It includes features typically seen on advanced spyware and delivers functionality that allows threat actors to spread their wares in a more stealthy fashion.
click on the image to read the article
Saturday, December 27, 2025
from the net: New Android Malware Lets Hackers Turn Google Play Apps Into Spyware
Wednesday, December 24, 2025
Have a Great Christmas and New Year
Tim and I are taking a few days off, so enjoy the holidays with your loved ones .
Tuesday, December 23, 2025
The Internet Protocol Journal Volume 28, No.3, December 2025
The latest issue of the Internet Protocol Journal mixes technical thinking with some big-picture debates about where the Internet is headed. It kicks off with the editor’s notes and then dives straight into security and governance topics, including an article on how to protect a truly borderless Internet. A major theme in this issue is Internet governance, highlighted by two opposing pieces that ask whether the traditional “multistakeholder” model is breaking down—or if reports of its death are greatly exaggerated.
Beyond those heavier discussions, the issue also slows things down a bit with a thoughtful book review of Geopolitics at the Internet’s Core, which looks at how global politics shape the Internet’s infrastructure and decision-making. There’s also a memorial piece honoring Fearghas McKay, recognizing his impact on the networking community. Shorter sections like Fragments and Thank You! add some lighter, reflective moments between the more serious articles.
Overall, this IPJ issue strikes a nice balance between deep technical insight and broader reflections on policy, security, and the people behind the protocols. It’s a solid read for anyone who wants to stay informed not just about how the Internet works, but how it’s governed—and where it might be headed next.
click here or the above image for this issue
Monday, December 22, 2025
Saturday, December 20, 2025
Digital Aftershocks: How DDoS Attacks Are Reshaping the Cyber Battleground
The latest NETSCOUT DDoS Threat Intelligence Report (Issue 15: Findings from 1H 2025) paints a stark picture of how distributed denial-of-service (DDoS) attacks have evolved from occasional nuisances to potent instruments of disruption and geopolitical influence. In just the first half of 2025, more than 8 million DDoS attacks were recorded worldwide, with extreme bursts reaching 3.12 Tbps in bandwidth and 1.5 Gpps in packet throughput, underscoring the sheer scale and ferocity of modern attack campaigns. NETSCOUT
A key takeaway from the report is the increasing sophistication and diversity of DDoS threats. Long-standing groups like NoName057(16) continue to launch high-impact campaigns, while emerging actors such as DieNet and Keymous+ leverage DDoS-as-a-service platforms that lower barriers to entry for attackers. These campaigns often coincide with major geopolitical flashpoints and are powered by vast, adaptive botnets that exploit vulnerabilities in IoT devices, servers, and routers.
Beyond sheer volume and complexity, the report highlights how DDoS attacks are now weaponized in conjunction with political and social events, allowing hacktivists and other threat actors to amplify their impact. Attacks average around 18 minutes in duration, but even short bursts can inflict significant disruption on targeted infrastructure and the broader networks that depend on it. The report also shows regional variations in attack intensity and patterns, emphasizing the global and uneven nature of the threat landscape.
Finally, NETSCOUT stresses that the collateral damage from these attacks extends far beyond primary targets. Service providers and enterprises alike feel the ripple effects as traditional defenses struggle to keep pace with AI-enhanced automation, multi-vector strategies, and readily accessible attack services. The report underscores the importance of real-time intelligence, adaptive mitigation tools, and comprehensive visibility into internet traffic to stay ahead of evolving DDoS campaigns.
Friday, December 19, 2025
Stop Packet Hoarding: Why Enabling DHCP Logs Will Save Your Sanity
DHCP logs tell a clean, simple story: who asked for an address, when they asked, what they got, and why they maybe didn’t get one. You can immediately see failed requests, exhausted scopes, duplicate MAC addresses, or clients that just won’t stop asking nicely. Instead of squinting at hex values and scrolling past ARP chatter, you get human-readable entries that point straight to the problem. It’s the difference between reading a police report and watching every security camera in the city at once.
Another big win is time and storage. Packet captures grow fast and get unwieldy even faster. You capture too little and miss the issue, or capture too much and now you’re archiving a multi-gigabyte file named “dhcp_final_FINAL_v3.pcapng.” DHCP logs, on the other hand, are lightweight and continuous. You can leave them on without worrying about disk space or explaining to management why the firewall suddenly needs more storage than the file server.
That’s not to say packet captures are useless—sometimes you really do need the chainsaw. But for day-to-day DHCP troubleshooting, logs are faster, clearer, and far less likely to make you question your career choices at 2 a.m. Enable DHCP logging first, solve the problem in minutes, and save packet captures for when things get truly weird. Your future self, staring at fewer packets and drinking better coffee, will appreciate it.
here is an example of enabling DHCP
logging on a Ubqiuiti Edgrouter that is acting as a DHCP server.
configure
set service dhcp-server global-parameters 'log-facility local2;'
set system syslog file dhcpd facility local2 level debug
set system syslog file dhcpd archive files 5
set system syslog file dhcpd archive size 5000
commit; save
exit
After applying the changes, you can view the DHCP log with:
show log file dhcpd
Here is some sample output - before you freak out, do your dhcp homework
@Georgetown:~$ show log file dhcpd
Dec 11 09:57:58 Georgetown dhcpd3: uid lease 10.44.10.173 for client e8:ca:c8:57:fb:4c is duplicate on 10.44.10.0
Dec 11 09:57:58 Georgetown dhcpd3: DHCPDISCOVER from e8:ca:c8:57:fb:4c via eth2
Dec 11 09:57:58 Georgetown dhcpd3: DHCPOFFER on 10.44.10.37 to e8:ca:c8:57:fb:4c via eth2
Dec 11 09:58:12 Georgetown dhcpd3: uid lease 10.44.10.173 for client 24:3f:75:dd:af:38 is duplicate on 10.44.10.0
Dec 11 09:58:12 Georgetown dhcpd3: DHCPDISCOVER from 24:3f:75:dd:af:38 via eth2
Dec 11 09:58:12 Georgetown dhcpd3: DHCPOFFER on 10.44.10.36 to 24:3f:75:dd:af:38 via eth2
Dec 11 09:58:42 Georgetown dhcpd3: DHCPDISCOVER from 3c:7a:aa:9a:c3:8f via eth2
Dec 11 09:58:43 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 3c:7a:aa:9a:c3:8f via eth2
Dec 11 09:58:45 Georgetown dhcpd3: DHCPDISCOVER from 84:c8:a0:d3:b8:2e via eth2
Dec 11 09:58:45 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 84:c8:a0:d3:b8:2e via eth2
Dec 11 10:02:59 Georgetown dhcpd3: uid lease 10.44.10.173 for client e8:ca:c8:57:fb:4c is duplicate on 10.44.10.0
Dec 11 10:02:59 Georgetown dhcpd3: DHCPDISCOVER from e8:ca:c8:57:fb:4c via eth2
Dec 11 10:02:59 Georgetown dhcpd3: DHCPOFFER on 10.44.10.37 to e8:ca:c8:57:fb:4c via eth2
Dec 11 10:03:13 Georgetown dhcpd3: uid lease 10.44.10.173 for client 24:3f:75:dd:af:38 is duplicate on 10.44.10.0
Dec 11 10:03:13 Georgetown dhcpd3: DHCPDISCOVER from 24:3f:75:dd:af:38 via eth2
Dec 11 10:03:13 Georgetown dhcpd3: DHCPOFFER on 10.44.10.36 to 24:3f:75:dd:af:38 via eth2
Dec 11 10:03:43 Georgetown dhcpd3: DHCPDISCOVER from 3c:7a:aa:9a:c3:8f via eth2
Dec 11 10:03:44 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 3c:7a:aa:9a:c3:8f via eth2
Dec 11 10:03:45 Georgetown dhcpd3: DHCPDISCOVER from 84:c8:a0:d3:b8:2e via eth2
Dec 11 10:03:45 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 84:c8:a0:d3:b8:2e via eth2
Dec 11 10:08:00 Georgetown dhcpd3: uid lease 10.44.10.173 for client e8:ca:c8:57:fb:4c is duplicate on 10.44.10.0
Thursday, December 18, 2025
LinkRunner AT 4000 versus Network Switch Cable Test (Carlo Zakarian)
I used to think the network switch was a master detective, capable of solving all my cable mysteries with a single, glowing link light, and remote management cable tests. We’ve all seen these features on managed switches, select a port, perform a cable test, and watch for the results to be displayed as either pass, fail, split pair, and the length of the cable.
