Tools

Tech Short: Debug VPN in Checkpoint R77.30

The following tech short will provide a list of commands used to enable debugging in Checkpoint’s R77.30 Firewall. To start you must  SSH into firewall host (or active member).

To turn on VPN debug from the expert mode:

# vpn debug trunc

At this point you want to test your VPN connection and verify that IKE Phases. This can be done with the following commands:

# vpn tu (option 1 and 2), you may need to reset tunnel to test. This is done by using (option 7)

To tune off the VPN debug the following commands should be issued:

# vpn debug off

# vpn debug ike off

 

When completed retrieve the logs vpnd.elg and ike.elg – located under $FWDIR/log

Checkpoint has an IKEView tool which is located on their site, and used to review the logs, else using a tool such as Notepad++ for analysis is helpful.

Tech Short: PowerShell: Networking Diagnostics

Listen ‘tracert’ its not you, its me…  I am not ending my long term relationship with the diagnostic tools which I have used for many years now.  I am just exploring others, and in doing so going on a “break”.

I recently starting using PowerShell more often and wondered is there a tool which can do what ‘tracert‘ does and maybe more.

This is where the PowerShell command  Test-NetConnection comes into the picture.

It does many of the functions of tracert which an out-put which at this point I favor far more.

Here are some examples:

Here is an example of using Test-NetConnection to test connectivity to jermsmit.com

ComputerName : jermsmit.com
RemoteAddress : 184.168.16.1
InterfaceAlias : Wi-Fi
SourceAddress : 1.2.3.150
PingSucceeded : True
PingReplyDetails (RTT) : 80 ms

 

Same test as above using the –TraceRoute flag return the list of hosts on the path to the specified target jermsmit.com

ComputerName : jermsmit.com
RemoteAddress : 184.168.16.1
InterfaceAlias : Wi-Fi
SourceAddress : 1.2.3.150
PingSucceeded : True
PingReplyDetails (RTT) : 82 ms
TraceRoute :
1..2.3.150
96.120.75.45
68.86.221.197
68.86.209.165
68.86.90.21
68.86.85.53
68.86.85.25
68.86.83.82
173.167.58.134
184.168.0.69
184.168.0.69
97.74.255.129
184.168.16.1

As you can see form the examples its a very useful tool in PowerShell, also giving you information about which network interface you are testing from.

What I have also found out is there is an alias for  Test-NetConnection. To use this all you need to do is simply type ‘tnr‘ following by the command syntax.

For more info on using Test-NetConnection type: Help Test-NetConnection in the PowerShell command prompt – Results may looking similar to what I have shown below:

 

 

 

 I hope you enjoyed this techshort, thanks for visiting – jermal

 

Retrieve MX records using nslookup

One of my new kids on the block asked me a question tonight; “Jermal, how do I get the mx record of a domain?”

To retrieve mx record information we need to use a tool called nslookup which is available in Windows and Linux

The quick syntax use is

 

Example of its usage

And what it looks like in

Linux

Windows

 

What’s Going on with TrueCrypt

As Bruce Schneier wrote “TrueCrypt WTF”

I am curious about the status of TrueCrypt one of my favorite tools. There seems to be many summaries about this story .

You can find them:

Here on Slashdot

Here on Hacker News

Here on Reddit

I am waiting for more details, lets see what plays out.

Win32DiskImager

If you ever needed to clone a USB, SD Memory card, etc. Using Win32DiskImager is a excellent program tool for the job.

Win32DiskImager, enabled you to save and restore raw images to removable media.  I have been using this for my Raspberry Pi installs and other USB Bootable media as a way to quickly backup and restore without having to do full re-installs.

 

 

Freeware Active Directory, Exchange, Lync provisioning tool

I can’t wait to play with this free software called Z-Hire. Z-Hire is a employee provisioning that handles account creations in Active Directory, Exchange, Lync. With just a few simple clicks (one click) accounts for Active Directory, Exchange, and Lync will be created.

