Nov 29, 2011

How Your IT Guy Really Feels

I know I said I would be taking a break here, but I found this today and it was too funny to not repost it. I honestly don’t feel like this too much any more, but I certainly did back in my help desk days. Some times you would get on a call with someone, and it would feel like an eternity. Especially if that person was somewhat computer illiterate.

Also, it would be exacerbated by the fact that when most users call you with their issues, it is automatically your fault! sometimes when you head to work, you feel like the guy below:

customerservice

[Via Make Use Of]

Nov 28, 2011

Holiday Review of Set Top Boxes Via Tech Chop

I hope everyone had a great long weekend! I certainly did. It was nice having four days off with the family to not have to think about work for a bit. Even better was that my wife let me film another installment of Tech Chop!

This one was about a month in the making really. I bought two set top boxes, The WD TV Live Plus, and The Boxee Box. Plus my desktop tech Frank let me borrow his Apple TV. I already had the Mvix, which finally crapped out on me and was the inspiration for this whole idea.

Anyway, I plugged them in and tested them all out, and came up with this review!



I have to say it was so therapeutic smashing the living crap out of the piece of junk Mvix. That thing was fine for about a year, then it would overheat and would stop in the middle of playing a movie with a friggin' "IO Error".

I finally settled on the Boxee. It had the snappiest interface, and the coolest apps. I first tried the WD TV Live Plus, but it was rather sluggish. The Apple TV was cool, but I didn't want to have to run a separate media server on my network to be able to watch my files.

Do you have a set top box at home? What do you use? Like it? Let us know in the comments.

del.icio.us tags:                   

Nov 25, 2011

Taking A Short Break From Bauer-Power

Hey guys, first I hope you had a great Thanksgiving yesterday for those of you in America reading the blog. I am sure like me you are stuffed from eating all that delicious Turkey and fixens! I'm also sure you are probably in a drunken stuper right now from dealing with all of your family members and inlaws... errr... I mean, ceebrating with them of course!

Anyway, the purpose of this post is to let you know that I will be taking a week or so off from writing on Bauer-Power. My long time buddy Karl over at Ask The Admin has been way too busy to keep up with his Internet presence. Since I am still officially a guest blogger for Ask The Admin, I told him that I would take the reigns for a little while to keep his content current. I mean, his blog is a PR 6 blog, and he has almost 3,000 RSS subscribers. It would be a shame to let that deteriorate. Plus, it will give me an opportunity to promote Bauer-Power and Tech Chop a little more.

So if you want to keep up with what I'm doing, stop by AskTheAdmin.com over the next few weeks, because all my content will be over there :-)

Now, in celebration of Thanksgiving weekend, let me show you a video from Epic Meal Time showing what they made for Thanksgiving! I give you the Turbaconepicentipe!


Happy Holidays everyone!

@ElDiPablo

del.icio.us tags:    

 

Nov 24, 2011

Block Adblock On Your Blogger/Blogspot Site

I guess that title is a misnomer. I mean, this method doesn't really "block" Adblock software per se, but it certainly does the next best thing! If you don't use Adblock software, then you probably aren't aware of any changes here at Bauer-Power, but if you do use it (I'm looking at you Ryan, and Frank), you probably noticed a nice little message pop up asking you to kindly disable Adblocker when using this site.

For those of you whose arms are tired from shaking your fist in the air while cursing my name, allow me to plead my case a bit. You see, a lot of you come here because you are looking for a solution for something. Maybe you are looking for the right freeware to troubleshoot an issue. Maybe you are looking for a cool online tool to help you complete a task easier. Maybe you Googled an error message you were having, and you landed here at Bauer-Power where I helped your ass out. Do you remember me charging you for my services? Hell no! I do this out of the kindness of my heart, in my spare time. The ONLY way I get compensated for helping you is with advertising revenue on the site.

Now, a lot of you Adblock users are simply looking for a pop-up free browsing experience. I agree, pop-ups are annoying, but some of you are just selfish bastards that are trolling the Internet looking for a free lunch. Well guess what jack, lunch aint free! it costs time and money! Advertising allows me to provide content without having to charge you directly!

