Network

Disable Windows Firewall Server Core

Server Core now installed and what is the first command I choose to run in PowerShell

Its a command to disable all firewall profiles:

 

TechShort: PowerShell to Setup VPN Connections

Here is a way we can be consistent with our setup of VPN connections on computers.

Using PowerShell this is made simple with a small script on a USB stick, network share or whatever method you choose to get the to the client machine

The following is a one line PowerShell command:

Next is to see if this can be placed in a group policy to have it automated on end user computers

I hope this helps your process of machine setups.

– Jermal

Ref: https://technet.microsoft.com/en-us/%5Clibrary/JJ554820(v=WPS.630).aspx

ET P2P Torrent Client User-Agent (Solid Core/0.82)

I have been seeing this alert “ET P2P Torrent Client User-Agent (Solid Core/0.82)” on networks for sometime now and was able to narrow it down to being related to Adobe Flash (Firefox and Chrome). I am not sure why Adobe is using a torrent client in its flash but this seems to be the source.

This is also triggered not only by updating the software, but from the web installer when it connects out.

I later confirmed this myself with the assistance of another who updated their flash and triggered this alert.

 

I hope you enjoyed this post
Please visit me on Facebook @ http://www.facebook.com/jermsmitcom & via twitter: #jermsmit

Some Basic Use of Nmap

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. I along with many other systems and network administrators also find it to be a useful tool for the right job. Nmap can be installed and used in Windows, and mostly common in Linux distributions such as Debian and the well known Ubuntu.

You can get the Windows install form http://nmap.org/ along with the Linux versions.  In Linux (Debian) I simple sudo apt-get install nmap -y and the rest is done in a few seconds.

Now that you have Nmap, what can you do? Here are some examples I use every so often:

~# nmap google.com – gives me info about google.com (Hostname google.com resolves to 11 IPs..)

~# nmap 192.168.1.0/24 – scans my network and return info on machines and service ports listening

~# nmap -sP 192.168.1.100 – attempts to detect if a host is up or down

~# nmap -PN 192.168.1.100 – attempts to detect if a host is up or down (no pings sent)

~# nmap -sT 192.168.1.100 – port scan using TCP

~# nmap -sU 192.168.1.100 – port scan using UDP

~# nmap -O 192.168.1.100 – attempts to identify the remote OS, returns TCP/IP fingerprint

And I could go on, but lets just end these example here and I’m sure you’ll find others.

Run … run, you clever boy … and remember. – Clara Oswald

dump packets with tcpdump

How many times did you forget the parameters.  I have, countless time.
Lets see if my sharing here I will remember some of my favorite commands

# tcpdump -nnXSs 0 ‘port 5060’

Command switches (what they are for)

  • “-nn” plays nice by not looking up hostnames in DNS or service names.
  • “-X” makes it print each packet in hex and ascii
  • “-S” print absolute rather than relative TCP sequence numbers
  • “-s 0” by default tcpdump will only capture the beginning of each packet, using 0 I get it all