[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: Time Sequence Graph (tcptrace)

Using Wireshark to Troubleshoot Network Connectivity Issues: Time Sequence Graph (tcptrace)

In addition to the “Follow TCP Stream,” “Decode As,” “IO Graphs,” and “Expert Infos” features, Wireshark also includes a tool called the “Time Sequence Graph (tcptrace)” that allows you to visualize the flow of traffic between two devices over time.

To use the “Time Sequence Graph (tcptrace)” feature, simply select the “Statistics” menu and then choose “TCP Stream Graphs.” This will open a new window that allows you to choose the stream that you want to visualize.

The “Time Sequence Graph (tcptrace)” feature shows the flow of traffic between two devices over time, with the x-axis representing time and the y-axis representing the sequence numbers of the packets being sent. You can use this tool to identify any problems with the flow of traffic, such as delays or missing packets.

By using the “Time Sequence Graph (tcptrace)” feature in combination with other diagnostic tools, such as the “Follow TCP Stream” and “IO Graphs” features, you can gain a deeper understanding of the traffic on your network and identify potential problems. With a little bit of practice and a thorough understanding of the features and techniques available in Wireshark, you can become an expert at troubleshooting network issues and keeping your network running smoothly.

[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: Expert Infos

Using Wireshark to Troubleshoot Network Connectivity Issues: Expert Infos

In addition to the “Follow TCP Stream,” “Decode As,” and “IO Graphs” features, Wireshark also includes a tool called “Expert Infos” that provides valuable information and insights about the packets being captured.

To use the “Expert Infos” feature, simply select the “Statistics” menu and then choose “Expert Infos.” This will open a new window that displays a list of all the packets being captured, along with any expert infos that are available.

Expert infos are messages generated by Wireshark that provide additional information about the packets being captured. There are three levels of expert infos: “Notes,” “Warnings,” and “Errors.” Notes provide general information about the packets, warnings indicate potential problems with the packets, and errors indicate serious problems with the packets.

You can use the “Expert Infos” feature to identify any issues with the packets being captured, such as problems with the protocol being used or errors in the packet contents. By using the “Expert Infos” feature in combination with other diagnostic tools, such as the “Follow TCP Stream” and “IO Graphs” features, you can gain a deeper understanding of the traffic on your network and identify potential problems.

With a little bit of practice and a thorough understanding

[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: IO Graphs

Using Wireshark to Troubleshoot Network Connectivity Issues: IO Graphs

In addition to the “Follow TCP Stream” and “Decode As” features, Wireshark also includes a useful tool called “IO Graphs” that allows you to visualize the traffic on your network in a graphical format.

To use the “IO Graphs” feature, simply select the “Statistics” menu and then choose “IO Graphs.” This will open a new window that allows you to customize the graph according to your needs.

You can use the “IO Graphs” feature to identify patterns in the traffic and see how different devices are interacting with each other. For example, if you see a sudden spike in the traffic on your network, you can use the “IO Graphs” feature to identify which device or devices are causing the spike and determine the cause.

You can also use the “IO Graphs” feature to identify any problems with the traffic on your network, such as slow performance or connectivity issues. By visualizing the traffic in this way, you can often identify the root cause of the problem and take the appropriate action to fix it.

With a little bit of practice and a thorough understanding of the features and techniques available in Wireshark, you can become an expert at troubleshooting network issues and keeping your network running smoothly.

[SOLVED]Using Wireshark to Troubleshoot Network Connectivity Issues: Decode As

Using Wireshark to Troubleshoot Network Connectivity Issues: Decode As

Another useful feature in Wireshark is the “Decode As” feature, which allows you to specify how Wireshark should interpret the contents of a packet. This can be especially helpful when dealing with protocols that are not natively supported by Wireshark, or when you want to see the contents of a packet in a different format.

To use the “Decode As” feature, first select the packet in the packet list that you want to decode. Then, right-click on the packet and select “Decode As” from the context menu. This will open a dialog box that allows you to specify how Wireshark should interpret the contents of the packet.

In the “Decode As” dialog box, you can choose the protocol that you want Wireshark to use when decoding the packet. For example, if you are dealing with a packet that uses a custom protocol that is not natively supported by Wireshark, you can choose the “Custom” option and specify the details of the protocol.