Anyway, I went ahead and implemented some cool javascript here on Bauer-Power and over at Tech Chop that posts a message to Adblock users pleading my case and kindly asking for them to turn off Adblocker. Take a look at the screen shots for you non-Adblock users:

stop or block adblock adblockplus

I originally followed the instructions from Omninoggin on how to set it up. The tutorial is originally for Wordpress, but it works just as well for Blogger. Just paste the code from items 1 and 2 directly under your </head> tag. Paste the code from item 6 right above your </body> tag and you should be set. You will of course need to find a good place to host the files. It worked fine for the Google Chrome Adblock plugin, but not for Firefox's Adblock Plus. I found another one that works for both though at Antiblock.org.

The Antiblock.org script is even easier to implement. Just cut and paste the code right above the </body> tag. For blogger users, you need to run it through this adsense/blogger converter first: (Blogger Adsense Code Converter). I had problems with this script though. Sometimes it worked fine, then others it would display even if AdBlock was disabled. Weird...

Anyhoo, I made my own using a hybrid of two posts, one from Erikswan.net and the other from Cthreepo.com. The one from Erikswan wasn't noticable enough in my opinion. It would display a message, but when I tested it out on an Adblock using friend, he didn't even notice it until i pointed it out. The one from Cthreepo is kind of douchy, and by itself displays the message all the time, Adblocker or not. I decided to marry the two though, and now we have the Bauer-Power method for anti-adblocker messages!

Here's what you need to do, paste the following above the ]]></b:skin> tag in your blogger template:

#tester {

display:none;

}

Paste the following directly under your <body> tag in your blogger template:

<script type="text/javascript" src="http://ftp.bauer-power.net/misc/tc/advertisement.js"></script>

Now find one of your Adsense ads, and past the following above the code:

<script type="text/javascript">

if (document.getElementById("tester") != undefined)

{

}

else

{

alert("We've detected that you're using AdBlock Plus or some other adblocking software. In order to keep this website free, this site is sponsored in part by advertisements.\r\nPlease consider disabling your ad blocker on this website\r\nif you enjoyed the content, and would like to support future\r\ninformative posts.Thank you!\r\n\r\nClick OK to continue...");

setTimeout("nag()",12000);

}

</script>

If you are pasting the <script> codes directly in your template, you need to run it through an Adsense to Blogger converter.

What the above code does is looks for the existance of advertisement.js which does absolutely nothing, however based on rules Adblocking software, the software will see that file and will block it. If that file gets blocked, it will appear to the above code as if it's missing. If it's missing, you will receive the pop-up alert with my message. Now, this won't disable Adblocker, and if the user clicks Ok, they can continue to my content. It does, however, let them know that I am not fond of freeloaders.

I know a lot of you guys on the Internet are huge proponents of Adblocker, and before you flame up my comments with hate messages, kindly take a look at these two examples of hypocrisy from the Chrome Adblock plugin creator. Right after the install, this guy hits you up for some money to support development:

Again if you click on the Adblock icon you get this little gem asking for more money and support:

adblock hypocracy

So let me get this straight, it's okay for the guy who wrote Adblock to make a living with Internet money, but not me and the rest of the blogging community? Frankly hypocracy like that makes me sick. If you are going to write something that blocks other regular people from making their living online, then you shouldn't get any money either.

Alright, I know you Adblock users are chomping at the bit to rip me a new one, have at it in the comments :-P

del.icio.us tags:

Enhanced by Zemanta

Nov 23, 2011

37 Tips For Using Wireshark

I talked about an alternative to Wireshark yesterday made by Microsoft called Network Monitor. What if you still are on the Wireshark bandwagon though, and you don't want to give up on it? I mean, it is probably the most well known packet sniffer/network analyzer out there right? Well, I've got something for you, or rather Wireshark University does. It's their list of 37 tips and tricks for getting the most out of Wireshark, including steps on how to do them.

