Saturday, December 13, 2014

Merry XMAS

Too funny not to post...

Monday, December 1, 2014

Zorin OS - Heavily Win7 inspired Linux Distro.

This is pretty funny - a Linux OS with a GUI designed to look "heavily inspired" by Windows 7.

Maybe that's what's need to bring Linux to the mainstream?

If you're bored and want to give it a crack:

Sunday, November 30, 2014

Cisco 8510, 2702e's and -Z and -A Coded AP's

Well, this was a fun one.

Recently ran up a Cisco 8510 controller running code version 7.6.130 with 70-odd 2702e (can't buy the 2600 and 3600 series any more) APs.

Of the 2702's we ordered, all were AU version stock however 50 were coded as -Z 5GHz radios and 20 as -A.

Just on that - as the 2702's are VERY new, as part of a project I'm working on atm I will be doing pre-go-live testing so will be interesting to see how the new kid on the block performs.

On code version 7.6.130 for the WX, when you set the controller country code to AU they forgot to code support for -A 5GHz radios even though this is a legit Regulatory Domain code for AU.

On that - upgrading a Cisco WX is a bit of a less than amazing experience.

The upgrade process is clunky at best and all you are presented with during the process is what is actually being done in a random area of the screen.

No status bar, no ticks for each step.

Just hang on and hope for the best.

Anyway, as I knew the hoop-jumping of trying to log a TAC case via our Cisco Support reseller would take at least a week, I started looking for an alternative.

Luckily a trick I've used before paid off - Canada has the same regulatory channel and power restrictions as Australia, so setting the WX to support both AU and CA RD's works a treat.

After a WX reboot (which it seems has to be performed for any setting what-so-bloody-ever) all 5GHz radios were ready to go (after enabling and setting correct RD in advanced tab) all was good.

Hopefully version 8 code is a bit more polished.

TP Link T3700G - Don't bother...


Ok - well - as a follow up to my post on the T3700G.

Initial pricing is out and no - the T3700G pricing is pretty crap at $2000 US.

This pretty much lines it up for pricing with Cisco and HP except without the track record in enterprise grade gear to back it up.

Friday, October 24, 2014

Infocus M512 Root / SDFix / Link2SD / Launcher Fix / Uninstall Crap Guide

For those who aren't yet aware, they're is an uber-bargain handset called the InFocus M512  (manufactured by Foxconn) that is a whole lot of smartphone for the money (available from DealExtreme).

If you can read Chinese head to or the translated version.

After using the phone for a little while, you quickly realise it has the following weaknesses:

  • Lack of internal storage
  • InFocus ROM is full of crapware
  • The AppControl and TrafficControl apps are particularly annoying (constantly prompting you about every little thing an app wants to do)
  • The stock Launcher is annoying in that it doesn't use an app drawer and rather spreads your app shortcuts across multiple home pages.

This originally started as my *slightly* more verbose version of the post on XDA @

In addition, I've added the steps to resolve the annoyances listed above on top of how to root.

So, let's get into it :)

1. Copy ROM to SD Card
Copy to SDCard

Grab it from

Note - you have to access the chinese version of the page as when you pump it through the Google Translate engine it breaks the JavaScript behind the security verification code button.

The following screenies show you where to click :)

You can do this through mounting the phone as mass storage or directly connecting the micro SD through an adapter to your PC.

2. Enable USB Debugging on Phone
Settings -> About -> Repeatedly press "Build Number"
Navigate back to Security and select Enable USB Debugging

3. Copy ADB to Machine
Download ADB Fastboot Tools

Extract Android folder to C:\

4. Install Universal UDB Driver
Download Universal Android ADB Driver and Install

5. Connect phone and say yes to prompt "enable USB debugging?"
Unplug and re-plug if you don't get the prompt

3. Use ADB to boot phone into recovery mode
Open a command prompt and navigate to the directory you created in step 4.

cd android
adb reboot recovery

4. Flash ROM in Download Mode
From the phone menu:

wipe data/factory reset
wipe cache parition

Apply update from SDCard

5. Reboot
Set to English
Re-enable USB Debugging

6. Install Android SDK

Download the SDK Tools Only from the Android Developers site for your OS:

installer_r23.0.2-windows.exe (Recommended)

6. Extract infocus-M512.rar to C:\Program Files (x86)\Android\android-sdk\tools to directory with no sub-folders

Grab yourself the root ROM and script from
Note - forced registration required.