You can also use the “Decode As” feature to specify how Wireshark should interpret the contents of a packet when it is using a protocol that is natively supported by Wireshark. For example, if you want to see the contents of an HTTP packet in a different format, such as ASCII or Hex Dump, you can use the “Decode As” feature to specify the desired format.

By using the “Decode As” feature in combination with other diagnostic tools, such as the “Follow TCP Stream” and “IO Graphs” features, you can gain a deeper understanding of the traffic on your network and identify potential problems. With a little bit of practice and a thorough understanding of the features and techniques available in Wireshark, you can become an expert at troubleshooting network issues and keeping your network running smoothly.

[SOLVED]Using Wireshark to Troubleshoot Network Connectivity Issues: Filters

Using Wireshark to Troubleshoot Network Connectivity Issues: Filters

In addition to the “Follow TCP Stream” feature, Wireshark also includes a powerful set of filters that you can use to narrow down the packets being displayed and focus on specific issues.

To use filters in Wireshark, simply enter the filter criteria into the filter bar at the top of the packet list. You can use a wide range of criteria to filter the packets, including the source and destination addresses, the protocol being used, and various other packet attributes.

For example, if you want to see only packets that are being sent from a specific IP address, you can enter “ip.src == x.x.x.x” into the filter bar, where x.x.x.x is the IP address you want to filter for. You can also use logical operators, such as “and” and “or”, to create more complex filters.

Filters can be especially helpful when trying to identify the cause of connectivity issues, as they allow you to focus on specific packets or types of traffic that may be causing the problem.

Regenera

[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: Follow TCP Stream

Using Wireshark to Troubleshoot Network Connectivity Issues: Follow TCP Stream

One of the most useful features in Wireshark is the “Follow TCP Stream” feature, which allows you to view the full conversation between two devices as a single stream of data. This can be especially helpful when trying to troubleshoot connectivity issues, as it allows you to see the entire exchange of packets between the devices, rather than just individual packets.

To use the “Follow TCP Stream” feature, first select the packet in the packet list that you want to start the stream with. Then, right-click on the packet and select “Follow TCP Stream” from the context menu. This will open a new window showing the full conversation between the two devices as a single stream of data.

You can use the “Follow TCP Stream” feature to identify any problems with the exchange of packets between the devices. For example, if you see a large number of retransmissions or errors in the stream, it could indicate a problem with the connection. You can also use the “Follow TCP Stream” feature to see if any packets are being dropped or blocked, which can also cause connectivity issues.

[SOLVED]Troubleshooting Network Connectivity Issues

Troubleshooting Network Connectivity Issues with Wireshark

Network connectivity issues can be frustrating, but there are a few steps you can take to try and resolve them. One powerful tool that can help troubleshoot these issues is Wireshark, a network protocol analyzer.

To use Wireshark to troubleshoot connectivity issues, start by capturing network traffic on the device experiencing the issue. This will allow you to see all of the packets being sent and received by the device, and you can use Wireshark’s various filters and analysis tools to identify any potential problems.

First, try to identify the source of the problem. Is it limited to a specific device or network segment, or is it affecting the entire network? This can help narrow down the potential causes.

Next, try to isolate the issue by performing some basic troubleshooting steps. For example, you can try rebooting the device or checking to make sure it has the correct IP address and DNS settings. You can also try connecting to the network using a different device to see if the issue is specific to one device or if it is a wider network issue.

If the issue persists, you can use Wireshark to help identify the cause. Look for any unusual patterns in the packets being sent and received, such as an excessive number of retransmissions or errors. You can also use Wireshark’s built-in analysis tools, such as the “Follow TCP Stream” feature, to get a more detailed look at the traffic flow.

By using Wireshark and other diagnostic tools, you can often identify and fix connectivity issues quickly and efficiently.

Recover or reset PFSense Admin password

I’ll keep this post short and sweet, you have lost your PFsense firewall/router Admin login password and need back in. Quick.

There are two options available to you:

To reset PFSense Admin password

Plug a monitor and keyboard into the PFSense appliance/server or connect to console
You can then select ‘Option 3) to reset the webGUI password.

Should this fail, or you have set an admin password to even get this far, then follow below;

1, Reboot appliance
2, Select boot option for ‘Single User Mode’
3, Hit enter to start /bin/sh
3, run mount -a -t ufs
4, run /etc/rc.initial.password and follow the prompts to reset password
5, reboot /sbin/reboot

Depending on what version o PFSense you are using, you will have just specified the new password, or if you did not have that option, then it will have reset to the PFSense default password of: Admin | pfsense

Let me know in the comments if this helped you or was useful to you in any way!

BGP vulnerable? – is the web as we know it at risk?

The BGP (protocol) has been on my mind the last few weeks.

It boggles my mind how fragile the web is that we all operate on, more specifically that we rely on BGP TCP/IP to maintain connections between two or more autonomous system routers.
BGP is simply put, is the Internet’s greatest weakness.

OK, so what is BGP?

According to he RFC (last pub 2006)

The primary function of a BGP speaking system is to exchange network
reachability information with other BGP systems.

GP-4 provides a set of mechanisms for supporting Classless Inter-
Domain Routing (CIDR) [RFC1518, RFC1519]. These mechanisms include
support for advertising a set of destinations as an IP prefix and
eliminating the concept of network “class” within BGP. BGP-4 also
introduces mechanisms that allow aggregation of routes, including
aggregation of AS paths.

Attacking it?

Acording to Sean Convery (cisco) from his blackhat talk in 2003 below is how you shoudld go about it (kindof, we will go into more detail later):
Reset a single BGP session to control a block of IP’s and corrupt other BGP routers. The easiest way to do this would be to gain lawful access to a BGP backbone, e.g. become an engineer for a site, or befriend someone who has access.
BGP Vulnerable

OK, so?

Well from all my readings and research, it seems like this is where the bottom foundational layer of trust the WHOLE internet lies. Without the BGP, there is no CIDR, without CIDR there is no IP’s, without IP’s there is no DNS, without DNS there is no websites, without websites many services simply die and cue end of the world scenarios.

Why was this on my mind? Well i’ve been curious about it before, but recently i have been thinking about the unseen weaknesses in CryptoCurrencies. If the internet breaks, or a government decides to hard fork/cut access and limit it, then crypto as we know it is valueless. It simply looses ALL value.
Crypto other than a few projects all works from HTTP, ip, tor, IPFS etc.. which relies on IP addressing. When the very foundation of these protocols is in question, then the whole behemoth is in danger. BGP simply is the biggest threat to modern crypto economies.

tl;dr: An old protocol (BGP) run by potentially vulnerable companies, could break the internet by issuing bad or malicious commands.

Further reading:
BGP RFC
on wired
Cisco press
techopedia
Network computing.com

DynDNS on Sonicwall – ‘dyn.com’ reports account config error or invalid parameters for domain

DynDNS on Sonicwall is a great thing – When it works

There are multiple reasons why you may be wanting to use DynDNS on Sonicwall sonicOS platform, but that is another discussion.

The problem i encountered in ALL versions of sonicOS since firmware version 5.9 is this “account config error or invalid parameters for domain”.
I finally found the resolution was to do with Dyn.com changing their root CA certificate, which SonicWALL firewall has not installed yet.

Solution to fix the dynamic DNS is pretty simple, we just need to import the new certificate to the Sonicwall. the Below is copied from Sonicwall’s KB article link:
https://support.sonicwall.com/kb/sw11246
Resolution or Workaround:

Right click the link below and save Baltimore CyberTrust Root CA certificate to your local drive. Then import it into SonicWALL Certificate section.

https://cacert.omniroot.com/bc2025.crt
 

Steps:

1) Login to your SonicWALL Management
2) Navigate to Network -> Dynamic DNS, on the right side delete DynDNS profile which was already created.

3) Navigate to System -> Certificates, on the right side click Import Button.

  • Select Import a CA certificate from a PKCS#7 (.p7b), PEM (.pem) or DER (.der or .cer) encoded file radio button and Click Choose File button.
  • Select bc2025 certificate file(which you downloaded from above link) from your local drive and click Open button.

        [Note:While importing bc2025.crt you might get warning as unsupported format but you can Ignore it]

  • Click Import button in Import Certificate window and you can see the Baltimore CyberTrust Root CA in SonicWALL Certificates.

 
4) Restart your SonicWALL and create new profile for DynDNS under Network -> Dynamic DNS by clicking Add button

Now you can see DynDNS as Online​ with updated public IP.


 

Hope this helps someone!