Start and stop the capture
pktmon start -etw -p 0 -c 12
pktmon stop

! Delete any filters
pktmon filter remove

! Output to ASCII or .pcap
! Default output file is PktMon.etl
pktmon format PktMon.etl -o ftp.txt
pktmon pcapng log.etl -o log.pcapng

! Capture in real-time
pktmon start -etw -p 0 -l real-time

! search a file
Select-String *.txt -Pattern "WS"
Select-String *.txt -Pattern "WS-C2960X-48LPS-L"  | Measure-Object -line

! uninstall the updated RSAT 
wusa.exe /uninstall /kb:2693643 /quiet /norestart

! find executables
dir /s /b .exe | find /i /v ".exe."

! SHA1 hash of a file
certutil -hashfile cat9k_iosxe.17.03.06.SPA.bin

! MD5 hash of a file
certutil -hashfile cat9k_iosxe.17.03.06.SPA.bin MD5