I thought I would re-post it here as an aid for you guys, but also as a sort of knowledge base for myself. If there is something I had a hard time fixing, or finding on the internet, I like to post it here on Bauer-Power. I'm sort of self-serving that way I guess. Anyway, here it is:

Tip #36: Download Pre-Made Profiles
At www.wiresharkbook.com you can download a set of pre-made profiles and numerous trace 
files. These files accompany the new Wireshark Network Analysis book that is widely 
becoming available on Amazon (you can also get it 
here), The book website also includes a 
"Coffee and a Quickie" section with six short videos to walk you through adapter testing, 
catching the first set of packets, and now - setting up profiles using predefined elements. 
Watch the video for step-by-step instructions on using a pre-made coloring rule set in your own 
profiles. 


Tip #35: Color Your WLAN Traffic
In the "Introduction to WLAN Analysis" chapter of Wireshark Network Analysis, I introduced one 
of my favorite filter sets - for WLAN traffic - fitering based on the frequency of WLAN traffic. For 
example, here are six coloring filter examples:

Tip #34: Running Multiple Versions of Wireshark
During last week's online training course, I had two versions of Wireshark running 
side-by-side. On the left was the 1.2.6 release version and on the right was the 1.3.3 
development version. This allowed me to demonstration numerous features that had changed 
and will be coming with version 1.4. To install multiple versions of Wireshark, go through the 
standard installation process on the second version, but make sure you just place it in a 
different directory. You don't need to reinstall any interface drivers (unless they are out of date).

Tip #33: Change Those Defaults!
When I look at someone's Wireshark configurations, I always recommend they change the 
default settings for both the "Filter display max list entries" and "Open Recent max list entries" 
in Edit | Preferences | User Interface. Why only see the last 10 items when you can easily view 
the last 30 items? I'm always re-opening trace files and accessing previously created display 
filters that I didn't save. Make this change today and work more efficiently!

Tip #32: Compare Traffic in a Single Summary Window
You can compare one conversation to another in a single summary. Open a trace with multiple 
conversations in it. Filter on one conversation and select Edit | Mark all packets. Clear your filter. 
Now filter on another conversation. Now select Statistics | Summary and you should see three 
columns - all traffic, the marked traffic (conversation #1) and filtered traffic (conversation #2).

Tip #31: Graph Ugly Traffic - Fast!
One of my favorite filters is tcp.analysis.flags. All those ugly TCP problems (retransmissions, 
duplicate ACKs, lost packets, etc.) jump out at you. Did you know you could plot these 
instances in an IO graph? It's simple - just start a capture and open Statistics | IO Graphs and 
enter tcp.analysis.flags in the filter area for the red graph. I recommend you try the Fbar format 
for this item. You'll end up with a nice graph showing when TCP issues rise and fall on the 
network.

Tip #30: Set up GeoIP to Map IP Addresses
Before you can take advantage of this feature, you need to ensure your version of Wireshark 
supports GeoIP (Help > About Wireshark - do you see "with GeoIP?").  The GeoIP database 
files are free from MaxMind (www.maxmind.com/app/ip-location - grab the Free/Open Source 
files. Point to the MaxMind files in Preferences > Name Resolution > GeoIP database 
directories. Want to watch a video of the setup and use of GeoIP? Check 
this out!

Tip #29: Keeping up with Wireshark
At 5:34pm PST, the Tweet screamed" Wireshark 1.2.4 is out. Enjoy" Another update so fast? 
Yup. Two ugly bugs are fixed in this rev - 4120: Can't save RTP streams in both directions and 
4155: Wireshark could crash on startup on Windows. How do you keep up with releases? 
Follow 
geraldcombs on twitter or subscribe to the Wireshark Announcements list at 
www.wireshark.org/lists/.

Tip #28: Gerald's Launch Tips
The Wireshark website was revised recently - you can catch Gerald Comb's video on Custom 
Wireshark Shortcuts 
here. Also note that typing wireshark -h at the command line lists other 
available options for quick launch.  

Tip #27: File Sets and Editcap - Yeah Baby!
Creating and using file sets allows you to capture large amounts of traffic and maneuver 
quickly from one portion to another (set this up in the Capture Options). In previous versions of 
Wireshark you could use editcap to split a large trace into multiple smaller trace files using th 
e-c parameter, but the new files were not part of a file set - they had to be opened and treated 
as separate files. Now using editcap v1.2.3, you can split a file and make it into multiple files 
that can be handled opened as a file set (File > File Set) - VERY NICE!