7. Connect Phone and enable MTP Storage

8. Run InFocus_M512_15CN_1_03Aċ›½é™…版.cmd

You should be running this from the directory:
C:\Program Files (x86)\Android\android-sdk\tools

Let it go (make sure you accept USB debugging prompt on phone) and wait.

9. Phone should now reboot and you have Root!

10. Install SDFix from Play Store

11. Partition MicroSD and Install Link2SD

Use the Mini Tool Partition Wizard Home Edition app to do this.
You will need a MicroSD to SD adapter for this step.

Note - when formatting the SDCard:
* Use FAT32 for the Media Partition (Partition #1)
* Use EXT4 for the Apps Partition (Partition #2)

These are the only file system types I could get to work after a bit of trial and error.

The InFocus M512 doesn't like EXT2.

13. For good measure, set your camera and gallery apps to use SDCard storage as well.

14. Remove Bloatware using Titanium Backup Root
Wow - InFocus has bloatware that would make the likes of Apple and Samsung proud!
To remove some of the crap, install Titanium Backup and blow those suckers away.

Specifically, some key apps you will want to kill are:

* AppControl
* TrafficControl
* Extra crap the root version of the ROM installed (Battery Minder, Performance Booster etc.)

* InFocus customer feedback

15. Replace Launcher with Google Launcher
This will give you the same launcher as the Nexus handsets (yay - you get an app drawer again!).

Install Google Search and Google Now from the Play Store and you will also get the Google Launcher.

To set it as default, go to settings, press the home button and you should get a prompt to choose your launcher.

Set Google as Always and then uninstall Launcher+ using Titanium Backup.


Bit of pain but you've saved a bunch of cash :)

Saturday, September 13, 2014

TP Link T3700G - Could this be the best value Stackable Gigabit Switch?

So you've probably heard of TP Link - the uber cheap manufacturer of WiFi access points and home-grade routers.

What you might not know is that they are #1 for the category of network infrastructure sales in China.

That's kind of a big deal.

Given that half of the IT game is trend-spotting, I started poking around the TP Link Website to see what else is currently in the pipeline.

As it would so happen, TP Link is manufacturing a stackable 24-Port Layer 3 Gigabit Switch with 10gbps uplinks capable of stacking up to 8 units dubbed the T3700G.

From the spec sheet it looks like it uses 10Gbps SFP+ interfaces (hopefully DAC cable compatible) for stacking providing 20gbps bandwidth between each device in the stack (nothing to be sneezed at).

It will be interesting to see how mature the technology is in terms of stack operational functions like firmware upgrades etc. (something that HP has nailed but still causes mass headaches for remote deployments on Cisco and Juniper gear).

IF this puppy comes in at the right price point, this could be a very disruptive bit of kit.

To be clear - this switch (at least from a features perspective) is no lightweight.

The specs list includes real enterprise grade features that you get from HP, Juniper and Cisco such as (I'm only listing features people actually care about):

  • Wire speed switching
  • 8 Unit Stacking
  • 128 L3 VLAN Interfaces
  • STP / RSTP and MSTP Spanning Tree
  • OSPFv2 Dynamic Routing
  • IGMP Snooping and PIM Sprase and Dense Mode Multicast routing
  • DHCP Relay
  • VRRP
  • Distributed Link Aggregation (i.e. across different units in the same stack)
  • LLDP (Yes - everybody does neighbour discovery - not just Cisco)
  • QoS Marking! (8 Queues)
  • Voice VLAN (Idiot Mode QoS)
  • Layer 2 - 4 ACLs
  • 802.1x Authentication (unclear if device login or front port)
  • Port Security (omg - please no - not another generation of this dumb-ass security practice)
  • SNMP v1/2/3
  • CLI and GUI

Chances are the firmware will be pretty buggy on the first cut (although their slogan is "the reliable choice" - we'll see about that) but if they leave the boot loader open, I reckon some pretty awesome alternative firmwares would become available pretty thick and fast.

Although it probably won't be ready for prime time in large enterprise from the get go, I think this is will become very prevalent in small to medium business if the price is right.

