367 posts categorized "Tony Fortunato" Feed

Testing POE with Pockethernet (by Tony Fortunato)

Its important for analysts to have basic tool to test their equipment and cables.

The other day I needed to replace a POE injector on a roof and wanted to make sure that the one I found in my box of goodies actually works.

I’ve been in many situations where the equipment or cables I find in a box is there because it doesn’t work.

So I used me pockethernet (www.pockethernet.com) to test the link, poe and network connectivity and thought I would share.

Having layer 1 test tools is not optional for me since I cant tell you how many issues I resolved that were at layer one.

Continue reading "Testing POE with Pockethernet (by Tony Fortunato)" »


Using Microsoft’s clip (by Tony Fortunato)

In this video I demonstrate an oldie but a goodie, how to redirect output that normally appears on your screen to a file. I take it a step further and show you how to append to the file as well.

These are great tips if you want to put ping, tracert and other commands into a batch file and schedule some testing after hours.

The only disadvantage to this is that you may end up deleting several files if all you do is put those contents into another file.

In this case you can use Microsoft’s clip command to put your output directly into the clipboard, so all you have to do is paste the contents into your document.

Real straight forward tip that will save you some time when you’re troubleshooting at the command prompt.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


ProfiTap's Network Superheroes (by Tony Fortunato)

ProfiTap contacted 12 network analysts and had them put their ProfiShark product through its paces. Then the analysts wrote about their specific experiences, feedback and general thoughts.

I read through the pdf's and was intrigued as to what people wrote about and enjoyed hearing from different perspectives.

I personally think the end result was a great mix of articles that i think you would enjoy.

Here's a very brief summary along with the links:

Mike Pennacchi “Measuring Device Latency with the ProfiShark”

  • Mike shows us how to use the SPAN mode of the ProfiShark while determining and comparing the latency introduced by a Microtik configured to use NAT.
  • Very cool to see Mike sharing the methodology behind his testing.
  • youtube.com/watch?v=gMXBhNP9JJs
  • http://www.nps-llc.com

Stuart “Thor” Kendrick In-line Tapping in the Data Center”

  • Stuart takes us through his trials and tribulations while adding another VLAN to an ISILSON cluster.
  • Impressed with the level of detail and photos Stuart provides walking me through ProfiShark Manager and his specific connects.
  • Liked that Stuart used another tool ‘mass-ping’ for his troubleshooting.
  • http://www.skendric.com

Continue reading "ProfiTap's Network Superheroes (by Tony Fortunato)" »


Managing Wireshark Packet Comments (by Tony Fortunato)

In my opinion, Wireshark's File and Packet comments are the most under utilized features.

When I work onsite and capture packets, I get a lot of questions ranging from tool use and of course, packet interpretation.

Other than providing some customized onsite training (I no longer offer public training sessions) or mentoring, knowledge transfer is always challenging.

Providing file comments helps document why and where you performed the trace and any other noteworthy points. Notes such as a problem description, if SPAN or TAP are used are incredibly helpful when others look at the trace file.

Packet comments are even more important since you can explain protocol, application behavior and problems within the related packets.

It doesn't matter if the notes are to jog your memory 6 months from now or if you are sending the trace to another department/vendor.  Anyone will find the comments helpful reducing a lot of the typical back and forth involved when you share a trace file.

In this video I cover how to add, find and remove packet comments.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


IP Subnet Wireshark Display Filter (by Tony Fortunato)

When asked for advice on how to be a proficient protocol analyst, I give 2 pieces of advice;

  1. Practice looking for patterns. In most cases, you are looking for patterns, or a break in the pattern.  Don’t worry about memorizing the RFC’s or learning about every protocol. It is easier to focus on whatever protocol you are working on at that time.
  2. Learn your display filters in whatever your protocol analyzer you use. The correct display filter will make the patterns jump out at you.

I caution analysts about going capture filter crazy. Unless you know exactly what you are capturing, I typically try to leave the capture filter as ‘open’ as possible. My concern when troubleshooting is that due to the very nature of the unknowns when troubleshooting, you may inadvertently filter out valuable packets.

I great example is you may decide to use a capture filter for a web server ip address when capturing from the client. In this scenario you would miss any packets from the router or other devices along the way if they send the client an ICMP error packet or if the client communicates with other servers.

In this example, I show you that the ip.addr display filter can be used for a subnet.  You are probably familiar with this filter when filtering on a single device. What do you do if you need to filter on more than one host? The typical approach is to combine the ip.addr filter with an or. For example ip.addr==192.168.1.1 or ip.addr== 192.168.1.2 is one way to capture from two hosts.

  

 

Continue reading "IP Subnet Wireshark Display Filter (by Tony Fortunato)" »