One of the new features in Zabbix 7.0 LTS is proxy load balancing. As the documentation says: Proxy load balancing allows monitoring hosts by a proxy group with automated distribution of hosts between proxies and high proxy availability. If one proxy from the proxy group goes offline, its hosts will be immediately distributed among other […]
Tag: wireshark
Decrypting Zabbix TLS with Wireshark
One of the built-in security features in Zabbix is TLS (Transport Layer Security) support for external connections. This means that when your distributed Zabbix proxies or Zabbix agents connect to the Zabbix server (or vice versa), TLS can be used to encrypt all the connections. When the connections are encrypted, third parties cannot read the […]
Troubleshooting Zabbix Agent with Wireshark
A user has a Zabbix agent that collects the used disk space information on a host. The item interval is one minute: However, the user complains that Zabbix fails to collect to data appropriately as the graph has empty areas with occasional dots: In Zabbix implementations with very high NVPS (new values per second) this […]
Capturing Packets on Windows with Packet Monitor (Pktmon)
As https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon puts it: Packet Monitor (Pktmon) is an in-box, cross-component network diagnostics tool for Windows. It can be used for packet capture, packet drop detection, packet filtering and counting. Nice thing about it is that it is present by default on all modern Windows versions, so you can do a quick packet capture when […]
Data Buffering in Zabbix Proxy
One of the features of Zabbix proxy is that it can buffer the collected monitoring data if connectivity to Zabbix server is lost. In this post I will show it happening, using packet capture, or packet analysis. Zabbix setup and capturing Zabbix proxy traffic This is the setup in this demo: For simplicity, the agent […]
Zabbix Active Agent Autoregistration
Let’s see how the Zabbix active agent autoregistration works in the communication. I have configured the Zabbix agent (version 6.2.3) on the Linux host at 192.168.7.17 with this configuration: ServerActive=192.168.7.15 Hostname=Test-agent After restarting the agent, the Zabbix server (version 6.2.3) at 192.168.7.15 logged immediately in /var/log/zabbix/zabbix_server.log: cannot send list of active checks to “192.168.7.17”: host […]
Customizing Wireshark Settings
I’ve done countless troubleshooting sessions so that I’m having Wireshark open with a relevant capture file and either I’m showing my findings to the other participants or doing straight up live packet analysis. Sometimes the sessions are followed up with questions about how did I actually have Wireshark configured because it looked different on their […]
LDAPS Problem: Can’t contact LDAP server (-1)
LDAP authentication problem in the customer environment: The error message was received right after entering the password. Tshark says: 1 0.000000000 192.168.99.200 → 10.10.10.10 TCP 74 44780 → 3269 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2891116193 TSecr=0 WS=128 2 0.001225814 10.10.10.10 → 192.168.99.200 TCP 74 3269 → 44780 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 […]
How to Decrypt TLS Traffic with Wireshark
This is a small note to keep the links to posts by Peter Wu: Extract pre-master keys from an OpenSSL application Extracting openssl pre-master secret from apache2 Example in Debian Buster: With the keys saved by that process (and doing the packet capture at the same time, in either server or client side), you can […]
Zabbix Protocol Dissector for Wireshark
While troubleshooting a Zabbix communication problem I realized that there was no Zabbix protocol dissector in Wireshark. Long story short: I wrote my own dissector in Lua as an exercise. Actually, I wrote two dissectors, one for Zabbix passive agent communication (port 10050, the not-so-json-style protocol) and one for other Zabbix components (port 10051). You […]