Here's how to create a Windows desktop shortcut to automatically start capturing when you launch the Wireshark GUI
Wednesday, August 30, 2023
Monday, August 28, 2023
- Using Wireshark's editcap to Remove Duplicate Packets
Depending on how you capture packets, you may run into scenarios where you have duplicate packets caused by the nature of your tool's placement and network topology.
Do not confuse this with legitimate duplicate packets caused by network-related issues. We want to see those packets to resolve the issue.
Here, I use Wireshark editcap utility to remove duplicate packets.
Friday, August 25, 2023
Device Baselining
Not a week goes by without hearing from people asking for me to perform a baseline.
I also got a lot of requests asking to create a template to help them perform a baseline.
Not to sound like a consultant, but every baseline is completely different depending on the equipment, the network, and your ultimate goal.
In this video I show you how I start a baseline with an ip camera and my Profitap IOTA, and what i find. Of course, you can start any baseline using Wireshark which is completely free, but the goal for your first baseline should be to document the equipment location, network topology, and the goal of the baseline.
For example you might say I want to see how this camera behaves when it boots up.
You would want to document which devices are communicating with the camera, which protocols are in use, and possibly any load on the network.
I strongly encourage you not to get overwhelmed with too much detail upfront because if you have a trace file, you should be able to go back and retrieve any information that you may decide is important at a later date.
Enjoy
Monday, August 21, 2023
Measure Task Time With Timer
Over the years there is always interest in the articles I post showing how to measure latency, delay or how long it takes a task to complete.
I have showed my readers many utilities, tricks and tips on how to accomplish various variations on this theme.
Here’s another helpful utility you should consider for your toolbox. Its portable, free and simple to use which got my interest right away.
Heres the link to Timer https://www.gammadyne.com/cmdline.htm#timer and a video with an example.
Enjoy
Thursday, August 17, 2023
..Another Upgrade.. well you know
I was working with a long-time client on a fairly major upgrade for a remote site. We were replacing equipment, cabling, and some firmware upgrades.
I was invited to sit in on the planning meetings since I know the network and staff fairly well. During our first meeting, we documented all the equipment that will be 'touched', pros and cons, dependency analysis, and the typical backup plan if things should go south.
A few meetings later the team reviewed the actual action plan, roles and responsibilities, and timelines. It was in this meeting that I suggested that they make the changes in discrete 'phases' so we can better monitor if the change worked and back out more quickly if things should go wrong. the fact this place is fairly remote can complicate troubleshooting further.
I was met with a chorus of teasing and the title of "Grim Reaper" and "Negative Tony". I took it all in good fun since I know them so well but cautioned them that if they make all the changes at once and something goes wrong, it will take a lot longer to diagnose the issue. They were so confident, that they "got it", they even suggested I sit this one out. I gladly responded with "Great, I'll be at the cottage".
Fast forward to the change and they went with their wholesale change and I heard nothing during the change window and went with "no news is good news" ;) I turned off my phone and enjoyed my weekend.
Monday morning I had a ton of voicemails, texts, and emails asking me to call immediately. unfortunately, they ran into issues and have completely backed out but are still down. I immediately hopped in my car and went out to help. During my 2-hour drive, I asked all the typical questions and nothing jumped out at me. They blamed the firmware upgrade, new router, and anything they changed, but if it's all back why is it still down?
I started with my standard "Have you walked the site yet?", and they replied, "Of course we did and found nothing.". I replied, "So it won't take long to do it again with me, right?". Here's where the fun starts...
As we walked around, I immediately noticed there was no grounding for the new outdoor AP and they responded "We'll take care of that later", then I noticed that one of the enclosures was jam-packed with ethernet cables. after further investigation, I realized there were 5x12 foot cables when all we needed was 3 footers. They told me the installer forgot the short cables and will be back. Then I pointed out that the main backhaul enclosure had no power. That's when the finger-pointing started amongst themselves trying to figure out who, if anyone physically checked. I told them we can figure out who to blame later, let's fix the problem first.
I traced the power and main ethernet cable only to find that someone had nicked both cables in a door. This ironically was the first thing on their list for their change.
Believe me, I understand we want a change to be over with as quickly as possible and I totally understand that in the midst of troubleshooting a 'down' scenario, you have to believe what someone tells you. But you must get to a point where you have to start from scratch and validate/verify everything reported.
Check out the cables below.
Wednesday, August 9, 2023
NetAlly CyberScope™ – Handheld Cyber Security Analyzer - Julio Petrovitch
In April 2023, NetAlly released CyberScope, the world’s first handheld cybersecurity analyzer. Still, for many such a description could be considered very broad. So, what exactly is a CyberScope and what does it do? More importantly, how can it help a network or security professional like yourself?
