Everything posted by Cowboy Denny
-
Zack's off to the Air Force
Our son graduated High School and is off to serve and defend our country with the United States Air Force (the 2nd hardest branch of the service you can join based on ASVAB score requirements with Coast Guard being the highest/hardest to qualify for) As you could probably imagine as a parent how exciting and scared you are for your kid even though many of us have been there without many of the luxuries that they have now a days. From what I heard they have scaled back quite a bit due to kids calling there parents while in boot camp and explaining the horrors the drill instructors make them do and for the love of god, no internet, no phones, no game consoles. Now I've been in the Air Force boot camp longer than most (yea I got what they called washed back a few times) and yes I was upset and when I did speak to my parents via a phone call or letter I explained on how rough it was and how much I thought I made a mistake. The crazy part is, we all know that going in. No matter how good or bad everyone says it is, you don't know until you know. It might sound like I'm heartless but really its not that at all. It's more like tough love which is why I believe every kid needs to serve some time in the military so they can basically grow up and understand what it means to be an American. Understand what it means to say the "Pledge of Allegiance". Understand what the "Star Spangled Banner" is all about. My son Zackary will get to experience what I did in some degree and he too will grow up and become a proud American. I could not be more proud of my son for taking on the responsibility to defend our country, what it stands for and everyone no matter what race, religion, color, nationality that lives in this beautiful country we call home.
-
Military Career STEP 6 (Tech Training)
Technical School typically comes after your Basic Training. Now based on what job the military assigns you depends on where you will be going for your schooling. Example for the Air Force they have four bases for Technical Training which include: Goodfellow AFB, TX Lackland AFB, TX (so in short you go to training where you went to basic) Sheppard AFB, TX Keesler AFB, MS
-
Military Career STEP 5 (Basic Military Training)
As you can imagine this is one of the toughest parts about joining the service. Some call it boot camp, some call it basic training and some call it hell. During this time, they are testing you mentally, emotionally and physically. No matter what branch of service they need to make sure before they hand you a gun or work on a multi-million dollar piece of equipment or put others in harms way the military needs to know that you won't loose your crap when shit gets real. How long is Basic Military Training? This is a tough one to answer since it changes all the time. Currently its as follows (on average): Air Force: 8.5 weeks Army: 10 weeks Marines: 12 weeks Navy: 7-9 weeks Coast Guard: 8 weeks No matter what branch of service you are looking at there is always a ton of marching which reminds me of a funny clip from the TV show Amazing Race. Anytime I see this I crack up and I'm not sure if its because I served and am familar with Marching in all types of weather and different Drill Instructors yelling. Anyhow, without further delay below is the clip that I hope brightens your day as it does mine.. repeatedly.
-
Military Career STEP 4 (MEPS)
Military Entry Processing Station (MEPS) - Physical Testing This will include things like: Various medical exam (prepare to cough, lol) Background check (no criminal record, felonies, etc) Delayed Entry Program (DEP) swear-in Job counseling Choose your availability date for basic training Medical Examination They are making sure you pass physically regardless of what you told the recruiter. While at MEPS you will be examined by a Physician so wear clean underwear. 🙂 Background check You can't have a criminal record or felonies. If you have traffic tickets for speeding won't keep you out of the service but much more than that you'll not qualify for a career in the service. Delayed Entry Program (DEP) swear-in Once a month the DEP commander's call to prepare for basic training. You will be checked/verified you still remain qualified to join the Air Force. So just because you get sworn in and you did great on your ASVAB, if you mess up prior to the day you leave for Basic Training you can kiss your military career good bye. Job counseling Here you'll give your top 5 job desires. What do you want to do in the service? Obviously you won't have choices if you didn't score high enough. Choose your availability date for basic training You can pick when you want to leave for basic. Some people want to leave as soon as they graduate and then some want to wait a month or two before they start there career (there last bit of freedom before starting there future). Back in 1989 when I enlisted, I requested August which gave me a few months after I graduated. I wouldn't put that long if I could do it again and August is the hottest month in Texas (Lackland AFB) where boot camp is for the Air Force. I would leave within a month after graduation if I could do it again. Check out the full descriptive list here
