Categories
Admin Tools Powershell Remote Access Technology

Killing Processes in Windows Remotely

Sometimes I have a workstation that is not responsive, and I have to find a way remotely to find the issue, kill a process and sometimes reboot the windows computer.

  • Open a remote command prompt to the windows computer
  • Run the command tasklist | more
  • find the process PID id. I like to look for processes that are taking the largest amount of memory, or most open sessions
  • Run the command taskkill /F /PID 5411
  • Note 5411 was just a PID number that was in the task list. the PID (Process Identifier) will be different for you for each process.
  • If the computer still does not respond, sometimes you have to force a reboot. Run: shutdown /r /f r is for restart and f is for force

To open a remote command to a windows computer get online and do some searching, many ways to do that with windows. PSExec and Powershell are common ways to do this.

Categories
Admin Tools DNS Technology

DNS Helpful Tips

DNS or Domain Name System is the index off of the public internet. Allows you and computers to lookup computer addresses with human names. But also does much more than that.

  • Authorizes email as legit
  • Lets systems and people know what services are available
  • Sets up system redundancy for fail-over and fail back
  • Provides an authentication mechanism
  • And so much more…

For example lets say you want to tell a company like zoho that you own a dowmain name. Zoho can say, OK if that is you domain name, then prove it by updating the domain DNS and add some data that only I(zoho) know about. If you own the domain only you can update the DNS. Here is my my secret data. So I would go into my DNS manager, and add the secret code in my DNS. Then Zoho would query the my DNS record to see if their secret is there. If it is them the assumption is I own it.

That type of task or transaction is common when doing things like buying a domain name, and then hosting your email for your domain name in a cloud service like Zoho. What they will do is ask you to create a TXT record in your DNS.

DNS Records have types. Below is how you would or Zoho in this situation would query DNS to see what txt records exists for a domain. Keep in mind everything in DNS is public to the world, so never put anything that should not be shared with the world in it.

To check a TXT record in nslookup

jaywalker@Jays-Mac-mini ~ % nslookup -type=txt techaid.me
Server:       192.168.5.1
Address:    192.168.5.1#53

Non-authoritative answer:
techaid.me    text = “zoho-verification=zb92426001.zmverify.zoho.com”
techaid.me    text = “v=spf1 include:zoho.com ~all”

Another type that exists is what is called SOA (Start of Authority). Ever domain name has a single master DNS Record. Then that master DNS record is copied throughout the world so that where ever you are in the world, you have a DNS server close to you with information to lookup the computer IP address of a human DNS Name by service type. What is actually copied is who the SOA is, then if the DNS name is looked up one time, that info is cached. But more on that later.

Find Start of Authority DNS Server

jaywalker@Jays-Mac-mini ~ % nslookup -type=soa techaid.me
Server:       192.168.5.1
Address:    192.168.5.1#53

Non-authoritative answer:
techaid.me
    origin = ns57.domaincontrol.com
    mail addr = dns.jomax.net
    serial = 2021092400
    refresh = 28800
    retry = 7200
    expire = 604800
    minimum = 600

Authoritative answers can be found from:

Caching and the Design of DNS

Like we said earlier, SOA’s are the master record of a DNS name. And what is copied all over the world to other DNS servers is the SOA to Domain name list to top level domain servers.

Whats a Top Level Domain?

.com or .us or .net or .org

Top is all the way to the right, everything to the right of the very last period.

So if you have a domain name like mybigchicken.com the top level domain name is .com and your domain name is mybigchicken.com. And there is a server out there that has all the SOA server to your domain name index on it.

Root Servers

Root zones are authoritative name servers that serve the DNS root zone. Most people call them “Root Servers”. Its basically a bunch of servers around the world.

https://www.iana.org/domains/root/servers

OK, so we are going to get a little in the weeds here. When I say a bunch of servers I mean hundreds. For example SCJohnson out of Racine Wisconsin in the US has some root servers. All of this information is public information. And the Governing authority IANA has an agreement with SCJohnson about how they will manager their root servers. There is a lot of work and responsibility when running a root server, take a look and explore the agreements in the link below.

https://www.icann.org/en/registry-agreements/details/afamilycompany?section=agreement

Root servers have every SOA for every top level domain name. In addition to some top level domain name A(CNAME) and AAA Records. For example, there are servers a-m(13 servers) for the .com domain name.

com.		172800	IN	NS	a.gtld-servers.net.
com.		172800	IN	NS	b.gtld-servers.net.
com.		172800	IN	NS	c.gtld-servers.net.
com.		172800	IN	NS	d.gtld-servers.net.
com.		172800	IN	NS	e.gtld-servers.net.
com.		172800	IN	NS	f.gtld-servers.net.
com.		172800	IN	NS	g.gtld-servers.net.
com.		172800	IN	NS	h.gtld-servers.net.
com.		172800	IN	NS	i.gtld-servers.net.
com.		172800	IN	NS	j.gtld-servers.net.
com.		172800	IN	NS	k.gtld-servers.net.
com.		172800	IN	NS	l.gtld-servers.net.
com.		172800	IN	NS	m.gtld-servers.net.

Here is how a query works. We will use the example of sherry turns on a computer, opens a web browser, and navigates to www.brandnewdomain.com

  • Sherrys computer web browser will look at the computers storage memory(cache) for a existing dns lookup for www.brandnewdomain.com. Lets say Sherry never went to the web site before, sherrys computer will now look at the computers network configuration, and find out what the DNS servers are on sherrys computer. And send a query to the DNS servers. Probably a local internet service providers computer. Sherrys computer will not send that query to that area DNS Server. Lets say the computers DNS IP is 71.10.216.1 which belongs to rns01.charter.com
  • The internet service providers(ISP) DNS server rns01.charter.com lets say has never looked up www.brandnewdomain.com, in that case the charter.com dns server will reference a root server to find out what DNS server in the world has www.brandnewdomain.com master DNS Record. If the charter DNS server had looked up the domain name, the ISP DNS server would have simple returned the IP address to sherry. The ISP will reference the list of Root Servers which exist on every DNS Server starting with the first one. If offling or busy, the next root server is tried. The Root server tells the ISP DNS server to try the server a.gtld-servers.net. This server will know what SOA DNS IP(Start of Authority Domain Name Server Internet Protocol Address).
  • You might as, how does the ISP DNS server know what the IP of the a.gtld-servers.net is? good questions, the Root servers always have the lookup IP address of all top level domain name DNS servers.
a.gtld-servers.net.	172800	IN	A	192.5.6.30
  • So now the ISP DNS server reaches out to 192.5.6.30 and asks the question, What is the SOA for www.brandnewdoamin.com. And the IP 192.5.6.30 responds with ns1.namebrightdns.com. Now the ISP DNS server sends a query to ns1.namebrightdns.com and asks whats the IP of the host name www.brandnewdoamin.com which responds to the ISP DNS which is cached on the ISP DNS server ffor the amoutnof time in the expire setting of the domain name (TTL), the the ISP DNS forwards that response to Sherrys computer, which in tern also caches(remembers) the IP address lookup for www.brandnewdomain.com.
  • If the domain name is tried again for Sherry or anyone else who uses the ISP DNS server, the cached record is used instead of having to back to root servers and then a SOA server.

There you have it. An system designed for redundancy and efficiency and control. Does a lot of work and provides a lot of servers, and it is free. Kinda, but not really. Cost to run all this infrastructure is spread out through tons of servers like internet connections, hosting costs and so much more.

Categories
Technology

DNA Services Fake or Real

Ancestery.com is a service that can analyze your DNA and supposedly let you know your genetic heritage. Meaning did your relatives come from ireland, africa, russia; and what kind of ancestry you are percentage wise based on your DNS from a spit test.

Me being a skeptic who wants to believe but needs some sort of believable evidence first decided to do a blind test. Meaning, I provided as little information as I could about me and my relatives with a goal of letting the DNA analysis stand on its own. Of course I new some basic heritage facts, but I wanted to see if the DNS analysis matched what I new for fact. or if they are just logically guessing based on strand matches.