Tip #26: Wireshark on Windows 7
On October 26th, Wireshark v1.2.3 released. Although this version addressed numerous bug 
fixes, the big change is the support for Windows 7 with the updated WinPcap version 4.1.1 
which released separately at www.winpcap.org on October 20th (the previous version of 
WinPcap - version 4.1 came out on October 19th but had some installer bugs that were fixed in 
the next-day release version 4.1.1). This version of Wireshark+WinPcap also supports Vista, 
Server 2008, and Server 2008 R2. Get the latest version at www.wireshark.org/download.

Tip #25: WLAN Decryption Modes
When decrypting WLAN traffic using an AirPcap adapter with Wireshark, define the Decryption 
Mode as Wireshark, not Driver. In Driver Mode you can only decrypt WEP traffic (with the 
decryption keys defined). In Wireshark Mode you can decrypt WEP, WPA-PWD and WPA-PSK. In 
WPA-PWD mode uses the password and the SSID to create a raw pre-sharked key 
(WPA-PSK). In WPA-PSK mode, they key is parsed as a raw pre-shared key - you can create 
your own raw key using Wireshark's WPA PSK Generator at www.wireshark.org/tools/wpa-psk.

Tip #24: Removing Duplicate Packets
Use editcap to remove duplicate packets in a trace file. There are three parameters for 
duplicate removal. For example, if your trace file is called dupes.pcap, run the command 
editcap -d dupes.pcap nodupes.pcap. The -d parameter uses a duplicate window size of 5 
which means editcap compares the MD5 checksum of each packet to the 4 packets preceding 
it. You can increase the window size using -D # where # indicates the number of preceding 
packets to check against each packet. You can also use the -w parameter to specify a widow in 
time (seconds).

Tip #23: Link Aggregation
Got a server with two NICS and need to tap in to capture traffic on both interfaces? In this case 
you might be interested in a link aggregator. A link aggregator allows you to connect multiple 
links into the tap - this is a different technology than "aggregating tap" technology. Aggregating 
tap technology combines full-duplex traffic into a single outbound stream so you can listen in 
with one device.

Tip #22: Finding RTP
If you are analyzing VoIP communications and you pick up only RTP (Realtime Transport 
Protocol) traffic, but not the SIP traffic that set up the call, Wireshark may just dump you at UDP 
and not apply the RTP dissector to the traffic. No worries. Just right click on one of those UDP 
packets and select Decode As. Under the Transport tab you will see the ports in  use by the 
RTP communications. To the right, scroll down to select RTP and click OK.
See www.chappellseminars.com this week for more information on VoIP analysis and the 
Summit 09 event. UPDATE BY BILL DEWEESE: Another option is to enable the RTP preference 
"Try to decode RTP outside of conversations!"

Tip #21: Use Wireshark Expressions
If you want to build a filter, but you don't know the field name and have no packet to use as an 
example, click on the Expression button (to the right of the Display Filter area). In the 
Expression window you can expand protocols and applications to build filters using relations 
such as "is present", ==, !=, "contains" or "matches."

Tip #20: WLAN Retry Packets
When a WLAN ACK is not received, a retry will be triggered. Why would an ACK not be 
received? Low signal strength, interference, noise... those might be some of the reasons. To 
create a filter for all retry WLAN frames, expand the flags field under the Frame/Control section 
of the 802.11 header. Right click on the Retry bit and select Apply a Filter > Selected. Ensure 
your filter is looking for a bit setting of 1 (indicating the frame is a retry). The filter should be 
wlan.fc.retry == 1.

Tip #19: Sorting Filters
At Open Source World I needled Gerald about this ability. You can't just click on the filters to sort 
them. Sigh. So here's the trick I use. I open the filter file in a text editor, copy the text to Word and 
then sort the list. You can locate your filter files by selecting Help > About > Folders - look for the 
Personal Configuration information. To make things line up nicely, add spaces in front of your 
display filter names - for example "       TCP RST Packets" (notice the leading spaces within the 
quotes - I don't add the leading spaces for titles when I group filters). If you ordered the 
Wireshark Jumpstart Plus Bonus course, you received my pre-formatted, sorted filters.

