Recovering Your Web Password While troubleshooting with a client, we ran into a fairly common issue. We went to their storage room and retrieved some equipment. We successfully reconfigured one device, which was easy because his web browser had pre-filled the login and password. When we tried to configure it, my client realized that he didn’t know the password for 2 of the 3 devices since he was new to the network support group. He asked me if I had any ideas or suggestions that would help. ... read the res of this article at http://www.thetechfirm.com when its posted ... https://www.youtube.com/watch?v=O4ZOjFNOsP0
Basic HTTP Authentication Review
check out the LMTV show i did covering the article
https://www.youtube.com/watch?v=u4kgwFf6j8o
One of the things I keep my eyes peeled for are items that involve security implications.
Full disclaimer, I am not a security guru, nor do I profess to be one but I do understand some of the more obvious issues.
For example many of you are probably familiar with the term ‘clear text’. This is when you data or credentials are transmitted in a text format. Obviously this is not a good thing since anyone who happens to intercept this data will be able to easily see your data or credentials.
Hence the introduction of encryption when your data is encoded in such a manner that only authorized applications can read the data. Unfortunately as many people know, different types of encryption have their weaknesses.
In this video I cover the most simplest of http authentication; HTTP Basic. With this method, your data is encoded with Base64 in transit. Some people even go as far as stating this is encrypted, but I don’t want to go down that rabbit hole. Suffice to say that we can all agree the data is no longer in clear text.
I show you that with Wireshark, and no additional downloads, plugins or scripts, Wireshark will decode the Authorization string, revealing the credentials. The syntax presente3d is simply username:password.
Please keep in mind that this something specific to Wireshark, so you should take a moment to try your own protocol analyzer to see how it fairs.
...
https://www.youtube.com/watch?v=NvFJHSYC2j4
Dont forget to LIKE and SUBSCRIBE
----------------------------------------------------------------
When you capture packets and see delta times, I wonder how much of that latency is the client, network and server? I know that’s a pretty general bunch of categories but a good start. When you get to a specific device like the client there are numerous variables that can cause excessive latency. Some examples are; poorly written application, antivirus application running scans, tons of excessive background applications and services, misconfigured protocols and of course, storage.
I have covered some of these topics in past articles/videos, but thought winsat deserved an article when I first stumbled across this utility a few months ago.
The Windows System Assessment Tool (WinSAT) is available on Microsoft operating systems from Windows Vista and higher. It measures various performance characteristics and capabilities of the hardware it is running on and reports them as a Windows Experience Index (WEI) score.
In this video I quickly run the command on a client and server and go over some of the returned values.
...
https://www.youtube.com/watch?v=xRUkot7wYIs
I’ve received a lot of feedback from my readers expressing their gratitude that my articles/videos are short and to the point. To those people who took the time to send their feedback, thank you.
One topic that I’ve been asked to cover lately is TCP sequence number analysis. There are many videos out there that are very good. I know, since I watched quite a few of them ;)
After watching 4 or 5 of these videos, I noticed that they weren’t geared towards analysts getting into this level of analysis for the first time and missed a few items that I would have added. So here you go.
In this video I briefly’ cover some of the TCP sequence tips and tricks that I use in the field. The important part is to remember that by default
...
https://www.youtube.com/watch?v=bQ9ZPkZ6ru4
Installing and troubleshooting layer 1 is a big part of my job.
I cant tell you how many issues I resolved by simply “getting off my butt”, going for a walk (when possible) and discovering the root cause is at layer 1.
I’ve seen a ton of variations at layer 1. Here is an excerpt of what I’ve seen; dirty fiber, ethernet copper cable wrapped around a MIG welder, ethernet copper cable wrapped around a generator, fiber pinched in a door, female to female coupler coming apart, cable resting on a heater, cabling chewed through by a rodent, poor grounding on outdoor installs, cheap old cables falling apart, bashed in face plates and improperly punched down patch panels.
In this video I show you what took down a wireless access point – chewed cable. Please make sure you protect your cabling with a conduit or whatever is appropriate for the installation environment.
...
https://www.youtube.com/watch?v=ZJ1G59qtk2U
Free command line timer
Command line or batch files are incredibly important to me as an analyst.
I cannot count the number of times creating a simple script has saved me countless hours. Some examples that come mind;
- Performing testing when I’m working alone
- Running tests unattended
- Having other people perform your testing
- Running a task as part of a notification system
In this article I use a simple example of recording the start/stop or elapsed time when copying a file. This can be easily modified for a wget, iperf, iperf3 copy, etc.
I would strongly encourage you to get a little familiar with this as a valuable skill and to better understand similar commercial applications that you may have.
