I recently had the opportunity to interact with the LogRhythm SOAP API. LogRhythm is a SIEM/IDS solution that has components which run on both Windows and Linux. They provide an HTTP/SOAP interface which allows for interacting with the system via well-defined API calls. This API runs in Windows/IIS.

My goal was to use ruby to interact with this API as part of a security data aggregation script I needed to execute. This article describes a couple things which helped me on my way to success.

Last time I posted something it had to do with troubleshooting MTU mis-match issues using Wireshark. Today I'd like to post some clarity for administrators who have Juniper NetScreen devices somewhere in their network back-bone.

I spent a lot of time poring through books, blog posts and 'kb' documents to understand what the NetScreens in my environment were doing. The end result was that we were able to alter the configuration of one of the devices to resolve the MTU mis-match issue (ICMP Type 3, Code 4 and tcp retransmissions / RST packets captured via WireShark).

MTU Mismatch and TCP Retransmissions

Posted by rion on May 16, 2016

We had a mysterious issue in our network that caused certain SSH sessions and HTTPS/TLS sessions to fail intermittently. Some machines were unable to communicate at all while other machines could occasionally and sporadically establish a connection that would fail at inopportune times.

I performed a comprehensive analysis of our networking infrastructure and router configurations and captured PCAP files to gather enough data to root cause the problem. The core problem was an MTU mis-match between our gigabit network and our 100-megabit VPN tunnel.

I was working on a ZBook G3 the other day and ran into an infuriating issue with its Synaptics Touch Pad: The touch sensitivity out-of-the-box was set so high that when I slowly moved the cursor it would get jittery and not respond.

While examining specific trackpad details, I found that I have a Synaptics LuxPad V1.3 device that communicates using an SMB port (whatever that is!)

In investigating this further I found that the Synaptics driver hides the 'advanced settings' from windows 10 users for some inexplicable reason. Once enabled I was able to fine-tune the trackpad settings to be more bearable.

I recently had to automate the configuration of a NetScreen SSG device and decided to use ruby along with the net ssh gem to accomplish this.

The trouble is that when I use the basic ssh connection / command syntax listed on the github page I get an empty string back as a result, no matter what command I execute.

There is a way to automate ssh commands via the the channel api, though!

Updated May 21st, 2016: The NetScreen device is a far more wiley device than I had originally anticipated, so my original solution ended up not working. I dug deep and found a better way to automate the netscreen device.

NFS Exports on Centos 7 to ESXi

Posted by rion on April 22, 2016

I spent a couple hours troubleshooting NFS today. The backup server I setup in 2010 is wearing out so I upgraded to a shiny new T320 (on sale!) and set out to reconfigure my NFS backup datastore to point to the new backup server.

Since I haven't played around with NFS in ages, I had forgotten what a joy it could be /s

In the end everything worked once I got the configuration straightened up, so yay!

pfSense Community Update: radiusd won't start in GUI

Posted by rion on April 17, 2016

I've used pfSense in certain parts of my network for several years now. While there is occasionally a hiccup, most of the time the product works perfectly for my needs. Today I updated my installations to the latest update which re-brands the web console as "pfSense Community Edition". After the update I was unable to start the Radius service via the web console.