Marco Polo at Work?

 I think every technician should be required to perform a simple exercise of installing equipment remotely with a non-technical person. 

Having to stop and think about all the things that could possibly go wrong, how somebody else interprets what you mean, versus what you are saying is valuable.  Not to mention you build a pretty good rapport and get a better understanding of people's technical skills with clients in remote sites.

In this video, I walk you through a true scenario where I shipped some hardware to a client along with one of my diagrams explaining what plugs into what, and things were not going well.

Enjoy

DNS Troubleshooting

 

I want to start by thanking those who reached out and provided feedback on my articles.

This article is using the new suggested format "short and to the point."

In this example, I take a look and DNS troubleshooting and use Wireshark as well as NSLOOKUP to troubleshoot a DNS issue.

In this video you will see how I used Wireshark to quickly identify that the current DNS server is having an issue and how I quickly compared it against Google’s public DNS server.

Why Should I Care About A Bootup

 

When you work with equipment that isn’t close by, you need to develop an awareness of what the various color and blinking lights mean.

For those of you who find this trivial haven’t had to walk someone through an install or troubleshooting episode from 1,000 miles away, or across town.

I encourage technicians to develop this skill since they will encounter this challenge sooner or later.

Not only should you be aware (and document) what the various color and blinking combination means, but how the lights react to various scenarios. For example, bootup, firmware update, indicator that the device can get to the internet, etc.

In this video, I show you one of many ways to measure the boot up time of a router that I was shipping out.  I’m sure you will figure your own way or doing this, if you don’t already have one.

Tip: Wireshark, setting your snaplen back to default

 

I’m always going on about learning how to use your tools properly so heres a great example of that.

For those of you who have read my articles or seen my videos about packet slicing, you probably wonder "how easy is it to set the snaplen back to its default ?"

One obvious answer is to jot down the default value and the other one is simply to type the number 1, and then press the up arrow key.

Enjoy 

Measuring DNS Response Time

 Before I start, I want to acknowledge a few things:

-          Yes, there are utilities out there that can do this

-          Yes, you can look at DNS response time in the Statistics->DNS report

-          Yes, you can graph this in Wireshark’s IO graph

 

There a lot of benefits of doing it this way since you can customize your charts, which may not be possible with the other options and you get a better understanding of what you are reporting.

In the video, I start at the command prompt with nslookup, move on Wireshark covering capture filter, adding a column, creating a display filter and then exporting the trace to be used by Excel.

As I mentioned in the video this technique can be used with all sorts of other protocols when troubleshooting or documenting performance.

Enter at Your Own Risk

 

My ISP has been pestering me lately, claiming that my equipment is outdated, and I am not taking full advantage of the higher data rates available on my current Internet plan. I was skeptical, as always, that this was another ploy to sell me less for more – just how bad could my 14-year-old modem/router really be? I finally caved in, and on a recent Friday morning I told my wife that our Internet would be down for about an hour while I set about installing the new WiFi mesh system.

When I called the ISP’s 800 number to register the new equipment, I sent them a screen shot with Model, Serial Number and MAC address for the modem to avoid errors. It took several attempts before they claimed victory. They had found my box, the install would soon be complete, and we would be connected to the world once again. Except that we weren’t.

Assuming that the Internet coax was now live, I turned next to tech support for the new hardware. Those of us who have done these installs understand that each step begins with the warning “this process may take a while.”  After a lengthy online session with hardware tech support, they finally concluded that the problem must be with the ISP. I was about to explain why that could not be true when the “outage” notice arrived on my phone. The estimated time to restore service was 4:20 pm – then 7:20 pm – then 11:20 pm. When I awoke the next morning, there was another message, confirmed by my neighbor, that the Internet service had been restored.

The ISP, which by now had taken a lot of heat for the lengthy outage, dispatched a technician to our home. After another hour or so of plugging, unplugging and sharing dog stories while staring at blinking lights, the technician called tech support, and the two of them finally found the problem – the MAC address (a series of 6 pairs of hex characters separated by colons) was supposed to end in “B” but had somehow been entered as “E”.  The “E” address was the router, which the ISP could identify, but not ping. Of all the things that have to work together for a functioning home Internet, it only took one small “E” to bring down the system.

As dependent as we are on keyboards and screens, it is a small wonder that this type of “typo” hasn’t caused more problems. Typos actually have quite a history of impactful effects.

In the 17th century (long before keyboards, when type was set by hand) about 1,000 copies of the King James Bible were printed with the Seventh Commandment as “Thou Shalt Commit Adultery.” Many readers were pleasantly surprised by the omission of “not,” but King Charles was not amused. He successfully destroyed all but about 20 copies, which are now coveted collectors' items. The long-term impact of what is now known as the “Sinners Bible” is not recorded.

On July 22, 1962, just minutes after the launch of the Mariner 1 spacecraft mission to Venus, the rocket was destroyed because it was deviating from the planned course. Initial reporting blamed a missing “-“ in the software coding, while NASA later said a diacritical for the symbol R in an equation had been omitted. Regardless of the cause, the mistake cost around $180 million in today’s dollars. Science Fiction author Arthur C. Clarke called it “the most expensive hyphen in history.”

