OnePK – Connecting to a Network Element

This entry is part 2 of 5 in the series Getting started with Cisco OnePK

The first step in managing your network with Cisco’s OnePK is learning how to connect to a switch or router, what Cisco calls a Network Element. In the early OnePK days this was a very straightforward task using vanilla TCP but in the newest version of OnePK (1.3) and IOS (15.4), unencrypted communications were disabled and we are forced to use TLS. This makes sense from a network security point-of-view; it just makes it a little more difficult to get started.

Fortunately, amongst Cisco’s vast resources I found a document that helps outline a process that makes it easier to use TLS between our OnePK apps and Cisco IOS devices. The guide uses a technique called TLS pinning which allows our OnePK app to bypass certificates but still encrypt communications via TLS. Read more about this technique here: Cisco – TLS Pinning Guide. (Please note that this should not be used for production as it does not verify the endpoints. Certificates should be used for TLS in a production network.)

Continue reading

OnePK – Interacting with Interfaces

This entry is part 4 of 5 in the series Getting started with Cisco OnePK

Getting information from your network devices is really helpful, but actually change device configurations is even more helpful! This post will have a few examples of how to do just that with scripts that will shutdown a specified interface and change an interface IP address. This is where the fun begins, so strap into your chairs and get ready for some network automation! Continue reading

Python and onePK Offer the Power of SDN Today

This entry is part 1 of 5 in the series Getting started with Cisco OnePK

Cisco announced their entry into the Software Defined Networking (SDN) arena with OnePK in early 2013. If you haven’t heard of Cisco’s OnePK yet, please read their introductions before continuing (only because they do a better job of explaining it than I do):

It took Cisco a while to deliver something tangible after the initial announcement, but it was certainly worth the wait. Cisco has a large amount of resources for onePK that range from videos, tutorials, code examples, SDKs in 3 languages (Java, C, python), and full API docs. I’ve been digging through these resources and there is plenty of good info to get people started with SDN. Continue reading

TFTP copy from a non-global VRF

I’ve been running a Cisco CSR-1000v box on my Mac in Parallels for a bit now. I love the convenience of being able to test on a real IOS XE device anywhere I am (airplane, coffee shop, maybe even my office)! I’ve been running the CSR-1000v since version 3.09 and I wanted to upgrade to 3.12.0S since it’s got some new features, bug fixes, and most importantly (for me) a lower memory footprint. I downloaded the new .bin file and proceeded to try and upgrade the image as I would any physical device, with TFTP. Well, here’s how well that went:

Continue reading

Quick and Easy “show ip route” with Concise Output

For those of you Cisco IOS ninjas that can differentiate the show ip route table codes in your sleep, the first several lines of this command output are just a nuisance. Here’s a quick way to remove that unnecessary text from the output so you can get straight to finding out where your traffic is headed. And all with just a few additional keystrokes to the end of the command:

# show ip route | e -

Continue reading

Sync Wireshark Profile Settings with Dropbox

In this day and age you probably have more than one computer (laptop, VM, home desktop??). Also, if you’re like me you probably have Wireshark installed on anything you can get your hands on! It can be a bit of a pain to keep your favorite Wireshark settings such as protocol options, coloring rules, and saved display filters up to date with each Wireshark installation. Using Dropbox (or a similar service) you can easily keep your Wireshark profiles in sync on all computers. Continue reading

Scapy p.01 – Scapy Introduction and Overview

This entry is part 1 of 11 in the series Building Network Tools with Scapy

What is Scapy?

No one can introduce Scapy better than the creator or the project himself:

“Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery…

It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

– Phil @

Continue reading

Scapy p.02 – Installing Python and Scapy

This entry is part 2 of 11 in the series Building Network Tools with Scapy

Installing Python

Scapy was originally written for Python 2, but since the 2.4 release (March 2018), you can now use Scapy with Python 3.4+! I will prefer Python 3 in examples but will also include notes about big differences between each python version and Scapy if they exist.

If you’re using a Mac or running some version of *nix you probably already have Python 2 (and maybe even Python 3) installed. To check, open a terminal and type python3 or python. You should see something like this:

If you are running Windows or for some other reason do not have Python installed already, go to the Python download page and grab the installer for your platform.

Installing Scapy

There are multiple ways to install Scapy depending on your platform. Check out the Scapy installation guides to find instructions and installer packages relevant to your platform. Once Scapy is installed, you should be able to run it from the terminal, just like we did with Python, and get something that looks like this:

I highly recommend install IPython in your scapy environment as it makes interactive mode much more enjoyable!

Continue reading

Scapy p.03 – Scapy Interactive Mode

This entry is part 3 of 11 in the series Building Network Tools with Scapy

Running Scapy

Scapy can be run in two different modes, interactively from a terminal window and programmatically from a Python script. Let’s start getting familiar with Scapy using the interactive mode.

Scapy comes with a short script to start interactive mode so from your terminal you can just type scapy:

Continue reading

Scapy p.04 – Looking at Packets

This entry is part 4 of 11 in the series Building Network Tools with Scapy

Packets, Layers, and Fields. Oh My!

Scapy uses Python dictionaries as the data structure for packets. Each packet is a collection of nested dictionaries with each layer being a child dictionary of the previous layer, built from the lowest layer up. Visualizing the nested packet layers would look something like this:

Each field (such as the Ethernet ‘dst’ value or ICMP ‘type’ value) is a key:value pair in the appropriate layer. These fields (and nested layers) are all mutable so we can reassign them in place using the assignment operator. Scapy has packet methods for viewing the layers and fields that I will introduce next.

Packet summary() and show() Methods

Now let’s go back to our pkt and have some fun with it using Scapy’s Interactive mode. We already know that using the summary() method will give us a quick look at the packet’s layers:

Continue reading