Category Archives: Network

Computer networks over IPv4 and IPv6. Switching, Routing, and Firewalling.

UK IPv6 Council Spring 2020: Incorrect Working IPv6 Clients & Networks

Conference Talks, IPv6, NTP, , , , ,

I did a short presentation at the spring 2020 roundtable of the UK IPv6 Council. The talk was about a case study I did with my NTP server listed in the NTP Pool project: For 66 days I captured all NTP requests for IPv6 and legacy IP while analyzing the returning ICMPv6/ICMPv4 error messages. (A much longer period than my initial capture for 24 hours.) Following are my presentation slides along with the results.

Continue reading UK IPv6 Council Spring 2020: Incorrect Working IPv6 Clients & Networks

SharkFest’19 EUROPE: IPv6 Crash Course

Conference Talks, IPv6, , , , , ,

I gave a session about IPv6 at SharkFest’19 EUROPE, the annual Wireshark developer and user community conference, named “IPv6 Crash Course: Understanding IPv6 as seen on the wire“. The talk is about the IPv6 basics, which are: IPv6 addresses & address assignment, link-layer address resolution, and ICMPv6. Tips for using Wireshark coloring rules and display filters round things up.

As I have not yet published the slides, here they are. Unfortunately, we were not able to record the session due to technical problems. Neither the video nor the audio. ;( Hence, here are only mere slides.

Continue reading SharkFest’19 EUROPE: IPv6 Crash Course

More Capture Details

Network, , , , , , , , , , , , , ,

In the previous post, I released my Ultimate PCAP which includes every single pcap I had so far on my blog. But that’s not all: I have some packets in there that were not yet published up to now. That is, here are some more details about those (probably well-known) protocols. These are:

Continue reading More Capture Details

The Ultimate PCAP

Network, , , ,

For the last couple of years, I captured many different network and upper-layer protocols and published the pcaps along with some information and Wireshark screenshot on this blog. However, it sometimes takes me some time to find the correct pcap when I am searching for a concrete protocol example. There are way too many pcaps out there.

This is supposed to change now:

I’m publishing a single pcap meant to be a single point of source for Wireshark samples. It is summarizing *all* previous ones from my blog and even adding some more protocols and details. I will constantly add more packets to this pcap if I have some. Currently, it has > 50 different protocols and hundreds of variants, such as IPv6 and legacy IP traffic, different DNS query types, ICMP error codes, and so on.

Continue reading The Ultimate PCAP

VoIP Captures

Network, , , , ,

VoIP calls, using the network protocols SIP/SDP and RTP, are the de-facto standard when it comes to voice calls. Wireshark offers some special features to analyze those calls and RTP streams – even with a nice “Play Streams” option, which discretely decodes your calls. Ouch. Again and again, frightening which privacy-related protocols are completely unencrypted on the Internet!

Here are some hints for Wireshark as well as a downloadable pcap with three calls in there. ;) Have fun!

Continue reading VoIP Captures

DNS Capture – The Records Edition

DNS/DNSSEC, , , , , , ,

Some time ago I published a post called DNS Test Names & Resource Records which lists many different FQDNs with lots of different RRs. You can use those public available DNS names to test your DNS servers or the like. However, I was missing a packet capture showing all these resource records as they appear on the wire. So now, here it is. If you are searching for some packets to test your tools for whatever reason, feel free to download this pcap.

Continue reading DNS Capture – The Records Edition

Dive into delv: DNSSEC Validation

DNS/DNSSEC, , , , ,

If you’re into DNSSEC, you’ll probably have to troubleshoot or at least to verify it. While there are some good online tools such as DNSViz, there is also a command-line tool to test DNSSEC signatures onsite: delv.

delv will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding.

Continue reading Dive into delv: DNSSEC Validation

Stig Nygaard - Nighttime

Setting up NTS-Secured NTP with NTPsec

Authentication, Linux, NTP, , , , , , ,

This is a guest blogpost by Martin Langer, Ph.D. student for “Secured Time Synchronization Using Packet-Based Time Protocols” at Ostfalia University of Applied Sciences, Germany.

In the previous posts, I already introduced the Network Time Security (NTS) protocol and described the most important features. Although the specification process has not been completed, there are already some independent NTS implementations and public time servers (IETF106). NTPsec is one of the important representatives of this series and already offers an advanced NTS solution. In this post, I’ll give you a short guide to setting up an NTS-secured NTP client/server with NTPsec.

Continue reading Setting up NTS-Secured NTP with NTPsec

I Love IPv6 Addressing!

At a Glance, IPv6, , ,

Probably the biggest prejudice when it comes to IPv6 is: “I don’t like those long addresses – they are hard to remember.” While this seems to be obvious due to the length and hexadecimal presentation of v6 addresses, it is NOT true. In the end, you’ll love IPv6 addresses in your own networks. This is why – summed up in one poster:

Continue reading I Love IPv6 Addressing!

Intro to NetworkMiner

Network, NetworkMiner, Password, , , ,

This is a guest blogpost by Erik Hjelmvik, an expert in network forensics and network security monitoring at NETRESEC.

Wireshark is the default goto tool for analyzing captured network traffic for most network engineers. But there are a few other free and open source alternatives that are sometimes overlooked, one of which is NetworkMiner (disclaimer: I’m the creator of NetworkMiner).

Continue reading Intro to NetworkMiner

Basic TCP and UDP Demos w/ netcat and telnet

Network, Tutorial/Howto, , , , , , , , ,

I am currently working on a network & security training, module “OSI Layer 4 – Transport”. Therefore I made a very basic demo of a TCP and UDP connection in order to see the common “SYN, SYN-ACK, ACK” for TCP while none of them for UDP, “Follow TCP/UDP Stream” in Wireshark, and so on. I wanted to show that it’s not that complicated at all. Every common application/service simply uses these data streams to transfer data aka bytes between a client and a server.

That is: Here are the Linux commands for basic lab, a downloadable pcap, and, as always, some Wireshark screenshots:

Continue reading Basic TCP and UDP Demos w/ netcat and telnet

Network Time Security – Strengths & Weaknesses

Authentication, NTP, , , , , ,

This is a guest blogpost by Martin Langer, Ph.D. student for “Secured Time Synchronization Using Packet-Based Time Protocols” at Ostfalia University of Applied Sciences, Germany.

The Network Time Security protocol (NTS) is close to completion as an Internet standard and will replace the existing security mechanisms in NTP. The introductory article on NTS describes the basic communication process as well as the most important features. Despite high-security efforts, NTS also has its limitations. In this blogpost, I list the strengths and weaknesses of the new authentication mechanism and describe them briefly.

Continue reading Network Time Security – Strengths & Weaknesses