From there it's probably only a matter of time.

Saturday, September 6, 2014

Intel NUC D54250WYKH - How to Boot from USB


Sooo getting sick of doing this dance every time with ESX.

I'm building up a Intel NUC as an ESX server to run a couple of guests (phone system and a Remote Access VPN Server) and OMG I can't believe how much of a PITA this whole process still is.

This little sucker doesn't have any external storage devices so USB is the order of the day.

Downloaded RUFUS (USB Installer Creation Utility) and imaged the USB Memory Stick with the latest ESXi image setting boot type as MBR.

And of course it wouldn't boot.

Ok - checked UEFI and MBR options in NUC BIOS to make sure I was only booting off legacy.
Still no dice.

Queue rage.

Ok - so obviously something is missing in the ESX image that the NUC needs to boot from USB.

It turns out that  you need to inject some goodness into the image using the good old ESX Customizer.

And no - nothing specific in terms of drivers.
Just something it does as part of it's re-build must fix whatever is broken in the latest stock ESX ISO image.

Anyway, to be able to actually use the customizer, you need to throw a driver of some description at it.

As it turns out, the NUC D54250WYKH NIC and SATA drivers are missing from the standard ESX build.

Of f#$%ing course they are.

Now this is toss - I can put up with having to slipstream drivers for a whitebox but this is an off the shelf device which is what VMWare is supposed to support out of the box.

So - grab yourself the following drivers:

NIC Driver
SATA Driver

Slipstream those suckers using the customizer, flash your USB stick using RUFUS and then you can FINALLY begin to install ESX.

Note - when slipstreaming, you'll first have to add one driver to your original ESX image.
Then, re-launch the customiser, point it at your image file with integrated driver from previous run (i.e. not the original esx image) and add your second driver.


Friday, August 29, 2014

Ubuntu Linux - Apps that "just work"

Well I'm now on day three or so of  my Ubuntu adventure and I'm super impressed by the availability of software.

More importantly, the days of having to stuff around in the Linux shell installing apps are virtually over.

I've put together a list of apps that are installed directly from the included GUI driven "software centre" that were mandatory to have working as I previously used them on a daily basis back in Win8 land.

Brace yourself - it really is that easy.

1. Remmina

This is an RDP client that lets you jump into Windows desktops should the need arise.
The client works perfectly and the bit that does my head in is the fact that this app launches faster than the old mstsc app in Windows and feels like it has less lag.

2. VLC
Good old VLC.
This really is the go-to video and audio player.
Works beautifully in Ubuntu and has no issues playing back anything you can throw at it.

3. Pinta
Pinta is a port of for Linux.
Leaves gimp for dead and has the exact same GUI as

4. KeePass
If you're not already using KeePass, shame on you
This is the standard for password safes.
To make your life easier, save your keepass database on your Google Drive storage and you can then access your store from your Android phone when you're out and about.

5. Sublime Text
While I have been a big fan of Notepad++ for a long time unfortunately there's no native port for Linux.

Not to worry though - Sublime Text is just as good (and actually looks a little bit slicker) as Notepad++ and has a diff plugin (sublimerge) as well.

Again, I can't believe how easy this has all been.
Linux has always been a sure fire bet in server land but the time has come where there is no reason not to jump in and run Ubuntu on your laptop.

Next up, apps that need a little bit more love to get up and going (but not much). 

Wednesday, August 27, 2014

Ubuntu Kingsoft Office Install Guide

Every now and then I fire up a Linux distro just to see where things are at in the world of the Penguin.

Last night I gave Ubuntu v14 a whirl and was a little bit taken by surprise.

I made a list of the daily apps I use on my Win8 laptop and found that there was a solid Linux equivalent for every single app. 

The big hold up for me jumping ship to a non-Windows machine has always been a lack of good Office Suite.

Thanks to Kingsoft Office, this now exists for Linux.

If you're keen to give a whirl, it's actually super easy.
Just not published very much.

To install Kingsoft Office on Ubuntu, follow these three steps:

1) Download Kingsoft Office

Grab the installer file from 
 You want the first file in the list named something similar to wps-office_9.1.0.4751~a15_i386.deb

2) Install gdeb

gdeb is a package manager that makes installation of apps and dependencies much easier.

