jtlr – Page 2 – currently learning Django | tech | security | frugality

Packet Capture without Wireshark

I needed to capture packets off a production web server but did not want to add additional unnecessary software to production like wireshark or similar.

I came across some dated articles on Netsh that looked promising. But the tool used to convert to packet capture seemed to be deprecated. Luckily the following tool allows you to convert ETL to packet capture so it can be opened in wireshark.

Here is a basic example.

netsh trace start capture=yes report=disabled
netsh trace stop

Copy the .etl file to a machine with wireshark.

etl2pcapng.exe NetTrace.etl out.pcapng

https://github.com/microsoft/etl2pcapng to convert the file.

Forticlient Prompts for Admin Credentials – Note

During recent roll-out of Forticlient 6.0.9 we noticed that when users clicked on the Forticlient icon they would get a prompt for admin credentials.

After some testing we found a reboot has fixed all of them. Some require multiple reboots for the prompt to go away.

Ultramarathon Man review

A quick entertaining read about Dean Karnazes, how he began running, and started ultra endurance racing. The book does a good job of detailing some of his bigger endurance feats, as you read about some of his overnight and extreme runs you start to realize that the human body is capable of so much more than we think.

Good motivational book to help you push through training plateaus.

Fortigate with Fortilink enabled switches that won’t upgrade

We had a number of Fortigate firewalls managing Fortiswitches via Fortilink, and no matter what version of Fortiswitch firmware we tried the switches would reboot but not upgrade. After some troubleshooting we found that using the following commands allowed the switches to be upgraded.

config switch-controller global
set https-image-push enable
end

Fortigate traffic sourced from wrong interface

Installed new Fortigate 61E’s, everything seemed to work as planned until I wanted to added Fortianalyzer for traffic analysis. Testing seemed to indicate that Fortianalyzer traffic was being sent out the WAN interface instead of the IPSEC tunnel. After searching around I found that a source ip needed to be set for traffic originating from the Fortigate for traffic like Fortianalyzer, syslog etc. The following config helped resolve.

config log fortianalyzer setting
set status enable
set server x.x.x.x
set source-ip x.x.x.x
end

config log syslogd setting
set status enable
set server x.x.x.x
set source-ip x.x.x.x

end