Prior to the dedication of the Lincoln Memorial in 1922, a critical typo was discovered in the engraving of Lincoln’s Second Inaugural Address – a sharp observer noted that the phrase “WITH HIGH HOPE FOR THE EUTURE” (sic) made no sense. It was corrected by filling in the bottom of the letter “E” to make an “F.” The mistake is still visible to this day. Google the word “euture” for details.

In 1996, Google co-founders Larry Page and Sergey Brin were pondering a name for their new search engine. Thankfully, they moved on from their first choice (“BackRub”) to Googol (short for the number one followed by 100 zeroes). A colleague checked the availability of that domain name, but mis-typed it as “google.com.” The name of the world’s most popular search engine began with a typo.

The letter “E” is a factor in many typos, which is not surprising given it is the most common letter in the English language. This brings to mind an adage with disputed origins that has often been attributed to aerospace engineer Edward A. Murphy. The phrase arose from an accident involving rocket sled testing around 1949. Murphy’s original comment was “If there are two or more ways to do something and one of those results in a catastrophe, then someone will do it that way.” At a post-incident press conference, John Stapp – head of the test project – summarized his presentation with the succinct and now commonplace “Anything that can go wrong, will go wrong.”

Computers and keyboards are now commonplace. The power of even one typo is worth considering before taking the risk of hitting “Enter”.

 

Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life.  In addition to being a regular contributor to NetworkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics.  Paul has over 50 years of experience in research and advanced development for companies ranging from small startups to industry leaders.  His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara.

Wireshark Packet Capture Limits on Linux Real-Time OS (Carlo Zakarian)

 There are a lot of dedicated hardware-based packet capture devices available that can capture at 1Gb and 10Gb line rate.  These hardware-based devices are designed with real-time Operating Systems, and specialized ASIC NICs with large buffer spaces to write to disk.  This method of acquiring packets guarantees that you will catch all of the bits going across the wire without dropping any of them. These are among the best to use when capturing on a very busy network, however, they come at a higher cost for a good reason.

When looking at the long list of options for capturing packets, most analysts prefer to use a laptop coupled with Wireshark.  The simple fact is that a laptop with Wireshark is convenient, it’s also very portable, cost-effective, and easy enough to use for an analyst.  The problem though is that most laptops and Operating Systems cannot capture at full line rate on a busy network.

However, what if there is a slightly better-performing Operating System out there?  RTOS or better known as Real-Time Operating System in Ubuntu kernel is perfect for those demanding low-latency requirements.  Ubuntu LTS with Real-Time capability can be a possible solution for low-latency captures.  Today, I will evaluate Wireshark on Ubuntu LTS with Real-Time enabled. 

Follow along with me as I use a Netscout Optiview XG traffic generator and blast unicast frames against our laptop with Ubuntu Linux RTOS.  We will test different frame sizes, utilization, data rates, and see how well it will perform under various conditions.  We will also examine at what data rates our Ubuntu Linux RTOS will begin dropping packets and compare those against our Ubuntu Linux running in normal run-time kernel. 

From the net:Understanding the Basics: L2VPN vs L3VPN

 

Understanding the Basics: L2VPN vs L3VPN

It is important to understand the difference between Layer 2 VPN and Layer 3 VPN services when traffic is going through the Service provider's MPLS network.

https://www.thenetworkdna.com/2024/02/understanding-basics-l2vpn-vs-l3vpn.html

Routing Cleanup

 

When it comes to network cleanups and migration projects the first thing you should do is validate the current configurations.

What I mean by that, is literally go through the entire configuration to make sure that it’s still relevant.  some people have called it "Tonys Audit"

In many cases these configurations have years of tribal knowledge, mistakes and troubleshooting fixes that are no longer applicable.

A Beginner's Guide to Using Hashcat on a Mac (Casey Mullis)

 In this follow-up article, we will walk you through how to use Hashcat, a powerful tool that helps recover lost passwords by trying different guesses. Don’t worry if you’re new to this—I'll explain everything in simple terms with easy-to-follow examples.

What is Hashcat?

Hashcat is a tool used to recover passwords. It works by guessing the original password from a scrambled version of it called a hash. Think of a hash as a scrambled version of your password that hides what it really is, but with the right tools (like Hashcat), you can guess what the original password might be.

What Do You Need to Get Started?

• A Mac (this guide is for macOS users)
• Homebrew (a program that helps install other programs)
• Basic understanding of how to use the Terminal (I’ll explain the commands)

Step 1: Installing Homebrew

If you don’t have Homebrew installed, follow these steps to install it:

Open Terminal on your Mac (you can find it in Applications > Utilities).

Copy and paste this command into Terminal and press Enter:

Copy code

/bin/ -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

This command installs Homebrew.

Follow the instructions on the screen, and once finished, you’ll be ready to use Homebrew to install Hashcat.