Categories
Networking Phone Systems Technology

Add DSCP column to WireShark

Tracking down Quality CoS and QOS issues with VoIP calls, having this column handy in WireShark captures is well, handy.

  1. Right click on one of the WireShark columns headers
  2. Click on Column Preferences
  3. Click Add + icon at the bottom
  4. Click on the New Column and change it the label to DSCP
  5. Make the Field Type to Custom
  6. Field name should be ip.dsfield.dscp
  7. Drag the column to an order you like
  8. Click OK.
Categories
Networking Phone Systems Technology

VoIP Wireshark Tips

Trying to export audio from Wireshark can be a pain. But if you practice a few habits, it is a lot easier. If you do a lot of network packet capturing and RTP playback using WireShark for quality troubleshooting in the VOIP field, you have came across the dreaded error “Codec is not supported, file is incomplete”.

You probably have also came across trying to play a stream but the stream is blank.

Also, if you are trying to quickly find out what DSCP is doing, or what country IP’s of a PBX are from, using these tricks can be the difference between frustration and or a lot of clicks or smooth sailing.

My Quick VoIP Tips

If you are really fluent and don’t need much direction, below are the things I do as a practice. If you need to learn what this stuff is and how to do it, read more below.

  • Always separate calls into separate files using prepare filter
  • Save audio to raw, import with Audacity and convert to mp3
  • Add DSCP as a column (see link)
  • Add Country iso from MindMax database (see link)

Separate Calls from Captures

I always separate calls from captures because not only does it make processing packets faster, but you can play streams that just wont even play when you have larger captures. Regardless of computer you are using.

The first image is what you see when you try and play stream on a large capture. Second image is what you see when you have done a prepare filter on the call, export visible, and reopened those exact same packets and clicked play stream again.

If you dont know how to do any of this, Ill walk you through it.

  1. Open your capture, click Telephony >> VoIP Calls
  2. Wait fo the “Recalculating statistics on all packets” to complete. you will see this on the bottom of WireShark.
  3. Now you should see the WireShark – VoIP Calls screen.
  4. Click on the call you want to listen to and click the Prepare Filter button. Wait for Filtering frame number to complete in bottom of WireShark
  5. Go back to the main WireShark screen, click Filter >> Export Specified Packets >> All Packets >> Displayed and name and save new file.
  6. Now open the new capture file, go back to Telephony >> VoIP Calls, you will see only one call, and chances are Play Streams will now show you your sound you want to play.

Codec is not supported, file is incomplete

This error from what I suspect has to do with some sort of buffer overflow not handled in WireShark export methods. Probably a memory limit in the programing converting RTP payload to au file type. Regardless of why, there is a trick to avoiding this. Couple simple steps. Without the Trick it is impossible to export long calls to audio.

  1. save the forward and reverse as raw
  2. import into Audacity
  3. Set to Stereo left and right
Saving Forward and Reverse to raw
  1. Open call capture in WireShark >> Telephony >> RTP >> RTP Streams
  2. Select both streams and click Analyze
  3. Click Save >> File Synchronized Forward Audio and change format to Raw
  4. Repeat for Reverse Audio
Import Raw Files into Audacity
  1. File >> Import >> Raw Data and select raw file you exported.
  2. Select Encoding >> U-Law, Channels >> 1 Channel (Mono), Sample rate 8000. (These settings may be different for your phone system, these are Switchvox settings)
  3. Import
  4. Repeat for both forward and reverse raw files.
Audacity Import Raw Settings

Set Left Right Pan

Finally just drag the sliders for left and right for each audio feed so you can clearly hear both forward and reverse audio.

Setting Forward Reverse Panning

Thats it for now. If I come up with some more tips, I will update this post. It is very likely that I may do something that is a tip to others but to me it’s just SOP. So feel free to ask me or suggest anything.

Categories
Networking Phone Systems Technology

Add Country to Wireshark Captures

This neat trick allows you to see the source and destination IP county. At least the country listed in the MaxMind databases. Keep in mind you could have a US IP address say from PureVPN connecting to you, and the user is actually in the country of Bolivia.

