CyberKeeda: Network

Showing posts with label Network. Show all posts

IPV4 - Classes Range - Pictorial Representation

BOGON IPs - Please note Bogon IPs are reserved for private network, thus can't be used by ISP providers to use the ranges to declare it as Public IP.

Class A Bogon IP range.

CIDR - 10.0.0.0/8
Total IP - 32-8 = 24

2^24 = 16777216

Class B Bogon IP range.

CIDR - 172.16.0.0/12
Total IP - 32-12 = 20

2^20 = 1048576

Class C Bogon IP range.

CIDR - 192.168.0.0/16
Total IP - 32-16 = 16

2^16 = 65536

Find IP Address Information Cheat Sheet by Example.

Wireshark is a very useful took with a lot of functions, hence filters and parameters plays a very important role to segregate what exactly we need, without going much in MAN pages, within this blog post, we will cover mostly used wireshark commands and their usage.

Usage 1 : Wireshark to analyze SSL Traffic

Only SSL/TLS Packets

Syntax Template


 #  tls

SSL/TLS Traffic with Client Hello

Syntax Template


# tls.handshake.type == 01

# ssl.handshake.type == 01

SSL/TLS Traffic with Server Hello

Syntax Template


# tls.handshake.type == 14

# ssl.handshake.type == 14

SSL/TLS Traffic with NewSessionTicket

Syntax Template


# tls.handshake.type == 4

# ssl.handshake.type == 4

SSL/TLS Traffic with Certificate

Syntax Template


# tls.handshake.type == 11

# ssl.handshake.type == 11

SSL/TLS Traffic with CertificateRequest

Syntax Template


# tls.handshake.type == 13

# ssl.handshake.type == 13

SSL/TLS Traffic with CipherSuites

Syntax Template


# tls.handshake.ciphersuite == 0xc02f

# tls.handshake.ciphersuite == 0xc02f

More details

0xc02f
Cipher String identifier.

TcpDump Cheat Sheet

TCP Dump Cheat Sheet

When we talk about Client-Server, there is network involved and when we talk about network, every one is quite familiar with tcpdump and Wireshark.
Network knows Packets and tcpdump is a CLI tool that knows packet very well.

tcpdump is a very useful took with a lot of functions, hence filters and parameters plays a very important role to segregate what exactly we need, without going much in MAN pages, within this blog post, we will cover mostly used tcpdump commands and their usage.

Usage 1

Capture packets from any interface and write it's output in pcap format file named as pcktdump.pack

Syntax Template


 # tcpdump -i any -w /tmp/pcktdump.pcap host 10.10.100.75

More details

-i any
i - interface
-i any - any interface
-w /tmp/pckdump.pcap
-w - write
-w /tmp/pcktdump.pcap : Write to file /tmp/pcktdump.pcap
host 10.10.100.75
Packet filter with incoming request on IP 10.10.100.75

Usage 2

Capture packets from any interface and save multiple files of fixed size.

Syntax Template


# tcpdump -i any -W 3 -C 10 -w /tmp/pcktdump.pcap host 10.10.10.75

More details

-i any
i - interface
-i any - any interface
-W 3 -C 10
Rotating buffer of 3 files (-W 3) and tcpdump switches to another file once the current file reaches 10,000,000 bytes ( 10Mb)
-w /tmp/pckdump.pcap
-w - write
-w /tmp/pcktdump.pacp: Write to file /tmp/pcktdump.pcap
host 10.10.100.75
Packet filter with incoming request on IP 10.10.10.75

IPV4 - Classes Range - Pictorial Representation

Find IP Address Information Cheat Sheet by Example.

F5 tmsh Cheat Sheet

F5 tmos/tmsh cheat sheetThese one lines will be really helpful in order to create your automated solution of managing operation activities in F5 devices.Please note, I have used below one liner on F5 version 13.

How to list all iApps details created under F5 device (LTM/GTM)A detailed STDOUT will give details for the iApps config.

Syntax # tmsh list sys app service recursive

How to filter out single iApp detailsA detailed STDOUT will give details for the iApps config.Here replace myexampleiApp.app/myexampleiApp-onlyhttps with your own iApp partition and name.

Syntax # tmsh list sys app service recursive myexampleiApp.app/myexampleiApp-onlyhttps

How to list only a single configuration data for all iAppsLets assume, we want to check the strict updates status for all iapps.

Syntax # tmsh list sys app service recursive strict-updates

How to modify configuration data for an pre configured iAppsLets assume, we want to change the status from enabled to disabled for strict updates status for one of our iApp named myexampleiApp.app/myexampleiApp-onlyhttps

Syntax # tmsh modify sys app service myexampleiApp.app/myexampleiApp-onlyhttps strict-updates disabled

How to modify SSL ciphers for a LTM client ssl profile.Lets assume, we want to check the strict updates status for all iapps.

Syntax # tmsh modify ltm profile client-ssl myexampleiApp.app/myexampleiApp-onlyhttps ciphers_ssl 'TLSv1_1:!SSLv2'

Will update this thread more, keep checking for new updates.

