TRACE CABLES THE EASY WAY WITH CISCO CDP ON WINDOWS

Download tool from:
https://www.definit.co.uk/2010/02/trace-cables-the-easy-way-with-cisco-cdp-on-windows/

Example of usage:
Step1:

c:\temp\tcpdumptcpdump.exe -D

********************************************************************
**                                                                **
**              Tcpdump v4.9.2 (September 03, 2017)               **
**                   http://www.tcpdump.org                       **
**                                                                **
** Tcpdump for Windows is built with Microolap Packet Sniffer SDK **
**              Microolap EtherSensor product family              **
**               build 5072.01 June 10, 2019 <<<              **
**                                                                **
**        Copyright(c) 1997 - 2019 Microolap Technologies         **
**       http://microolap.com/products/network/ethersensor        **
**         http://microolap.com/products/network/tcpdump          **
**                                                                **
**                  XP/2003/Vista/2008/Win7/Win8                  **
**                 Win2012/Win10/Win2016/Win2019                  **
**               (UEFI and Secure Boot compatible)                **
**                                                                **
**                       Trial license.                           **
**                                                                **
********************************************************************

1.\Device\{F4F682D0-3FEA-4DF1-9385-878235FC4177} (Intel(R) I350 Gigabit Network Connection)
2.\Device\{FF4C946F-ADB3-4DC9-A61A-A91973AFD7E8} (Intel(R) I350 Gigabit Network Connection)
3.\Device\{6C48897F-B39D-4298-B3D3-19402E588D0E} (Intel(R) I350 Gigabit Network Connection)
4.\Device\{D6A49332-2416-4227-89F5-55A5AA19578F} (Intel(R) Ethernet Converged Network Adapter X710)
5.\Device\{7C3220F8-224E-4867-B050-E252D849E404} (Intel(R) Ethernet Converged Network Adapter X710-2)
6.\Device\{9A86189E-CD60-4FD6-93C5-64E8DF14337D} (Intel(R) Ethernet Converged Network Adapter X710-2)
7.\Device\{32BBADAE-BA53-433C-B796-C51CC9526F23} (Intel(R) I350 Gigabit Network Connection)
8.\Device\{B87C05E6-1BF1-4126-AF7C-E01BC0D507DD} (Intel(R) Ethernet Controller X540-AT2)
9.\Device\{543DFBD5-610B-4165-B9B2-B1C6447272C7} (Intel(R) Ethernet Converged Network Adapter X710)
10.\Device\{CB9851A4-A64A-4F31-8AF8-97A812217C44} (Intel(R) Ethernet Controller X540-AT2)

which of interfaces is our?
Step2:

Step3:
Now we know value for parameter -i

c:\temp\tcpdumptcpdump -i 1 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000

********************************************************************
**                                                                **
**              Tcpdump v4.9.2 (September 03, 2017)               **
**                   http://www.tcpdump.org                       **
**                                                                **
** Tcpdump for Windows is built with Microolap 
Read the rest

How configure ssh_config for windows openssh client, for example for PubkeyAcceptedKeyTypes=+ssh-dss

Since win10 you have openssh ssh.exe in

C:\Windows\System32\OpenSSH

So to use passwordless ssh connection you maybe need to provide ssh.exe “PubkeyAcceptedKeyTypes=+ssh-dss”

For this you can create ssh_config file anywhere (for example in c:\users\yourname\.ssh near your id_dsa private key file) with only one line:

PubkeyAcceptedKeyTypes=+ssh-dss

so now you can:

ssh yourname@1.1.1.1 -F "c:\users\yourname\.ssh\ssh_config"

where 1.1.1.1 for example your ssh server, san_switch, HPE virtual connect manager, nimble storage and so on

ps
the same is true for openssh server installed from home site on win2016 server
only ssh.exe file will be in
“C:\Program Files\OpenSSH-Win64” (by default installation)… Read the rest