There are literally hundreds of thousands of IPs that are owned by VPN companies who will lease out VPN connections so anyone who pays including perps. The actors or perps can now pick and choose where they want to pretend to be from anywhere in the world. Most good hackers will use multiple VPN’s and multiple countries(you know on tv when McGeek say “Its gonna take a while gibs, they are bouncing off routers all over the place”. So you have to go pretty far down the rabbit hole to find the actual source. But this does give you insight into honest folks, and kiddie hackers.

Get the Database

  1. Create a account at https://www.maxmind.com/ for the GeoLit2
  2. Download the GZip for GeoLit2 Country
  3. I save my database folder on Google Drive File stream (you can use drive also, but I recommend don’t use the free drive), and mark it as offline. that way if any of my coworkers need to use it also, then can do the same.

Setup Wireshark

  1. Go to Wireshark >> Edit >> Preference >> Name Resolution and add the MaxMind database folder
Wireshark Preferences for MaxMind
  1. Now right click the Column header and select Column Preferences
  2. Add both columns for the ip.geoip.src_country_iso and ip.geoip.dst_country_iso and drag to the column order you want
How to edit columns in WireShark
Setup Columns in WireShark
  1. Finally you need to restart WireShark for this to take affect. NOTE you can see the countries for public static IP addresses in both live captures and files you newly open up.

Enjoy!

Categories
SQL Technology

Rename SQL @@Servername

This script will show you what the old server name was and what the current server name is. Even though you rename the machine name through windows system advanced properties, theSQL server name stays what it was on original install date.

	SELECT ServerProperty('machinename') as [machinename]
	,ServerProperty('ServerName') as [ServerName]
	,@@ServerName as [@@ServerName];

I recently needed to inject the name of the SQL server into a script that exported blob data to a file system. I used @@servername but to my surprise it returned the name of the server that the SQL server used to be. I cloned this a production server to do some testing and renamed the server.

USe Master
	GO
		EXEC sp_dropserver 'NETSQL3';
	GO
	EXEC sp_addserver 'NET3', 'local';
	GO

This SQL command will rename the server variable value for @@servername.

Categories
Technology

NextCloud Search Troubleshooting

After upgrading our NextCloud to version 20, our search stopped working. Search used to be fast and would search for files within the directory you were looking at. Now the search would find nothing and just do a strange animation.

As you can see pretty useless.

So like most people who run across an issue they have not seen before, they look at logs and look for error messages. Well NextCloud logs are not the easiest to view. Unlike RocketChat and other server apps where log files are a click away, NextCloud you need to open up json formatted like text files that are not pretty by anymeans. So skipping the logs I went to Google/duckduckgo to see if anyone else has had the issue.

Searching showed that others had the issue, but there was not a ton. I posed a comment on a NextCloud forum, along side someone else having the issue, in show of support as most message boards are fairly useless unless you are deep in the gears of the app. Since I have my own apps, getting deep in a new engine was not the first thing on my mind. Gears == time.

I did get a response from OiverP a NextCloud volunteer much like a response I would have given. in short Oliver said, if you got a problem, add some details so someone can help. otherwise don’t post. At least that is my go to when someone posts they have a problem, but don’t provide any details.

So not wanting to be what I don’t like it was time to spend time digging into Logs, github and any other documentation that may or may not exist for NextCloud. Since I am using Snap (Which I hate mainly because of speed) I will be posting Snap stuff, but the structure is pretty similar regardless if you are using zip, docker or manual installs.