-
Military Career STEP 3 (Required Documents)
Now that you got your ASVAB score where you want it you need the following documents so go ahead and start putting them together so you aren't rushing to find them last minute Birth Certificate Social Security Card (not a copy) High School diploma or GED Drivers License College Transcripts (if any) Medical Records Casefile?? not sure what this is but the recruiter will tell ya Some notes you should know If you are wearing a uniform no tattoos can be exposed (not even a hint of one) If you do get a tattoo before you join the service it must be completely healed before you leave for basic... so probably no tattoo 3 months before you leave. You must be able to pass a drug test
-
Military Career STEP 2 (ASVAB TEST)
Is the military your choice for a career? It's not a bad choice and if you ask me I believe we Americans should do what Italians do and require everyone who graduates serve their country for a minimum of two years. Then they have the choice to either stay with the military and work towards and nice retirement or go the public sector and find a job with a company. If the military is your choice, you should probably practice the ASVAB testing which practice testing is available on this website, ASVAB Practice Test Online but why do you need to practice? Most people think they can join any branch if they want which isn't true. Everyone wanting to join the Military must take a written test called ASVAB which stands for Armed Services Vocational Aptitude Battery. After taking the test you'll have to wait a few weeks for the results which is given to you as a number and that number tells you what branch of service you qualify for. Not only what branch you qualify for but what jobs in the service you qualify for. The higher the score the more job/career choices you have. Examples of 2018 minimum AFQT scores for entry into each branch, with a high school diploma, are as follows: Army & National Guard – 31 Marine Corps – 32 Navy – 35 Air Force – 36 Coast Guard – 40 So now you see what is the minimum score and now you don't like what you got you may have the question.... Can I Take the ASVAB Test More Than Once? The Answer is Yes. 1st Retake of the ASVAB you must wait one full calendar month to retake the ASVAB test 2nd Retake of the ASVAB you must wait an additional calendar month to retest 3rd Retake of the ASVAB you have to wait six calendar months to retake the ASVAB. 4th Retake of the ASVAB you have to wait six calendar months to retake the ASVAB. Any additional times are just like the 3rd and 4th where you have to wait six calendar months to retake the ASVAB. Where Can I Take the ASVAB Test? How Do I Schedule It? You can contact the Armed Forces Recruiting Officer in your area and you can schedule an appointment with a local recruiter from the branch of the military you wish to join. Honestly the best place for you to take the ASVAVB test (the least stressful) is your High School and/or if you are going to some ROTC program that is another great option versus coming down to the MEPS for ASVAB testing. Getting Ready For Your Test Date Now is also a good time to learn more about the specific sub-sections of the ASVAB test. You may be a pro at solving math problems, but if reading comprehension is not your forte it can bring down your overall ASVAB score, known specifically as your AFQT score. To study effectively for the ASVAB, you really need to begin studying at least two months before you plan to take the test, if not more! Here are some basic steps to take: Find a comfortable, quiet area to study. Gather paper, pens and pencils, a calculator and other tools. Make a basic study schedule. Making a Schedule Probably the most important thing is to make a schedule and stick with it. Some days, you will be a little tired, and you may not concentrate as hard as you should on other days, but if you are consistent, you will reap great rewards. When you first begin studying, you should make a list of