URL to the timer.exe utility https://www.gammadyne.com/cmdline.htm
https://www.thetechfirm.com
Getting things to work better - bit by bit-
Linkedin Profile https://ca.linkedin.com/in/fortunat
Youtube Channel: https://www.youtube.com/user/thetechfirm
NetworkDataPedia Blog: https://www.networkdatapedia.com/blog/author/Tony-Fortunato
Network Computing Blog: https://www.networkcomputing.com/author/tony-fortunato
Linkedin Company URL: https://www.linkedin.com/company/the-tech-firm/
...
https://www.youtube.com/watch?v=eVTPy967_hs
Aircheck SSID AP Troubleshooting
it is quite common to have several physical access points support the same SSID. Every vendor has their own way of handling handoffs and in most cases, it works pretty good. But what do you do when you suspect one access point is causing an issue?
I don’t care which operating system you are using, it is very difficult to select one physical access point to connect to. I should know, I tried for hours with android and several windows applications with no luck.
In this video, a client had an issue where clients would complain that they intermittently couldn’t get internet access. That’s when remembered my previous point. How can I troubleshoot this. In the past, I would physically power off access points to test this theory, but today I had my NetAlly AirCheck G2 and thought I would give it a try.
Fortunately it was pretty straightforward. I configured my wireless security settings and manually connected to the access points. In the video below you will see that it only took a few minutes to determine that one of the access points was not passing DHCP. It would have taken me about an hour to physically or virtually trace the connections alone.
After some more investigative work, I determined that the access point was new access point on a VLAN that did not have any dhcp configured. We simply changed the VLAN configuration and, boom, internet.
Of course I took an extra 10 minutes to confirm that all the access points forwarded DHCP packets, not just the one we worked on.
...
https://www.youtube.com/watch?v=dqB6ezvaOjs
Troubleshooting FTP Errors With Wireshark
The most daunting problem to troubleshoot is when the application spits out a generic error that could mean anything. Here's the analogy; how helpful is the 'Check Engine' light on your car dashboard.
The worst part is when the customer tries to take the cryptic, generic application error message and tries to make sense of it in an attempt to assist the analyst. Don't get me wrong, any information is helpful while troubleshooting, but you have to be selective in what you pursue.
In this example FTP works one moment and fails the next. Of course the customer immediately called the help desk, who pings the ftp server and comments that is up and no outages have been recorded by the network management system. Then the ticket goes to the server dept who ftp's without an issue, unfortunately by now so can the customer. The server department says the connection error must be a 'network thing'.
I captured some packets and have recreated what I found and how the application, Chrome in this example, failed to pass on the FTP server connection limit error. The only way I was able to get real meaningful data is from the wire.
This isn't a Chrome 'bash' session since I have seen many applications not report what was on the wire or reinpterpet what was reported by the server.
In summary, the ftp server ran out of connections or had a limit on the number of connections an IP address could have. The administrator was told about this and the FTP server configuration was adjusted to allow more connections.
...
https://www.youtube.com/watch?v=zJoeYugcvTA
www.aukua.com
Here’s a common question I get asked, “How do you handle multi gig trace files?”
My first response is always “I try to avoid those scenarios.”
With 1 Gb and high connections, its easy to get a trace file that is hundreds of megabytes or 1 gigabyte. In most scenarios, you start a capture wait for the problem and then go through a ton of packets.
There are ways to minimize the number of packets to analyze that I have covered in past articles like packet slicing, and good old capture filters. Another tip is to use capture stop triggers. A capture stop trigger is simply a user configured event you use to stop the analyzer from capturing.
If you are lucky the stop trigger could be an application error, TCP RST, ICMP error, etc, In this video I show you a common trigger I use where I ping the client or vice versa.
When you use a stop trigger along with a smaller capture buffer, like 100 MB, you have a lot less to analyze.
Enjoy
...
https://www.youtube.com/watch?v=7W3HwP9bO2U
Wireshark 2.0 and Follow The Stream
For those of you who read and watch my videos on a regular basis will have heard this way too many times, but here I go.
You should always go through your most used features of any software after an upgrade to make sure nothing ‘broke’. But more importantly, to be aware of any changes to your favorite features.
In this video I cover a bit of Wireshark 2.0’s TCP-Follow TCP Stream and some of the changes. In a follow up video I will be a bit more thorough, but figured this was a good start.
For those you haven’t used it. It’s a great way to do two things; create a TCP conversation display filter and to display all the payload in a screen. If the data is in clear text, you can see the various commands and responses. Both are color coded differently ie Blue and Red so you can easily tell them apart.
Lovemytool Blog: http://www.lovemytool.com/blog/tony-fortunato/
Network Computing Blog: http://www.networkcomputing.com/author-bio.asp?author_id=2332
Garland Technology Blog: http://www.garlandtechnology.com/blog/author/tony-fortunato
Youtube Channel: http://www.youtube.com/user/thetechfirm
NEW: http://www.thetechfirm.tv
Google Plus: http://plus.google.com/+Thetechfirmplus
Network Computing Articles: http://tinyurl.com/h8orh26
...
https://www.youtube.com/watch?v=xPgCZwj446o