LDAP authentication problem in the customer environment: The error message was received right after entering the password. Tshark says: 1 0.000000000 192.168.99.200 → 10.10.10.10 TCP 74 44780 → 3269 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2891116193 TSecr=0 WS=128 2 0.001225814 10.10.10.10 → 192.168.99.200 TCP 74 3269 → 44780 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 […]
Category: Networking
How to Decrypt TLS Traffic with Wireshark
This is a small note to keep the links to posts by Peter Wu: Extract pre-master keys from an OpenSSL application Extracting openssl pre-master secret from apache2 Example in Debian Buster: With the keys saved by that process (and doing the packet capture at the same time, in either server or client side), you can […]
High Availability Clustering with Zabbix on Debian
Later in this document: Setting up the database servers Setting up the Zabbix servers Setting up the frontend (web) servers Edmunds Vesmanis had a presentation in Zabbix Summit 2019 about Zabbix HA setups (video in Youtube), and he also wrote a post in Zabbix blog titled High Availability cluster building with Zabbix for continued service: […]
Zabbix Protocol Dissector for Wireshark
While troubleshooting a Zabbix communication problem I realized that there was no Zabbix protocol dissector in Wireshark. Long story short: I wrote my own dissector in Lua as an exercise. Actually, I wrote two dissectors, one for Zabbix passive agent communication (port 10050, the not-so-json-style protocol) and one for other Zabbix components (port 10051). You […]
Linux Routing Memos
These are just small hints and memos what to do on a Debian Linux setup. This is not a complete guide on doing a secured routing environment with Linux. /etc/sysctl.conf: net.ipv4.ip_forward=1 Configure /etc/network/interfaces iptables -t nat -A POSTROUTING -o <upstream_interface> -j MASQUERADE apt-get install iptables-persistent apt-get install iftop apt-get install conntrack conntrack -L -s 10.11.1.10 […]
Zabbix Components and Ports
Zabbix monitoring system consists of components that communicate with each other. Here is a summary of the TCP ports and some configuration characteristics of various connections. Active agent: The Zabbix agent periodically asks the Zabbix proxy (or Zabbix server, if configured to use the server directly) for the list of items that should be collected, […]
Wireshark and 802.11 Data in Capture Files
Once again I was asked to get involved when a customer had problems with an application. I won’t go into application or problem details here but the process eventually involved capturing traffic on a customer laptop to see what was actually happening. The consultant doing the capture was not using Wireshark as I would have […]
Junos Default Applications
From Junos 12.1X47-D25.4 on SRX240H2: markku@srx> show configuration groups junos-defaults applications # # File Transfer Protocol # application junos-ftp { application-protocol ftp; protocol tcp; destination-port 21; } # # Trivial File Transfer Protocol # application junos-tftp { application-protocol tftp; protocol udp; destination-port 69; } # # Real Time Streaming Protocol # application junos-rtsp { application-protocol […]
majornetwork.net Is Now TLS-Enabled
I just enabled TLS in majornetwork.net. Everything seems pretty normal, and old http links should still work, redirecting to https. If you notice anything breaking up, let me know. Oh, and don’t report “not working with IE 6 on Windows XP”: It’s not me, it’s you.
IPsec VPN Tunnel between F5 BIG-IP and Juniper SRX
This post is an example of configuring an IPsec tunnel with F5 BIG-IP. In the diagram below the IPsec tunnel is configured between SRX210 (Junos 12.1X47-D20.7) and F5 BIG-IP (11.6.0 HF5-ENG11). F5 BIG-IP is connected here in one-arm setup. The SRX240 is not “an interesting device” in this demonstration. It is just a firewall and […]