It wasn't until the feature-packed LinkRunner AT 4000 entered the scene that I realized the switch cable test was actually the network equivalent of a Magic 8-Ball, answering every complex problem with a confident “Yes, cable pass!” and not knowing why it passed.
Most technicians assume that if the switch reports “Cable Pass” the cable is having a great day. But if you want to know if that cable is suffering from a hidden split pair or just a minor existential crisis, you call in the Linkrunner AT 4000.
The LinkRunner AT 4000 is a handheld advanced network cable tester, it’s the stern, white-gloved proctor administering the final exam, it has a follow-up list of diagnostic questions, starting with “Did you remember to terminate correctly on both ends of the cable?” The LRAT 4000 conveniently draws out the pin-to-pin wire mapping on the LCD screen, it can precisely measure cable fault via TDR, indicating cable problems such as split pairs, shorts, opens, mis-wired, and crossovers. It also can test for port speeds, PoE, network and connectivity issues, and perform a full network map of your environment.
Follow along with me and watch as I show you the difference between what a basic switch cable test reports versus a LinkRunner AT 4000 advanced precision cable tester.
Carlo Zakarian is a network engineer with over 15yrs
experience in the networking implementation, design, and diagnostics field
specializing in LAN, WAN, and Wireless.
Owner of NetFocus Technologies, an IT Managed consulting firm based in
Chicago, specializes in setting up, configuring, diagnosing software, hardware,
and network infrastructure.
He can be reached via his website at https://www.NetFocusTech.com
Wednesday, December 17, 2025
Packet Sleuthing on the Edge: How tcpdump Saved My DHCP Sanity
When a DHCP issue strikes, it tends to do so with the subtlety of a brick through a window. Devices suddenly stop obtaining addresses, clients complain that “the network is broken,” and the logs seem to be playing hide-and-seek. This situation was a bit different; one client could not get an ip address from wifi, but worked fine on the wired side. same vlan, same dhcp server. and yes his wifi works fine everywhere else. Since the router was the dhcp server, I turned to one of the most under-appreciated diagnostic tools hiding inside a Ubiquiti EdgeRouter: tcpdump. While the GUI has plenty of useful stats, nothing beats raw packet visibility when you need to know exactly what’s happening on the wire.
tcpdump is widely used and been documented thoroughly https://www.tcpdump.org/manpages/tcpdump.1.html
Capturing packets directly on the EdgeRouter has a huge advantage—you’re collecting data at the precise point where traffic passes. No guessing. No relying on secondhand logs. With tcpdump, I could instantly see whether DHCP DISCOVER, OFFER, REQUEST, and ACK packets were actually being exchanged. In my case, that clarity helped me spot that the DISCOVERs were arriving, but the OFFERS weren’t making it back out. Without that level of detail, I would’ve been stuck blaming ghosts or rebooting things out of desperation.
It was a simple process; i simply ssh'd into the router and typed the following command to capture 5MB of dhcp packets and write them to capture_dhcp.cap.
sudo tcpdump -i switch0 -n -vvv port 67 or 68 -C 5 -W 1 -w capture_dhcp_2.pcap
Another perk is how easy it is to filter traffic with tcpdump. Instead of drowning in a sea of packets, I could lock in on port 67/68 traffic or even narrow the view to a single MAC or interface. It’s like having an X-ray machine for your network, where you can zoom right into the failing process without being distracted by everything else. And since captures can be saved and opened in Wireshark later, you get the best of both worlds: lightweight on-device capture with full-blown desktop analysis afterward.
Finally, running tcpdump on an EdgeRouter is fast, simple, and—most importantly—accurate. When troubleshooting something finicky like DHCP, assumptions are the enemy. tcpdump removes the guesswork and replaces it with hard evidence you can act on. In my case, it cut hours of trial-and-error down to minutes and pointed directly at the misconfigured relay causing all the chaos. If you’re working with Ubiquiti gear and not using tcpdump yet, trust me—your future self will thank you.
Tuesday, December 16, 2025
from the net: 20 Daily Linux Commands System Administrators Use in Production
As a Linux SysAdmin working in a production environment, your daily routine is all about keeping systems stable, secure, and performing at their best. From troubleshooting issues to monitoring resources and ensuring uptime, you wear many hats, and time is always of the essence.
While Linux offers thousands of commands, not all of them are part of your day-to-day toolbox. However, there’s a core set of powerful, reliable commands that you’ll find yourself using every single day, often multiple times.
In this article, I’ll walk you through the 20 most essential Linux commands every system administrator should master. These aren’t just commands, they’re your go-to tools for monitoring performance, managing logs, controlling services, debugging problems, and much more.
CLICK THE IMAGE FOR THE FULL ARTICLE
I have some ideas for some cool challenges and giveaways in the new year which will only be available to email subscribers.
Monday, December 15, 2025
Forgettable Things
After spending decades in the HDD industry, I came to believe that even the slightest loss of stored data was so catastrophic as to justify a hurried team meeting and a frantic search - using the latest high-tech tools - for the root cause. I never hesitated to buy extra storage for my own personal data so that I could always have a backup. Computer memory stores data as a string of 1’s and 0’s, typically represented by either tiny, magnetized regions on a surface, or as electrical charges on floating gate transistors. Storage integrity is affected by things like temperature, humidity, and mechanical shock. The physics is straightforward, but the possibilities for failure are many.
Of late, I have begun to ponder memory loss of a different kind. It seems that if you sometimes enter a room only to forget why you went there, it is normal. If you misplace your car keys and find them on the bathroom counter, that too is normal. If, however, you find your keys in the freezer, you may need to summon a different team with a separate set of tools to figure out what is going on. The human brain has around 86 billion neurons, each with thousands of connections. A process known as synaptic plasticity alters the strength of these connections, forming the basis for learning and memory. Unlike with digital devices, storage is analog and influenced by emotion, context, and experience.
With all those neurons and connections buzzing away, you would think we could remember pretty much everything, but the design wasn’t meant for that. According to a 2009 report by the Global Information Industry Center at UC San Diego, we are exposed to 34 Gigabytes (nearly 12 hours’ worth) of information on a daily basis. Cognitive psychologist George Miller, in a 1956 paper on memory capacity, suggested that we can only keep 7 things (plus or minus 2) in mind at a time. While researchers are still debating the number, most suggest that it is probably smaller rather than larger. Our brains are mindbogglingly miraculous in function, but they are also selective.
This system of economy looks to filter information as much as possible, store the minimum, and make sure to get maximum benefit from that information. There are occasions, however, where we are surprised and frustrated by the things we miss. I still remember the number for the old dial telephone in the house I grew up in, yet I often forget the name of the person I was just introduced to in an important meeting.
According to memory scientist Charan Ranganath of U.C. Davis, trying to cram more into your head is not the best answer. One suggestion is what he calls “chunking” or grouping items to reduce the overall number. Like the way I apparently stored my first phone number under “home,” or most of us remember the alphabet or our Social Security number, chunking can improve efficiency.
You can find more about Dr. Ranganath’s handy acronym for chunking all these steps, known as “MEDIC”, here. He also offers additional tips for any of us who may feel frustrated with our forgetfulness. Meaning is an important part of securing a spot in our limited storage space - if a memory is vivid or meaningful, that improves the odds of recall. Addressing the CEO of an important customer by the wrong name in a meeting not only sucks the oxygen out of the room but it also creates a vivid memory unlikely to be forgotten.
At the age of 12, my granddaughter memorized Teddy Roosevelt’s “Strength and Decency” for a regional speech meet. It was distinct from other things she was studying in that it was over 1200 words long and she knew she would be delivering it in front of a 3-judge panel in a packed room. Preparation involved lots of trial and error, first reciting a section and then checking for accuracy. Even though this was an unusually large “chunk,” she nailed it.
