Microsoft Windows

Quickly Change Network Interface IP’s

I change my network card IP’s all the time to connect directly to hardware for initial configuration. I’ve been manually doing this for 15 years now. I finally sat down and learned netsh, put it into stupidly simple batch files and now have a folder on my desktop with all the common IP ranges.

Here’s an exerpt of the script to change the interface from it’s current state to

@echo off
netsh interface ip set address "Ethernet" static 1
goto end
end of script

To set the interface back to DHCP use this one.

@echo off
netsh interface ip set address "Ethernet" dhcp
netsh interface ip set dns "Ethernet" dhcp
goto end
end of script

Note “Ethernet” in this case is the name of my network card. Your’s might be Local Area Connection or something similar. Modify accordingly.

Copy that into notepad, save as a .bat and run as administrator.  Away you go.

Cisco Microsoft Uncategorized Windows

Troubleshooting Network Performance Issues

This won’t be a tutorial, however, the purpose of this post is to highlight some common TCP/IP issues that degrade network performance.

Network Congestion – If your firewall/router graphs your network usage, use that or obtain your current throughput (up/down) to your ISP. Use the current usage and then run a few speed tests in order to determine if your hardware is capable of hitting your maximum download/upload speeds you currently pay for. So if you have a 100 meg fiber circuit and your firewall is showing you are currently using about 60 megs at any given time, you should be able to get somewhere close to 40 megs on a download test from If not, either your provider is not giving you the bandwidth you are paying for or you have a hardware issue. If you have SNMP capable devices, a really simple tool is STG

Maximum Segment Size (MSS) – I’ve run into this issue a number of time, mostly when dealing with GRE/DMVPN tunnels. It’s usually fixed on Cisco routers by issuing ip tcp mss 1400. You can read more here: TCP MSS Adjustment

High TCP Retransmissions – This one you’ll probably have to take out Wireshark and start a packet capture from the device that is having issues in your network or use a network tap or even a span port on a switch. If TCP retransmissions are high, you have a problem somewhere in your network. Most commonly on wireless.

TCP Window Scaling – I’ve seen this most commonly on modern firewalls that use Deep Packet Inspection (DPI). Please read more here.

Slow DNS Responses – in most enterprise environments, PC’s will have a local DNS server to query from which would cut down on this problem, however if the server were having CPU/Memory/Disk issues, it can still happen. Likewise, if you do not have a local DNS resolver, and use a remote DNS server, this can also be a problem. I’ve used a tool from Google in the past to help troubleshoot and to point me to the best DNS server based on my network/location called Namebench.

Path MTU Discovery (PMTUD) – This is where the “secure by default” methodology of most firewall’s today may kick you in the butt. By disabling ICMP, you also disable Path MTU Discovery. It’s a simple fix but Cisco has the best explanation I’ve been able to find on it. You can read that here. Then someone felt very strongly about the subject and created a website dedicated to it here.

Routing Issues – In this case it would be poorly configured asymmetrical routing. Traffic goes out on a nice 100 meg connection but comes back to you on your backup 20 meg connection, likely due to a BGP configuration problem.

TCP Offload – Depending on how your servers are configured, this could be a blessing or a curse. I’ve most commonly had a problem with this on virtualized servers where the host/virtual NIC weren’t on the same page. Disabling it helped.

SMB 3.0 Multichannel – Read here for details on it, but simply put, add more network interfaces to your file server and you’ll have better performance.

I have re-created the wheel here somewhat but if you want a single source for some good information on most of these issues, please visit this site.

Also, learn Wireshark. It will become your best friend.


Faster XenServer VM Exports

I am migrating a few XenServer VM’s between AMD and Intel pools for a customer and stumbled across a faster way to do the export than through XenCenter.

From the Windows host where XenCenter is installed, run the following command:

C:\Program Files (x86)\Citrix\XenCenter\xe.exe -s x.x.x.x -u root -pw xxx vm-export vm=SERVERNAME filename=C:\users\user\folder\SERVERNAME.xva --nossl

The trick here is that part of the slowness of the export is SSL encoding/decoding happening within XenCenter. By using the –nossl option, you are bypassing that abstraction? application layer. Also making it less secure but let’s not dwell on the facts.


Process Automation with IFTTT

I’ve used this tool for quite some time but after talking with a number of people, have discovered that most have never heard of it.  It’s a web service that automatically does tasks for you based on whatever rules you give it (they call them recipes).  Here are some examples of processes you can automate with

The recipes follow the simple IF…Then methodology.

  • Download Facebook photos that you’re tagged in, upload them to a Google Drive.
  • Download gMail attachments, upload them to Dropbox.
  • Search Craigslist for keywords, notify you via email when a new listing is posted.
  • You can check out sample recipes or create your own at


    OpenDNS Alternative, SafeDNS

    I had once been a longtime user of OpenDNS for my home and some small businesses that I worked with. It served as a forward lookup DNS server and as a web filter for those networks. OpenDNS performed quite well. I don’t know why but I eventually drifted away from OpenDNS as a web filter and implemented Barracuda Web Filters or spun up Squid/Squidguard on pfSense if the need were to arise. Recently though, with my personal company, CloudFirst Technologies, I needed a reliable and AFFORDABLE web filter for my customers. I stumbled across SafeDNS. It seemed to have the same features as OpenDNS but until I tried it, I didn’t know how effective it was. I’m happy to report that it is a great alternative to OpenDNS. It blocks sites as expected, gives you control over the networks that belong to you, allows for custom profiles per network, etc. The price was not overly attractive initially, however, but they have recently reworked their K-12 pricing which made it the most cost effective filtering solution available.

    In order to utilize the service you simply point your computer or DNS forwarder to SafeDNS’s servers & then configure the network (source IP address) in SafeDNS’s dashboard/control panel. You create a profile (site categories you want blocked) and assign a network to that profile. That’s it, you are done.

    Give them a try at