Z-Hire doesn’t just assist those account administrators with creating new accounts; It simplifies account closures. Z-Hire can even create accounts in Office 365 and SalesForce. So take a look at it. I am sure you will find it very useful. Best of all, its free.

Link to help info:

http://www.zohno.com/docs/Z-Hire_V4_Administration_Guide.pdf

http://www.zohno.com/docs/Z-Term_V4_Administration_Guide.pdf

Download Z-Hire from TechNet

 

System Requirements
– Windows 7 X64 w/ .NET 3.5 and .NET 4.0 (Domain Joined)
– Windows Server 2008 X64 w/ .NET 3.5 and .NET 4.0 (Domain Joined)
– Windows Server 2008 R2 X64 w/ .NET 3.5 and .NET 4.0 (Domain Joined)

Permission Requirements
– Ability to create Active Directory user
– Ability to create Exchange Mailbox
– Ability to create / enable Lync user

Supported Environments
– Active Directory (all versions)
– Exchange 2007 (all versions)
– Exchange 2010 / 2013 (all versions)
– Lync 2010 / 2013 (both Standard and Enterprise versions)
– Office 365 Cloud
– SalesForce CRM Cloud

The SysAdm Tools – I must have on my Windows Computers

This is my computer. There are many like it, but this one is mine. My computer is my best friend. It is my life. I must master it as I must master my life. My computer, without me, is useless. Without my computer, I am useless… And while there isn’t a true computer users creed; I wouldn’t mind having something such as this exist.

Moving forward I wanted to share with you some of software tools I install on all the computers I use to work, and play. Best of all they are all available for free.

  1. 7zip – One of the best tools for zipping and unzipping files. 7-Zip is open source software and can be used on any computer, including a computer in a commercial organization
  2. Putty – For system administrators, network admins alike this software is a must have.  Featuring support for telnet and SSH. 
  3. Notepad ++ – Notepad alternative that has great support for several programming languages.
  4. Wireshark – What else can I say; its a network protocol analyzer used for network troubleshooting, analysis, software and communications protocol development
  5. WinMTR – Traceroute and ping in a single network diagnostic tool. Useful when providing details to support teams
  6. Nmap – Free Security Scanner For Network Exploration & Hacking
  7. Iperf – A network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them
  8. BackupProggie – A simple Windows copy/backup program with easy to use GUI. Supports long file names (above 256 chars). With many options to get the job done. 
  9. HDGraph – Wonderful tool to draw multi-level pie charts of disk space on your disk volumes. 
  10. Testdisk –  Free and open source data recovery utility. It is primarily designed to help recover lost data storage partitions. Also one of the best free data recovery tools out
  11. SysinternalsSuite – Windows troubleshooting utilities – Everyting from disk, memory, cpu and more. This suite has many tools; If you want to look under the hood of Windows this is a must have.
  12. Tor – Sometimes Its all about enabling online anonymity; you never know when you want to rant. 
  13. TrueCrypt – disk encryption software for Windows used for on-the-fly encryption (OTFE).
  14. Tftpd32 – Simple to setup and use TFTP Server, with DHCP abilities under its belt. Useful when pulling down switch and router configurations or when your just need to setup a small network for imaging systems.
  15. VLC – A cross-platform multimedia player and framework, which can also stream audio and video in a number of formats. Very useful for playing media without the need of a specific type of player

These are the just some of what I install. I hope you find my list useful.

 

Microsoft Message Analyzer Beta 3 is released

Microsoft Message Analyzer is the successor of Microsoft Network Monitor. Microsoft released their third and final Beta of Microsoft Message Analyzer which will be followed up by the official release in the fall.

In addition to the new features and functionality, they improved performance and reduced the memory footprint. Here is a list of the new features highlights.

