426 posts categorized "Test & Measurement" Feed

Introduction to Automating Your Testing (by Tony Fortunato)

The ability test consistently is a critical factor when troubleshooting, baselining or lab testing. This becomes a bigger issue when you are part of a team and need to replicate a test that your colleague performed weeks or months ago.

In inability to perform the same test, with the same steps can lead you to make incorrect conclusions and cause general confusion.

The tried and true way to document your testing methodology would be to write or type out your steps. Heck you might include the odd screenshot or video to ensure the reader follows your steps exactly.

This is where I add a little something extra and suggest automating your tasks with some sort of scripting language so you literally just press a button, sit back and collect the data.  Scripting ensures that every step is performed the same way, with the same delays, etc. every time.

The most basic script in the Microsoft world would be a batch file. I’ve been tinkering with batch files since 1990 and am always impressed how Microsoft has added more functionality, added Powershell and other goodies over the years.  Of course our Linux friends have bash scripts which server the same purpose.

If batch files aren’t your cup of tea there are tons of scripting packages and languages out there. One of my favorites out there is Autoit (https://www.autoitscript.com/site/autoit/) since it s afree Basic like scripting language. Autoit now has a portable version and you can compile your scripts to stand-alone executables.

Continue reading "Introduction to Automating Your Testing (by Tony Fortunato)" »


Knowing Your Tools (by Tony Fortunato)

Knowing Your Tools

I was troubleshooting and had a continuous ping running against a router. I then connected a network analysis tool and suddenly my ping times went from <1ms to well over 100ms. You got to love it when you have to stop troubleshooting the network issue to troubleshoot your tools ;).

I had the presence of mind to immediately unplug the tool and immediately noticed that the ping times returned to ‘normal’. I connected the tool and the times shot right back up. Hmm.  Now I’m intrigued.

Initial Pings After Pings

First thing was to ensure the tool’s settings were set for defaults or factory settings and they were. 

The next thing I did was capture my station’s traffic to ensure I wasn’t interacting or communicating with the tool that would cause some latency because my computer was ‘busy’. 

I could see the ping (ICMP) response times where initially less than 1 ms.

Continue reading "Knowing Your Tools (by Tony Fortunato)" »


Making SNMP Secure (by Tony Fortunato)

While working with a client on a problem, I suggested we enable SNMP version 2 on some older equipment to get better visibility while we worked on the problem. He immediately said, “No way!! I read that SNMP is insecure and can cause all sorts of issues”.  SNMP version 3 wasn’t supported by all devices and takes a bit longer to setup.  Since this wasn’t meant to be a permanent solution SNMP v2 will do just fine.

I explained that whatever he read is probably true but it depends how you configure it and how your network behaves with it. Enabling SNMP is a temporary recommendation for the duration of our troubleshooting engagement and we can always turn it off when we are done with it.

I started to draw a simple network diagram of his network and identified that his firewalls don’t allow SNMP from the internet so that possible issue is covered.

I then showed him some Cisco configuration commands to prevent SNMP traffic from devices and networks that we can specify.

The Cisco commands look like this;

snmp-server community notpublic RO 99

The above command enables and configures the snmp service with a read only string of notpublic. The 99 refers to an access list where we control what devices have permission to perform SNMP queries.

access-list 99 permit 10.44.10.0 0.0.0.255

With this command we define that access-list 99 only allows devices from subnet 10.44.10.0

You should test by performing an SNMP query with your network management tool to ensure that is has access but you should ensure that unauthorized devices do not have access.

You can get an idea if your access list is working as well with the following Cisco command;

show access-list 99

Standard IP access list 99

    10 permit 10.44.10.0, wildcard bits 0.0.0.255 (684 matches)

The same points apply to Microsoft (plus WMI) or other devices.  Take the time to determine how you can get more data from your devices while troubleshooting or baselining.

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Metadata - We all need it now! (by Darragh Delaney)

Metadata – we all need it now!

Not so long ago, flow analysis was one of the tools of choice when it came to troubleshooting security or operational problems on networks. Many vendors developed tools which could take these flow records and store them in a data base, so that you could get real-time and historical reports.

However, metadata analysis is now seen as the must have pieces of technology for keeping modern networks running both securely and efficiently. Metadata analysis systems typically use network traffic or packets as a data source. You can typically source these via SPAN, mirror ports or TAPs. The clever part of metadata analysis involves data reduction. This is where you take raw network traffic and capture interesting pieces of data like IP addresses, website names or filenames. In some instances, you end up with a 4000:1 compression ratio. For example, if I transfer a 4MB file across the network, I may capture 1KB of metadata.

See your network

The screen shot below from our own (NetFort) LANGuardian system is a good example of this data reduction.

 

Continue reading "Metadata - We all need it now! (by Darragh Delaney)" »


Tip When Using Wireshark's RTT Graph (by Tony Fortunato)

I want to start by saying that I’ve been using and training Wireshark classes from pretty well day one and appreciate all the hard work that goes into an always evolving product.

Capture

In my last article I wrote about Wireshark’s Fileset issue and how to work around it. I was surprised when I received several emails asking me if there were other examples of ‘workarounds’. I also want to explain that I do these write ups so users don’t think they are doing anything wrong and give up learning.

As I’ve mentioned in previous articles, this goes back to my point about learning your tools.  That includes the cool and not so cool stuff. 

A great analogy is that I have an old drill that I love and use for everything. Unfortunately the reverse button broke and I have to use a screwdriver to flip the switch, but I don’t care because I know exactly how to use it.

Continue reading "Tip When Using Wireshark's RTT Graph (by Tony Fortunato)" »


Tip When Capturing Remote Traffic (by Tony Fortunato)

The trick to successful protocol analysis is the ability to spot patterns. Unfortunately patterns are usually intertwined between many other packets and untangling them is challenging at best.

This is where filters come into play. Capture or Display filters help you find those patterns.

The skill of protocol analysis is determining what filter to use. I use the word ‘skill’ intentionally since we all have access to the same filters but its how you use those filters what make Wireshark and the analyst effective.

In this video I explain what capture filter to use when you want to capture packets from remote devices. By filtering on your routers mac address, you will see all remote packets.

When using technique, the analyst should be familiar enough with their network architecture and understand how load balancing configurations may change the routers mac address, etc..

 



Continue reading other LoveMyTool posts by Tony Fortunato »