The Certified Geek - Mad about Open Source, Networking and other Geeky Stuff

I would like to post an issue I have encountered will listening to Shoutcast audio streams using any music player (i.e. Winamp, SongBird) configured with a Squid Proxy. The audio being heard seems to be skipping. It all sounds normal when the proxy is not used and have direct Internet access. I am using Squid version 2.7.STABLE9-2.1 for this situation.

This issue has been discussed in only a few sites one in particular is this link [1] though it only mentioned what seems to be causing the problem. With a bit of searching, I found this link [2] which mentions that a bug was detected and fixed with an updated version of Squid. Though this bugfix is NOT enabled by default specifically the upgrade_http0.9 directive.

Finally, I managed to apply this configuration documented in the Squid configuration guide for upgrade_http0.9 directive. By applying this code in the squid.conf and restarting the squid service.

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast

Finally, the shoutcast streams are no longer skipping using my music player. Enjoy!

Here we discuss some of the customization I have managed to work with RANCID while polling different groups of network devices. Note that this example are for Cisco specific devices.

In all installation instructions of RANCID in Linux, we have the polling of device configuration done thru the crontab utility. The default instructions is to poll the configurations every hour for all GROUPS. Below is the default RANCID settings in /etc/crontab configuration file:

# Run config differ hourly
1 * * * * /usr/local/rancid/bin/rancid-run
# Clean out config differ logs
50 23 * * * /usr/bin/find /usr/local/rancid/var/logs -type f -mtime +2 -exec rm {} \;

If you have different groups of devices, you can have each GROUPS polled at different times of the day or so forth. Below are some crontab configurations I have messed with

# Runs configuration collected every hour 
15 * * * *       rancid  /usr/bin/rancid-run Group.Core
30 * * * *       rancid  /usr/bin/rancid-run Group.Security

# Runs configuration collected every 8am,12nn,4pm,12mn
1 0 * * *        rancid  /usr/bin/rancid-run Group.Edge
1 8 * * *        rancid  /usr/bin/rancid-run Group.Edge
1 12 * * *       rancid  /usr/bin/rancid-run Group.Edge
1 16 * * *       rancid  /usr/bin/rancid-run Group.Edge

The Group.Core are devices in the core network such as routers and server switches. The Group.Security are firewalls and IDS/IPS. and Group.Edge are the edge devices towards the end users.

In another situation, you would want to execute certain commands to one group of devices and another set of commands on another group. Let say for the Core devices we would want information on the current ARP database (“show arp”) and interface status (“show interface status”) among other things and for Security devices we would like to include Access-List counts (“show access-lists”) and for Edge devices only configuration changes (“show running-config”).

Here I modified the rancid-fe to include additional items in the %vendortable. Kindly refer to my previous post about RANCID for details about these files.

%vendortable = (
    …
   # new device types
    ‘cisco.core’        => ‘rancid.core’,
    ‘cisco.edge ‘       => ‘rancid.edge’,
    ‘cisco.firewall’    => ‘rancid.firewall’
    );

Here I copied the rancid script and created 3 new scripts from it namely “rancid.core”, “rancid.edge” and “rancid.firewall”. These scripts contains the same content as with the original rancid script along with additional commands mentioned in my previous post. For each scripts, the @commandtable array are customized with different sets of commands by commenting (using # on the start of the each line) the command(s) not needed.

The last step to use these modified scripts is to use the new device types in the %vendortable array in each group’s router.db configuration file. Below is an example utilizing the new device types.

core1-6500:cisco.core:up
core2-6500:cisco.core:up
asa1-5510:cisco.firewall:up
asa1-5510:cisco.firewall:up
sw1-3750:cisco.access:up
sw1-3750:cisco.access:up

Using these modifications, we can now poll certain groups of network devices at different times and/or collect information using a specific sets of commands. These modifications can also be used for other network devices types such HP (hrancid), Juniper (jrancid), Zebra (zrancid) and so forth.

Enjoy!

In this blog, I will post some additional network commands which can used to poll extra information from the network devices (particularly Cisco devices).

In my previous post, these PERL scripts (i.e. rancid, jrancid, hrancid, zrancid) are used to collect information from model specific devices as defined in the router.db configuration file. For Cisco devices, the script “rancid” takes care of this process.