In a nutshell, CyberScope is a handheld cybersecurity analysis tool that offers comprehensive risk assessment, analysis and reporting for the site access layer. All in a single, powerful, and portable form factor. It supports endpoint and network discovery, wireless security scans, vulnerability assessments using Nmap, plus segmentation and provisioning validation.
As a ruggedized, purpose-built all-in-one tool, CyberScope is a network security solution that eliminates the use of fragile laptops and tablets. With multiple functions, it provides fast, actionable insights into your network, filling the critical visibility gaps that other cybersecurity tools frequently do not address.
As for what it does and how it can help, there is a lot. Here is some of its core functionality:
Probe Endpoints and Networks
Network discovery is a critical cybersecurity best practice, providing valuable information about the network infrastructure, layout, devices, and services that are present. CyberScope’s Discovery combines scanning and active probing via five different network interfaces (wired and wireless) using multiple technologies (including CDP, LLDP, FDCP, SNMP, Nmap, and others) to find endpoints, network infrastructure elements, and potential attack surfaces.
Classify Devices as Authorized, Unauthorized, Neighbor or Unknown
Network segmentation and provisioning can be complicated and prone to error. CyberScope can verify proper segmentation of both wired and Wi-Fi networks at the point of access with clear pass/fail indication. CyberScope can also examine switch ports for proper provisioning, join a VLAN to ensure correct segmentation, and capture traffic on a specific VLAN for deeper analysis. Not only that, all discovered devices and even endpoint manufacturers can be classified as Authorized, Unauthorized, Neighbor or Unknown.
Locate Endpoints on the Wire or in the Air
Path analysis is critical to understand how devices are interconnected. CyberScope provides complete port by port details of the network path – both wired and wireless – to any device. This is crucial when hunting down unknown or nefarious devices. Rogue hunting is made fast and easy on Wi-Fi with CyberScope’s external directional antenna.
Identify Endpoint Vulnerabilities
Nmap can help identify potential vulnerabilities like open backdoors, malware or poorly configured firewalls and intrusion detection systems. However, the cryptic nature of Nmap’s command line interface and excessive textual output prevents many network professionals from using it to its fullest extent.
CyberScope’s intuitive user interface integrates with Nmap’s robust probing capabilities to help with efficiency and repeatability. Even seasoned Nmap users will appreciate the ease of use that CyberScope brings to vulnerability detection.
Also, the embedded Nmap analysis engine in the CyberScope automatically scans for vulnerabilities on all endpoint devices connected to the network. Nmap allows CyberScope to enhance the information gathered from each device with valuable vulnerability information by running built-in or custom scripts and automatically generating warning and error notifications. All this can help identify potential security weaknesses and prioritize remediation efforts to reduce risk.
Generate Reports, Collaborate, and Share
Vulnerability reporting is easy using the Link-Live collaboration platform. With features that include vulnerability scan results visibility, discovery snapshots and comparisons, plus heat and topology maps, Link-Live makes it easier to collaborate and share with other team members. There is also a licensed, containerized version for on-prem use, available for those of you that don’t like the idea of storing network data in the cloud. Not only that, but Link-Live allows for secure sharing and even analyzer remote control by centralized experts, which fully enables collaboration across your team regardless of their location.
In conclusion, CyberScope is a rugged, hand-held instrument which allows you to identify wired and wireless network vulnerabilities in a single walkthrough. Plus, as a dedicated, purpose-built tool, CyberScope integrates all the hardware capabilities you need to complete any type of network survey or analysis. That includes:
10 gig fiber optic and copper (RJ45) Ethernet ports with high-power PoE support – functionality you won’t find on a laptop.
One Bluetooth/BLE and two Wi-Fi radios with up to 802.11ax and 6GHz band support.
USB ports that provide connectivity for accessories, like a spectrum analyzer, a headset for voice communications, label printers, and more.
Want to know more about NetAlly’s CyberScope? Then make sure to visit cyberscope.netally.com and check it out!
Subscribe to:
Comments (Atom)
Popular post
-
I just wanted to take a few minutes to share the results of some of the "Capture Limit" testing I have been doing in my lab. These...
-
From Betty's Linkedin post I've updated my profiles! I've now got over 300 hashtag # Wireshark display filters to share. I had...
-
I typically encounter situations where I need to come up with a solution. Sometimes it is a temporary solution while we wait for the ‘proper...
