362 posts categorized "Tony Fortunato" Feed

Upgrading Firmware And Why its Critical (by Tony Fortunato)

 The topic of keeping firmware and/or software that keeps your network equipment running current is not as straight forward as you might think.

Let me start from a different perspective. When researching equipment and vendors, I like to see if they have a support community and how often they update their firmware/software as well at the products’ technical specifications. I have found some real gems with this kind of background work. A few years ago I discovered a vendor that provided free management software that also performed firmware uprades for free. And it works great!!

Another key point is if the vendor charges for firmware/software and what the requirements are to register on the support forum. Along with this point, I try to determine the firmware upgrade process and if customers have had issues performing this procedure in the past. I personally find that if support forums are easy to join, members tend to share and collaborate tips, tricks and experiences more.

Back to the original topic, when I receive new equipment, one of the first things I do is check what the current version of software is loaded on the device versus what the current version is. One might argue that having the latest version might address specific exploits or vulnerabilities but newer versions of software might bring new problems or bugs. I always like to keep the current and previous version of software to be safe.

Recently I was asked to acquire, test and configure a router made by Ubiquiti Networks. I have used their wireless equipment for years, so I’m familiar with their equipment and generally had good experiences. The only criticism I would provide is that some of their equipment isn’t quite plug and play. They have a manual online but since their routers haven’t been around as long as the big players you have to scour the net to figure things out. They do have a support community but like most support forums don’t expect to get a prompt and accurate response every time.

Continue reading "Upgrading Firmware And Why its Critical (by Tony Fortunato)" »


Introduction to Automating Your Testing (by Tony Fortunato)

The ability test consistently is a critical factor when troubleshooting, baselining or lab testing. This becomes a bigger issue when you are part of a team and need to replicate a test that your colleague performed weeks or months ago.

In inability to perform the same test, with the same steps can lead you to make incorrect conclusions and cause general confusion.

The tried and true way to document your testing methodology would be to write or type out your steps. Heck you might include the odd screenshot or video to ensure the reader follows your steps exactly.

This is where I add a little something extra and suggest automating your tasks with some sort of scripting language so you literally just press a button, sit back and collect the data.  Scripting ensures that every step is performed the same way, with the same delays, etc. every time.

The most basic script in the Microsoft world would be a batch file. I’ve been tinkering with batch files since 1990 and am always impressed how Microsoft has added more functionality, added Powershell and other goodies over the years.  Of course our Linux friends have bash scripts which server the same purpose.

If batch files aren’t your cup of tea there are tons of scripting packages and languages out there. One of my favorites out there is Autoit (https://www.autoitscript.com/site/autoit/) since it s afree Basic like scripting language. Autoit now has a portable version and you can compile your scripts to stand-alone executables.

Continue reading "Introduction to Automating Your Testing (by Tony Fortunato)" »


Wireshark Edit Name Resolution (by Tony Fortunato)

When using any protocol analyzer you might want to change the ip addresses to something more meaningful like; client, server or server name. Replacing an address with a name is also a good technique to mask public ip addresses or when using screen captures in your report or emails.

In this video I walk you through how to edit the name and one step that most people miss to get this to work.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Knowing Your Tools (by Tony Fortunato)

Knowing Your Tools

I was troubleshooting and had a continuous ping running against a router. I then connected a network analysis tool and suddenly my ping times went from <1ms to well over 100ms. You got to love it when you have to stop troubleshooting the network issue to troubleshoot your tools ;).

I had the presence of mind to immediately unplug the tool and immediately noticed that the ping times returned to ‘normal’. I connected the tool and the times shot right back up. Hmm.  Now I’m intrigued.

Initial Pings After Pings

First thing was to ensure the tool’s settings were set for defaults or factory settings and they were. 

The next thing I did was capture my station’s traffic to ensure I wasn’t interacting or communicating with the tool that would cause some latency because my computer was ‘busy’. 

I could see the ping (ICMP) response times where initially less than 1 ms.

Continue reading "Knowing Your Tools (by Tony Fortunato)" »


Making SNMP Secure (by Tony Fortunato)

While working with a client on a problem, I suggested we enable SNMP version 2 on some older equipment to get better visibility while we worked on the problem. He immediately said, “No way!! I read that SNMP is insecure and can cause all sorts of issues”.  SNMP version 3 wasn’t supported by all devices and takes a bit longer to setup.  Since this wasn’t meant to be a permanent solution SNMP v2 will do just fine.

I explained that whatever he read is probably true but it depends how you configure it and how your network behaves with it. Enabling SNMP is a temporary recommendation for the duration of our troubleshooting engagement and we can always turn it off when we are done with it.

I started to draw a simple network diagram of his network and identified that his firewalls don’t allow SNMP from the internet so that possible issue is covered.

I then showed him some Cisco configuration commands to prevent SNMP traffic from devices and networks that we can specify.

The Cisco commands look like this;

snmp-server community notpublic RO 99

The above command enables and configures the snmp service with a read only string of notpublic. The 99 refers to an access list where we control what devices have permission to perform SNMP queries.

access-list 99 permit 10.44.10.0 0.0.0.255

With this command we define that access-list 99 only allows devices from subnet 10.44.10.0

You should test by performing an SNMP query with your network management tool to ensure that is has access but you should ensure that unauthorized devices do not have access.

You can get an idea if your access list is working as well with the following Cisco command;

show access-list 99

Standard IP access list 99

    10 permit 10.44.10.0, wildcard bits 0.0.0.255 (684 matches)

The same points apply to Microsoft (plus WMI) or other devices.  Take the time to determine how you can get more data from your devices while troubleshooting or baselining.

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Wireshark IO Graph Issue and Work Around (by Tony Fortunato)

If you don’t use Wireshark on a regular basis, you might not notice when things change. I used the word change to explain those scenarios when things don’t work as they did in previous versions.

I checked the release notes and did not see anything that mentions this issue, or maybe there is a new way to do it and I haven’t figured it out as of yet.

In this case Wireshark’s IO Graph feature isn’t working as it once did.  I used the Legacy version of Wireshark as a work around and suspect if it’s a bug that will be addressed soon.

 

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »