Clik here to view.
Linux’s Traceroute
The other day I just wanted to capture some basic Linux traceroutes but ended up troubleshooting different traceroute commands and Wireshark display anomalies. Sigh. Anyway, I just added a few Linux...
View ArticleClik here to view.
Small Servers PCAP
For some reason, I came across a blog post by Gian Paolo called Small servers. This reminded me of some fairly old network protocols (that no one uses as far as I know) that are not in my Ultimate PCAP...
View ArticleClik here to view.
Accessing IPv6-only Resources via Legacy IP: NAT46 on a FortiGate
In general, Network Address Translation (NAT) solves some problems but should be avoided wherever possible. It has nothing to do with security and is only a short-term solution on the way to IPv6....
View ArticleClik here to view.
Who sends TCP RSTs?
At SharkFest’22 EU, the Annual Wireshark User and Developer Conference, I attended a beginners’ course called “Network Troubleshooting from Scratch”, taught by the great Jasper Bongertz. In the end, we...
View ArticleClik here to view.
RADIUS & TACACS+ PCAP
Again two more commonly used network protocols for the Ultimate PCAP: the Remote Authentication Dial-In User Service (RADIUS) and the Terminal Access Controller Access-Control System Plus (TACACS+)...
View ArticleClik here to view.
Scanning SSH Servers
For administrative purposes, SSH is used quite often. Almost everyone in IT knows it. Keywords: OpenSSH, simply using “ssh <hostname>” on your machine, PuTTY for Windows, username + password or...
View ArticleClik here to view.
Palo Alto: Instant Commit
Finally! With PAN-OS 11.0 Palo Alto Networks introduced an “instant commit”. That is: You no longer have to commit (and wait and wait and wait) until your changes are live, but everything you do is...
View ArticleClik here to view.
Stateful DHCPv6 Capture (along with Relaying)
For my IPv6 training classes, I was missing a capture of a stateful DHCPv6 address assignment. That is: M-flag within the RA, followed by DHCPv6 messages handing out an IPv6 address among others....
View ArticleClik here to view.
Meinberg Syslog via TLS
More and more security-related devices are capable of sending syslog messages via an encrypted TLS channel. So does the well-known Meinberg LANTIME NTP server with its “LTOS” operating system. (And all...
View ArticleClik here to view.
Palo Alto NGFW: Handling of IPv6 on the Interface
For the last few years, I have been confused about Palo Alto NGFWs’ various options for configuring an IPv6 address on a layer 3 interface. Let’s have a look at some details: I’m using a PA-220 with...
View ArticleClik here to view.
Verbindungsaufbau Deutsche Glasfaser
Als netzwerktechnisches Spielkind beschäftige ich mich nicht nur mit den Netzwerken großer Firmenumgebungen, sondern auch mit meinem eigenen Anschluss daheim. Vor vielen Jahren habe ich dem echten...
View ArticleClik here to view.
Minor Palo Bug: ICMPv6 Errors sourced from Unspecified Address
During my IPv6 classes, I discovered a (minor) bug at the NGFW from Palo Alto Networks: ICMPv6 error messages, such as “time exceeded” (type 3) as a reply of traceroute, or “destination unreachable”...
View ArticleClik here to view.
Basic NTP Client Test on Windows: w32tm
When implementing NTP servers, it’s always an interesting part to check whether the server is “up and running” and reachable from the clients. While I’ve done many basic NTP checks out of Linux, I...
View ArticleClik here to view.
Contributing to Wireshark (without any coding skills!)
For many years I was afraid to open new issues for open-source tools since I am not a coder at all and won’t ever be able to fix some of the problems. Many times I got answers like “The source is open,...
View ArticleClik here to view.
More Capture Details III
Another update of the Ultimate PCAP is available. Again, there are some special new packets in there which I want to point out here. Feel free to download the newest version to examine those new...
View ArticleClik here to view.
Netzwerk-Monitoring: Ping und Traceroute richtig interpretieren
Klemmt es im Netzwerk, so helfen Ping und Traceroute, Fehler und Engpässe einzukreisen. Wir erklären die Funktionsweise und helfen Angriffe aufzudecken. Diesen Artikel habe ich initial für die c’t...
View ArticleClik here to view.
DHCPv6 Prefix Delegation
What is DHCPv6 Prefix Delegation? Coming from IPv4, you’re already familiar with DHCP (for IPv4) which hands out IPv4 addresses to clients. The same applies to (stateful) DHCPv6: it hands out IPv6...
View ArticleClik here to view.
DHCPv6 Prefix Delegation on Palo Alto’s NGFW
Finally! With PAN-OS 11.0 a long missing IPv6 feature was introduced: DHCPv6-PD aka prefix delegation. For the first time, we can now operate a PAN-OS firewall directly on the Internet (the...
View ArticleClik here to view.
How to install Palo Alto’s PAN-OS on a FortiGate
It happens occasionally that a customer has to choose between a Palo and a Forti. While I would always favour the Palo for good reasons, I can understand that the Forti is chosen for cost savings, for...
View ArticleClik here to view.
Palo’s Mgmt-Intf is not usable with IPv6 anymore
Wow, that was unexpected: With PAN-OS 11.1 the out-of-band management interface of Palo Alto Networks firewalls doesn’t accept an IPv6 default route pointing to one of its own data interfaces anymore....
View Article