Network_switches

Replaying PCap to specific network interface

For replaying offline pcap file captured by Wireshark or Windump can be used following tools. On windows was sending throughput lower than on Linux devices, where top speed was done on pcapbulkreplay (300Mbs on lowend 1Gbps network card).

Windows

tcpreplay

  • tool able to send offline traffic at specific speed (1Mbs, 100Mbs, maximum of interface throughput)
  • To list all available interfaces use –listnics

Example: tcpreplay.exe –listnics

Available network interfaces:
Alias Name Description
%0 \Device\NPF_{DE165B82-8C92-41DD-82DB-0AEF6B8CB7B4}
VMware vmxnet3 virtual network device
%1 \Device\NPF_{99846C37-3FA8-4C69-8DBC-FB80FDA208D2}
VMware vmxnet3 virtual network device

  • to send unmodified traffic to selected NIC use -i %{interface alias}

Example: tcpreplay.exe -t -i %1 c:\Pcaps\taumagic.pcap

 

sending out \Device\NPF_{99846C37-3FA8-4C69-8DBC-FB80FDA208D2}
processing file: c:\Pcaps\taumagic.pcap
Actual: 1763313 packets (324062931 bytes) sent in 80.99 seconds. Rated: 4001271.0 bps, 30.53 Mbps, 21771.98 pps
Statistics for network device: \Device\NPF_{99846C
Attempted packets: 1763313
Successful packets: 1763313
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0

Linux

tcpreplay is much faster than it’s Windows cousin, has same usage

FIPS 140-2 in .NET

he Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2),[1][2] is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001 and was last updated December 3, 2002.

FIPS compatibility in .NET environment

How to turn-on FIPS mode on Windows XP and up

http://support.microsoft.com/kb/811833

FIPS Compliant in mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Name
Compliant
Subclass
DESCryptoServiceProvider Y SymmetricAlgorithm
DSACryptoServiceProvider Y AsymmetricAlgorithm
HMACMD5 N HashAlgorithm
HMACRIPEMD160 N HashAlgorithm
HMACSHA1 Y HashAlgorithm
HMACSHA256 Y HashAlgorithm
HMACSHA384 Y HashAlgorithm
HMACSHA512 Y HashAlgorithm
MACTripleDES Y HashAlgorithm
MD5CryptoServiceProvider N HashAlgorithm
RC2CryptoServiceProvider N SymmetricAlgorithm
RIPEMD160Managed N HashAlgorithm
RSACryptoServiceProvider Y AsymmetricAlgorithm
RijndaelManaged N SymmetricAlgorithm
SHA1CryptoServiceProvider Y HashAlgorithm
SHA1Managed N HashAlgorithm
SHA256Managed N HashAlgorithm
SHA384Managed N HashAlgorithm
SHA512Managed N HashAlgorithm
TripleDESCryptoServiceProvider Y SymmetricAlgorithm

 

FIPS Compliant in System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Name
Compliant
Subclass
AesCryptoServiceProvider Y SymmetricAlgorithm
AesManaged N SymmetricAlgorithm
ECDiffieHellmanCng Y AsymmetricAlgorithm
ECDsaCng Y AsymmetricAlgorithm
MD5Cng N HashAlgorithm
SHA1Cng Y HashAlgorithm
SHA256Cng Y HashAlgorithm
SHA256CryptoServiceProvider Y HashAlgorithm
SHA384Cng Y HashAlgorithm
SHA384CryptoServiceProvider Y HashAlgorithm
SHA512Cng Y HashAlgorithm
SHA512CryptoServiceProvider Y HashAlgorithm

 

FIPS Compliant in mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Name
Compliant
Subclass
DESCryptoServiceProvider Y SymmetricAlgorithm
DSACryptoServiceProvider Y AsymmetricAlgorithm
HMACMD5 N HashAlgorithm
HMACRIPEMD160 N HashAlgorithm
HMACSHA1 Y HashAlgorithm
HMACSHA256 N HashAlgorithm
HMACSHA384 N HashAlgorithm
HMACSHA512 N HashAlgorithm
MACTripleDES Y HashAlgorithm
MD5CryptoServiceProvider N HashAlgorithm
RC2CryptoServiceProvider N SymmetricAlgorithm
RIPEMD160Managed N HashAlgorithm
RSACryptoServiceProvider Y AsymmetricAlgorithm
RijndaelManaged N SymmetricAlgorithm
SHA1CryptoServiceProvider Y HashAlgorithm
SHA1Managed N HashAlgorithm
SHA256Managed N HashAlgorithm
SHA384Managed N HashAlgorithm
SHA512Managed N HashAlgorithm
TripleDESCryptoServiceProvider Y SymmetricAlgorithm

 