Tip #18: Exporting IO Data for External Graphing  
Recently, someone posed a question on Twitter: "How can we export the Wireshark bits per 
second information so we can manipulate it in Excel or another spreadsheet program?" Easy! 
Select Statistics > IO Graphs. Change the Y Axis to Bits/Tick and click the Copy button. 
Wireshark copies the header as "interval start, graph 1" and the X, Y coordinates of the plot 
points to buffer in a comma-separated value format. Save the data in a CSV file to open in 
another program. If you want to compare one user's traffic to all the traffic seen, apply an 
ip.addr==x.x.x.x filter for Graph 2. Select the Graph 1 and Graph 2 columns from your CSV file to 
plot the data. Now you can build your own graphic images of the traffic, add trend lines and use 
standard plotting functions to the data.

Tip #17: Subnet Filters
Wireshark understands CIDR (classless interdomain routing) address definitions. If you want 
to create a display filter for all devices who's network address starts with 10.3, use the syntax 
ip.addr==10.3.0.0/16. The "16" indicates how many of the leading bits should be matched in 
the address. Use CIDR definitions when filtering on a subnet.

Tip #16: DHCP Filters
At the current time, the display filter syntax, dhcp, does not work. In order to filter on DHCP traffic 
 you need to use the syntax bootp. DHCP is derived from BOOTP and contains a BOOTP 
header. This fouls up many Wireshark users who are new to creating display filters. Watch out. 
Likewise, you cannot use "dhcp" as a capture filter - you need to create a capture filter for port 
67 or port 68. In the recorded version of the Wireshark Jumpstart class, I added a Bonus 
section that includes my favorite capture/display/color filters. One of my capture filters is a 
passive discovery filter that looks for arp or port 67 or port 68.

Tip #15: Filtering for Illegal Ping Packets
Many network discovery tools and OS fingerprinting tools (such as Nmap, NetScanTools and 
Xprobe) send out illegally-formed ping (ICMP Echo Request packets) that can be used to ID the 
application in use. The display filter would be icmp.type==8 && !icmp.code==0 to find these 
strange packets. This is covered in the Bonus materials added at the end of the recorded 
Wireshark Jumpstart course that will be announced today at chappellseminars.com.

Tip #14: Merging Trace Files
So you've capture two (or more) trace files on different interfaces or from different hosts running 
Wireshark. To merge these trace files together you can use the command line tool Mergecap 
(in the Wireshark program directory) or select File > Merge in Wireshark. By default files will be 
merged according to their timestamps. Use the -a parameter to merge according to the order 
you list the files.

Tip #13: Sign of a Bot-Infected Host
When a host is bot-infected and planning on connecting via IRC to the C&C (Command and 
Control) server, you might see a DNS query for that C&C server's name. Check out 
sick-client.pcap - look at the DNS reply for bbjj.househot.com - notice the CNAME (canonical 
name, or alias) entry in the DNS response field... and look at how many IP addresses are 
associated with that name. Not the typical DNS response you'd expect and sign that the host 
being located may be a malicious one... watch for this. Video: "
Analyzing a Bot-Infected Host"

Tip #12: Wireshark's Status Bar
The Wireshark status bar is located below the main Wireshark working area. In Wireshark v1.2 
we now have an Expert Info Composite button on the far left side - the color changes to indicate 
the Expert level that has been detected (grey=no Expert Info; Red=Errors; Yellow=Warnings; 
Light Blue=Notes).While capturing, the left side of the status bar indicates which adapter 
Wireshark is capturing from, the file location and file name of the current capture, size of the file 
and, after you stop the capture, the time elapsed. In the center of the status bar, Wireshark 
displays the number of packets captured, displayed (useful if you have applied a display filter), 
marked and packets dropped (a clear sign that Wireshark is not keeping up with traffic rates). 
The right side of the status bar indicates the profile in use. You can adjust the size of the three 
areas of the status bar for better viewing by clicking and dragging the column separator. Many 
people leave the profile information at minimum size so they can see the entire directory/file 
name of their capturing/captured trace.

