[SOLVED]Using Wireshark to Troubleshoot Network Connectivity Issues: Decode As

Using Wireshark to Troubleshoot Network Connectivity Issues: Decode As

Another useful feature in Wireshark is the “Decode As” feature, which allows you to specify how Wireshark should interpret the contents of a packet. This can be especially helpful when dealing with protocols that are not natively supported by Wireshark, or when you want to see the contents of a packet in a different format.

To use the “Decode As” feature, first select the packet in the packet list that you want to decode. Then, right-click on the packet and select “Decode As” from the context menu. This will open a dialog box that allows you to specify how Wireshark should interpret the contents of the packet.

In the “Decode As” dialog box, you can choose the protocol that you want Wireshark to use when decoding the packet. For example, if you are dealing with a packet that uses a custom protocol that is not natively supported by Wireshark, you can choose the “Custom” option and specify the details of the protocol.

You can also use the “Decode As” feature to specify how Wireshark should interpret the contents of a packet when it is using a protocol that is natively supported by Wireshark. For example, if you want to see the contents of an HTTP packet in a different format, such as ASCII or Hex Dump, you can use the “Decode As” feature to specify the desired format.

By using the “Decode As” feature in combination with other diagnostic tools, such as the “Follow TCP Stream” and “IO Graphs” features, you can gain a deeper understanding of the traffic on your network and identify potential problems. With a little bit of practice and a thorough understanding of the features and techniques available in Wireshark, you can become an expert at troubleshooting network issues and keeping your network running smoothly.

[SOLVED]Using Wireshark to Troubleshoot Network Connectivity Issues: Filters

Using Wireshark to Troubleshoot Network Connectivity Issues: Filters

In addition to the “Follow TCP Stream” feature, Wireshark also includes a powerful set of filters that you can use to narrow down the packets being displayed and focus on specific issues.

To use filters in Wireshark, simply enter the filter criteria into the filter bar at the top of the packet list. You can use a wide range of criteria to filter the packets, including the source and destination addresses, the protocol being used, and various other packet attributes.

For example, if you want to see only packets that are being sent from a specific IP address, you can enter “ip.src == x.x.x.x” into the filter bar, where x.x.x.x is the IP address you want to filter for. You can also use logical operators, such as “and” and “or”, to create more complex filters.

Filters can be especially helpful when trying to identify the cause of connectivity issues, as they allow you to focus on specific packets or types of traffic that may be causing the problem.

Regenera

[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: Follow TCP Stream

Using Wireshark to Troubleshoot Network Connectivity Issues: Follow TCP Stream

One of the most useful features in Wireshark is the “Follow TCP Stream” feature, which allows you to view the full conversation between two devices as a single stream of data. This can be especially helpful when trying to troubleshoot connectivity issues, as it allows you to see the entire exchange of packets between the devices, rather than just individual packets.

To use the “Follow TCP Stream” feature, first select the packet in the packet list that you want to start the stream with. Then, right-click on the packet and select “Follow TCP Stream” from the context menu. This will open a new window showing the full conversation between the two devices as a single stream of data.

You can use the “Follow TCP Stream” feature to identify any problems with the exchange of packets between the devices. For example, if you see a large number of retransmissions or errors in the stream, it could indicate a problem with the connection. You can also use the “Follow TCP Stream” feature to see if any packets are being dropped or blocked, which can also cause connectivity issues.

[SOLVED]Troubleshooting Network Connectivity Issues

Troubleshooting Network Connectivity Issues with Wireshark

Network connectivity issues can be frustrating, but there are a few steps you can take to try and resolve them. One powerful tool that can help troubleshoot these issues is Wireshark, a network protocol analyzer.

To use Wireshark to troubleshoot connectivity issues, start by capturing network traffic on the device experiencing the issue. This will allow you to see all of the packets being sent and received by the device, and you can use Wireshark’s various filters and analysis tools to identify any potential problems.

First, try to identify the source of the problem. Is it limited to a specific device or network segment, or is it affecting the entire network? This can help narrow down the potential causes.

Next, try to isolate the issue by performing some basic troubleshooting steps. For example, you can try rebooting the device or checking to make sure it has the correct IP address and DNS settings. You can also try connecting to the network using a different device to see if the issue is specific to one device or if it is a wider network issue.

If the issue persists, you can use Wireshark to help identify the cause. Look for any unusual patterns in the packets being sent and received, such as an excessive number of retransmissions or errors. You can also use Wireshark’s built-in analysis tools, such as the “Follow TCP Stream” feature, to get a more detailed look at the traffic flow.

By using Wireshark and other diagnostic tools, you can often identify and fix connectivity issues quickly and efficiently.

Quickly find AD user password expiration date

Knowing when a password should expire is sometimes useful information.
To find out all users password expiration date, open up powershell on the DC and run:

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties “DisplayName”, “msDS-UserPasswordExpiryTimeComputed” | Select-Object -Property “Displayname”,@{Name=”ExpiryDate”;Expression={[datetime]::FromFileTime($_.”msDS-UserPasswordExpiryTimeComputed”)}}

It will output for you a human readable list such as in the above post screenshot.
I have tested and can confirm that the above script is working on Server 2008, 2008 R2, 2012, 2012 R2, 2016 & 2019.