the areas you are good at and those on which you could use improvement. If you're not really sure, it would be a great idea to take a practice ASVAB test. This will help you figure out what you're good and not so good at. For example, you might make a table like this: Section Current Skill Level Scale of 1 - 5: 1 = Low 5 = High AFQT Sections Arithmetic reasoning (AR) 3 Mathematics knowledge (MK) 2 Word knowledge (WK) 4 Paragraph comprehension (PC) 3 Extra Sections General science (GS) 11 Auto and shop information (AS) 11 Mechanical comprehension (MC) 19 Electronics information (EI) 9 Focus on Your Weaknesses Focus on the four essential sections, those critical to the AFQT score, first. From the example above, it seems that your verbal abilities are at least OK: you gave yourself a four on the word knowledge section and a three on paragraph comprehension. However, your math skills could use some work -- especially with mathematics knowledge, as you only have a skill level of two. This tells you that you'll have to work extra hard on the math sections. After you know the problem, the solution will come much easier. In the example above, you probably would want to spend about 60% of your time with math studying and about 40% with verbal. If you are really ambitious, you could throw in some studying time for the nonessential sections -- GS, AS, MC, EI. Once you have decided on a test date, it is important to register as early as possible. This will prevent any avoidable issues with test administrators needing enough time to make sure you are eligible to take the test. What if I fail the ASVAB? There is no pass or fail on the ASVAB. You cannot "ace" the ASVAB or "flunk" it! Your scores reflect your own abilities! The maximum score for all ASVAB tests is 99. You will want to do your best so that you will be eligible for the military skill specialty that matches your ability and interests. In addition, to be eligible to enlist in one of the military services, you must obtain a minimum Armed Forces Qualification Test (AFQT) score, which varies between services as mentioned at the beginning. How long are ASVAB scores valid? ASVAB scores are good for two years. Any help out there? Here is some help to do better at your ASVAB Test. It's $20 but to help you get the most job choices in whatever branch of service you choose, you need good scores so $20 to help you get those opportunities doesn't sound like a whole lot. ASVAB Secrets Study Guide
-
Military Career STEP 1 (Recruitment Interview)
When you are 17 you can go talk to a recruiter and you should have some questions to ask your recruiter regardless of what branch of service you want to join. If you set a time to meet a military recruiter, be courteous and show up at that time. Prove you're reliable and a person of your word by arriving at the time you said you would. It shows you respect your own time and that of the person you're meeting. Be on Time!! One important note to keep in mind: Just because you talk to a recruiter doesn’t mean you’re obligated to join. Speaking with a military recruiter is an information-gathering process for you and them. How should you dress? Dress to Impress When you decide it’s time to see a military recruiter, being prepared for the meeting will make quite the impression. Like a job interview, you want to put your best foot forward. Yes, they need you, but regardless of that fact, it’s important to start the relationship off as professional as possible. What shouldn’t you wear to the recruiting office? Flip flops Torn clothing Clothing with explicit messaging Revealing clothing Business casual — like a polo and slacks or a nice blouse and skirt — are appropriate apparel to wear for meeting with a military recruiter. You don’t need to show up in a suit, but putting some effort into your appearance goes a long way in showing you actually care about presentation — a habit you’ll need to get into anyway if you plan to join the military. What to bring with you? A notebook. Pen or pencil. A list of questions. Below are a list of some questions you may want to ask (in case you can't think of any): How does the recruiting process work from start to finish? What is the Delayed Entry Program (DEP)? Why should I join the (Army, Navy, Air Force, Marines)? What are the biggest benefits of this branch? What are the requirements for joining? What paperwork and/or medical information is required? What is the minimum length of my service commitment? How long is boot camp / basic training? What physical standards do I need to meet? How can I prepare physically for basic training? What is “boot camp” like