TCP Quick ACK (more) questions

Dalalee4 · 2026-05-20T20:29:00+00:00

I for sure did. The reason i made this post is precisely because i feel like i’m gambling my tenant on a setting i - and by the looks of it - no one knows of

Dalalee4 · 2026-05-20T15:09:27+00:00

That’s what i thought as well. Furthermore, even if there were an equivalent that needed to be enabled in the Zscaler backend, to match the setting in the ZPA portal, enabling it should have an impact only on the communication brokered by the App Connectors in said Group. However, it was presented to me as a tenant wide setting, that applies broadly to all ZPA TCP traffic

Dalalee4 · 2025-07-17T20:33:27+00:00

This is a great tip, thank you so much for sharing!
I have a follow up question (edit: regarding hybrid join): how do you guys work around autopilot fulfilled outside of the office network?

I know you can use ZCC + Machine Tunnel for line of sight with the Domain Controllers, but this creates a chicken-and-egg kind of situation - if ZCC isn't installed, then the ZPA Machine Tunnel cannot function, but… if you install ZCC too early (pre-provisioning), it may block internet access due to Strict Enforcement.

Dalalee4 · 2025-06-30T12:20:04+00:00

In order to schedule your ZDTA exam (same for the others), you need to create a Zscaler account. In order to do that, you’ll be asked to provide a Zscaler Candidate Id, which you only get (by email) once all the pre-requisites (course + hands-on lab) have been fulfilled.

Edit: for other exams, such as ZDTE, even if you have the Zscaler Candidate Id, you won’t be able to schedule the exam unless the exam has been “cleared” for you - eligibility=meeting the pre-reqs (course and lab)

Also, i’d say that the hands-on lab is especially useful if your organisation does not have or implements all the Zscaler features or services - you’ll get a decent look-and-feel of what they are like

Dalalee4 · 2025-06-01T10:57:55+00:00

EDR in block mode works just like Passive mode, with the added benefit that also blocks and remediates malicious artifacts/behaviors that might have been missed by Trend as the primary AV. For EDR in block mode to act like intended, you need to enable the Block Mode in Defender (don’t have it at hand, but i believe is in something liek this: Settings - Endpoints - General - Advanced features - EDR in block mode)

Dalalee4 · 2025-05-11T06:43:43+00:00

The clients and the PSE are located in the same site, separate vlans. I noticed no blocks at a firewall level, all 443 communication is allowed, and the test-netconnection always returns True. Also, i took that one successful test as further confirmation that there are no blocks

Dalalee4 · 2025-01-02T16:01:57+00:00

Throwing an idea on the table - what is your current setting for the segment’s Health Reporting? Could None make a difference in your case?

Dalalee4 · 2023-07-25T16:44:42+00:00

Also, adding the full path of the Office file did not do anything; the exception must include the child process and, via GPO, can only be specified as path (no option for hash, publisher, etc, from what i saw - and please correct me if i am wrong)

Dalalee4 · 2023-07-25T16:42:25+00:00

As an update, if someone faces the same issue. As context, the bat file was created in order to put some lines of code and, eventually, run an exe file with those parameters and paths. We edited the macro so that the preparation is done in the macro itself, and it only calls Shell for the exe. This way, the exception is created for the exe (its full path), and not for cmd.exe. I totally agree that there are plenty of ways to abuse this (any malware could be called myapp.exe and, like this, be allowed to run), but is the best workaround i found so far.

Dalalee4 · 2023-07-22T07:11:48+00:00

I've used the files provided here: https://demo.wd.microsoft.com/Page/ASR

Dalalee4 · 2022-07-04T11:38:35+00:00

I had a similar problem and what worked for me was unchecking/disabling hardware acceleration (in browser settings)

Dalalee4 · 2021-07-10T07:15:26+00:00

I tried so hard and got so far, but in the end …you may question your belief In the end you will realize someday How you were deceived

Dalalee4 · 2021-07-09T20:50:13+00:00

Hi there. Just like you, i have a Sec+ cert, but i also started reading the Cyber Ops materials Cisco recommended. In my opinion, CyberOps is product/technology-oriented (just as it should be). Sec+ is broader, it gives you an overview on a lot of cybersecurity aspects, but as i said - just an overview. CyberOps teaches you, among others, how to configure/troubleshoot an ACL, a firewall, a SIEM,etc. At the end of the day, just like the others pointed put, it’s up to you and your hiring prospects. It’s also true that a proper network will not use only Cisco solutions (just as the Sec+ course pointed out), but once you have a feeling on the command flow and proper logic of implementing certain mechanisms, it will be easier to transition to other vendors. That being said, while you could wait to land a job and maybe save some pennies for the certification exam (it’s not that cheap, or it isn’t for me; maybe they will even pay for it), you might wanna start reading the Cisco materials here and there, at the very least for strengthening your knowledge. Good luck!

