Daren Matthews

How to obtain the SSL certificate from a Wireshark packet capture: Read more…

A quick aide-memoir about how to go about capturing traffic from the Windows command line.  You must be in the Wireshark directory (or have the location in your PATH environment settings):

1. Find interface Index:

C:\Program Files (x86)\Wireshark>tshark -D
1. \Device\NPF_{B3BA19B1-3083-4FF5-9CA5-09E33CABEC93} (Microsoft)
2. \Device\NPF_{E7CE2EDC-D965-44DF-A7F2-A14B4A762B40} (Sun)
3. \Device\NPF_{B88703B3-2E09-4FC7-A061-21A94A22BBBE} (Intel(R) 82579LM Gigabit
Network Connection) Read more…

LTM has built-in application health monitor templates for many TCP-based application protocols (FTP, HTTP, HTTPS, IMAP, LDAP, MSSQL, NNTP, POP3, RADIUS, RTSP, RPC, SASP, SIP, SMB, SMTP, SOAP).

If you need to monitor an application which depends on an upper layer protocol for which there is not a built-in monitor template, LTM provides a number of options to build a monitor based on the underlying transport layer protocol– TCP. Read more…

Having already generated the RSA key-pair on the ASA with “crypto key generate rsa mod 2048”) create a trustpoint for the VPN users, generated an SSL cetificate and CSR and have received the signed X.509 certificate and CA and intermediate SSL certificates, the certificate and CA certs will need to be installked onto the Cisco ASA.  This procedure describes the method using the CLI. Read more…

Here are a list of useful OpenSSL commands which might be useful to use in a Bash script:

Determine who issued the certificate:
$ echo | openssl s_client -connect server.com:443 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=Company Inc/CN=www.server.com Read more…

When an TLS/SSL session (such as HTTPS (default port 443) is established an SSL handshake or exchange of messages occur between the client (initiating the connection) – and a server. (See this post for an explanation of SSL certificates and encoding).

The first set of messages are called the Handshake Protocol after which both client and server enter the Record (or Data) Protocol. The messages exchanged during the Handshake Protocol achieves the following: Read more…

There may be an occasion to setup a site-to-site VPN with a customer or partner network but due to the risk of overlapping private RFC1918 address space, to use a single public address and Port Address Translation.  This methos uses a single IP address in a NAT (PAT) object.  This example uses simplified NAT available from  ASA software version 8.3+

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
ccrypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac Read more…

These are two small Microsoft Windows batch files which will enable administrators to append entry to hosts file on local or remote PC:

 First determine the computer name:

C:\Users\dmatthews\Desktop>hostname
L00151267 Read more…

To execute the “ipconfig /all” command on one or more remote machines you can use the psexec utility that is part of pstools, available from Microsoft. The syntax is: pstools \\machine_name command
For example:

C:\Users\dmatthews\Desktop\pstools>psexec \\L00151270 ipconfig /all

To list just the IP version 4 address, pipe the output throught the ‘find’ command:

C:\Users\dmatthews\Desktop\pstools>psexec \\L00151270 ipconfig /all | find “IPv4” Read more…

• Download the Gnu Project Debugger (GDB) – Reference Card GDB-REFERENCE
• Debugging Under Unix: gdb Tutorial: http://www.cs.cmu.edu/~gilpin/tutorial/