Importance and context are also key elements of memory, which brings me back to the disconcerting case of that CEO (which I would like to forget). After all, even though humans aren’t built to remember everything, I thought we were built to survive.
Sunday, December 14, 2025
Boost Your Packet Analysis with the CellStream Wireshark Profiles Repository
For network engineers, security analysts, and IT troubleshooters, Wireshark is an indispensable tool for inspecting packet-level traffic and diagnosing complex issues. But despite its power, setting up Wireshark just the way you need it — with the right filters, color rules, columns, and display preferences — can take a lot of time. That’s where the CellStream Wireshark Profiles Repository comes in: a centralized collection of ready-to-import Wireshark configuration profiles that streamline setup and make pinpoint analysis faster and easier.
CellStream, Inc.
One of the biggest advantages of using pre-built Wireshark profiles is time savings. Instead of manually crafting display filters and custom views for each protocol or troubleshooting task, you can simply download and import a profile tuned for a specific purpose — whether that’s DNS analysis, Wi-Fi troubleshooting, IPv6 focus, VoIP flows, or TCP performance insights. These profiles come with optimized configurations that reflect real-world use cases, helping you spend less time configuring the tool and more time diagnosing issues.
CellStream, Inc.
In addition to speeding up your workflow, the repository helps users learn best practices. By exploring profiles created by experienced network professionals, you can see how seasoned analysts structure filters, choose color rules, and organize columns for maximum clarity. This makes the repository not only a practical resource but also a learning platform — especially for those new to Wireshark or looking to develop deeper packet analysis skills. Furthermore, having a variety of profiles lets you quickly switch between different analysis contexts without losing your custom settings.
CellStream, Inc.
Finally, the CellStream repository fosters community collaboration and sharing. While the collection is curated to avoid unsafe uploads, contributors can submit improved or new profiles to expand the library for everyone’s benefit. This collaborative aspect turns a typically solitary configuration task into a shared resource, empowering the wider Wireshark community with tools that reflect a broad range of networking needs and real-world scenarios.
click on the image and go check it out
Saturday, December 13, 2025
Strategy in the Digital Age: Mastering Digital Transformation by Michael Lenox – A Review
Technological progress is rapid and accelerating. Biologist Paul Ehrlich reassures us that as long as the human brain is setting the pace, we needn’t fear – basic human intelligence has remained the same for thousands of years. On the other hand, Singularity Theory (e.g., I. J. Good 1965) warns that Artificial Intelligence could beget machines that design progressively more intelligent machines, eventually leading to an “intelligence explosion” that leaves humans far behind. While pundits debate how to keep AI in check, Strategy in the Digital Age by Michael Lenox teaches business leaders how to navigate and manage the digital transformation. Organizations facing the shifting business strategies of this new paradigm will benefit from this well-organized deep dive into all things digital.
Kodak was the legendary leader in photographic film and, though they foresaw the rise of digital imaging and spent billions to keep up, they still landed in bankruptcy. Smartphone cameras, digital watches, and word processors are all transformational technologies that disrupted established businesses. As if things weren’t moving fast enough, the COVID pandemic pushed digital innovation ahead even more. The foundational digital technologies of processing power, storage capacity and bandwidth have grown exponentially over the past half-century - the technology of today could easily be obsolete in a year. The author closes his first chapter by laying out the structure and strategy with which the book will address the transformation.
Competition will be different in the digital age, and asset-light businesses will exploit existing technology with software to connect independent providers directly with customers. Examples include Uber, Lyft, Airbnb, and eBay. These two-sided market makers discourage competition primarily through rapid growth. The more people who adopt these platforms, the more value they have – Facebook has ~ 3 billion users, while LinkedIn has close to a billion. These platforms can also vanish quickly (e.g., Tinder, Match) if deemed “uncool” by users. Understanding just how digital transformation spreads is key to developing effective business strategies. The author helps by clarifiying the interconnectedness of various digital and non-digital technologies.
Once upon a time, a business produced a product, marketed it, and sold it to the customer in a one-way transaction. The new customer relationship is a longer lasting, two-way deal where the value proposition may continue to shift with changing customer needs. Lego has an online website where customers can build whatever they want with digital Lego blocks. Good designs that became popular have been made into real Lego kits. Another new method of capturing value is a switch from a one-time payment to a subscription, where defending customer engagement and loyalty becomes essential. Stitch Fix does this by analyzing customer data with AI to provide a regular offering of curated clothing. During Steve Job’s second stint at Apple, the company stopped trying to compete with Microsoft and moved into new innovative territory with the iPhone and iPad products. High switching costs kept customers engaged in the Apple universe.
Much like Kodak, General Electric saw digital change coming. GE invested heavily in the Internet of Things, but nonetheless failed to become a market leader. Perhaps GE’s old-school image kept customers from trusting them as the right company for this transformation. Valuable resources, like GE’s, aren’t enough if those resources are widely available. Corporate culture is one complementary intangible asset – examples include Amazon (data driven) or Apple (design expertise). The most important competitive asset may be the ability to innovate at every stage of the game.
Professor Lenox, a recognized expert in business strategies for the digital transformation, relates his own experience after being asked to lead the efforts at the University of Virginia’s Darden School of Business. This program accelerated with the onset of the COVID pandemic, which forced a change to 100% online course delivery and exams. His first-hand experience elucidates many of the book’s key points. Any organization must begin with a solid digital infrastructure, add data analytics (hence the emergence of the “data scientist” as an essential creative team member), and develop digital applications. Finally, none of this really matters unless there is a well-articulated digital strategy to tie it all together and feed back through the first three layers.
Many of the characteristics required of good leaders for the digital transformation will be familiar. One leadership strategy I especially liked was to encourage a culture where people are not paralyzed by a fear of failure. By assigning individuals to several project teams at once, one failure can be cast as an opportunity to devote more time to other tasks.
The media closely scrutinizes the products of digital transformation, and topics like data breaches and mental health concerns are popular click-bait. Social media is credited with enabling the Arab Spring and causing the resignation of Egyptian President Hosni Mubarak, but it has more recently been blamed for mentally unhealthy comparisons among young people During the 2016 US Presidential election, foreign actors were found to be provoking discord online and even inciting violent protests. As the term “surveillance capitalism” enters the lexicon, the very definition of privacy is changing. 96% of Apple iPhone users chose not to allow mobile device applications to track their data, causing Facebook to forecast a $10B decline in advertising revenue.
The author summarizes some of the concerns with Artificial Intelligence and introduces the importance of studying the ethics behind software algorithms. As he notes, some of our anti-trust laws may need to be revised to accommodate situations where monopoly may actually drive down prices and benefit consumers. The concept of “The Value of Values” is a fitting finish to the section on digital transformation – it is critical to check each new market opportunity for its alignment with your core values. Adjusting the values, on the other hand, sets a dangerous precedent.
Some of the most pressing problems of our time – optimized, sustainable farming, climate change and decarbonization, healthcare and telemedicine, the availability of education... – are promising fields for digital transformation. Author Michael Lenox lays out the challenges, providing a “Framework” at the end of each chapter to summarize the content and help readers organize their thoughts into actionable ideas. He concludes the book with a tour through all the frameworks in summary fashion to put the entire process in perspective. Individual terms are explained in such a way that the potential reader should not be put off by “business speak”, and there is a complete glossary of terms for further support. References to other useful business books in the body of the text guide the motivated reader to further detail on specific topics.
Populated with numerous relatable examples, Strategy in the Digital Age entertains, informs, and leaves with reader with a solid plan for doing business in the fast-moving digital world.
Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life. In addition to being a regular contributor to NetworkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics. Paul has over 40 years of experience in research and advanced development for companies ranging from small startups to industry leaders. His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara.
Subscribe to:
Comments (Atom)
Popular post
-
I just wanted to take a few minutes to share the results of some of the "Capture Limit" testing I have been doing in my lab. These...
-
From Betty's Linkedin post I've updated my profiles! I've now got over 300 hashtag # Wireshark display filters to share. I had...
-
Everyone loves a reference sheet and this one is very helpful since GREP is so under utilized Found this on www.sysxplore.com my favori...
