Categories
Technology

See whats connecting to your computer

Little Snitch is a MacOS application that reminds me of a few products that existing in the early 2000’s called Black Ice and Network View. Black Ice would monitor connections to and from your computer and dynamically block connections if feels are a risk. Network View would show on a map connections to and from your computer so you can visually see where your computer is connecting to. Watch the brief Little Snitch overview video below.

Little Snitch is a fairly priced product and seems to respond quite well. It is highly configurable or ready to run out of the box for those who do not want to mess with settings.

To me the big attention getter for me to the product is visibility and knowing where the applications I was using was connecting too. Check it out, they have a trial that last 3 hours allowing you to kick the tires.

If you want to go to whole other level there is a tool you can download from github called Volatility that allows you to analyze memory dumps and look for things like root kits.

Categories
Apple Technology

Apples Brain Trust Cache

The other day I was updating my M1 Apple Mac Mini to macOS Monterey and received a strange error. “Failed to load update brain trust cache”. Being that I write a lot of try catch blocks when programming, and know they rules I live under to make meaningful actionable catch error box responses, and what goes into providing users information they can actually use to handle an error, I was intrigued to find out what Apple was thinking on this one.

Failed is just a verb they used to notify that they catch was reached.

Load is another verb letting the user a file was attempted to be opened

Trust Cache is something that Apple uses trust files for letting the system run stuff at a platform privilege level. Meaning these cache files content are trusted by the entire computer.

Update brain is the logic that is tied to an update. Meaning the programming (the brain) so the update knows what to do.

So in other words, during the update, the local trusted cache needs to be updated, the logic that runs the update regardless if the update is on a watch, phone, ipad, macOS or whatever needs to be trusted at a platform level so it can run. So that local immutable read only cache needs to get an update before the system can update.

My guess is that 1) the apple update downloads to a computer 2) the update once started does a hash compare to make sure the update file has not been hijacked during transit to the computer that is running the update. To do that the hash of the update is compared with apple over the internet. If the hash checks out then 3) the local trusted cache gets updated so the update can run a platform level with out the user having to enter their username over and over again during the update.

In my case, what the error was telling me is that when the hash was being compared, the compare either failed, or more likely when the Update Brain was attempted to be opened as a platform level trust cache, that open failed.

What I did is click the button to start the update again, and the file probably called update brain was able to load as platform privilege storage as trust cache.

https://support.apple.com/guide/security/trust-caches-sec7d38fbf97/web

Categories
Finance Technology

Browser Wars

So why would a company spend millions of dollars to develop and maintain a software application, then offer it for free to anyone who wants it? Why would Microsoft double down on efforts making it more difficult for users to switch their web browser to Chrome or Firefox? Something you need to understand about Products: You either buy a product or your are the product. And what does you earning Cryptocurrency, you and your web browser have to do with each other?

You have heard the term “Everybody wins”? well its kinda like that. Lets face it pretty much no one except a very small few could actually create a web browser. If you took for example the 250 million firefox users and the cost of annual development $50 million, you can see you would pay less than a dollar a year to use your firefox web browser. But since you sell part of who you are to firefox allowing them to sell that data, you get the web browser for free! Ya You, free $1 web browser, well done.

Joking aside, its a trade. You are trading a lot of information about you, what you like, buy, and are. For a web content browser that you don’t have to pay for. And Microsoft wants their piece of the pie back. Since people are creatures of habit, and most have the habit of using Chrome, then Safari, then Edge, Firefox, Brave, Opera…. Microsoft is trying to move up a spot by making the most popular operating system hard to change the default web browser. “Can’t win, cheat” I think is the motto that comes to mind.

In Windows 10 it was kind easy, you could change 1 setting and the only negative side effect is you are pestered with constant suggestion that you are doing it wrong and that you should try Edge. Well in windows 11, Microsoft went to a hole other level of truly devious proportion. You will need to change by protocol which browser you want to use. Thats right the protocol. And if you are reading this and are asking your self, what the hell is dot dot ping ping? you will probably be an Edge user with no escape. And Microsoft is counting on it.

The browser I think is fantastic is Brave. I am pretty sure they use the Chrome engine (don’t worry, dot dot ping ping) with a look that they created. They block most add’s, don’t sell your searching usage like all the others, and give you the ability to make money if you choose by getting a crypto called BAT for signing up to not block adds. Yep that is right, you can make money for the adds presented instead of 100% of that casholla going to the web browser company. Now that is closer to a win win agreed? The revenue Brave makes on you choosing to view and add last I check was split 70-30. Yep. you are the 30 and don’t tell you thought you would get it all. But before you run off and download and switch bot Brave because you want to start earning BAT crypto, do your research. learn about Crypt, know what a blockchain is. Learn how to use crypto to actually purchase something. Otherwise you have stuff on a screen that is useless. Know that crypto is still very new and there is a lot of changes happening and many opinions.

All in all, know nothing is free, self reflect and find out what you value, write it down. Find out what you don’t want to be, write it down. Yes a pen and paper. Do your due diligence and learn about the lake before you jump in the water, that stuff could be on fire, but maybe you like fire. Or maybe you like easy comfortable slow privacy phishing. At least you will be well known (to all the advertisers).

I hope this was helpful, maybe a little fun and scared you a little to. takes balance to be balanced.

References

https://www.zdnet.com/article/microsoft-doubles-down-on-its-strategy-to-get-more-windows-11-users-on-edge/

Categories
Admin Tools Powershell Remote Access Technology

Killing Processes in Windows Remotely

Sometimes I have a workstation that is not responsive, and I have to find a way remotely to find the issue, kill a process and sometimes reboot the windows computer.

  • Open a remote command prompt to the windows computer
  • Run the command tasklist | more
  • find the process PID id. I like to look for processes that are taking the largest amount of memory, or most open sessions
  • Run the command taskkill /F /PID 5411
  • Note 5411 was just a PID number that was in the task list. the PID (Process Identifier) will be different for you for each process.
  • If the computer still does not respond, sometimes you have to force a reboot. Run: shutdown /r /f r is for restart and f is for force

To open a remote command to a windows computer get online and do some searching, many ways to do that with windows. PSExec and Powershell are common ways to do this.

Categories
Admin Tools DNS Technology

DNS Helpful Tips

DNS or Domain Name System is the index off of the public internet. Allows you and computers to lookup computer addresses with human names. But also does much more than that.

  • Authorizes email as legit
  • Lets systems and people know what services are available
  • Sets up system redundancy for fail-over and fail back
  • Provides an authentication mechanism
  • And so much more…

For example lets say you want to tell a company like zoho that you own a dowmain name. Zoho can say, OK if that is you domain name, then prove it by updating the domain DNS and add some data that only I(zoho) know about. If you own the domain only you can update the DNS. Here is my my secret data. So I would go into my DNS manager, and add the secret code in my DNS. Then Zoho would query the my DNS record to see if their secret is there. If it is them the assumption is I own it.

That type of task or transaction is common when doing things like buying a domain name, and then hosting your email for your domain name in a cloud service like Zoho. What they will do is ask you to create a TXT record in your DNS.

DNS Records have types. Below is how you would or Zoho in this situation would query DNS to see what txt records exists for a domain. Keep in mind everything in DNS is public to the world, so never put anything that should not be shared with the world in it.

To check a TXT record in nslookup

jaywalker@Jays-Mac-mini ~ % nslookup -type=txt techaid.me
Server:       192.168.5.1
Address:    192.168.5.1#53

Non-authoritative answer:
techaid.me    text = “zoho-verification=zb92426001.zmverify.zoho.com”
techaid.me    text = “v=spf1 include:zoho.com ~all”

Another type that exists is what is called SOA (Start of Authority). Ever domain name has a single master DNS Record. Then that master DNS record is copied throughout the world so that where ever you are in the world, you have a DNS server close to you with information to lookup the computer IP address of a human DNS Name by service type. What is actually copied is who the SOA is, then if the DNS name is looked up one time, that info is cached. But more on that later.

Find Start of Authority DNS Server

jaywalker@Jays-Mac-mini ~ % nslookup -type=soa techaid.me
Server:       192.168.5.1
Address:    192.168.5.1#53

Non-authoritative answer:
techaid.me
    origin = ns57.domaincontrol.com
    mail addr = dns.jomax.net
    serial = 2021092400
    refresh = 28800
    retry = 7200
    expire = 604800
    minimum = 600

Authoritative answers can be found from:

Caching and the Design of DNS

Like we said earlier, SOA’s are the master record of a DNS name. And what is copied all over the world to other DNS servers is the SOA to Domain name list to top level domain servers.

Whats a Top Level Domain?

.com or .us or .net or .org

Top is all the way to the right, everything to the right of the very last period.

So if you have a domain name like mybigchicken.com the top level domain name is .com and your domain name is mybigchicken.com. And there is a server out there that has all the SOA server to your domain name index on it.

Root Servers

Root zones are authoritative name servers that serve the DNS root zone. Most people call them “Root Servers”. Its basically a bunch of servers around the world.

https://www.iana.org/domains/root/servers

OK, so we are going to get a little in the weeds here. When I say a bunch of servers I mean hundreds. For example SCJohnson out of Racine Wisconsin in the US has some root servers. All of this information is public information. And the Governing authority IANA has an agreement with SCJohnson about how they will manager their root servers. There is a lot of work and responsibility when running a root server, take a look and explore the agreements in the link below.

https://www.icann.org/en/registry-agreements/details/afamilycompany?section=agreement

Root servers have every SOA for every top level domain name. In addition to some top level domain name A(CNAME) and AAA Records. For example, there are servers a-m(13 servers) for the .com domain name.

com.		172800	IN	NS	a.gtld-servers.net.
com.		172800	IN	NS	b.gtld-servers.net.
com.		172800	IN	NS	c.gtld-servers.net.
com.		172800	IN	NS	d.gtld-servers.net.
com.		172800	IN	NS	e.gtld-servers.net.
com.		172800	IN	NS	f.gtld-servers.net.
com.		172800	IN	NS	g.gtld-servers.net.
com.		172800	IN	NS	h.gtld-servers.net.
com.		172800	IN	NS	i.gtld-servers.net.
com.		172800	IN	NS	j.gtld-servers.net.
com.		172800	IN	NS	k.gtld-servers.net.
com.		172800	IN	NS	l.gtld-servers.net.
com.		172800	IN	NS	m.gtld-servers.net.

Here is how a query works. We will use the example of sherry turns on a computer, opens a web browser, and navigates to www.brandnewdomain.com

  • Sherrys computer web browser will look at the computers storage memory(cache) for a existing dns lookup for www.brandnewdomain.com. Lets say Sherry never went to the web site before, sherrys computer will now look at the computers network configuration, and find out what the DNS servers are on sherrys computer. And send a query to the DNS servers. Probably a local internet service providers computer. Sherrys computer will not send that query to that area DNS Server. Lets say the computers DNS IP is 71.10.216.1 which belongs to rns01.charter.com
  • The internet service providers(ISP) DNS server rns01.charter.com lets say has never looked up www.brandnewdomain.com, in that case the charter.com dns server will reference a root server to find out what DNS server in the world has www.brandnewdomain.com master DNS Record. If the charter DNS server had looked up the domain name, the ISP DNS server would have simple returned the IP address to sherry. The ISP will reference the list of Root Servers which exist on every DNS Server starting with the first one. If offling or busy, the next root server is tried. The Root server tells the ISP DNS server to try the server a.gtld-servers.net. This server will know what SOA DNS IP(Start of Authority Domain Name Server Internet Protocol Address).
  • You might as, how does the ISP DNS server know what the IP of the a.gtld-servers.net is? good questions, the Root servers always have the lookup IP address of all top level domain name DNS servers.
a.gtld-servers.net.	172800	IN	A	192.5.6.30
  • So now the ISP DNS server reaches out to 192.5.6.30 and asks the question, What is the SOA for www.brandnewdoamin.com. And the IP 192.5.6.30 responds with ns1.namebrightdns.com. Now the ISP DNS server sends a query to ns1.namebrightdns.com and asks whats the IP of the host name www.brandnewdoamin.com which responds to the ISP DNS which is cached on the ISP DNS server ffor the amoutnof time in the expire setting of the domain name (TTL), the the ISP DNS forwards that response to Sherrys computer, which in tern also caches(remembers) the IP address lookup for www.brandnewdomain.com.
  • If the domain name is tried again for Sherry or anyone else who uses the ISP DNS server, the cached record is used instead of having to back to root servers and then a SOA server.