In the “rancid” script, look at the section which defines the array @commandtable :

# Main
@commandtable = (
    {’admin show version’           => ‘ShowVersion’},
    {’show version’             => ‘ShowVersion’},
    {’show redundancy secondary’    => ‘ShowRedundancy’},
….
    {’show debug’               => ‘ShowDebug’},
    {’show running-config’      => ‘WriteTerm’},
    {’write term’               => ‘WriteTerm’},
);

It is fairly straightforward to understand that if you don’t want any of these commands to be polled from the Cisco devices is to comment the lines for each command. In Perl, use the # at the start of each line to have them ignored.

Here we will now add some new commands on the array for polling additional information from the Cisco devices. These are:

show interface status
show arp
show mac addresss-table
show access-list

Any Cisco network engineer would understand the usefulness of these commands

First we will include these commands in the @commandtable array, place them anywhere within the parenthesis section:

@commandtable = (
    …
    {’show interfaces status’   => ‘ShowInterfaceStatus’}, 
    {’show mac address-table’   => ‘ShowMacAddressTable’}, 
    {’show arp’                 => ‘ShowArpTable’},        
    {’show access-list’         => ‘ShowAccessList’},
);

Then we need to define the subroutine for each of these commands. Below are scripts that I managed to get working for these commands. Some are rudimentary with some parsing based on the behavior of some Cisco devices I have encountered. You might need to fine-tune them further based on the results from your end.

Subroutine for “show interface status” command:

sub ShowInterfaceStatus {
    print STDERR ”    In ShowInterfaceStatus: $_” if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(1) if /^\s*\^\s*$/;
        return(1) if /Invalid input detected/;
        return(1) if /Unknown command/;
        return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(< -+ More -+>)/) {
            my($len) = length($1);
            s/^$1\s{$len}//;
        }
        ProcessHistory(”INTERFACES”,”",”",”!INTERFACES: $_”);
    }
    ProcessHistory(”INTERFACES”,”",”",”!\n”);
    return(0);
}

Subroutine for “show arp” command:

sub ShowArpTable {
    print STDERR ”    In ShowArpTable: $_” if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(1) if /^\s*\^\s*$/;
        return(1) if /Invalid input detected/;
        return(1) if /Unknown command/;
        return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(< -+ More -+>)/) {
            my($len) = length($1);
            s/^$1\s{$len}//;
        }
        if (/^Internet\s+(\d+\.\d+\.\d+\.\d+)\s+/) {
                my($ip) = $1;
                my($line) = $_;
                my(@arp) = split(/\s+/, $line);
                my($line) = “$arp[0]\t$arp[1]\t$arp[3]\t$arp[4]\t$arp[5]\n”;
                ProcessHistory(”ARPTABLE”,”ipsort”,”$1″,”$line”);
         } elsif (/\S+\s+(\d+\.\d+\.\d+\.\d+)\s+/){
                my($ip) = $1;
                my($line) = $_;
                my(@arp) = split(/\s+/, $line);
                my($line) = “$arp[0]\t$arp[1]\t$arp[2]\t$arp[3]\n”;
                ProcessHistory(”ARPTABLE”,”ipsort”,”$1″,”$line”);
         } else {
                ProcessHistory(”ARPTABLE”,”",”",”$_”);
         }
         next;
    }
    ProcessHistory(”ARPTABLE”,”",”",”!\n”);
    return(0);
}

Subroutine for “show mac address-table” command:

sub ShowMacAddressTable {
    print STDERR ”    In ShowMacAddressTable: $_” if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(1) if /^\s*\^\s*$/;
        return(1) if /Invalid input detected/;
        return(1) if /Unknown command/;
        return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(< -+ More -+>)/) {
            my($len) = length($1);
            s/^$1\s{$len}//;
        }
        ProcessHistory(”MACTABLE”,”",”",”!MACTABLE: $_”);
    }
    ProcessHistory(”MACTABLE”,”",”",”!\n”);
    return(0);
}

Subroutine for “show access-list” command:

sub ShowAccessList {
    print STDERR ”    In ShowAccessList: $_” if ($debug);

    while (<INPUT>) {
        tr/\015//d;
        last if (/^$prompt/);
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(1) if /^\s*\^\s*$/;
        return(1) if /Invalid input detected/;
        return(1) if /Unknown command/;
        return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(< -+ More -+>)/) {
            my($len) = length($1);
            s/^$1\s{$len}//;
        }
        ProcessHistory(”ACCESS-LIST”,”",”",”!ACCESS-LIST: $_”);
    }
    ProcessHistory(”ACCESS-LIST”,”",”",”!\n”);
    return(0);
}

To test the results of the additional commands, perform RANCID collection on one of your Cisco devices defined already in the router.db with the credentials in .cloginrc.

sudo -u rancid -H /usr/bin/rancid-run -r <DEVICE>

where DEVICE is the hostname or IP address of the device.

