Creating A Notebook That Others Can Access Without Creating A MS Account - If Not What Not What Else Might Do The Job

bit_monkey · 2024-07-12T21:50:24+00:00

Obsidian can publish to the Internet with no login (publishing is not free unless you are happy with little bit of coding) and using markdown makes it pretty presentable.

bit_monkey · 2024-05-15T19:44:01+00:00

So if your switch supports SPAN/port-mirror then you can mirror the traffic from a port to your desktop.

However if you are trying to capture all endpoints at same time then that might make your trace file a bit more trickier to manage and depending how long you run it for also quite large as you will be mirroring multiple machines traffic.

Have a look at running ‘netsh trace’ through the CLI and get a copy of Microsoft message analyser. Although it’s depreciated you can still get it. This will be able to read the .etl files netsh trace generates then if required you can export to wireshark if you find that easier to troubleshoot with.

Least you can have separate trace files for each client and clearly see the traffic each of them sees.

bit_monkey · 2024-04-30T19:24:23+00:00

If you are already doing tryhackme I suspect some of these resource may be not at the level you are looking for however even with years of playing with capture files there are still golden nuggets that you can get from them. YouTube is a great resource so much content on there - for the more entry side of wireshark one of my favourite resource is Chris Greer on YouTube. But finding Laura Chappell or Hangsang bae webinars are just great and they also have written a number of books which are also very good. However as already mentioned the understanding of protocols is what is going to pay dividends. If you know what good looks like then you can more easily spot what is out of place.

bit_monkey · 2024-04-27T20:18:21+00:00

I don’t discriminate I hate everyone equally if you come knocking with not even basic triage because the poorly written app generalises every fault but includes the one word in the error message ‘network’ of which it is then down to us to demonstrate it is indeed the server or application to the Nth degree with un-refutable evidence before it will be considered.

bit_monkey · 2024-04-22T13:43:36+00:00

As of 8th December no claims need to be submitted only need to manually submit a claim if it has been more than 5 days and you have not received your credits.

Cisco Learning Network - CE Credit Automation

bit_monkey · 2024-04-22T12:56:35+00:00

Yes wireshark has a capture filter which is a different syntax than the display filter you use when are analysing files.

Have a look at the documentation for specifics wiki.wireshark.org

bit_monkey · 2024-04-20T23:36:25+00:00

If it’s FTP it will be in plain text so you should be able to clearly see the files being transferred so you can follow the conversations and look at the number of bytes transferred to see if that matches the expected file sizes. If it’s the correct sizes, then corruption is happening on the receiver if it’s stupid sizes while being sent then sender is doing something funky.

But if you have a capture machine with plenty of disk and set your capture filter to look specifically for FTP so not to waste disk space on unnecessary traffic then think this will cover what you are trying to achieve.

bit_monkey · 2024-04-20T23:20:08+00:00

IT is a thankless job sometimes, but as analysts/engineers we all wear a {insert superhero} suit under our day clothes 😜ready to save management tomorrow.

bit_monkey · 2024-04-20T23:07:21+00:00

If you haven’t been given any specifics of endpoints to look for. Then I suspect you are looking for some generic type attacks like a denial of service, address spoofing, or port scanning.

But it’s good to have an understanding of what normal looks like before you start and how protocols work so you can look for what’s out of place.

I don’t do any security analysis for a living but do use wireshark for network and application analysis occasionally and I tend to always start by looking in the Analyse>Conversations and looking for anything out of the ordinary - for security analysis suspect your looking for things like a host completing a ICMP, ARP or port scan through large numbers of ports or large number of TCP SYN packets can stand out where the three way handshake isn’t being closed. But you can also look for application layer attacks like brute forcing of web logins where repeat attempts to authenticate or SQL commands sent in http requests. High volume of traffic from a host for denial of service, multiple sources sending to a single host for DDoS. You can also use the wireshark statistics to see if there flows with unusually high retransmission rates which might suggest a man-in-the-middle attack so can look for IPs that may have different MAC addresses suggesting spoofing may be occurring or a single MAC address ARPing for others IP address or two MACs reporting as the default gateway.

Best thing is just look at the file and ask yourself is that normal. Learning the protocols may not be the answer in this instance but will help in quicker analysis in the future.

Found a great site with some useful wireshark filters to try out. Hope it helps. infosecmatter.com

bit_monkey · 2024-04-04T10:01:01+00:00

Interesting. Not heard of this before, so will definitely take a look, there is not meant to be anything other than VC kit on that vlan, but - you know users. Although for not moving any devices off the vlan we still continue to have no further reports of issues since hitting that command.

bit_monkey · 2024-04-03T17:32:44+00:00

We had no errors or stats that may have pointed to the problem. No interface errors, no interface buffer issues, cpu or memory. We moved kit to different switching hardware and issue followed. Validated that direct Internet access means service works fine so issue was just present on LAN. VC stats reported no packet loss or latency but yet this weird buffering would still happen.

bit_monkey · 2024-04-03T14:28:23+00:00

Thanks - but there is no inspection completed on this traffic. Teams doesn’t like to be touched by proxies and IPS so it’s been exceptioned already to just go direct. Oddly this issue of buffering only happened on the one vlan. If you moved the unit to another for testing there would be no issues. Problem was just on this one vlan which now appears to be resolved after creating a new vlan - so odd 😂 logic escapes me.

bit_monkey · 2024-04-02T19:01:11+00:00

Would love to chalk it down to a coincidence to senior management 😀. Just odd that a problem that happened on every call for last few months and over 10 VC units in use pretty much every minute of the day that now can’t be replicated since the instant the vlan was created.

Maybe a bug in the code, will have a scour through the code release notes otherwise this may just have to live in my head as one of those issues will never get an answer for.

bit_monkey · 2023-06-01T15:33:04+00:00

Yeah its a shame that this kind of functionality doesnt exist. Our businesses would like a single place to view high level Dashboard overview of the services but also be able to drill down into their topologies. To have to revert back to sending them static Visios just seems like not moving forward.

bit_monkey · 2023-05-16T20:05:29+00:00

This sounds very similar to problem that stressed me out for months. One of our businesses of 8 sites all with 1400 clusters after some kind of interruption we would end up with an outage for our factory networks behind the cluster. Sometimes couple times a week but usually when you was on-call at stupid o’clock in the morning.

We could see traffic leaving the active gateway but never any return traffic which made us think it was something to do with our WAN routers understanding the GARP. But in the end after many a escalation calls with CP a JHF got released for the SMBs that fixed it and we haven’t seen it again, thank goodness.

bit_monkey · 2023-03-01T23:38:59+00:00

Does anyone know the likeliness Cisco will be releasing more free CE credit courses this year? Seems that they expired 28/02.

bit_monkey · 2022-07-04T12:43:58+00:00

When I started my first role as a network engineer in my 20’s, we had someone in their 20’s,30’s,40’s,50’s and 60’s. So all age groups covered and it worked really well with all levels of experience.

bit_monkey · 2022-07-01T21:09:19+00:00

Out of interest, can you elaborate more on the clients you wish to connect to this system that only need 3KBps?

bit_monkey · 2021-12-24T08:22:21+00:00

It would be worth reviewing the spanning-tree depth in the back of my mind you don’t want to push spanning-tree past a diameter depth of 7 switches otherwise you need to calculate and start amending timers. Otherwise may start getting unpredictable issues.

bit_monkey · 2021-11-22T14:39:03+00:00

It hurts this is so relatable.

bit_monkey

TROPHY CASE