Clik here to view.
Juniper ScreenOS with a 6in4 Tunnel
Yes, I know I know, the Juniper ScreenOS devices are Out-of-Everything (OoE), but I am still using them for a couple of labs. They simply work as a router and VPN gateway as well as a port-based...
View ArticleClik here to view.
6in4 Traffic Capture
Since my last blogposts covered many 6in4 IPv6 tunnel setups (1, 2, 3) I took a packet capture of some tunneled IPv6 sessions to get an idea how these packets look like on the wire. Feel free to...
View ArticleClik here to view.
Palo Alto Networks Feature Requests
This is a list of missing features for the next-generation firewall from Palo Alto Networks from my point of view (though I have not that many compared to other vendors such as Fortinet). Let’s see...
View ArticleClik here to view.
DNS Capture: UDP, TCP, IP-Fragmentation, EDNS, ECS, Cookie
It’s not always this simple DNS thing such as “single query – single answer, both via UDP”. Sometimes you have some more options or bigger messages that look and behave differently on the network. For...
View ArticleClik here to view.
Basic NTP Client Test: ntpdate & sntp
During my work with a couple of NTP servers, I had many situations in which I just wanted to know whether an NTP server is up and running or not. For this purpose, I used two small Linux tools that...
View ArticleClik here to view.
Basic NTP Server Monitoring
Now that you have your own NTP servers up and running (such as some Raspberry Pis with external DCF77 or GPS times sources) you should monitor them appropriately, that is: at least their offset,...
View ArticleClik here to view.
Counting NTP Clients
Wherever you’re running an NTP server: It is really interesting to see how many clients are using it. Either at home, in your company or worldwide at the NTP Pool Project. The problem is that ntp...
View ArticleClik here to view.
Monitoring a DCF77 NTP Server
Now that you’re monitoring the Linux operating system as well as the NTP server basics, it’s interesting to have a look at some more details about the DCF77 receiver. Honestly, there is only one more...
View ArticleClik here to view.
Monitoring a GPS NTP Server
Beyond monitoring Linux OS and basic NTP statistics of your stratum 1 GPS NTP server, you can get some more values from the GPS receiver itself, namely the number of satellites (active & in view)...
View ArticleClik here to view.
Monitoring a Meinberg LANTIME NTP Server
Monitoring a Meinberg LANTIME appliance is much easier than monitoring DIY NTP servers. Why? Because you can use the provided enterprise MIB and load it into your SNMP-based monitoring system. Great....
View ArticleClik here to view.
Using RIPE Atlas for NTP Measurements
If you are operating a public available NTP server, for example when you’re going to join the NTP Pool Project, you probably want to test whether your server is working correctly. Either with a one-off...
View ArticleClik here to view.
Adding your NTP Server to the NTP Pool Project
You have a running NTP server with a static IP address? What about joining the NTP Pool project by adding your server to the pool? You will give something back to the Internet community and feel good...
View ArticleClik here to view.
Stats from Participating the NTP Pool Project
I am participating in the NTP Pool Project with at least one NTP server at a time. Of course, I am monitoring the count of NTP clients that are accessing my servers with some RRDtool graphs. ;) I was...
View ArticleClik here to view.
Incorrect Working IPv6 NTP Clients/Networks
During my analysis of NTP and its traffic to my NTP servers listed in the NTP Pool Project I discovered many ICMP error messages coming back to my servers such as port unreachables, address...
View ArticleClik here to view.
Basic TCP and UDP Demos w/ netcat and telnet
I am currently working on a network & security training, module “OSI Layer 4 – Transport”. Therefore I made a very basic demo of a TCP and UDP connection in order to see the common “SYN, SYN-ACK,...
View ArticleClik here to view.
I Love IPv6 Addressing!
Probably the biggest prejudice when it comes to IPv6 is: “I don’t like those long addresses – they are hard to remember.” While this seems to be obvious due to the length and hexadecimal presentation...
View ArticleClik here to view.
PoE-powered NTP Display
As you might have noticed, I am playing a lot with NTP these days. Having a networking background I also like Power over Ethernet. So what’s more obvious than using a PoE-powered NTP display for test...
View ArticleClik here to view.
Dive into delv: DNSSEC Validation
If you’re into DNSSEC, you’ll probably have to troubleshoot or at least to verify it. While there are some good online tools such as DNSViz, there is also a command-line tool to test DNSSEC signatures...
View ArticleClik here to view.
DNS Capture – The Records Edition
Some time ago I published a post called DNS Test Names & Resource Records which lists many different FQDNs with lots of different RRs. You can use those public available DNS names to test your DNS...
View ArticleClik here to view.
VoIP Captures
VoIP calls, using the network protocols SIP/SDP and RTP, are the de-facto standard when it comes to voice calls. Wireshark offers some special features to analyze those calls and RTP streams – even...
View Article