Let me know if you have issues with these additional scripts. Enjoy!

In one of my previous post, I discussed installation errors for IPplan. Here I will discussed how to upgrade IPplan and perform backup/restore procedure.

First download the latest source from IPplan sourceforge site. The latest version is 4.92b as of July 2011.

First backup the IPplan database (in case something goes wrong):

# mysqldump –user=root –password=root_password ipplan > ipplan-backup.sql

Backup (rename) the IPplan web directory (i.e. /var/www/ipplan):

# mv /var/www/ipplan /var/www/ipplan.old 

Extract the updated IPplan compressed source:

# cd /var/www
# tar zxvf ipplan-4.92b.tar.gz 

Restore ownerships and permissions:

# chown -R root:www-data /var/www/ipplan
# chmod -R 750 /var/www/ipplan

Restart the apache service:

# /etc/init.d/apache2 restart

For a new instance of IPplan (i.e. new server), we can restore the IPplan database:

# mysqladmin –user=root –password=root_password drop ipplan
# mysqladmin –user=root –password=root_password create ipplan
# mysqladmin –user=root –password=root_password ipplan < ipplan-backup.sql

Enjoy!

I have been using RANCID (Really Awesome New Cisco confIg Differ) for many years now which is an awesome open source tool from Shrubbery Networks. It useful for the management of backups of network device configuration. For those who are new to RANCID, check out these links for installation and configuration on a Linux platform [1] [2].

My discussion here is about some internal workings of RANCID and understand how it works which will be useful for future modifications and/or customizations. My RANCID system is installed using apt-get on a Debian Linux platform.

• rancid-run - This is the initial script to run RANCID configured in the /etc/crontab. This command parses the environment file /etc/rancid/rancid.conf which defines all RANCID device groups.
  
  
  Options to for this command when used in the /etc/crontab:
  
  
  • /usr/bin/rancid-run - This will run RANCID on the devices for all groups (defined in rancid.conf). This is the default behavior.
  • /usr/bin/rancid-run <GROUP> - This will only run RANCID on the devices under the GROUP
  • /usr/bin/rancid-run -r <device> - This will only run RANCID for the device.
    

• control_rancid - This script called by rancid-run which parses the group router.db (lists all devices per group) and run/re-run RANCID for each devices and email diffs and error reports.


• rancid-fe - This PERL script is the front-end for the rancid/jrancid/etc. commands. This script is called by the control_rancid command. Inside the script is the array %vendortable which lists all device types (Cisco, Juniper, Zebra, HP…) and their corresponding rancid collection scripts (rancid, jrancid, zrancid, hrancid…)
  
  Code snippet from rancid-fe

  %vendortable = (
  …
      ‘cisco’             => ‘rancid’,
      ‘hp’                => ‘hrancid’,
      ‘juniper’           => ‘jrancid’,
      ‘extreme’           => ‘xrancid’,
      ‘zebra’             => ‘zrancid’,
  …
  );

  
  
• rancid, jrancid, hrancid, zrancid, etc. - These are PERL scripts which used for device configuration collection. The script logs to the devices (telnet, SSH) and run device commands (show version, show running, etc.) and collects/parses the results back.
  


• router.db - This file is defined in each group directory which list all devices within a group, their device type (i.e. cisco, juniper, zebra, hp) and its status.
  
  Sample configuration for router.db
  

  cisco-core1-6500:cisco:up
  cisco-core2-6500:cisco:up
  cisco-firewall-asa-5510:cisco:up
  cisco-firewall2-asa-5510:cisco:up

  
  
• .cloginrc - This configuration defines how RANCID logs into each devices (username, password, enable password, method:telnet/ssh).
  
  Sample configuration for .cloginrc
  

  add user            cisco-asa-firewall        rancid_user
  add password        cisco-asa-firewall        rancid_password        enable_password
  add method          cisco-asa-firewall        ssh
  

NOTE: If hostnames are used instead of IP addresses (as in my examples above), it is advisable to define all network devices hostnames in the /etc/hosts config file.

On the next blog, I will be discussing some modifications performed in customizing RANCID device configuration management for my environment.

When migrating Cacti data (SQL and RRD History) to another system, this should be done on a freshly installed Cacti system. This means no web configuration has been made.

Stop all appropriate services (http, cron, snmp daemon) - this assumes Debian system

# /etc/init.d/apache2 stop
# /etc/init.d/cron stop
# /etc/init.d/snmpd stop

Delete and re-create the Cacti database (to be on the safe side )

# mysqladmin --user=root --password=root_password drop cacti
# mysqladmin --user=root --password=root_password create cacti

Migrate (Load) the Cacti backup database

# mysql cacti < cacti-sql-backup-2011-XX-XX.sql --password=root_password

Optional: Reload the Plugin Architecture SQL script for PIA 2.8+ (see post)

# mysql cacti < pa.sql --password=root_password

Check and verify the Cacti configuration file (/var/www/cacti/include/config.php)

Migrate (Load) the RRD history files

# cd /var/www/cacti/
# mv rra rra.old
# tar zxvf /root/cacti-rra-backup-2011-XX-XX.tar.gz 

Optional: If the RRD history files are created on a previous version of RRDTOOL, you need the XML format of the RRD files (see my previous post ) to migrate them

# cd /var/www/cacti/
# tar zxvf /root/cacti-rrd-xml-2011-XX-XX.tar.gz 
# cd rra
# ls -1 *.rrd.xml | sed ’s/\.xml//’ | awk ‘{print “rrdtool restore “$1″.xml “$1}’ | sh -x
# rm *.xml

Restore directory ownerships

# chown -R root:root cacti
# chown -R cactiuser cacti/rra/ 

Restart all services (Debian style)

# /etc/init.d/cron start
# /etc/init.d/snmpd start
# /etc/init.d/apache2 start

Access the Cacti web interface http://server-ip-address/cacti

In continuation with my Cacti endeavour, I am posting here a script for backing up the Cacti system running on a Linux Box.

#/bin/bash
eval `date “+day=%d; month=%m; year=%Y”`
DBNAME=cacti
DBUSER=root
DBPASS=mysql_root_password
BACKUP_DIR=”/cacti_backup_directory”
CURRENT_DIR=”/var/www”
RETENTION=30
CACTISQL=”cacti-backup-$year-$month-$day-sql.sql”
CACTIRRA=”cacti-backup-$year-$month-$day-rra.tar.gz”
CACTIXML=”cacti-backup-$year-$month-$day-xml.tar.gz”
CACTIPHP=”cacti-backup-$year-$month-$day-php.tar.gz”

# Optional: Remove old Backups more than 30days old
find $BACKUP_DIR/* -mtime +$RETENTION -exec rm -fr {} \; &> /dev/null 

# Optional: Remove old RRAs (usually means the datasource is deleted)
find /var/www/cacti/rra/* -mtime +$RETENTION -exec rm -fr {} \; &> /dev/null 

# Backup the Cacti SQL database
echo “Backing up Cacti SQL database…”
mysqldump -u$DBUSER -p$DBPASS --lock-tables --opt $DBNAME > $BACKUP_DIR/$CACTISQL
# Note: If using syslog plugin, syslog data is assumed to be included in the cacti database else you need to backup separately.

#  Backup Cacti system without rrd files
echo “Backing up Cacti System…”
cd $CURRENT_DIR/
tar zcvf $BACKUP_DIR/$CACTIPHP cacti –exclude ‘cacti/rra’ &> /dev/null
# Note: this will include cacti.log which can take some time

#  Backup Cacti RRD files
echo “Backing up Cacti RRD Files…”
cd $CURRENT_DIR/cacti/
tar zcvf $BACKUP_DIR/$CACTIRRA rra/*.rrd &> /dev/null

# Optional if migrating Cacti RRD History to another system
echo “Backing up Cacti RRD files into XML…”
cd $CURRENT_DIR/cacti/rra
ls -1 *.rrd | awk ‘{print “rrdtool dump “$1″ > “$1″.xml”}’ | sh -x &> /dev/null
cd $CURRENT_DIR/cacti/
tar zcvf $BACKUP_DIR/$CACTIXML rra/*.xml &> /dev/null
rm -rf rra/*.xml

The script is self explanatory except for the converstion of the RRD history files to XML. This is required if you encounter problems in restoring the RRD files to another system which uses a different version of RRDTool (In my case from version 1.2 to 1.4). This occurs when you recieve this “ERROR: This RRD was created on other architecture”. This blog post from Rawiri Blundell help me a lot in solving the migration issues which I discussed in my next post.