To install, fire up the Ubuntu Software Centre app from the dock on the left and search for and install gdeb (not the kde version).

3) Install from Terminal

Search for terminal from the search function on the dock and enter:
cd Downloads
sudo gdeb wps-office_9.1.0.4751~a15_i386.deb

Or whatever version of the wps .deb file you downloaded.

Say yes to the "do you want me to install all required dependencies" question and that's it!

To launch, use the finder and if you want, drag and drop the shortcuts to WPS to your dock.

Nice :)

Tuesday, August 19, 2014

The Internet's Own Boy

As I grow older, I seem to be developing a deeper interest in my industry outside of my little Network Engineer bubble.

I guess that's just the unavoidable nature of being a tech :)

Anyway, I recently watched The Internet's Own Boy which really makes you stop and think.

Especially given the anti-piracy measures which are creeping into Australian Government discussions at present.

(And yes - it appears we're in exactly the same position in terms of people in Australian Federal Parliament who actually understand technology and the implications of the anti-piracy laws they are drafting as the American Government was two years ago (well, except for Malcolm Turnbull, who seems to be prioritising the Governments budget over what he knows is right)).

The movie is about the life of Aaron Swartz.

I remember reading about his passing last year but didn't know much about him or why he was so important.

For those of you like me who were unaware, Aaron Swartz was a child genius who first came to the attention of the tech community when he started contributing in a large way to the development of the RSS standard at the age of 14.

You have to admin, that's pretty hardcore for a 14 year old.

In fact, before that he had created The Info Network, which was basically Wikipedia, which I actually remember seeing pages from a long time ago.

He then went on to co-find Reddit and then launched into fighting the bullshit politics machine that is the American Government.

Anyway, the movie explains all this and a lot more in very good detail.

The movie is built around interviews with his parents, his brothers (which also strike me as very switched on people), his room-mates, his partners and his lawyer.

It really is a great, inspirational, depressing and intelligent rollercoaster that makes your hate for over-privileged twats in positions of power grow a fair degree.

The movie is available to watch on YouTube for free at:

Saturday, July 26, 2014

Asus 6 Series Wireless Routers - FINALLY an AP with Decent Strength / Coverage for Home / SMB


Sorry for being a slack-ass.

Rather than have a fluffy write-up of the unit, I've now actually got one in my hot little hands (my old-trusty Netgear WNDR3700 decided to pack it in after four years).

Although the reviews on SmallNetBuilder are good and I love the work they do, their theory could go a little way further.

I'm currently working on a wireless article that brings together the theory of wireless plus how this applies in the real world, and all the factors that you should bring into the equation when talking wireless (and uplinks as well!).

In the mean time, don't bother buying anything else except an Asus RT-N66U or one of it's 802.11ac variants.


In the enterprise environment it's pretty much taken for granted that wireless AP's will throw wireless signal a decent distance (generally about 15M in a spherical pattern with the AP in the middle) and handle up to about 20 clients when using factory internal antennas.

In the situation where I need to throw signal further than that of a factory internal antenna, I employ an AP with external antenna connectors and then model the RF coverage based on an appropriate external antenna to ensure the required coverage is delivered.

Home AP's (generally sold as wireless routers) always seem to have the same if not better wireless throughput and routing performance than enterprise APs (at short range) but always skimp out on the antennas and internal amplifiers resulting in piss poor coverage and in-turn poor throughput within the home (unless you're generally within 10m of the AP).

Thankfully, that has now changed.

The following models of Asus Wireless Routers have the same if not better processors and 2.4/5GHz radios than their enterprise counterparts and also pack 2.4GHz and 5GHz amplifiers and use external antennas (reportedly 5dBi gain).

RT-N66U (802.11n Simultaneous Dual-Band)
RT-AC66U (802.11AC 1750)
RT-AC68U (802.11AC 1900)

The signal transmit power is significantly better and receive sensitivity also much better than a standard SOHO AP.

In the real world, this means that high throughput applications such as playing a video file off another device on the same WLAN will have much better performance within the same environment when compared to a standard SOHO AP.

As a quick overview, the specs of these AP's is as follows:

The System On a Chip (SoC) processors used in these APs provide fantastic routing performance between interfaces within the device (i.e. Gigabit LAN and 2.4GHz / 5GHz radios)  and the Broadcom chips used for both the 2.4GHz and 5GHz radios are generally regarded as some of the best in the industry.

RF Coverage Pattern (Antenna Modelling):

Example of coverage and throughput provided in a house:

In the event that you require more coverage than what is provided by the included external antennas, using the Asus 6 series you have the option of purchasing additional external antennas to throw the signal even further.

Friday, July 11, 2014

CentOS 7 Released

New version available.
Apparently adds some things that were unique to Fedora up until now.

Sunday, July 6, 2014

The state of Hypervisor Virtualisation 2014

I wish someone would just make the perfect hypervisor.

Basically I guess what I'm asking for is ESX and VCenter to be released as Open Source products and the file system changed to EXT4.

I guess I need to provide some background to that statement...

I recently had a disk drop out of my home ESXi server with nothing particularly important on it but just for curiosities sake I thought I'd see what's involved in restoring a VMFS partition (more specifically, a VMFS5 partition).

Let me sum this up for you: good f#$%ing luck.

While NTFS and EXT3 have many good recovery tools available, there are basically two for VMFS:

PartedUtil and vmfs-tools for Linux.

PartedUtil sucks. Sorry, there's just nothing else to say about that application.

vmfs-tools (a VMFS5 enhanced version of the Google open source VMFS3 driver) is somewhat better but is still a very basic tool for something that a Windows or Linux application would barely break a sweat to achieve the same thing.

I started talking about VMFS with some of the more knowledgeable server engineers I work with who advised that "now that I mention it" they seemed to also think that disks may very well die faster in VMWare environments.

Obviously in an enterprise environment you will be running your disks in enterprise grade SANs so in the event of a disk failure it's a simple swap out / swap in and add to the array but it did seem very odd that disks failed faster when acting as targets for a VMWare environment.

Conspiracies aside, I've developed gripes relating to the changes that occur between different versions of ESX.

Finally, license costs.
Oh the license costs.

In a world where Xen, Hyper-V and KVM are taking off, VMWare licensing costs should only be going in one direction.

So, as I need to be across all things hypervisor in my job, I thought I'd run up Xen (and in time KVM) to see what it's like at this point in time (as I remember about two years ago Xen was incapable of CPU resource reservation).

In recent times, Citrix has relinquished Xen to being an Open Source product once again (which means it has now gone full circle) 

There are two options for running a Xen hypervisor at this point in time.

The first is to used the last cut as released by Citrix which is at least stable with a good interface.

The second is to install XenServer on top of a Linux distro of your choice.

This is quite a new option and not one that I have time to play with right now.

On a sidenote, Amazon Web Services apparently run their own custom cut XenServer environment.

I don't know if that's a good or a bad thing.

Anyway, I fired up the latest Citrix rolled up version of Xen (6.2) and not much has changed.

It still can't do CPU resource reservation (high medium low is not reservation) and the drivers for DVD / BD drive emulation still don't work properly for Windows guests.

These are the exact same problems I had two years ago. Fail.

Oh - and the recently released CentOS 7 doesn't boot after install.

There are two potential issues I see with Xen.

First: How much has Citrix mucked with Xen and are these changes actually for the good of the product?

Second: Now that it has been re-released into the Open Source domain, the dev community has to scramble to work with an inherited codebase.

The code might not actually be what devs want to work with (as in they might disagree with the way some elements of the app are built) and given that the code is so established, that could be a problem. 

This might result in a slowed development cycle and lack of community support.

So, back to ESXi for me for the time being.

Hopefully KVM has more to offer...

Friday, June 20, 2014

Restore SMS Backup Plus to Messages on CM11 (KitKat 4.4.3)

As all tech husbands and partners know, it's in your best interests to make sure your better half's tech works correctly.

So, being that I had to move the wifey's phone to CM11 to make BLN work, I thought it would be a good move to put mine on CM11 as well (so that it can be the test monkey when I have to perform trial and error to make something work).

So - we're both merrily using our CM11 loaded devices when we realise we can't restore messages using good old SMS Backup+.

As it turns out, Google has changed the SMS database security on KitKat and by default SMS Backup+ won't be able to write correctly to the Messages database.

