Clik here to view.
FortiGate bug: firewalls sending excessive requests to the NTP Pool
The NTP Pool is a volunteer organization that provides time synchronization service to hundreds of millions of computers worldwide. A typical client might query a particular NTP Pool server ~10-60...
View ArticleClik here to view.
Route-Based VPN Tunnel Palo Alto Cisco ASA
More than 6 years ago (!) I published a tutorial on how to set up an IPsec VPN tunnel between a Palo Alto Networks firewall and a Cisco ASA. As time flies by, ASA is now able to terminate route-based...
View ArticleClik here to view.
Route-Based VPN Tunnel FortiGate Cisco ASA
More than 6 years ago (!) I published a tutorial on how to set up an IPsec VPN tunnel between a FortiGate firewall and a Cisco ASA. As time flies by, ASA is now able to terminate route-based VPN...
View ArticleClik here to view.
Adding some packets: RARP, SNAP, MPLS & More
The other day I was searching for a trace file with a decent protocol mix that could be used to introduce a few colleagues to Wireshark. This brought me to Johannes Weber and his Ultimate PCAP. To get...
View ArticleClik here to view.
Capturing – because I can: IS-IS, GLBP, VRRP
I am constantly trying to add more protocols to the Ultimate PCAP. Hence I used some time in my (old) Cisco lab to configure and capture the following protocols: IS-IS, GLBP, and VRRP. And since Alexis...
View ArticleClik here to view.
Nping aka Layer 4 Ping
I was missing a generic layer 4 ping in my toolbox. Initially searching for a mere TCP ping, I have found Nping which completely satisfies my needs and gives so much more. ;) While I used some special...
View ArticleClik here to view.
Services listening on IPv6 and IPv4 (or maybe not?)
The other day I wanted to verify whether a service running on my Linux server was listening on IPv6 as well as IPv4. It turned out that it wasn’t that easy to answer – if at all. Which ports are in the...
View ArticleClik here to view.
Firewall Basics: Sent vs. Received Values
I got an interesting question through the comments section on my blog: What does “Bytes sent/ Bytes received” mean in ACC screen of Palo Alto firewall? I mean, if 500MB of packets are sent from a...
View ArticleClik here to view.
Decrypting TLS Traffic with PolarProxy
This is a guest blog post by Erik Hjelmvik, an expert in network forensics and network security monitoring at NETRESEC. PolarProxy is a transparent TLS proxy that outputs decrypted TLS traffic as PCAP...
View ArticleClik here to view.
Again some more protocols & variants
Again and again, I am adding some protocol samples to the Ultimate PCAP. Just for reference. And because I can. ;D HomePlug AV By coincidence, I encountered this “HomePlug AV” protocol on my home...
View ArticleClik here to view.
Das Webernetz dahoam
Endlich war es soweit: Das eigene Haus stand vor der Tür und Johannes hat sich um die Netzwerkverkabelung und das Netzwerkdesign gekümmert. Hier eine Zusammenfassung meiner Gedanken und deren Umsetzung...
View ArticleClik here to view.
Pi-hole Installation Guide
You probably know already the concept of the Pi-hole. If not: It’s a (forwarding) DNS server that you can install on your private network at home. All your clients, incl. every single smartphone,...
View ArticleClik here to view.
Publishing IPv6 NTP Servers with DHCPv6
During the last weeks, I had an interesting request to publish NTP servers to client systems by using DHCPv6 in an IPv6 only network. Our Fortigate (or me?) had to learn how to publish the information....
View ArticleClik here to view.
DHCPv6 Relay Issue with Cisco ASA and Ubuntu
Some months ago, my co-worker and I ran into an interesting issue: a notebook with a newly installed Ubuntu 20.04 does only work with IPv4, but this office network is dual-stacked (IPv4 and IPv6)....
View ArticleClik here to view.
#heiseshow: IPv6 setzt sich langsam durch – die wichtigsten Fragen
Ich durfte zu Gast bei der #heiseshow zum Thema IPv6 sein. In Anlehnung an die Artikelserie über IPv6 in der c’t 7/2022, in der auch mein Artikel über die Vorteile von IPv6-Adressen erschienen ist,...
View ArticleClik here to view.
Partial NTP Pool: The leap second that wasn’t
An analysis of some falsified leap second warnings that appeared in November 2021 on public NTP servers out of the NTP Pool Project. Introduction When using time scales such as UTC that do not use...
View ArticleClik here to view.
Server-Verfügbarkeit: Monitoring-Werkzeuge
Angreifer verwenden gern Ping und Traceroute, um Server im Internet ausfindig zu machen. Das bringt viele Security-Admins in Versuchung, den Ping- und Traceroute-Verkehr mittels ihrer Firewall in ihrem...
View ArticleClik here to view.
Netzwerkmitschnitte mit tshark analysieren
Haben Sie mal Netzwerkmitschnitte untersucht, ohne zu wissen, was genau Sie suchen? Mit Wireshark wird das leicht zu einer Odyssee: Das Analysewerkzeug filtert zwar fabelhaft, reagiert bei großen...
View ArticleClik here to view.
Netzwerkprotokolle: Nachschlagewerk für Wireshark
Wenn es im Netzwerk knirscht, versuchen Admins den Fehler in Analyse-Tools wie Wireshark anhand von Paketmitschnitten einzukreisen. Jedoch hat der Herr viel mehr Netzwerkprotokolle gegeben, als sich...
View ArticleClik here to view.
Zehn Vorteile von IPv6!
Das moderne Internetprotokoll IPv6 gilt als so komplex und umständlich, dass manche Administratoren beharrlich beim vertrauten, aber veralteten IPv4 bleiben. Zehn Praxisbeispiele belegen, warum viele...
View Article