WireShark Cheat Sheet

WireShark Filter Cheat SheetWhen we talk about Client-Server, there is network involved and when we talk about network, every one is quite familiar with tcpdump and Wireshark.Network knows Packets and tcpdump is a GUI tool that knows packet very well.

Usage 1 : Wireshark to analyze SSL TrafficOnly SSL/TLS Packets

Syntax Template # tls

SSL/TLS Traffic with Client Hello

Syntax Template# tls.handshake.type == 01# ssl.handshake.type == 01

SSL/TLS Traffic with Server Hello

Syntax Template# tls.handshake.type == 14# ssl.handshake.type == 14

SSL/TLS Traffic with NewSessionTicket

Syntax Template# tls.handshake.type == 4# ssl.handshake.type == 4

SSL/TLS Traffic with Certificate

Syntax Template# tls.handshake.type == 11# ssl.handshake.type == 11

SSL/TLS Traffic with CertificateRequest

Syntax Template# tls.handshake.type == 13# ssl.handshake.type == 13

SSL/TLS Traffic with CipherSuites

Syntax Template# tls.handshake.ciphersuite == 0xc02f# tls.handshake.ciphersuite == 0xc02f

More details

0xc02f Cipher String identifier.

TcpDump Cheat Sheet

TCP Dump Cheat SheetWhen we talk about Client-Server, there is network involved and when we talk about network, every one is quite familiar with tcpdump and Wireshark.Network knows Packets and tcpdump is a CLI tool that knows packet very well.

Syntax Template # tcpdump -i any -w /tmp/pcktdump.pcap host 10.10.100.75

More details

-i anyi - interface-i any - any interface-w /tmp/pckdump.pcap-w - write-w /tmp/pcktdump.pcap : Write to file /tmp/pcktdump.pcaphost 10.10.100.75Packet filter with incoming request on IP 10.10.100.75

Usage 2

Capture packets from any interface and save multiple files of fixed size.

Syntax Template# tcpdump -i any -W 3 -C 10 -w /tmp/pcktdump.pcap host 10.10.10.75

More details

F5 tmos/tmsh cheat sheet

These one lines will be really helpful in order to create your automated solution of managing operation activities in F5 devices.
Please note, I have used below one liner on F5 version 13.

How to list all iApps details created under F5 device (LTM/GTM)

A detailed STDOUT will give details for the iApps config.

Syntax

# tmsh list sys app service recursive

How to filter out single iApp details

A detailed STDOUT will give details for the iApps config.
Here replace myexampleiApp.app/myexampleiApp-onlyhttps with your own iApp partition and name.

Syntax

# tmsh list sys app service recursive myexampleiApp.app/myexampleiApp-onlyhttps

How to list only a single configuration data for all iApps

Lets assume, we want to check the strict updates status for all iapps.

Syntax

# tmsh list sys app service recursive strict-updates

How to modify configuration data for an pre configured iApps

Lets assume, we want to change the status from enabled to disabled for strict updates status for one of our iApp named myexampleiApp.app/myexampleiApp-onlyhttps

Syntax

# tmsh modify sys app service myexampleiApp.app/myexampleiApp-onlyhttps strict-updates disabled

How to modify SSL ciphers for a LTM client ssl profile.

Lets assume, we want to check the strict updates status for all iapps.

Syntax

# tmsh modify ltm profile client-ssl myexampleiApp.app/myexampleiApp-onlyhttps ciphers_ssl 'TLSv1_1:!SSLv2'

WireShark Filter Cheat Sheet

When we talk about Client-Server, there is network involved and when we talk about network, every one is quite familiar with tcpdump and Wireshark.
Network knows Packets and tcpdump is a GUI tool that knows packet very well.

Usage 1 : Wireshark to analyze SSL Traffic

Only SSL/TLS Packets

Syntax Template

# tls

Syntax Template

# tls.handshake.type == 01

# ssl.handshake.type == 01

Syntax Template

# tls.handshake.type == 14

# ssl.handshake.type == 14

Syntax Template

# tls.handshake.type == 4

# ssl.handshake.type == 4

Syntax Template

# tls.handshake.type == 11

# ssl.handshake.type == 11

Syntax Template

# tls.handshake.type == 13

# ssl.handshake.type == 13

Syntax Template

# tls.handshake.ciphersuite == 0xc02f

# tls.handshake.ciphersuite == 0xc02f

0xc02f
Cipher String identifier.

TCP Dump Cheat Sheet

When we talk about Client-Server, there is network involved and when we talk about network, every one is quite familiar with tcpdump and Wireshark.
Network knows Packets and tcpdump is a CLI tool that knows packet very well.

Syntax Template

# tcpdump -i any -w /tmp/pcktdump.pcap host 10.10.100.75

-i any
i - interface
-i any - any interface
-w /tmp/pckdump.pcap
-w - write
-w /tmp/pcktdump.pcap : Write to file /tmp/pcktdump.pcap
host 10.10.100.75
Packet filter with incoming request on IP 10.10.100.75

Syntax Template

# tcpdump -i any -W 3 -C 10 -w /tmp/pcktdump.pcap host 10.10.10.75