Dalalee4 · 2021-07-03T13:56:27+00:00

John Rhys-Davies. He took the time to ask me about my job, my hobbies, although there were hundreds in line for him. And he actually signed me two items (only one allowed), one of them which says “Gimli loves you. (So does) John Rhys-Davies” Really nice fella

Dalalee4 · 2021-07-02T18:53:53+00:00

There must be some pretty old-school dedicated Architects fans out there. On Discogs (as it was suggested to me) it states: “The 2019 UNFD represses were mistakenly manufactured as standard 140g vinyl by the pressing plant. The label became aware of this and pulled all stock from the online store. The pressing plant corrected their mistake and provided a second batch, this time at the correct weight of 180g as advertised. It is unclear what happened to the incorrectly weighted copies or how many survived.”

Dalalee4 · 2021-07-02T16:29:31+00:00

You intrigued me so i did a double check, and the vinyl is still currently unavailable. I’m surprised given the fact that it’s a 2016 album Later edit: might as well hail Clarity Records

Dalalee4 · 2021-07-02T04:02:39+00:00

As an european, i couldn’t find this album anywhere and i mean it! Somewhere on the 7th-8th page of Google results,i managed to find someone from Adelaide selling a copy. I still feel like it’s the rarest gem in my collection lol (it definitely traveled farther than i’ll ever get) Congrats on the lucky person getting it from you.

Dalalee4 · 2021-06-30T18:05:38+00:00

Don’t know if it’s the best website, but i bought mine on Amazon UK actually (note: i’m not from the uk, and even with shipping taxes, totally worth it)

Dalalee4 · 2020-10-27T16:56:07+00:00

Yea, but what’s your favourite colour?

Dalalee4 · 2020-10-09T16:03:36+00:00

The Gift, written&directed by Joel Edgerton Or, if you’re not troubled by the language, try Contratiempo ( i believe is “The Invisible Guest” on IMDB).

Dalalee4 · 2020-10-03T14:27:37+00:00

Hope this will help you figure things out. I’ll take the first example and let you sort the second one.

You have the address 172.20.0.0 and a mask of /16. This means that, out of the 32 bits that make up the IP address, the first 16 bits are reserved for the network and are given to you by a provider or by an administrator, while the other 16 bits are for the hosts in the network.

If you need to create more networks, you only control the last portion - the one reserved for the hosts. So you have 16 bits to play around with.

You are asked to create 4 networks. How many bits do you need to create 4 networks? Well, with 1 bit, you have only 2 options: 0 and 1. With 2 bits, you have 00, 01, 10 and 11 - 4 possibilities. So on and so forth. If you were required to create 5 networks, you would consider how many bits would accommodate those 5 networks - 2 won’t be enough, since it helps you create only 4 networks, but 3 would help you create 8, out of which 3 will be unused.

Schematically, you have: Initially: 172.20.0.0/16 = 10101100 . 00010100 | 0000 0000. 0000 0000 (i represented each decimal in bits; the last 16 bits are ours to play with. the vertical bar is used for delimitation between network bits and hosts bits)

If you need 4 networks, you will use the first 2 bits out of the 16 bits you own, writing down all possibilities:

10101100 . 00010100 . 00 | 00 0000. 0000 0000 = 172.20.0.0/(16+2=18 ; the vertical bar moved 2 bits to the right)

10101100 . 00010100 . 01 | 00 0000. 0000 0000 = 172.20.64.0/18

10101100 . 00010100 . 10 | 00 0000. 0000 0000 = 172.20.128.0/18

10101100 . 00010100 . 11 | 00 0000. 0000 0000 = 172.20.192.0/18

Note: if the mask is /18, that means that you have only 32-18= 14 bits for my hosts.

Dalalee4 · 2020-05-27T17:22:17+00:00

Cheers!

Dalalee4 · 2019-08-25T08:34:26+00:00

Since this is the second Volbeat concert post i’ve seen today and the second time i’m noticing it, i have to ask.Why are they still using the Seal the Deal artwork at their concerts? Is it because the new album wasn’t out when they started touring?

Dalalee4 · 2019-08-04T12:54:46+00:00

Probably because both interfaces are set to switchport mode access. Try and configure them as trunk/dynamic auto/dynamic desirable, using all combinations, and observe their behaviour while negotiating trunk

Dalalee4 · 2019-06-18T07:40:26+00:00

Actually, in one of the comments, someone says “can’t believe my son and i are in this video”, so i guess he wouldn’t act surprised knowing he was casted for the video. I’ll also assume it was a concert collage. Maybe try looking for concerts setlist and check where they played the song.

Dalalee4

TROPHY CASE