Force Active Directory replication on a domain controller

To force Active Directory replication, on the server which needs forced to update, run using elevated CMD:

repadmin /syncall /AeD

A = All Partitions
e = Cross Site (Enterprise)
D = Show server name in output.

This will initiate a pull replication.

OR if you are already on on your main DC, and need to update any other servers in the AD, you can do a push replication:

repadmin /syncall /APeD

A = All Partitions
e = Cross Site (Enterprise)
D = Show server name in output.
P = Push

The technet article with further info can be found here:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc770963(v=ws.11)

Perhaps, you like me are trying to move away from the old CMD comandlines, and migrate into PowerShell – if that is the case, bad news -currently there is no update alternative for repadmin in powershell – the Get-ADReplication commands are great for troubleshooting but offer no easy interface for updating AD.

Stress Testing HDD

There are certain times that you will want to stress test a HDD or just get some info out of it for performance tuning.

Step in: Diskspd.exe


A microsoft developed standalone disk testing tool.
https://github.com/Microsoft/diskspd

Sample command can be found here:
https://github.com/Microsoft/diskspd/wiki/Sample-command-lines

Block users from logging on to an RDS Server [SOLVED]

Do you need to block users from logging on to an RDS Server

Problem:
You are updating an RDS server, or an application on the RDS server, but another users process is stopping your install. You need to stop access to other users to the RDS server but still be able to work on it yourself. but how?

Solution:
Open up administrative CMD
Change Logon /Disable
Then log all other users off using Task manager (users tab)

And when you are finished simply revert:
Change Logon /Enable

Sorted.

Remote Web Workspace not working [Solved]

Remote Web Workspace breaks. Alot.

In all versions of SBS (now end of life) Microsoft graced us with the ability for remote users to remote into the server to then hop accross to their own PC’s via RDP.

This was great in theory, and worked for a while, until updated servers broke this feature. The root cause was an update to .net framework, starting at version 4.5.1 which included memory checking to make sure you have at least 5% free memory.

Ok, so why the issues. Well anyone who knows Exchange, knows that the information store will use as much free memory as possible – which in turn often caused the Remote desktop Gateway service to crash, due to not having 5% free memory.

Here is the quick fix if you only have 5 mins;

– Restart the MS Exchange information store,
– Then restart/start the Remote Desktop Gateway Service

Here is the proper fix:

– Run adsiedit.msc
– Connect to: Select a well known Naming Context : [Configuration]
– Expand the following:
Configuration\Services\Microsoft Exchange\ (First Organization) \Administrative Groups\ (Exchange Administrative Group) \Servers\ (Server Name)
– Right click on CN=Information Store and click properties
– Update the values of msExchESEParamCacheSizeMin and msExchESEParamCacheSizeMax to something below 94% of your servers max ram capacity – i is in KB’s divided by a 32byte page so…

Basic maths is ==> Target Cache Size in GB = (# * 1024 * 1024) / 32

There is an excellent table over at meridian.ws which is much easier than doing the maths:
http://meridian.ws/wordpress/?p=239

Posted in

Adobe reader on Server 2016

Adobe have been rather silent recently when it comes to running reader on server 2016

Adobe reader is used by many professions, and in many capacities. It used to be one of the most commonly installed applications on business PC’s by anyone in any sector. However, Server 2016 is not supported.

https://helpx.adobe.com/reader/system-requirements.html

This makes it a nightmare for modern portable apps, RDS servers(Terminal servers) or even just file servers.

So there is a work around, however it is not recommended. The best fix for this is to scrap Adobe, and move to one off the other large PDF Vendors out there to cater to your PDF viewing needs.

Three that i have personally verified as working and are supported on server 2016 are:

  • Nitro Pro
  • Abby PDF reader
  • TinyPDF

There will however be a small percentage of us admins or superusers, that have to get this Adobe based software working.

Workaround to get Adobe reader on Server 2016

Start by using the latest installer for Windows 10,
Once installed, you may find that it will work for a while, but eventually as it updates you will no longer be able to open PDF documents using it.
To get around this you have to unfortunately turn off protected mode.

Now, i shouldn’t really need to preface this, but i will. This is not supported, nor recommended – Reader has a protected mode for a reason, disabling it is opening you to all sorts of vulnerabilities.

If you do wish to continue, open up Adobe Reader – go into Edit –> Preferences –> Security (enhanced) –>

Turn Protected mode off, and untick ‘ Enable protected mode at startup’

If you like I could not even get to the preferences panel in order to change these settings then all you need to do is open adobe reader by accessing via compatibility mode. Set this as XP (which itself does not support protected mode) – then change settings, and then change compatibility mode back off.

Let me know in the comments if this has helped you.