There you have it. An system designed for redundancy and efficiency and control. Does a lot of work and provides a lot of servers, and it is free. Kinda, but not really. Cost to run all this infrastructure is spread out through tons of servers like internet connections, hosting costs and so much more.

Categories
Technology

DNA Services Fake or Real

Ancestery.com is a service that can analyze your DNA and supposedly let you know your genetic heritage. Meaning did your relatives come from ireland, africa, russia; and what kind of ancestry you are percentage wise based on your DNS from a spit test.

Me being a skeptic who wants to believe but needs some sort of believable evidence first decided to do a blind test. Meaning, I provided as little information as I could about me and my relatives with a goal of letting the DNA analysis stand on its own. Of course I new some basic heritage facts, but I wanted to see if the DNS analysis matched what I new for fact. or if they are just logically guessing based on strand matches.

Categories
Networking Phone Systems Technology

Add DSCP column to WireShark

Tracking down Quality CoS and QOS issues with VoIP calls, having this column handy in WireShark captures is well, handy.

  1. Right click on one of the WireShark columns headers
  2. Click on Column Preferences
  3. Click Add + icon at the bottom
  4. Click on the New Column and change it the label to DSCP
  5. Make the Field Type to Custom
  6. Field name should be ip.dsfield.dscp
  7. Drag the column to an order you like
  8. Click OK.
Categories
Networking Phone Systems Technology

VoIP Wireshark Tips

Trying to export audio from Wireshark can be a pain. But if you practice a few habits, it is a lot easier. If you do a lot of network packet capturing and RTP playback using WireShark for quality troubleshooting in the VOIP field, you have came across the dreaded error “Codec is not supported, file is incomplete”.

You probably have also came across trying to play a stream but the stream is blank.

Also, if you are trying to quickly find out what DSCP is doing, or what country IP’s of a PBX are from, using these tricks can be the difference between frustration and or a lot of clicks or smooth sailing.

My Quick VoIP Tips

If you are really fluent and don’t need much direction, below are the things I do as a practice. If you need to learn what this stuff is and how to do it, read more below.

  • Always separate calls into separate files using prepare filter
  • Save audio to raw, import with Audacity and convert to mp3
  • Add DSCP as a column (see link)
  • Add Country iso from MindMax database (see link)

Separate Calls from Captures

I always separate calls from captures because not only does it make processing packets faster, but you can play streams that just wont even play when you have larger captures. Regardless of computer you are using.

The first image is what you see when you try and play stream on a large capture. Second image is what you see when you have done a prepare filter on the call, export visible, and reopened those exact same packets and clicked play stream again.

If you dont know how to do any of this, Ill walk you through it.

  1. Open your capture, click Telephony >> VoIP Calls
  2. Wait fo the “Recalculating statistics on all packets” to complete. you will see this on the bottom of WireShark.
  3. Now you should see the WireShark – VoIP Calls screen.
  4. Click on the call you want to listen to and click the Prepare Filter button. Wait for Filtering frame number to complete in bottom of WireShark
  5. Go back to the main WireShark screen, click Filter >> Export Specified Packets >> All Packets >> Displayed and name and save new file.
  6. Now open the new capture file, go back to Telephony >> VoIP Calls, you will see only one call, and chances are Play Streams will now show you your sound you want to play.