So, scouring the internet revealed a lot of people recommending "join the SMS Backup+ community on Google+ and then you'll be able to access the Beta program which will fix the issue".

Well, that beta program seems to no longer exist.

So, what do you do?

Head over to the play store and grab yourself a copy of AppOps.
Make sure you use the one with no space in the name.

This program allows you to change an applications permissions to ensure it will work correctly for you on KitKat.

Be aware that you will need root access on your phone (not an issue if you're on CyanogenMod as it has root automagically - even if you're on a stock ROM, rooting is sooo easy these days!).

As it turns out, SMS Backup+ isn't given the permissions it needs to do it's job properly on KitKat by default.

So, once installed, fire up AppOps and scroll over to Personal.
Select SMS Backup+ from the list and scroll down to Write SMS DB.

You will notice that by default this is set to Denied.

Set it to Allowed and kick off your SMS Backup+ restore again and you're back in business.

Samsung Galaxy S4 Mini (i9195) Back Light (BLN) - How to Make it Work

The time had finally come to replace the old faithful HTC Desire S (Saga) for the missus so after much looking around we landed on the Samsung Galaxy S4 Mini.

It ticks all the boxes for what we needed it to do but upon arrival we noticed it was missing one small but important feature we've taken for granted on every phone we've ever had between us (and yes - going back to our late 90's Nokia's as well!).

Believe it or not, the S4 mini doesn't include a notification LED.

Luckily, being an Android phone, there's always a way to fix things :)

To start the adventure, pretty much everything I read advised that BLN requires a patched kernel that has BLN support enabled.

So, wanting to stay on the stock ROM (touchwiz), I began the laborious task of finding a patched kernel that would work.

Amazingly, I found two!

There are two patched ROMs floating around. namely:

So, I gained root, installed CWM and flashed the kernel through CWM.

Then I installed BLN from Google Play which reported that the patched kernel was ok.

And....... Nothing.

Of note though, the Vikinger kernel absolutely kills your battery super fast.

So, at this stage, I thought ok, I'll downgrade the ROM to an ML1 ROM as that's what the patched f4ktion kernel was based on.

Still no dice.

At this point I arrived at the conclusion that (despite the odd person claiming they had BLN working on a touchwiz ROM but never replied to anyone that asked HOW?!) that the ROM itself must need to support for BLN as well.

As what is turning out to be a regular thing, I ended up finding out that CyanogenMod 11 has full kernel and ROM support for BLN included (when you install it the CM11 kernel will overwrite your existing one).

So, I headed over and grabbed the CM11 ROM from (the CM codename for the i9195 is serranoltexx), flashed it (don't forget Google Apps) , installed BLN and holy shit batman!
It works!

Being CyanogenMod, the ROM already includes root so there's one less thing to worry about :)

Interestingly, a CM11 ROM is about 200MB in size.
That's a bit better than the average 1.6GB Touchwiz ROM.

Now, for anyone who hasn't used a CyanogenMod ROM in a while, they've come a long way.
Apps are stable and all hardware works correctly on the 9195.

In addition, pretty much every little nicety that exists on Touchwiz is present on CM11 as well.
And if something's not there, you can be guaranteed there's an app or widget on the Play Store that will bring it back (we haven't found one yet).

The only problem I encountered on CM11 was restoring SMS's through SMS Backup +.
To fix this, check out my post Restore SMS Backup Plus to Messages on CM11 (KitKat 4.4.3).

So, there you have it.

Unless you're a lucky so and so who somehow manages to get BLN working on a Touchwiz ROM, as usual CyanogenMod is here to save the day :)

Enter the Chromecast

Tiny but huge.

Whether you're just after a device to wirelessly display your screen at a meeting or run your entire home media centre from your phone, the Chromecast dongle is your new best friend.

What is unique about the Chromecast that makes it special?

Two Words:
Cheap Convenience.

Need to show your mates a YouTube clip on the big screen? Just whip out your phone and Chromecast it.

Want to watch a video using your phone as the playback device?
Ezstream will take care of that.

Wednesday, June 18, 2014

Webview Netflow Reporter

Geesh things change quickly in IT.

I was blown away by Webview Netflow Reporter four weeks ago but I have found that it has issues with actually displaying interfaces that are receiving flows visible in the GUI.

