Tools

Install RSAT on Windows 10 1809

Recently updated to Windows 10, version 1809, removed the Remote Server Administration Tools (RSAT) that were previously installed.  This is common with such updates, however, this time around I was unable to reinstall the tools.  After much digging, I discovered that this is because Microsoft has made the RSAT tools a part of the “Features on Demand” in Windows 10.

Features on Demand (FODs) are Windows feature packages that can be added at any time.
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/features-on-demand-v2–capabilities

More info on Windows Features on Demand: https://searchwindowsserver.techtarget.com/definition/Microsoft-Windows-Features-on-Demand

To install RSAT on Windows 10 version 1809, open an elevated Command or PowerShell and run the following DISM command:

DISM.exe /Online /add-capability /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 /CapabilityName:Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0 /CapabilityName:Rsat.CertificateServices.Tools~~~~0.0.1.0 /CapabilityName:Rsat.DHCP.Tools~~~~0.0.1.0 /CapabilityName:Rsat.Dns.Tools~~~~0.0.1.0 /CapabilityName:Rsat.FailoverCluster.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.FileServices.Tools~~~~0.0.1.0 /CapabilityName:Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.IPAM.Client.Tools~~~~0.0.1.0 /CapabilityName:Rsat.LLDP.Tools~~~~0.0.1.0 /CapabilityName:Rsat.NetworkController.Tools~~~~0.0.1.0 /CapabilityName:Rsat.NetworkLoadBalancing.Tools~~~~0.0.1.0 /CapabilityName:Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.RemoteDesktop.Services.Tools~~~~0.0.1.0 /CapabilityName:Rsat.ServerManager.Tools~~~~0.0.1.0 /CapabilityName:Rsat.Shielded.VM.Tools~~~~0.0.1.0 /CapabilityName:Rsat.StorageReplica.Tools~~~~0.0.1.0 /CapabilityName:Rsat.VolumeActivation.Tools~~~~0.0.1.0 /CapabilityName:Rsat.WSUS.Tools~~~~0.0.1.0 /CapabilityName:Rsat.StorageMigrationService.Management.Tools~~~~0.0.1.0 /CapabilityName:Rsat.SystemInsights.Management.Tools~~~~0.0.1.0

 

Once the install has completed you will notice the tools installed again under ‘Windows Administrative Tools’.

 

Here are links to additional info:

 

Useful nmap testing commands

Nothing new here .  Just wanted to share some commands I are useful when performing network or direct systems testing using the nmap tool. The commands below will all display scan results in console while also saving to file.

 

Discover live hosts: 

nmap -n -sn -PE -oA live_hosts 10.0.0.0/24

Discover open TCP ports:

nmap -sS -vv -p- -oA tcp_ports_65535 10.0.0.2
nmap -sS -vv -p- -Pn –reason –open -oA tcp_ports_65535 10.0.0.2
nmap -sS -vv -p- -Pn –reason –max-rate 1 –open -oA tcp_ports_65535 10.0.0.2

 

Discover open UDP ports:

nmap -sU -vv -p- -oA udp_ports_65535 10.0.0.2

 

Discover services running on open UDP ports:

nmap -sU -sV -vv -A -O -p[port1],[port2] -oA open_udp_ports 10.0.0.2

Scan for most common 1000 TCP ports:

nmap -sS -sV -vv -A -O –top-ports 1000 –reason –open -oA tcp_ports_1000 10.0.0.2

Scan for most common 1000 UDP ports:

nmap -sU -sV -vv -A -O –top-ports 1000 –reason –open -oA udp_ports_1000 10.0.0.2

 

Tech Short: Debug VPN in Checkpoint R77.30

The following tech short will provide a list of commands used to enable debugging in Checkpoint’s R77.30 Firewall. To start you must  SSH into firewall host (or active member).

To turn on VPN debug from the expert mode:

# vpn debug trunc

At this point you want to test your VPN connection and verify that IKE Phases. This can be done with the following commands:

# vpn tu (option 1 and 2), you may need to reset tunnel to test. This is done by using (option 7)

To tune off the VPN debug the following commands should be issued:

# vpn debug off

# vpn debug ike off

 

When completed retrieve the logs vpnd.elg and ike.elg – located under $FWDIR/log

Checkpoint has an IKEView tool which is located on their site, and used to review the logs, else using a tool such as Notepad++ for analysis is helpful.

Tech Short: PowerShell: Networking Diagnostics

Listen ‘tracert’ its not you, its me…  I am not ending my long term relationship with the diagnostic tools which I have used for many years now.  I am just exploring others, and in doing so going on a “break”.

I recently starting using PowerShell more often and wondered is there a tool which can do what ‘tracert‘ does and maybe more.

This is where the PowerShell command  Test-NetConnection comes into the picture.

It does many of the functions of tracert which an out-put which at this point I favor far more.

Here are some examples:

Here is an example of using Test-NetConnection to test connectivity to jermsmit.com

Test-NetConnection jermsmit.com

ComputerName : jermsmit.com
RemoteAddress : 184.168.16.1
InterfaceAlias : Wi-Fi
SourceAddress : 1.2.3.150
PingSucceeded : True
PingReplyDetails (RTT) : 80 ms

 

Same test as above using the –TraceRoute flag return the list of hosts on the path to the specified target jermsmit.com

Test-NetConnection jermsmit.com -TraceRoute

ComputerName : jermsmit.com
RemoteAddress : 184.168.16.1
InterfaceAlias : Wi-Fi
SourceAddress : 1.2.3.150
PingSucceeded : True
PingReplyDetails (RTT) : 82 ms
TraceRoute :
1..2.3.150
96.120.75.45
68.86.221.197
68.86.209.165
68.86.90.21
68.86.85.53
68.86.85.25
68.86.83.82
173.167.58.134
184.168.0.69
184.168.0.69
97.74.255.129
184.168.16.1

As you can see form the examples its a very useful tool in PowerShell, also giving you information about which network interface you are testing from.

What I have also found out is there is an alias for  Test-NetConnection. To use this all you need to do is simply type ‘tnr‘ following by the command syntax.

For more info on using Test-NetConnection type: Help Test-NetConnection in the PowerShell command prompt – Results may looking similar to what I have shown below:

 

PS C:\Windows\system32> Help Test-NetConnection

NAME
    Test-NetConnection
    
SYNTAX
    Test-NetConnection [[-ComputerName] <string>] [-TraceRoute] [-Hops <int>] 
    [-InformationLevel <string> {Quiet | Detailed}]  [<CommonParameters>]
    
    Test-NetConnection [[-ComputerName] <string>] [-CommonTCPPort] <string> {HTTP | RDP | SMB | 
    WINRM} [-InformationLevel <string> {Quiet | Detailed}]  [<CommonParameters>]
    
    Test-NetConnection [[-ComputerName] <string>] -Port <int> [-InformationLevel <string> 
    {Quiet | Detailed}]  [<CommonParameters>]
    

ALIASES
    TNC
    

REMARKS
    Get-Help cannot find the Help files for this cmdlet on this computer. It is displaying only 
    partial help.
        -- To download and install Help files for the module that includes this cmdlet, use 
    Update-Help.

 

 

 I hope you enjoyed this techshort, thanks for visiting – jermal

 

Retrieve MX records using nslookup

One of my new kids on the block asked me a question tonight; “Jermal, how do I get the mx record of a domain?”

To retrieve mx record information we need to use a tool called nslookup which is available in Windows and Linux

The quick syntax use is

nslookup [-option] [hostname] [server]

 

Example of its usage

nslookup -type=mx jermsmit.com 8.8.4.4

And what it looks like in

Linux

Windows