Tip #11: "Fast Retransmissions"
What is the difference between a retransmission and a fast retransmission? If you've worked 
with the Expert Info Composite window, you have likely seen both at times. Right now, fast 
retransmissions are placed under the Warnings tab. Retransmissions are placed under the 
Notes tab. Both are true retransmissions, but if the retransmission arrives within 20 ms of a 
duplicate ACK it is defined as a "fast retransmission". Not all retransmissions are triggered by 
duplicate ACKs however. Sometimes you'll see retransmissions that are triggered by a timeout 
on the sender's side as it waits for an ACK for data sent. We treat both retransmissions and 
fast retransmissions as a sign of packet loss.

Tip #10: New Time Column
In Tip 9 you learned how to change the time column to see large gaps between packets. But 
what if you want to see both the default time setting and the delta time setting? Make sure the 
current time column is set to View > Time Display Format > Seconds Since Beginning of 
Capture. Next, in Wireshark v1.2, select Edit > Preferences > Columns > Add. Click on New 
Column and give your column the name "Delta". (Click on the word "number" to the right or the 
name will not stay - a bug). In the Properties area, click the arrow at the right of the Format field. 
Select "Delta" and click OK. You might want to move this time column up next to the other time 
column (in v1.2, just cick and drag the column up). Now you always have both the Relative and 
Delta time columns available.

Tip #9: Best Time Setting for Troubleshooting
When users complain about poor network performance, capture their traffic (from as close to 
their systems as possible so you get round trip time values from their perspective). Set the 
Time column value to show you from the end of one packet to the end of the next packet by 
selecting View > Time Display Format > Seconds Since Previously Displayed Packet. Now you 
can sort this column to see where there are large gaps in time in the trace file.
 Watch a demo 
(MP4-4MB)

 Tip #8: Tshark Interface Selection
Tshark is the command-line capture tool that comes with Wireshark (look in the Wireshark 
program directory and consider adding this directory to your path so you can run Tshark from 
your trace file directory). Type 
tshark -D (must be a capital "D") to view the interface list. If you 
want to capture traffic on the third interface listed, you would use
 tshark -i 3 (the "i" 
parameter indicates the interface number you want to capture on).
 Watch a demo (MP4-5MB) .

POWER USER Tip #7: Terabyte Tshark Captures
Special thanks to John Bullock for this hot tip!
"Run tshark as a service with something like this in the registry - c:\program 
files\wireshark\tshark.exe -i 3 -b filesize:100000 -b files:8800 -n
-w d:\pktcap\wan.cap
. With terabyte drives so cheap, I decided to put a machine on the 
uplink for each of our networks that keeps a rolling capture of the last 800G or so of traffic.  So, 
now when a security system barks at me, I can go find the packets and investigate."

 Tip #6: Packet Loss Location
Wondering if the original TCP packet and the retransmission are both sitting in that slop of a 
trace file? In the details pane of the TCP retransmission packet, expand the TCP header and 
right click on the TCP Sequence Number field. Select Apply as Filter > Selected. The filter syntax 
is tcp.seq == [number]. If you see both the original packet AND the retransmission, you are
upstream (closer to the sender) from the point of packet loss. If you only see the 
retransmission, the original packet was already lost. The point of packet loss is downstream 
(closer to the receiver) than where you are located.

Tip #5: Signatures
Always look at the payload of ICMP Echo Request (ping) packets to see if there is a signature 
for the application running sending the ICMP Echo Request. In 
pingsigs.pcap we see the 
alphabet-only-up-to-w signature used by MS Windows hosts and, in packet 9, we see the 
Sniffer ping tool signature - which is a nod to it's creator, Cinco.

Tip #4: Accelerator Key
Use Ctrl+down arrow when you have selected a packet in the detail pane and want to scroll 
through several packets while keeping the focus in the detail pane.

Tip #3: File Sets
In the Capture Options window, save to multiple files. Just open one of the files and now use 
File > File Set > List Files to quickly move between them.