Centralized Sharing Infrastructure — users can now utilize the new Message Analyzer sharing infrastructure to create Library items as shareable assets that that you can import, export and share with others. Manageable asset types include Trace Scenarios, Filters, Viewpoints, Color Rules, Column Layouts, and Sequence Expressions.
User Libraries — Above assets are available under centralized User Libraries
Home tab — includes new Ribbon reorganization and enhancements that include the following features:

Viewpoints — specify preset viewpoints so you can view data from the perspective of a protocol, in addition to hiding operations in the current view and resetting the default viewpoint.

Time Shifts — specify time shifts that adjust for machine skew or time zone changes across traces.

Chart tab — enables you to create, edit, save, and share your own Composite Chart viewers that can contain custom-configured pie, bar, timeline, and grid chart components, similar to the built-in Protocol Dashboard.

Session Status — includes a new progress bar indicator in Session Explorer for loading, capturing, filtering, sorting, finding, and grouping data, in addition to applying sequence matching. Also displays the number of messages in a session and the number of messages in a session after Viewpoints or View Filters are applied.

Tool Windows — the following new tools are now available:
Diagnostics window — summarizes diagnosis errors in a session and enables you to easily jump to a corresponding diagnosis message in the Analysis Grid. You can also filter Diagnostics window columns to isolate specific column data.

Call Stack tool window — displays the message stack for any selected message row in the Analysis Grid.

Bookmarks window — an annotation window that enables you to mark one or more messages of interest, which includes adding links, attachments, and different colored flags.

Comments window — an annotation window that enables you to quickly add basic comments to one or more messages.

Server Response Time — a new Global Annotation entity from Column Chooser that you can add as a data column in the Analysis Grid viewer, to measure the time interval between a request operation to a server and the first server response. Provides a context for assessing server performance.

Hyper-V Switch trace capability — capture traffic from individual VMs on a host by tying into the local Hyper-V switch.

Sequence Expression Editor — develop and save sequence expressions based on message traffic that you have captured. You can also manage sequence expressions as assets that you can share with your colleagues.
Filtering Language enhancements — the Filtering Language has been extended to include support for IP sub-netting and DateTime literal expressions.

OPN behavior scenario extensions — support has been added for using an Xpath-like notation when creating OPN sequence expressions, to enable you to specify constraints on message origins. In addition, support is now included for arbitrary expressions (including annotations) in reference patterns.

Centralized Field Chooser — a new feature that extends the Column Chooser so that it is available to other tools that require you to choose fields, for example, when configuring a Sequence Expression.

Looking for this? You find it at https://connect.microsoft.com/directory/ by logging into your account and searching for it. Join the beta program and happy testing.

For more info: http://blogs.technet.com/b/messageanalyzer/archive/2013/06/21/microsoft-message-analyzer-beta-3-released.aspx

Using netcat to print header info from web browsers

You can identify what information is sent from the browser to the remote web server using a Linux tool called netcat (nc). Netcat is often referred to as a “Swiss-army knife for TCP/IP”. Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.

Simply run netcat in listing mode on your desired port. Example: nc -l 8080. You can then point to address of this system http://ip_address:port and netcat will display the values received.

The following are some example of the output:

Google Chrome – Version 27.0.1453.116m:

GET / HTTP/1.1
Host: 10.255.255.10:8080
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

 

Internet Explorer 10 – Version 10.0.9200.16599

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: 10.255.255.10:8080
DNT: 1
Connection: keep-alive

 

Firefox – Version 21.0

GET / HTTP/1.1
Host: 10.255.255.10:8080
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

 

Google Chrome (Android) – Version 27.0.1453.90

GET / HTTP/1.1
Host: 10.255.255.10:8080
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SAMSUNG-SGH-I337 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.90 Mobile Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

 

Active Directory Replication Status Tool

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest.

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.
Specific capabilities for this tool include:

• Expose Active Directory replication errors occurring in a domain or forest
• Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
• Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
• Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

Download the Active Directory Replication Status Tool

 

like us on facebook – http://www.facebook.com/jermsmitcom