Generate pub and private ssh keys for passwordless ssh access

in the linux (for windows users i highly recommend to install WSL2 with shared C and D disk file system among win10 and ubuntu; your existing network firewall ACL of main admin workstation to brocade is enough, WSL will NAT your linux) run below command:
ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/moguy/.ssh/id_dsa):
/home/moguy/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/moguy/.ssh/id_dsa.
Your public key has been saved in /home/moguy/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:NW9kX0RJNKDza22347348734123984794721ppqXegwtY moguy@ws008-101.itforce.local
The 
Read the rest

Add passwordless ssh access for brocade san switch

  1. on administrator workstation generate pub and private ssh keys
  2. on brocade san switch create new user
  3. on brocade san switch allow for above new user to use passwordless access and import into brocade switch previouosly generated pub key for ssh access (the brocade user name should be the same as in public key, as initial linux system user name)

 

now you can script multiple san brocade san switches , for example to get WWN of each switch from both fabrics, from bash of linux/WSL:

inputline="san_switch_12.itforce.local san_switch_13.itforce.local san_switch_14.itforce.local san_switch_15.itforce.local san_switch_16.itforce.local san_switch_17.itforce.local san_switch_18.itforce.local san_switch_19.itforce.local san_switch_22.itforce.local san_switch_23.itforce.local san_switch_24.itforce.local san_switch_25.itforce.local san_switch_26.itforce.local san_switch_27.itforce.local san_switch_28.itforce.local 
Read the rest

How to configure safe vpn for free and easy

Coronavirus forced many people, companies to move to teleworking. The banks and large corporations surely have enough budget to buy enterprise vpn boxes and solutions. My post is only for small companies which need free/cheap solution to access own small office infrastructure during coronavirus pandemia from home, remote offices and at the same time to avoid directly openning RDP access from the internet (which is not safe at all even with DUO 2fa and so on)

It’s assumed that the small company has at least

  1. router which can port forward (even tplink and dlink can do it;  if you have
Read the rest

again about wsus

Everybody knows about free Windows System Update Service/WSUS. But i feel this service needs some extra explanations, recommendations for newbie sysadmins.

At first why do you need it? – briefly: for security and to fix software glitches. Proper and in time hotfixing/patching has paramount importance for security (maybe even more important than to have weak antivirus, IDS/IPS, firewall and other standard protection measures, which also should be regularly updated) If your health is bad or even if you are close to die then just screening from hackers will not help you. The weaker you are the more expensive protection, … Read the rest

How to enable for vPro/AMT computers mutual authentication using certificates.

In May 2017 Intel publicly confirmed the vulnerability in own firmware for vPro/AMT.

To download and patch such computers from Dell use links inside the PDF file from following link.

But as i mentioned in my linkedin post it’s possible to protect even noname computers (without updated BIOS) with compromised ME firmware — implementing SSL/TLS certificates for mutual authentication. In this post i will show how it can be done.

At first let’s consider that

  • you know that your computer supports vPro/AMT, ME version, you know AMT type (ISM or full AMT and so on)
  • you already use intel
Read the rest

How manually enable Let’s encrypt SSL for Windows IIS server.

Let’s Encrypt free certificates are very useful for Microsoft web servers, MS Dynamics Nav web client access, Exchange and Lync/Skype for business external accesses and so on (better to use it with windows ACME clients for auto prolongation of certificate)

But if you have problems with publishing 80/443 port of your web server (conflict with router admin port, or maybe even server is not in public Internet access and so on, maybe you should configure manually Let’s encrypt SSL for your testing environment)

1. go to https://zerossl.com

2.

3.

Certbot/ACME clients use “HTTP verification”. We will in this post use … Read the rest

How to auto renew “Let’s encrypt” free certificate extending 90 days limit.

In the previous post i recommended for non-critical web services to start using free certificates from “Let’s encrypt”.

Many people refuse to use this kind of certificates thinking that it’s not good enough and moreover it’s only for 3 months and that it would be annoying to prolong it manually each 3 months and not forget about it. As for “not good enough” – even if you don’t trust free SSL certificates for web server authentication it’s always better to have enabled SSL than to go without SSL – at least channel will be encrypted (unlike free self-signed certs which … Read the rest