Tip #2: Splitting Trace Files
To split a large trace file into multiple files, use editcap -c [number of packets per 
file] <infile> <outfile>
. For example, editcap -c 10000 fattrace.pcap 
smaller.pcap
 will split fattrace.pcap into trace files containing 10,000 packets (or fewer on the 
last trace of the set) with names starting with smaller.pcap. The file  number is appended as 
-00000, -00001, -00002, etc. after the .pcap extension.

Tip #1: Capture Filter
Create a "Not Me" capture filter to ensure your own traffic isn't captured when analyzing other 
device's traffic. Use the syntax  
not ether host 00:21:97:40:74:d2 (with your MAC 
address, of course). Also consider making a "Just Me" capture filter to view only your traffic 
when analyzing an application on your own system.

Tip #0: Free Wireshark Live Online Seminars
You like tips? Check online at www.chappellseminars.com to register for the free Wireshark 
live online seminar.

Got any other sites with interesting tips for Wireshark to help out us n00bs? Hit us up in the comments!

[Via Wireshark University]

del.icio.us tags:       

 

Nov 22, 2011

Alternative To Wireshark in Windows For Network Monitoring and Analysis

I have been dealing with an intermittant network issue for the past month and a half at work. Maybe once or twice per week, one of our VLANs will drop out for about 5 minutes, then come back up. I was talking with a Network Engineer friend of mine, and he thought it was probably a spanning-tree issue, however I'm not convinced of that. I explained the issue to another friend of mine who has been doing networking for a really long time, and he doesn't think it's a spanning-tree issue because only the one VLAN goes down, and all traffic on that VLAN doesn't stop. Anything on that VLAN can still talk to each other, it's the inter-VLAN routing that stops working, and that is handled by the firewall.

Great, so look at the firewall right? Not really, because my company thought it would be a good idea to hire a managed firewall solution prior to me being hired. Working with those guys is like sticking needles in your eyes. They are slow to respond, and they are so concerned with covering their asses, and pointing fingers that they can't help you look at some simple firewall logs, or call vendor support for the firewall. I digress about that...

So anytway, we made the executive decision to early terminate with the managed firewall guys, and buy the firewalls from them. While I'm waiting for access to the firewalls, we are still having these intermittant outtages. Every time I get an idea on what it can be, I try something and have to wait to see if that fixed it. Nothing has worked so far, and I can't figure it out. I decided to plug a laptop into my switches, and mirror the port connected to the firewall, and run Wireshark to see if I can pick up what's happening on the network. The problem is that this issue will not happen for days, and by the time it does happen, Wireshark craps out and crashes.

I decided to look for an alternative, and found one from Microsoft called Network Monitor. The latest version at the time of this writing for Microsoft Network Monitor is 3.4, and is absolutely free. On top of that, it's way more intuitive to use than Wireshark, and has an easy to understand user interface. Plus it has simple pre-programmed filters to make using it easy for even the most novice of Network Administrators. The preset I am trying out for my intermittant issue is called Base Network TShoot which looks for the most common network problems including ICMP, ARP and TCP resets as well as TCP retransmit packets.

Microsoft Network Monitor BaseNetworkTshoot

 

Plus, as I mentioned above, the GUI is way more user friendly than Wireshark's, check out this screen shot where I can see not only my raw packet info, but what applications it's tied to on my computer (Click for full size):

Now I'm sure a lot of you are die hard Wireshark guys, which is fine. I mean it pretty much is the number one network sniffer out there, but if you're more of a systems guy like me, and only dabble on the network side, then I think you're better off with a more user friendly tool like Network Monitor.

What do you think? Are you a Wireshark guy/gal? Have you ever used Microsoft Network Monitor? Like it? Dislike it? Do you prefer a different tool? Let us know in the comments!


Nov 21, 2011

An Ode To Epic Meal Time

The wife took the kids out to a potluck over the weekend and left me at home to fend for myself. Me being the fan of Epic Meal Time that I am, I decided to head out to the store and get stupid, and make a truly Epic Meal!

