ntopng featured image

Out of the Box Network Analyzer “ntopng”

Some time ago I installed a new firewall at the customer’s site. Meanwhile the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course it is easy to filter through log messages of firewalls, but theses logs are only for finished sessions. Yes, there are “session browsers” or the like on all firewalls, but they are not nice and handy to analyze the sessions in realtime.

The solution was to bring a network analyzer on a mirror port near to the firewall. I decided to use ntopng running on the live Linux distribution Knoppix. Great choice! An old notebook with two network adapters fits perfectly. A handful commands and you’re done:

Continue reading Out of the Box Network Analyzer “ntopng”

F5 Single DH use

F5 SSL Profile: “Single DH use” not working?

In the paper of the Logjam attack, a sentence about the F5 load balancers confused me a bit: “The F5 BIG-IP load balancers and hardware TLS frontends will reuse g^{b} unless the “Single DH” option is checked.” This sounds like “it does NOT use a fresh/ephemeral diffie-hellman key for new connections”. I always believed, that when a cipher suite with EDH/DHE is chosen, the diffie-hellman key exchange always generates a new b for computing g^{b}. Hm.

Therefore, I tested this “Single DH use” option on my lab F5 unit, in order to find out whether the same public key (as noted in Wireshark) is used for more than one session.

Continue reading F5 SSL Profile: “Single DH use” not working?

PPP Featured Image

Telekom Dual-Stack Verbindungsaufbau

Bis neulich hatte ich einen normalen DSL-Anschluss von 1&1: Per PPPoE eingewählt und eine IPv4-Adresse bekommen – fertig. Das kann neben der FRITZ!Box natürlich auch jeder vernünftige Router oder Firewall.

Jetzt habe ich endlich einen richtigen Dual-Stack (IPv4 und IPv6) Anschluss der Telekom (Glasfaser “MagentaZuhause M” ohne Fernsehen, siehe hier). Juchu! 😉 Bevor ich jedoch den mitgelieferten Speedport durch diverse andere Testgeräte ersetze, wollte ich mal vernünftig mitschneiden, welche Protokolle denn bei einem Verbindungsaufbau genau eingesetzt werden. Vor allem die Prefix Delegation über DHCPv6 interessierte mich…

Continue reading Telekom Dual-Stack Verbindungsaufbau


BOINC Load depends on Processor Type

I am running two old notebooks in my laboratory for several server purposes. Last year, I started to support the World Community Grid project with the idle times on these laptops. Nothing interesting so far. However, it is interesting to track the load of the CPUs since they vary on both laptops due to the projects that require different CPU types.

Continue reading BOINC Load depends on Processor Type

Basic IPv6 Messages - Featured Image

Basic IPv6 Messages: Wireshark Capture

When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and a simple ping should be seen/understood by any network administrator before using the new protocol.

Therefore I captured the basic IPv6 autoconfiguration with a Knoppix Linux behind a Telekom Speedport router (German ISP, dual-stack) and publish this capture file here. I am using this capture to explain the basic IPv6 features.

Continue reading Basic IPv6 Messages: Wireshark Capture

Ping DSL vs. Glasfaser featured image

Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6

Seit wenigen Tagen bin ich glücklicher Kunde eines Telekom Glasfaseranschlusses. Mit satten 50/10 MBit/s rasen die Daten bei mir ein und aus. Neben der deutlich höheren Geschwindigkeit war ich aber auch an den Latenzen der beiden Anschlüsse interessiert und habe entsprechende Tests gemacht. Hier kommen die Ergebnisse.

Continue reading Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6

IPv6 through IPv4 VPN Tunnel

IPv6 through IPv4 VPN Tunnel with Juniper SSGs

The most common transition method for IPv6 (that is: how to enable IPv6 on a network that does not have a native IPv6 connection to the Internet) is a “6in4″ tunnel. Even other tunneling methods such as Teredo or SixXS are found on different literatures. However, another method that is not often explained is to tunnel the IPv6 packets through a VPN connection. For example, if the main office has a native IPv6 connection to the Internet, as well as VPN connections to its remote offices, it is easy to bring IPv6 subnets to these stations.

Here is how I did it with some Juniper SSG firewalls:

Continue reading IPv6 through IPv4 VPN Tunnel with Juniper SSGs

Firewall IPv6 Capabilities

Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo

Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.

Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.

Continue reading Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo

DNS Proxy Featured Image

Palo Alto: DNS Proxy for Management Services

The Palo Alto firewall has a feature called DNS Proxy. Normally it is used for data plane interfaces so that clients can use the interfaces of the Palo for its recursive DNS server. Furthermore, this DNS Proxy Object can be used for the DNS services of the management plane, specified under Device -> Setup -> Services. However, there was a bug in PAN-OS that did not process the proxy rules and static entries when a DNS proxy object was used in the management plane. This bug was fixed in PAN-OS 6.0.0. I tested it in my lab with PAN-OS 6.1.0 running. Here are the successful results.

Continue reading Palo Alto: DNS Proxy for Management Services

Zeitraffer Panorama 604

Low-Budget Zeitraffer in Full HD erstellen

Neben dem normalen Fotografieren und Filmen finde ich zwei Arten von Videos sehr interessant, nämlich Slow Motion Filme, bei denen eine schnelle Aktion sehr langsam dargestellt wird, sowie Zeitraffer, bei denen eine langsame Aktion sehr schnell dargestellt wird. Während man für Slow Motion Sequenzen leider teure Hardware braucht, die eine vielfache Frames per Second (fps) Rate als normale Kameras liefern können, kann man Zeitraffer relativ simpel selbst erstellen, in dem man eine Szene lang genug fotografiert und diese Fotos dann zu einem Video zusammenfügt.

Genau das mache ich seit einigen Jahren mit einer alten Canon Digitalkamera und einigen kostenlosen Softwares. Wie genau ich solche Low-Budget Zeitraffer in Full HD erstelle und was dabei zu beachten ist, erkläre ich in diesem Post sehr detailliert. Viel Spaß dabei. :)

Continue reading Low-Budget Zeitraffer in Full HD erstellen