Logs

The logs you are best to sudo copy the log files to a /home location, do a sudo chmod 777 filename to allow the file to be read with some analysis apps.

https://github.com/nextcloud/nextcloud-snap/wiki/Where-to-find-logs-of-components

  • Logs for Nextcloud can be found at: /var/snap/nextcloud/common/nextcloud/data/nextcloud.log
  • Logs for Apache can be found at: /var/snap/nextcloud/current/apache/logs/
  • Logs for Redis can be found at: /var/snap/nextcloud/current/redis/redis.log
  • Logs for PHP-FPM can be found at: /var/snap/nextcloud/current/php/php-fpm.log
  • Logs for Certbot can be found at: /var/snap/nextcloud/current/certs/certbot/logs/letsencrypt.log
  • Logs for MySQL can be found at: /var/snap/nextcloud/current/mysql/localhost.localdomain.err
Categories
Admin Tools Technology

Install Duf on Mac and Linux

Install on Linux

1) Download Files
curl -s https://api.github.com/repos/muesli/duf/releases/latest | grep browser_download_url | grep linux_x86_64.tar.gz | cut -d '"' -f 4 | wget -i -

2) Extract Files
tar xvf duf_*_linux_x86_64.tar.gz

3) Make files executable
chmod a+x duf

4) Move files to executable directory
sudo mv duf /usr/local/bin

5) Run
duf

On OSX MAC

1) Run in terminal
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
2) Run
duf

Other Awesome Linux Tools

Categories
Technology

Two Party System

Democrat’s and Republicans and the Big Media systems are I believe designed and operated to keep you emotionally engaged and feeling despair but enough puppy dog type stories in closing to keep you hooked. Then there are the other candidates(not a democrat or republican) that most people will tell you “Don’t throw away your vote”. But have you ever wondered if you have been conditioned by external factors to think the way you do? or are these thoughts something you consciously came to a conclusion too?

Democrat – is greek for people and force or power. Originally back when Andrew Jackson won his second presidential election, in 1828, the Democratic party(What is what is was know for soon after) was formed. Jackson was known for brining Wisconsin in as a Territory, Michigan becoming a state, Texas independence being recognized, introduced the Spoils System, opposed the Nullification of South Carolina, and vetoed the renewal of the US Bank. Looking at those acts as president, basing things on those actions alone, you would say the Democrat party is a paranoid angry power hungry organization where you fire everyone who does not agree with you. And we also have Andrew Jackson to thank for firing everyone in an administration on a president change and making the entire environment about yes people rather than people service whoever the president is and the country.

Republican – or the Grand Old Party (GOP) support having representatives of the people (republic) and not a monarchy.

Both Democrat and Republican parties are break offs of the Democratic-Republican party. Thats right, they both came form the same party and stuck together because a common shared interest. They both opposed the federalist party.

Electoral College

summarizing the electoral college, you need at least 270 electoral votes to become president of the US. 270 is the majority. If no one gets 270 then the house will vote in the President. Since the house will always be either democratic controlled or republican’s controlled, and tie breaker going to the speaker (either a Dem or Rep), you will never get a 3 party elected, even if there is tie or non one gets 270.

How to Introduce a third party?

Since you will never get rid of the electoral vote as a first step, you have to take a different approach. Traditionally it was impossible to have a third party candidate because the electoral college is a winner take all mentality making the math impossible for someone to win as a non DR(democrat/republican) candidate. But the one thing that is different today is social media and the strength it can carry bypassing the big media. If Ross Perot ran today he would have been elected. Providing his family was not murdered first(It was a real threat and why he dropped out). If the right group of social influencers united for a third party candidate, that strength would tip the table and put the fear of God into DR where both would fear one of they would Not be one of the two parties. That would be the only way the electoral college would be resolved and actual vote representation would happen. History has show that with the two party system, the electoral college very closely but not always mirrors the popular vote, but with more than two major parties, the electoral process falls apart and no longer represents the vote. But the most important part is that you currently need 270 electoral votes to become president, or the house of representatives end up electing the president. Since the house is normally around 55% one party 45% another party or somewhere in between, they will never elect a third party. So even though a third party may someday outshine the other two parties, and win the majority of electoral votes, they will never get elected by the house. Thus why the electoral vote process will never support more than two candidates.

References

  • https://freedomoutpost.com/roots-of-democratic-party-from-1856-to-now/
  • https://www.thoughtco.com/causes-of-texas-independence-2136245
  • https://www.thoughtco.com/democratic-party-104837
  • https://www.history.com/news/presidential-elections-tie-electoral-college