Codec is not supported, file is incomplete

This error from what I suspect has to do with some sort of buffer overflow not handled in WireShark export methods. Probably a memory limit in the programing converting RTP payload to au file type. Regardless of why, there is a trick to avoiding this. Couple simple steps. Without the Trick it is impossible to export long calls to audio.

  1. save the forward and reverse as raw
  2. import into Audacity
  3. Set to Stereo left and right
Saving Forward and Reverse to raw
  1. Open call capture in WireShark >> Telephony >> RTP >> RTP Streams
  2. Select both streams and click Analyze
  3. Click Save >> File Synchronized Forward Audio and change format to Raw
  4. Repeat for Reverse Audio
Import Raw Files into Audacity
  1. File >> Import >> Raw Data and select raw file you exported.
  2. Select Encoding >> U-Law, Channels >> 1 Channel (Mono), Sample rate 8000. (These settings may be different for your phone system, these are Switchvox settings)
  3. Import
  4. Repeat for both forward and reverse raw files.
Audacity Import Raw Settings

Set Left Right Pan

Finally just drag the sliders for left and right for each audio feed so you can clearly hear both forward and reverse audio.

Setting Forward Reverse Panning

Thats it for now. If I come up with some more tips, I will update this post. It is very likely that I may do something that is a tip to others but to me it’s just SOP. So feel free to ask me or suggest anything.

Categories
Networking Phone Systems Technology

Add Country to Wireshark Captures

This neat trick allows you to see the source and destination IP county. At least the country listed in the MaxMind databases. Keep in mind you could have a US IP address say from PureVPN connecting to you, and the user is actually in the country of Bolivia.

There are literally hundreds of thousands of IPs that are owned by VPN companies who will lease out VPN connections so anyone who pays including perps. The actors or perps can now pick and choose where they want to pretend to be from anywhere in the world. Most good hackers will use multiple VPN’s and multiple countries(you know on tv when McGeek say “Its gonna take a while gibs, they are bouncing off routers all over the place”. So you have to go pretty far down the rabbit hole to find the actual source. But this does give you insight into honest folks, and kiddie hackers.

Get the Database

  1. Create a account at https://www.maxmind.com/ for the GeoLit2
  2. Download the GZip for GeoLit2 Country
  3. I save my database folder on Google Drive File stream (you can use drive also, but I recommend don’t use the free drive), and mark it as offline. that way if any of my coworkers need to use it also, then can do the same.

Setup Wireshark

  1. Go to Wireshark >> Edit >> Preference >> Name Resolution and add the MaxMind database folder
Wireshark Preferences for MaxMind
  1. Now right click the Column header and select Column Preferences
  2. Add both columns for the ip.geoip.src_country_iso and ip.geoip.dst_country_iso and drag to the column order you want
How to edit columns in WireShark
Setup Columns in WireShark
  1. Finally you need to restart WireShark for this to take affect. NOTE you can see the countries for public static IP addresses in both live captures and files you newly open up.

Enjoy!

Categories
SQL Technology

Rename SQL @@Servername

This script will show you what the old server name was and what the current server name is. Even though you rename the machine name through windows system advanced properties, theSQL server name stays what it was on original install date.

	SELECT ServerProperty('machinename') as [machinename]
	,ServerProperty('ServerName') as [ServerName]
	,@@ServerName as [@@ServerName];

I recently needed to inject the name of the SQL server into a script that exported blob data to a file system. I used @@servername but to my surprise it returned the name of the server that the SQL server used to be. I cloned this a production server to do some testing and renamed the server.

USe Master
	GO
		EXEC sp_dropserver 'NETSQL3';
	GO
	EXEC sp_addserver 'NET3', 'local';
	GO

This SQL command will rename the server variable value for @@servername.