Update: I have used some parts of the Cacti backup script from http://gregsowell.com/.

This is not a unique installation guide for installing Cacti (via source) on Debian Linux but an updated guide for installing Cacti (0.8.7g) on Debian Squeeze (6.0.0).

First and foremost, we need update and upgrade all packages in the Debian box

# apt-get update
# apt-get upgrade

Then we need to install all necessary packages

# apt-get install openssh-server wget apache2 build-essential wget 
# apt-get install rrdtool mysql-server mysql-client libmysqlclient15-dev
# apt-get install snmp snmpd libsnmp-dev
# apt-get install php5 php5-mysql php5-cli php5-snmp php5-gd php-pear php5-dev libapache2-mod-php5 
# apt-get install cgilib libfreetype6 libpngwriter0-dev libpng3-dev libfreetype6-dev libart-2.0-dev

Update the PHP configuration for Apache (/etc/php5/apache2/php.ini) and make these necessary changes

memory_limit = 128M 512M;
post_max_size = 32M
upload_max_filesize = 32M
date.timezone = “Area/City”
display_errors = Off
extension=gd.so

For PHP timezones, refer to http://www.php.net/manual/en/timezones.php

Check if the PHP module is enabled for Apache

# a2enmod  php5

Download and extract Cacti source file (As of this writing, the latest version was 0.8.7g)

# cd /var/www
# wget http://www.cacti.net/downloads/cacti-0.8.7g.tar.gz
# tar zxvf  cacti-0.8.7g.tar.gz 
# mv cacti-0.8.7g/ cacti/

Add the user for the Cacti and set the correct ownerships

# adduser cactiuser
# chown -R root:root cacti
# chown -R cactiuser cacti/rra/ cacti/log/

Next is the MySQL Database configuration for Cacti. (Make sure we remember the MySQL root password previously set.)

# cd /var/www/cacti
# mysqladmin --user=root --password=root_password reload
# mysqladmin --user=root --password=root_password create cacti
# mysql cacti < cacti.sql --password=root_password

Create a MySQL username and password for the Cacti installation.

# mysql --user=root mysql --password=root_password
mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY ‘cactiuser’;
mysql> flush privileges;

We then edit/verify correct settings on the Cacti configuration (/var/www/cacti/include/config.php)

$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “cactiuser”;

We then update the crontab file (/etc/crontab) and

*/5 * * * * cactiuser php /var/www/cacti/poller.php > /dev/null 2>&1

Restart the Apache web service

/etc/init.d/apache2 restart

Access the Cacti web interface http://server-ip-address/cacti

NOTE: DO NOT access yet the Cacti webpage if you plan to install plugins (See below)

Optional 1: Installation of Cacti Plugins. The current Plugin Architecture (PIA) is on version 2.8+ which has many features including the auto detection of plugins unpacked in the plugin directory. For more details, see this installation guide.

To import the pa.sql into the database, run this command.

mysql cacti < pa.sql --password=root_password

Optional 2: Installation of Spine which is a fast replacement for default Poller (cmd.php). Download the latest Spine source file, compile and install

# wget http://www.cacti.net/downloads/spine/cacti-spine-0.8.7g.tar.gz
# tar zxvf cacti-spine-0.8.7g.tar.gz 
# cd cacti-spine-0.8.7g
# ./configure
# make
# make check
# make install

Edit and verify the Spine configuration (/usr/local/spine/etc/spine.conf). Make a copy of spine.conf.dist if non exist.

To utilize Spine, make changes on the Cacti web interface. Set the path of the Spine binary location (/usr/local/spine/bin/spine) and the Poller settings.

By default when you configure a Cisco wireless device (or a device with wireless capability), the SSID (Service Set Identification) is NOT broadcasted by default. To enable the SSID to be broadcasted via the command line, you need to configure the dot11 configuration mode and add this command “guest-mode“. Below is a configuration sample.