The good news is that there is an even better pair of open source netflow collection and reporting tools called nfDump and NfSen that work together to collect netflow data, display whatever you wish to see in a GUI and supports alerting as well.

We've just run it up at work and it has now replaced our commercial platform from Fluke.

Read more about nfSen in this post.

Need a netflow reporting platform but got no budget?
Problem solved!

This product will collect, draw and drill down on conversations to help you determine what traffic is using your expensive WAN links.

To get started, you'll need to build yourself a Linux box of VM, enable the LAN interface etc. and make sure you've got a working internet connection.

First, grab yourself a download link for a copy of Webview Netflow Reporter from

Substitute the link where the brackets are on the line below and copy and paste down to but not including the validation steps section (this script is an updated copy of that provided at

wget (get link to 1.0.7d)

cd ~

gunzip -c wvnetflow-1.07d.tar.gz | tar -xf -
cd ~/wvnetflow-1.07d

yum --assumeyes install rsyslog gcc byacc libtool make patch zlib-devel httpd rrdtool-perl perl-GD perl-Net-DNS

wget -O - --no-check-certificate | perl - --self-upgrade

cpanm Net::SNMP Spreadsheet::WriteExcel Net::Patricia

cd ~/wvnetflow-1.07d

gunzip -c cweinhold-flowd-sequence.tar.gz | tar -xf -
cd cweinhold-flowd-sequence
make install
mkdir -p /var/empty/dev
groupadd _flowd
useradd -g _flowd -c "flowd privsep" -d /var/empty _flowd

cd ~/wvnetflow-1.07d

bzcat flow-tools- | tar -xf -
cd flow-tools-
patch -p1 <../optional-accessories/flow-tools-patches/patch.flow-tools.scan-and-hash
CC='gcc -fPIC' ./configure
make install

cd lib

ln -s /usr/local/flow-tools/lib/libft.a libft.a
cd ../contrib
gunzip -c Cflow-1.053.tar.gz | tar -xf -
cd Cflow-1.053
perl Makefile.PL
make test
make install

sed -i.bak -e '/GLOBAL DIRECTIVES/i $AddUnixListenSocket /var/empty/dev/log\n' /etc/rsyslog.conf

cat <<EOT >/etc/rsyslog.d/40-flowd.conf

\$umask 0000
\$FileCreateMode 0644

:programname, isequal, "flowd" /var/log/flowd

:programname, isequal, "flowd" ~

chcon -t etc_t /etc/init.d/rsyslog

service rsyslog restart

cd ~/wvnetflow-1.07d

mkdir -p /opt/netflow/tmp /opt/netflow/data /opt/netflow/cache /opt/netflow/capture /usr/local/webview
cp -Rp flowage www utils /usr/local/webview
cp etc/webview.conf /etc
chmod 777 /usr/local/webview/www/flow/graphs

chcon -t httpd_sys_script_exec_t /usr/local/webview/www/flow/*.cgi

cp etc/flowd-2055.conf /usr/local/etc/

cp etc/init.d/flowd-centos /etc/init.d/flowd
chmod 755 /etc/init.d/flowd
ln -s /etc/init.d/flowd /etc/init.d/flowd-2055
chkconfig --add flowd-2055
service flowd-2055 start

iptables -I INPUT -p udp --dport 2055 -j ACCEPT

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
service iptables save

crontab -l > /tmp/newcron

cat <<EOT >>/tmp/newcron

0 * * * * /usr/local/webview/utils/flow-expire-perl -E 10G -e 9000 -w /opt/netflow/capture/2055

*/5 * * * * /usr/local/webview/utils/flowd2ft 2055 >> /var/log/flowd2ft-2055.log 2>&1

#*/5 * * * * perl /usr/local/webview/flowage/ > /tmp/flowage.stdout 2> /tmp/flowage.stderr

0 0 * * * find /opt/netflow/capture -name 'summary-*' -mtime +14 -exec rm -f {} \;

0  2 * * * find /opt/netflow/capture -name '*.rrd' -mtime +30 -exec rm -f {} \;

15 2 * * * find /opt/netflow/capture -depth -type d -empty -exec rmdir {} \;

