Troubleshooting a Cloud Problem with Wireshark (by Paul Offord)

The slowly growing interest in Cloud Computing that started ten or so years ago is turning into a stampede.  Most of our customers at Advance7 have strategic plans to migrate many systems to a cloud platform, and many have already started the journey.

Cloud application topology

In fact, we too have migrated all of our systems into AWS and Azure, containerising many of them in the process. But here's a concern we shared with our customers:

"Will we have enough visibility to troubleshoot performance and stability problems once we have migrated our systems?"

It's a good question.  We don't want to discover that the whole environment is opaque, just when we need to troubleshoot a serious problem.  We satisfied ourselves that we could get the data we needed to maintain our systems.  We found that we could get a lot of information from the Application Load Balancers, and we configured continuous packet captures to record traffic between the tiers of our systems.  Just as well as a couple of months ago we hit a performance problem with the TribeLab Community website.

I managed to record the actions of our Performance & Stability Engineers as they used AWS CloudWatch and Wireshark to investigate the problem.  I pulled together screenshots, video clips and other information to produce a short video case study …

Continue reading "Troubleshooting a Cloud Problem with Wireshark (by Paul Offord)" »

Is your Network Security Slowing you Down? (by Jason Nutt)

Is Network Security Slowing you Down?

Measuring the Latency impact Created by Next Gen Security Solutions

As an IT professional, you are well aware of the challenges posed by network latency. Applications like audio and video delivery, bandwidth sensitive mobile applications, cloud computing and storage services are extremely sensitive to network latency.

What you may not realize, however, is the amount of latency created by your Next Generation Intrusion Prevention Systems (NG-IPS) and Next Generation Firewalls (NG-FW). While they are critical to protecting your network, these security tools and others that perform deep packet inspection can increase latency, significantly impacting your overall application performance.

Recently we worked with a large health care services provider trying to figure out why it was taking so long to send MRI data between locations. This was causing significant frustration for patients, doctors and medical staff. Having been aware of Aukua’s nanosecond precision capture and analysis tools, they asked for our help. The company suspected one of more of their NG-IPS devices was causing the delays, but they did not have a way to confirm this. Since these security tools do not treat all packets the same, they were unable to detect or measure the application latency issue with artificial traffic such as ICMP. And since some applications were being adversely delayed and others were not, they could not rely on the NG-IPS vendor’s generic latency specs for various packet sizes. In addition, compliance rules prohibited them from introducing new traffic into their live network.


Continue reading "Is your Network Security Slowing you Down? (by Jason Nutt)" »

How to easily detect SMBv1 scanning by using your traffic! ( by John Bronson)

How to easily detect SMBv1 scanning by using traffic visibility?

SMB Exploitation is an easy way to take control of a Network! - Read how to easily see this attack method!

NetFort has always believed in the visibility that can be extracted from wire data, basic network traffic analysis or deep packet inspection. Every device, user, and application on the network leaves a trail, always. No need to turn it ON, this vendor agnostic trail can easily be captured on any network and used for many security and operational use cases. Look at Wireshark and how strong the community is, it continues to grow from strength to strength. Of course, one of the main reasons is that all the people involved are passionate about network data traffic and really care about what they do. 

The traffic analysis engine should do as much of the heavy lifting as possible, to initially present it at a high level so one can see anomalies, make the network traffic data easier to store, query, search, read, analyse, correlate, and act on. This is what we help our customers do with traffic at NetFort. 

One of our core building blocks is the ability to generate metadata for easy visibility!

Building blocks to Metadata

We have a number of application ‘decoders’, stateful followers that generate application specific metadata.  The complexity of the decoder depends on the application, some for example including SMB and NFS are not trivial.

Fingerprinting, reassembly, metadata extraction and storage, all in real time is not easy. We have worked hard on these to get them reliable and to perform at scale. But, as a result, we now have a robust scalable unique engine ideal for many use cases proven on many diverse customer networks. The decoders have also helped us grow because they help organisations of all sizes (including central and local government, utilities, legal, education and the military) address various vulnerabilities including those found in implementations of Server Message Block 1.0. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

Read more on "How to detect SMB exploitation!" - 

Continue reading "How to easily detect SMBv1 scanning by using your traffic! ( by John Bronson)" »

Using Microsoft’s clip (by Tony Fortunato)

In this video I demonstrate an oldie but a goodie, how to redirect output that normally appears on your screen to a file. I take it a step further and show you how to append to the file as well.

These are great tips if you want to put ping, tracert and other commands into a batch file and schedule some testing after hours.

The only disadvantage to this is that you may end up deleting several files if all you do is put those contents into another file.

In this case you can use Microsoft’s clip command to put your output directly into the clipboard, so all you have to do is paste the contents into your document.

Real straight forward tip that will save you some time when you’re troubleshooting at the command prompt.



Continue reading other LoveMyTool posts by Tony Fortunato »

No visibility in the GDPR era, be ready for BIG fines! (by Derek Burke)

No visibility in the GDPR era, be ready for BIG fines!

Legal problem!!! -

As of May 25, 2018 the EU General Data Protection Regulation (GDPR) went into effect.  GDPR requires compliance for any company interacting with persons in the EU and enforces strict standards on data handling and extremely fast responses to breaches of Personally Identifiable Information (PII).  Failing to fulfill these requirements can have dire consequences with fines ranging from a minimum €20.000.000,00 to 4% of a company’s gross annual earnings.  The demands that the GDPR places upon an organization are not only daunting but can seem insurmountable. 

Get Visibility #1

First steps - The first step -  a data flow and dependencies map to identify:

  • Data items (e.g. names, email addresses, records);
  • Formats (e.g. online data entry, database);
  • Transfer and sharing methods of data;
  • Locations where data is stored and needs protection inside and outside;
  • Who is connected to who and who has what information – via the network!

Technical problems – bullets best on how to gain visibility to solve above main issues!

i.e. – access – Full visibility, filtering on databases to see who has access, servers where data is stored, who has access, apps that share data, ..etc

NO BLIND SPOTS! On-site or Remote  Remote visibilityKey performance indicators from mobile probe panel


Continue reading "No visibility in the GDPR era, be ready for BIG fines! (by Derek Burke)" »