Router(config)# dot11 ssid GUEST-WIFI
Router(config-ssid)# guest-mode

To disable SSID broadcasting, just to use the “no guest-mode“

I have stumbled into this problem when I upgraded the IOS version in one our test network device. I can no longer SSH login to the device using SecureCRT but I can connect via putty and any Linux SSH client. This post from Barry Reyes mentioned that moving up the Diffie-Hellman options in the Key exchange can solve the issue. After selecting these options, I managed to SSH to the device.

After some tweaking on the SSH client, I noticed that only the “diffie-hellman” and “diffie-hellman-group14″ can managed to connect to the device. The key exchange option “diffie-hellman-group” is throwing off this error on the network device.

000520: Sep 15 09:51:25 UAE: SSH0: starting SSH control process
000521: Sep 15 09:51:25 UAE: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
000522: Sep 15 09:51:25 UAE: SSH0: protocol version id is - SSH-2.0-SecureCRT_6.1.1 (build 383) SecureCRT
000523: Sep 15 09:51:25 UAE: SSH2 0: SSH2_MSG_KEXINIT sent
000524: Sep 15 09:51:25 UAE: SSH2 0: SSH2_MSG_KEXINIT received
000525: Sep 15 09:51:25 UAE: SSH2:kex: client->server enc:aes256-cbc mac:hmac-sha1 
000526: Sep 15 09:51:25 UAE: SSH2:kex: server->client enc:aes256-cbc mac:hmac-sha1 
000527: Sep 15 09:51:25 UAE: SSH2 0: SSH2_MSG_KEX_DH_GEX_REQUEST received
000528: Sep 15 09:51:25 UAE: SSH2 0: Range sent by client is - 1024 < 2046 < 2048 
000529: Sep 15 09:51:25 UAE: SSH2 0:  Invalid modulus length

From my understanding, there seems to be a bug on this version of SecureCRT version 6.1.1 Build 383 for the mentioned key exchange option for Diffie-Hellman as such the key length provided by the client (1024) is smaller than the agreed key length (2048). Note that Diffie-Hellman-Group-14 has a key length of 2048 which complies with required key length.

Let us see if the latest version of SecureCRT has fixed this problem.

Update (September 16, 2010)

I managed to test the same issue with SecureCRT version 6.5.0 Build 380 and it seems Vandyke managed to fix the issue with “diffie-hellman-group” option key exchange. Below is the debug output from the network device which show the user managed to login.

001530: Sep 16 10:09:42 UAE: SSH0: starting SSH control process
001531: Sep 16 10:09:42 UAE: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
001532: Sep 16 10:09:42 UAE: SSH0: protocol version id is - SSH-2.0-SecureCRT_6.5.0 (build 380) SecureCRT
001533: Sep 16 10:09:42 UAE: SSH2 0: SSH2_MSG_KEXINIT sent
001534: Sep 16 10:09:42 UAE: SSH2 0: SSH2_MSG_KEXINIT received
001535: Sep 16 10:09:42 UAE: SSH2:kex: client->server enc:aes128-cbc mac:hmac-md5 
001536: Sep 16 10:09:42 UAE: SSH2:kex: server->client enc:aes128-cbc mac:hmac-md5 
001537: Sep 16 10:09:42 UAE: SSH2 0: SSH2_MSG_KEX_DH_GEX_REQUEST received
001538: Sep 16 10:09:42 UAE: SSH2 0: Range sent by client is - 1024 < 2048 < 2048 
001539: Sep 16 10:09:42 UAE: SSH2 0:  Modulus size established : 2048 bits
001540: Sep 16 10:09:42 UAE: SSH2 0: expecting SSH2_MSG_KEX_DH_GEX_INIT
001541: Sep 16 10:09:42 UAE: SSH2 0: SSH2_MSG_KEXDH_INIT received
001542: Sep 16 10:09:42 UAE: SSH2: kex_derive_keys complete
001543: Sep 16 10:09:42 UAE: SSH2 0: SSH2_MSG_NEWKEYS sent
001544: Sep 16 10:09:42 UAE: SSH2 0: waiting for SSH2_MSG_NEWKEYS
001545: Sep 16 10:09:42 UAE: SSH2 0: SSH2_MSG_NEWKEYS received
001546: Sep 16 10:09:43 UAE: SSH2 0: authentication successful for xxxxx