#*/15 * * * * /usr/local/webview/flowage/monitor/ >> /var/log/monFlows.log 2>&1

0 0 1 * * /usr/local/bin/sudo mv -f /var/log/flow-expire.log /var/log/flow-expire.old

0 0 1 * * /usr/local/bin/sudo mv -f /var/log/flowd2ft-2055.log /var/log/flowd2ft-2055.old
0 0 1 * * /usr/local/bin/sudo mv -f /var/log/monFlows.log /var/log/monFlows.old
crontab /tmp/newcron

sed -i.bak -e'/UserDir: The name/ i\

Alias /webview "/usr/local/webview/www"\
<Directory /usr/local/webview/www>\
    Options Indexes Includes FollowSymLinks ExecCGI\
    order allow,deny\
    SetEnv no-gzip 1\
    allow from all\
AddHandler cgi-script .cgi\
' /etc/httpd/conf/httpd.conf

service httpd restart

####### validation steps ########

#Edit: /usr/local/webview/flowage/flowage.cfg

#to set SNMP Read String

# If running CentOS, disable SELinux

# check if flowd is running

ps -fC flowd 

# check that flows are being received

ls -lR /dev/shm/

# check that flow files are being moved to the capture directory

ls -lR /opt/netflow/capture/

# view iptables rule list -- make sure port 2055 is seeing traffic

iptables -L INPUT -v

# make sure web server is running

service httpd status

# once you're sure you have flow data in the capture directory, run one of the web scripts

wget -O - ''

# if that looks works (you see some IP addresses in the output), run flowage once from the CLI


# if that looks good (you see flow files being processed and rrd files be created), then uncomment

# the */5 and */15 flowage crontab entrys and you're all set!
# nano /tmp/newcron

Sunday, June 8, 2014

Cacti - Let's Dance.

Ok - for a really long time people have been carrying on about Open Source network monitoring and how good it is bla bla bla.

Well, I've been around long enough to see that while Open Source apps have their place in an FCAPS management platform, there isn't an Open Source app that ticks all these boxes (ESPECIALLY from a network perspective).

Once you start digging, you'll notice that most Open Source "Network" monitoring and management apps should REALLY be called "Server" monitoring and management apps.

It really does shit me to tears how often the word "Network" is used to incorrectly describe anything else (servers, workstations, end user devices) simply because they connect to a network.

While there are a number of good commercial Network management applications out there (HP IMC, a handful from Manage Engine) and some bad ones (Cisco PRIME)...

Anyway, todays focus is on Cacti.

Cacti itself is a great graphing tool which is basically a modern day version of the venerable MRTG.

Cacti has one awesome feature though which is plugin support.

Add some plugins and all of a sudden you've got yourself threshold monitoring and alerting, live bandwidth monitoring and all sorts of goodness.

Now, Cacti is a bit of a bitch to install.

Thankfully, there's a really good guide / script that covers how to install cacti with all useful plugins over at:

I used to have a modified version of the above links script in this post but honestly, save yourself a lot of time and pain and just download CactiEZ.

CactiEZ is a pre-rolled ISO where you basically install it on a VM, set a password and IP address, choose which plugins you wish to enable through the GUI and you're up and going.

I have Cacti running in a commercial environment running from the Cacti EZ installer and it just works.

In fact, it does everything our previous installation of PRTG did but has even more features.

Installation is a breeze.

Once you're at the first-time configuration GUI, my advice is to check all add-ons and plug-ins (except the Barracuda device plug-in unless you have a specific need for this) even if you don't need them straight away.

Now, before you start adding devices, here's a hot tip - CactiEZ has 1 minute averages configured out of the box.

Those who want / need this understand how important that is.

To enable 1 minute average reporting go to Console -> Templates -> Data Templates and select Interface - Traffic.

In the associated RRA's list select all and click save.

Now, speaking of adding devices, Cacti has an auto subnet discover feature (although it's somewhat hidden).

To enable it, go to Console -> Configuration -> Settings -> Misc and perform the following:

Under Discover -> Subnets to Scan enter your subnet information.
Next, configure your SNMP Communities string to the read-only string you've configured campus wide (right?) and set the discovery schedule to your desired interval.

Newly discovered devices will appear in the Devices area which you can then filter and begin monitoring.