Networking-Notes

  Today I had an issue that one client couldn’t connect to an SSID while all the others have no issues. The wireless network there is working for more than 1 year without any issues. I got the debugs from the controller and I saw that the client stopped talking to the AP and the WLC was de authenticating the client (that’s what I understand from the WLC logs and debugs [Sent Deauthenticate to mobile on BSSID…]) I was almost sure that this is a client issue (drivers etc as the issue was only for this client)   As I am in the preparation process for CWAP exam I thought that taking a capture would help me to understand what its going wrong.     The only way to capture was to change an existing AP in sniffer mode as I couldn’t visit the customer due to this covid situation.   I tried to do it (set a neighbour AP in sniffer mode configure the channels and destination to send the capture) but unfortunately, I couldn’t see any packets in Wireshark. That’s...

Today I had a call that some PCs are getting wrong DNS addresses from DHCP. Firstly, I checked the scopes and saw that the DNS servers’ addresses were correct. After this I was sure that someone installed a roque DHCP server on the network.   Checking a PC I saw the below:   IP: 10.0.0.140             <--- Correct as the network add is 10.0.0.0/24 GW: 10.0.0.254         <---- Correct DNS: 192.168.0.1       <--- This is wrong. It should be 10.10.10.100 and 10.10.10.101   The device is cisco router 4331. I have created an ACL with 2 ACEs. I was actually matching BOOTP (DHCP) messages. I also created a packet capture on the router and attached the ACL. Exporting the capture, I found the below packet. (You can download it and open it with Wireshark) Download Capture Opening the capture, I found the ethernet source address   Tracing the specific mac address (show mac ad...