In this post I’ll discuss a reality that is often overlooked when talking about using cloud services: Network latency matters. Here is the test network: On Your Marks Let’s first imagine that the hosts HostA and HostB are near each other, like in the same data center. The latency between the hosts is negligible: markku@HostA:/mnt$ […]
Category: Networking
LDAPS Problem: Can’t contact LDAP server (-1)
LDAP authentication problem in the customer environment: The error message was received right after entering the password. Tshark says: 1 0.000000000 192.168.99.200 → 10.10.10.10 TCP 74 44780 → 3269 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2891116193 TSecr=0 WS=128 2 0.001225814 10.10.10.10 → 192.168.99.200 TCP 74 3269 → 44780 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 […]
How to Decrypt TLS Traffic with Wireshark
This is a small note to keep the links to posts by Peter Wu: Extract pre-master keys from an OpenSSL application Extracting openssl pre-master secret from apache2 Example in Debian Buster: With the keys saved by that process (and doing the packet capture at the same time, in either server or client side), you can […]
High Availability Clustering with Zabbix on Debian
Later in this document: Setting up the database servers Setting up the Zabbix servers Setting up the frontend (web) servers Edmunds Vesmanis had a presentation in Zabbix Summit 2019 about Zabbix HA setups (video in Youtube), and he also wrote a post in Zabbix blog titled High Availability cluster building with Zabbix for continued service: […]
Zabbix Protocol Dissector for Wireshark
While troubleshooting a Zabbix communication problem I realized that there was no Zabbix protocol dissector in Wireshark. Long story short: I wrote my own dissector in Lua as an exercise. Actually, I wrote two dissectors, one for Zabbix passive agent communication (port 10050, the not-so-json-style protocol) and one for other Zabbix components (port 10051). You […]
Linux Routing Memos
These are just small hints and memos what to do on a Debian Linux setup. This is not a complete guide on doing a secured routing environment with Linux. /etc/sysctl.conf: net.ipv4.ip_forward=1 Configure /etc/network/interfaces iptables -t nat -A POSTROUTING -o <upstream_interface> -j MASQUERADE apt-get install iptables-persistent apt-get install iftop apt-get install conntrack conntrack -L -s 10.11.1.10 […]
Zabbix Components and Ports
Zabbix monitoring system consists of components that communicate with each other. Here is a summary of the TCP ports and some configuration characteristics of various connections. Active agent: The Zabbix agent periodically asks the Zabbix proxy (or Zabbix server, if configured to use the server directly) for the list of items that should be collected, […]
Wireshark and 802.11 Data in Capture Files
Once again I was asked to get involved when a customer had problems with an application. I won’t go into application or problem details here but the process eventually involved capturing traffic on a customer laptop to see what was actually happening. The consultant doing the capture was not using Wireshark as I would have […]
Junos Default Applications
From Junos 12.1X47-D25.4 on SRX240H2: markku@srx> show configuration groups junos-defaults applications # # File Transfer Protocol # application junos-ftp { application-protocol ftp; protocol tcp; destination-port 21; } # # Trivial File Transfer Protocol # application junos-tftp { application-protocol tftp; protocol udp; destination-port 69; } # # Real Time Streaming Protocol # application junos-rtsp { application-protocol […]
majornetwork.net Is Now TLS-Enabled
I just enabled TLS in majornetwork.net. Everything seems pretty normal, and old http links should still work, redirecting to https. If you notice anything breaking up, let me know. Oh, and don’t report “not working with IE 6 on Windows XP”: It’s not me, it’s you.