Clik here to view.
syslog-ng with TLS: Installation Guide
Some years ago I wrote a blog post called “Basic syslog-ng Installation“. While I used it myself quite often in my labs or at the customers’ sites, it shows only basic UDP transport which is both...
View ArticleClik here to view.
Palo Alto Syslog via TLS
As we have just set up a TLS capable syslog server, let’s configure a Palo Alto Networks firewall to send syslog messages via an encrypted channel. While it was quite straightforward to configure I ran...
View ArticleClik here to view.
FortiGate Syslog via TLS
As we have just set up a TLS capable syslog server, let’s configure a Fortinet FortiGate firewall to send syslog messages via an encrypted channel (TLS). Let’s go: I am using a Fortinet FortiGate...
View ArticleClik here to view.
Why counting IPv6 Addresses is nonsense
From time to time I stumble upon Tweets about counting the number of IPv6 addresses (1 2 3). While I think it is ok to do it that way when you’re new to IPv6 and you want to get an idea of it, it does...
View ArticleClik here to view.
IPv6 Crash Course @ SharkFest’22 EUROPE
Fortunately, there was a SharkFest – the “Wireshark Developer and User Conference” – this year in Europe again. I was there and gave an IPv6 Crash Course likewise. Yeah! It’s my favourite topic, you...
View ArticleClik here to view.
Small Servers PCAP
For some reason, I came across a blog post by Gian Paolo called Small servers. This reminded me of some fairly old network protocols (that no one uses as far as I know) that are not in my Ultimate PCAP...
View ArticleClik here to view.
Linux’s Traceroute
The other day I just wanted to capture some basic Linux traceroutes but ended up troubleshooting different traceroute commands and Wireshark display anomalies. Sigh. Anyway, I just added a few Linux...
View ArticleClik here to view.
Accessing IPv6-only Resources via Legacy IP: NAT46 on a FortiGate
In general, Network Address Translation (NAT) solves some problems but should be avoided wherever possible. It has nothing to do with security and is only a short-term solution on the way to IPv6....
View ArticleClik here to view.
Who sends TCP RSTs?
At SharkFest’22 EU, the Annual Wireshark User and Developer Conference, I attended a beginners’ course called “Network Troubleshooting from Scratch”, taught by the great Jasper Bongertz. In the end, we...
View ArticleClik here to view.
RADIUS & TACACS+ PCAP
Again two more commonly used network protocols for the Ultimate PCAP: the Remote Authentication Dial-In User Service (RADIUS) and the Terminal Access Controller Access-Control System Plus (TACACS+)...
View ArticleClik here to view.
Scanning SSH Servers
For administrative purposes, SSH is used quite often. Almost everyone in IT knows it. Keywords: OpenSSH, simply using “ssh <hostname>” on your machine, PuTTY for Windows, username + password or...
View ArticleClik here to view.
Stateful DHCPv6 Capture (along with Relaying)
For my IPv6 training classes, I was missing a capture of a stateful DHCPv6 address assignment. That is: M-flag within the RA, followed by DHCPv6 messages handing out an IPv6 address among others....
View ArticleClik here to view.
Meinberg Syslog via TLS
More and more security-related devices are capable of sending syslog messages via an encrypted TLS channel. So does the well-known Meinberg LANTIME NTP server with its “LTOS” operating system. (And all...
View ArticleClik here to view.
Meinberg LTOS: “syslog-ng” and the Observed Implementation Pitfalls
Meinberg, with the great help of Mr Weber, has implemented “syslog over TLS” in the LTOS version 7.06. The following report describes the general advantages of “syslog over TLS” and the implementation...
View ArticleClik here to view.
Palo Alto NGFW: Handling of IPv6 on the Interface
For the last few years, I have been confused about Palo Alto NGFWs’ various options for configuring an IPv6 address on a layer 3 interface. Let’s have a look at some details: I’m using a PA-220 with...
View ArticleClik here to view.
Verbindungsaufbau Deutsche Glasfaser
Als netzwerktechnisches Spielkind beschäftige ich mich nicht nur mit den Netzwerken großer Firmenumgebungen, sondern auch mit meinem eigenen Anschluss daheim. Vor vielen Jahren habe ich dem echten...
View ArticleClik here to view.
Minor Palo Bug: ICMPv6 Errors sourced from Unspecified Address
During my IPv6 classes, I discovered a (minor) bug at the NGFW from Palo Alto Networks: ICMPv6 error messages, such as “time exceeded” (type 3) as a reply of traceroute, or “destination unreachable”...
View ArticleClik here to view.
Basic NTP Client Test on Windows: w32tm
When implementing NTP servers, it’s always an interesting part to check whether the server is “up and running” and reachable from the clients. While I’ve done many basic NTP checks out of Linux, I...
View ArticleClik here to view.
More Capture Details III
Another update of the Ultimate PCAP is available. Again, there are some special new packets in there which I want to point out here. Feel free to download the newest version to examine those new...
View ArticleClik here to view.
Netzwerk-Monitoring: Ping und Traceroute richtig interpretieren
Klemmt es im Netzwerk, so helfen Ping und Traceroute, Fehler und Engpässe einzukreisen. Wir erklären die Funktionsweise und helfen Angriffe aufzudecken. Diesen Artikel habe ich initial für die c’t...
View Article