FIPS Compliant in System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Name
Compliant
Subclass
AesCryptoServiceProvider Y SymmetricAlgorithm
AesManaged N SymmetricAlgorithm
ECDiffieHellmanCng Y AsymmetricAlgorithm
ECDsaCng Y AsymmetricAlgorithm
MD5Cng N HashAlgorithm
SHA1Cng Y HashAlgorithm
SHA256Cng Y HashAlgorithm
SHA256CryptoServiceProvider Y HashAlgorithm
SHA384Cng Y HashAlgorithm
SHA384CryptoServiceProvider Y HashAlgorithm
SHA512Cng Y HashAlgorithm
SHA512CryptoServiceProvider Y HashAlgorithm

 

<runtime><enforceFIPSPolicy enabled=”false”/></runtime> needs to be removed in all app.config files

net-snmp

net-snmp configure for SNMPv3 (linux)

Download from http://www.net-snmp.org/download.html

Install openssl-dev to support encryption into net-snmp

run in bash
net-snmp-create-v3-user -a SHA -A “abcd12345″ -x AES -X “abcd12345″ tomaspospisil
snmpwalk -v 3 -On -l authPriv -u tomaspospisil -a SHA -A abcd12345 -x AES -X abcd12345 localhost 1
snmptrap -v 3 -l AuthPriv -a SHA -A “abcd12345″ -x AES -X “abcd12345″ -u tomaspospisil 10.140.106.35 41 .1.3.6.1.6.3.16.1.5.1.0

How to get localized password key from snmpd configuration:
After you add new user and start snmpd daemon:
locate file /var/net-snmp/snmpd.conf
For every user there is line like:
usmUser 1 3 0x80001f88809907967e3a00ec5000000000 “newuser” “newuser” NULL .1.3.6.1.6.3.10.1.1.2 0xcc036e328eaebb3948ef3f20d082a0e1 .1.3.6.1.6.3.10.1.2.2 0xcc036e328eaebb3948ef3f20d082a0e1 0x
In this example ‘cc036e328eaebb3948ef3f20d082a0e1′ is password key for Auth and Priv

powershell2

PowerShell learning notes

== BASIC COMMANDS
cls // clean screen
get-history // list history of commands
get-help command-full // show additional info
get-command -noun // search for second name in powershell naming convention *-noun
get-command -verb // searching for first name in powershel naming convention verb-*

-whatif // parameter will show what will happen when it will actually execute it
supported by most of commands

sort-object -property SMTH // sort by specific column
get-member // output is showing what type and additional information about command output
#get-process | get-member
$_ // is current object processes
where-object {$_.SMTH -gt SMT } | foreach-object { $_.SMTH + ” will be written to output” }
out-file // set output to file
== EXECUTOION POLICY
Get-ExecutionPolicy
Set-ExecutionPolicy remotesigned // run local policies but remote has to be signed
== The most used commands
Where-Object
Foreach-Object
Get-Help
About_Execution_Policies
About_Operators
About_Common_Parameters
About_Pipelines
About_Scripts
About_*
clip // save output to clipboard

== filesystem commands
push-location == pushd // save location to stack
pop-location == popd // pop location from stack
get-psdrive // all drives + certificate store, registries, etc.
new-item -type file // creates new file
cat file // see file
test-path URI // verify if exist
invoke-item == ii // same as double-click in explorer
$profile // define session used for current user, ISE has different one
new-alias -name SHORTCUT -value EXISTINGCOMMAND // define alias for existing command
resolve-path // get full path from short form

== accesing .net from PS
$PSVersionTable // list available .net runtimes
// PS 2 == .NET 4
// creating new object of specific type
new-object -typename FULLYQUALIFIEDNAME – argumentlist ARGUMENTSFOR INITIALIZATION
-property @{K:V; K2:V2}
[System.SOME.TYPE] // reference to specific type
[Envitonmnet]::GetLogicalDrives() // executing static method
register-objectevent -inputobject $someObject -envetname `EVENTNAME` // subscribe to events
get-event // once event is raised, they are stacked – needs to be removed when processing
remove-event // remove clear
wait-event // wait till event it’s
get-eventsubscriber // list all subscription
add-type -assemblyname ASSEMBLYNAME // load assembly from GAC
add-type -path SOMEPATH.DLL // load assembly from path
import-module // loading assemblies that contain Poweshell features
param(PARAM1, PARAM2, …) // defines which parameters are required
get-help
About_Objects
New-Object
About_Type_Operators
Add-Type
Import-Module
Register-ObjectEvent
Get-Event
About_Scripts
About_Parameters
technet.microsoft.com/scriptcenter
codeplex.com
poshcode.org // only contains powershell code
~/Documents/WindowsPowerShell/Modules/ModuleName // module has to be placed here, then are visible with get-module -ListAvailable

== interesting commands
out-clipboard // set output to clipboard