Step 2: Installing Hashcat

Once Homebrew is installed, installing Hashcat is easy. Run this command in Terminal:

 Copy code

brew install hashcat

This tells Homebrew to download and install Hashcat on your Mac.

Step 3: Understanding Hashcat Basics

Hashcat works by taking a hash (a scrambled version of a password) and trying to figure out what the original password was by making guesses. These guesses can come from a list of possible passwords (called a wordlist) or by trying every possible combination of characters (called brute force).

Example 1: Cracking an MD5 Hash

Let's say you have an MD5 hash (a scrambled password) and want to find the original password. Here’s how you can do it with Hashcat.

Step 4: Create a Hash File

We need to create a file with the hash we want to crack. For example, let's use this MD5 hash:

Copy code

5f4dcc3b5aa765d61d8327deb882cf99

This is the hash for the password password.

Open a text editor (like TextEdit).

Paste the hash into the file.

Save the file as hash.txt.

Step 5: Running Hashcat

Now, let’s run Hashcat to figure out what the original password is.

Open Terminal and navigate to where you saved the hash.txt file. If it’s on your Desktop, type: 

Copy code

cd ~/Desktop

Run this command: 

Copy code

hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

Let’s break down what this command means:

-m 0: This tells Hashcat that the hash type is MD5.

-a 0: This tells Hashcat to use a wordlist to guess the password.

hash.txt: This is the file that contains the hash.

/usr/share/wordlists/rockyou.txt: This is a popular list of passwords that Hashcat will use to guess the password.

Hashcat will go through each password in the list and compare it to the hash. When it finds a match, it will display the password. In this case, the result would be:

makefile

Copy code

5f4dcc3b5aa765d61d8327deb882cf99:password

This means the original password was password.

Example 2: Cracking a SHA1 Hash

Let’s try another type of hash, called SHA1.

Create a new file called sha1hash.txt with this SHA1 hash:

Copy code

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

This hash represents the password password.

Run this command: 

Copy code

hashcat -m 100 -a 0 sha1hash.txt /usr/share/wordlists/rockyou.txt

In this case, -m 100 tells Hashcat that we’re working with a SHA1 hash. Hashcat will run through the same process and should find that the password is password.

Example 3: Using a Brute Force Attack

If you don’t have a wordlist or if the password isn’t a common one, you can use brute force. This means Hashcat will try every possible combination of characters.

Here’s how you can set up a brute force attack for an 8-character password using lowercase letters: 

Copy code

hashcat -m 0 -a 3 hash.txt ?l?l?l?l?l?l?l?l

Here’s what that means:

-a 3: This tells Hashcat to use brute force.

?l?l?l?l?l?l?l?l: This means “try every combination of 8 lowercase letters.”

This attack can take longer, depending on the complexity of the password, but if the password is something like applepie, Hashcat will eventually find it.

Example 4: Cracking a ZIP File Password

Hashcat can also help you crack passwords for ZIP files. Here’s how you can do that:

First, install John the Ripper, which will help us extract the password hash from the ZIP file: 

Copy code

brew install john

Next, use zip2john to extract the hash from the ZIP file:

Copy code

zip2john myzipfile.zip > ziphash.txt

Now, run Hashcat on the ZIP hash: 

Copy code

hashcat -m 13600 -a 0 ziphash.txt /usr/share/wordlists/rockyou.txt

This tells Hashcat to use mode 13600, which is for ZIP file hashes.

Step 6: Adjusting Hashcat Settings on macOS

Hashcat can use both your computer’s processor and, if supported, your graphics card to speed up cracking. To see which devices are available, run this command:

Copy code

hashcat -I

This will list the available devices Hashcat can use. To use a specific device, use the -d option:

Copy code

hashcat -d 1 -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

This tells Hashcat to use device 1 (like your graphics card, if available) for the cracking process.

Conclusion

Hashcat is a powerful tool for recovering passwords, and using it on macOS is straightforward once you break it down into simple steps. Whether you're recovering an MD5 hash, SHA1 hash, or even a ZIP file password, this guide gives you the foundation to get started. Remember, always use Hashcat responsibly—only on passwords you own or have permission to recover.

With these examples, you’ll be well-equipped to start using Hashcat on your Mac and unlock the potential of this versatile tool!

 

Emory “Casey” Mullis

Criminal Investigator

Coweta County Sheriff’s Office

Emory Casey Mullis has been in Law Enforcement for over 20 years, encompassing both military and civilian roles. His journey with computers began with a Gateway 266 MHz, which was the pinnacle of consumer technology at the time, costing around $2000. Driven by pure curiosity, he disassembled his new computer right out of the box, much to the dismay of his wife, who insisted, "It better work when you put it back together!" This hands-on experience provided him with a foundational understanding of computer hardware and sparked his career as a Cyber Investigator.

Over the years, Casey has tackled numerous cyber cases, continually honing his skills and knowledge. He emphasizes the importance of questioning, challenging, and testing daily to stay abreast of the latest tools, software, and technologies. Despite the ongoing challenges, he thrives on the dynamic nature of cyber forensics and eagerly embraces every opportunity to learn and grow in this ever-evolving field.