Not only that, but I decided to film the madness, and share it with you haters here on the Internets! Flippin' smart! Now, I am only one man, so I couldn't quite make a meal on the scale of Epic Meal Time, so I scaled it back a bit. Still, what I created, even though it looked like a food abomination, was really damn good!

Check it out!



Want to make this nonsense epic meat loaf? Here is what you'll need:

  • 2+ LBS of Ground Beef
  • 3 Eggs
  • Dried Onions
  • Italian Bread Crumbs
  • Applewood Smoked Bacon
  • Box Mac and Cheese
  • 2 Sausage Biscuits with Egg and Cheese
  • 1 Cup Shredded Sharp Chedder Cheese

 

Put it all together like I did in the video, and bake it at 350 degrees for an hour. Take it out, and flip it to remove the pan. Sprinkle the chedder on top, and put it back in the oven for 15 more minutes. Done player!

There was so much left over that my wife, kids and I ate it for dinner that night. It will feed a lot of people!

Ever make anything ridiculous like that? Ever watch Epic Meal Time? What is your favorite dish they made? How many calories do you think was in my meat loaf? Let me know in the comments!

del.icio.us tags:              


Nov 18, 2011

Prepare For SOPA Round Two

Well my fellow anti Internet Blacklisters, according to the guys over at Fight For The Future, the Internet stepped up to answer the call to protect our freedoms on the Internet from the proposed Internet Blacklist legislation known as SOPA and the Protect IP act.

According to Ars Technica, even Nancy Pelosi (Who I normally despise) has joined the opposition to SOPA. According to Timothy B. Lee:

Reacting to a tweet from San Francisco resident Jeffrey Rodman, the San Francisco Democrat tweeted on Thursday that her colleagues "need to find a better solution than #SOPA." She also urged Congress: "#DontBreakTheInternet." This seems to be the first time Pelosi has weighed in on the SOPA debate, and it suggests that the concerns of SOPA's critics are being heard on the Democratic side of the aisle.

That’s all well and good folks, but the fight isn’t over. Keep pounding your representatives and ask them to vote down this bill that may very well strip away some of the freedoms men have died for in this country!

Check out this quick Infographic showing how you and the rest of the Internet has stepped up to the fight!

 

stop sopa blacklist

How do you feel about these bills? Let us know in the comments!

[Via AmericanCensorship.org]

The Internet Blacklist Bill [Infographic]

Yesterday I posted a little about the Internet Blacklist bills that congress is trying to shove down our throats. These bills are similar to Internet censorship bills you may have heard about in citizen loving countries like China, Iran and Syria (Did you catch that sarcasm?)

Well the Electronic Frontier Foundation, which is a non-profit Internet watchdog group that fights to preserve your rights to a free internet which includes free speech. These bills seek to erode those freedoms, and I just can’t sit back and do nothing about it. Neither should you.

Check out this infographic explaining the dangers of the Internet Blacklists:

Want to do something? Click the infographic to find out how you can ask your representatives to fight this nonsense. I mean, this was America the last time I checked. I don’t want to lose it!

Nov 17, 2011

This Is An Internet Emergency

Yesterday, November 16th, Congress started holding hearings on the first American Internet censorship system. Not sure if you realize this, but in America we have certain freedoms that a lot of good men fought and died for. One of them is the right to free speech.

One of the ways I choose to exercise my right to free speech is by having this blog, and I friggin’ like it that way. What if one day some jack hole in the government decided he didn’t like Bauer-Power huh? What if that jack hole decided to shut me down? Maybe you like Bauer-Power? Well guess what son? You can’t read it any more because Uncle Sam decided to be an A-hole dictator and told your ISP to block all access to Bauer-Power.

Well guess what, shit is getting real! You can help though. The Electronic Frontier Foundation (EFF) is fighting these Internet Blacklist bills, but they can’t do it alone. Please tell your representatives in Washington that you appose these proposed bills.

 

American Censorship Day November 16 - Join the fight to stop SOPA - Google Chrom_2011-11-17_09-02-07

 

Visit AmericanCensorship.org, enter your information so you can email your local representatives to ask them to stop this madness!

Check out this video:

Thanks for your help to keep Bauer-Power safe from A-hole government!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam