Why Packet Analysis (and Wireshark) Should Be In Your Security Toolkit

 

Don’t underestimate the value of packet analysis in your security strategy. And if you’re analyzing packets, the open-source Wireshark software is a go-to tool. On today’s episode, we talk with Chris Greer, a Wireshark trainer and consultant specializing in packet analysis.

Chris explains the critical role of packet analysis in cybersecurity, particularly in threat hunting and incident response. He emphasizes why security professionals should understand packet and network protocol fundamentals, and highlights the value of  Wireshark as a learning tool.

We also cover continuous learning options such as Shark Fest, YouTube, and Udemy for those looking to enhance their skills in packet analysis.

https://packetpushers.net/podcasts/packet-protector/pp047-why-packet-analysis-and-wireshark-should-be-in-your-security-toolkit/

Ubiquiti WAN Balancing And Failover Part 2

 I really enjoy hearing from people who read or watch my videos. The feedback is usually very helpful with next article ideas, requests for clarification or help, and most importantly things I may have missed to cover in the article or video.

A great example is when I posted the article “Testing Edgerouter load balancing“ (https://www.networkdatapedia.com/post/testing-edgerouter-load-balancing) . if you didn’t see it, I did a simple video and short write up explaining how I implemented fail over on a Ubiquiti router.

A few people asked if I had tested what would happen if the link was physically up but no data on it. Fortunately I had started that lab, video and write up but nice to know we were on the same mental page.

In this video, I cover this scenario, where I disconnect an upstream connection so the router link status is up but no data flow.

I used this Ubiquiti page to configure my router https://help.ui.com/hc/en-us/articles/205145990-EdgeRouter-WAN-Load-Balancing .  The article does a great job explaining the commands, etc..

Good old Windows Command Prompt

 i can't tell you how many times someone comments on how they had no idea how powerful the command prompt is and how many things you can do from it. The same applies to the CLI interface of most equipment.

Ok, I will admit and confess that since I started in this field during the late 90's, the command prompt or CLI doesn't spook me at all. Truth be told, I go looking for it since I like to script things, and it's much easier to do so from the CLI, rather than a GUI.

Since Microsoft introduced the Terminal application, i thought it would be helpful to review the basic redirection and the new Export Text feature that is available.

Enjoy

Basic configurations on Cisco ASA Firewall - Part 1 (thenetworkdna)

 

As a part of the understanding on the basics of Cisco ASA firewalls, these are some of the commands used to configure Cisco ASA firewall in real scenario.

click on the link or image to get to the article

Look what we have here

 

What would my Sunday be without a last-minute call?

A local business that I help out when they need a hand, calls me and explains that they've had internet performance issues since day one.

They upgraded their internet service to fibre, then their local computer guy blamed the wifi, so they put in a new wifi mesh solution, now the same computer guy is blaming their switch. My friend is getting suspicious and asked if I had a few minutes to come by and check things out and give a second opinion.

It took about 10 minutes for my network senses to start tingling ..

First red flag; no documentation

Second red flag; they have 3 wiring closets for a fairly small office with no idea what terminates to (see first point) or why there's 3 wiring closets.

Third red flag: no testing methodology; the IT reseller tells him to buy it, rip out the old gear, install it and see what happens. Rinse and repeat.

Fourth red flag: path panel cable IDs don't match the faceplates in the office or the actual cables behind the patch panel.

i started at the front desk computers (that were the source of the complaint) and showed them how to trace a cable, how to label, and some tips and tricks along the way.

I found an old 10/100 hub, yeah i said hub, that we swapped out with a gig switch.

i explained that a switch will help contain physical level errors compared to a hub.

After we traced the newly swapped switch connection back to the 'main switch' and i noticed the port was running at 100 Mbps, instead of 1 Gbps which can be related to cabling issues.

i told him that he needs to trace out all the connections from the switch to the computers to better understand where the cabling runs and if there are any more hubs on his network.

A few hours later i got an update. he found one more hub and a bunch of 'crazy cabling' that i need to see. Since its only 20 minutes from my house, i scooted over and holy cow...

There were about a half a dozen cables that were spliced like you see in the photo. some of the network cables were actually spliced to old phone cabling.

I brought my cabling tools; crimper, RJ45 connectors, toner, punch-down tool and labels. The client and his computer guy said they are familiar with how to terminate and tone cables so I left them my tools and will follow up in a few days.