day-to-day? What are the drill instructors like? Can I choose when to go to boot camp? What other training will I need based on the position I’m interested in? Where will I be stationed after boot camp? Do I have a choice? Can I choose the military job I want? How is the job assignment made? I want to be a (insert whatever job you're looking to do). What is the minimum ASVAB score I need? Can I talk with someone that does the job I want? What will I be paid? Are there any bonuses or incentives for specific jobs? What special incentives are available? Can you tell me about the GI Bill? How does it work? Can I pick what college I can go to? Do I have to use my GI Bill or can I save it? How often are service people promoted Too many potential recruits don’t take the first meeting seriously enough. Show up on time, dress appropriately, and have the right materials in hand. It will make your meeting go smoother and you’ll also get more out of it. Some very helpful websites to help prepare yourself or mentally get an idea of each branch of service or dive in a bit deeper is called OperationMilitaryKids American War and Military Operations Casualties: Lists and Statistics Delayed Enlistment Program information https://fas.org/sgp/crs/natsec/RL32492.pdf https://www.rand.org/pubs/research_briefs/RB9955z3.html
-
DNS Queries
Check how each DNS Server is doing. NOTE: DNS can use UDP or TCP port 53 Zone transfers use TCP Queries use UDP ALSO DNS is considered Layer7 (Application Layer) ARCHITECTURE EXAMPLE External/Internet Facing Utilize F5 BIG-IP DNS (GTM) as the name server since they are practically impossible to kill Internal/Intranet Utilize Infoblox with a minimum of two DNS Views (Internal DNS View for intranet only DNS and External DNS View for internet only) REFERENCE LOGICAL DIAGRAM BELOW <insert photo> Of course we could configure many different ways for DNS but let's just concentrate on the External DNS for now since Internal DNS could get complicated with Microsoft Active Directory and using F5 BIG-IP DNS (GTM) for WideIPs and leveraging Anycast then dealing with DDNS.. as you can see, internal DNS is much more complicated then External DNS. To add an External facing DNS Domain (adding a subdomain is the same process) First create the new external domain in Infoblox. I personally like using the csv import process that Infoblox supports. You just populate a CSV like this one here and then go into Infoblox and import the CSV to create the domain (or subdomain). Using the same process (just a different csv) I would add any records that belong in that new domain. Second create the new external domain on your F5 BIG-IP DNS by running command but you need to know a couple things before you can run the command. What name servers are defined on your F5 device that point to the IP address of your Infoblox GridMaster. You can identify this by running this command: iSupport@(mifnt1slbgtm03)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm dns nameserver ltm dns nameserver dnsx_server_0 { address 10.11.12.205 route-domain 0 tsig-key Sup3Rs3CreT } ltm dns nameserver dnsx_server_1 { address 10.11.12.205 route-domain 0 } tmsh create ltm dns zone eventguyz.com dns-express-server dnsx_server_0 dns-express-notify-tsig-verify no Explanation dns-express-server TSIG Notes Use transaction signature (TSIG) keys to authenticate communications about zone transfers between the BIG-IP system and authoritative DNS servers, and between the BIG-IP system and DNS nameservers (clients).
-
How to export DHCP Leases to CSV file
Many exports limits to 10,000 entries but what if you have more than that then what? Using an API call is the way to go. Here are instructions on how to export DHCP Leases from Infoblox using an API call. Pre-Req: Must have a user account with API access Must have the FQDN or IP of the GridMaster Instructions: (I'm using a Mac of course so if you are using Windows it will look different but Linux it will look the same) From the machines command prompt run curl -k -u 'admin:infoblox' -H 'content-type: application/json' -X POST "https://gm.eventguyz.corp/wapi/v2.9/fileop?_function=csv_export" -d '{"_object": "lease" }' { "token": "eJytjk0LgjAYx7+K7Jxu0/mCN8OCQBQi6DjEPdnAt7YVRfTd2w517dL19399IrgvUj24kSOg3KNJ\nzChJszAJQpKFGaErD13VYCV0NmbROcaUBCwKKGPWEmNHuZAKOsNPcgAuZ6zgwqXwy+ZYV01R+iQh\nlKZhxBKbyBjBFbQadNDpG7L9ojUth6mbhZx6t7Te1V8+zsIdQ2VxKPh+s/0IjmFtZtX2gM24/OOI\nFK71Vwi93qrJWuw=\n", "url": "https://gm.eventguyz.corp/http_direct_file_io/req_id-DOWNLOAD-0601172346205840/Leases.csv" Now download the file using the link in the output above curl -k -u 'admin:infoblox' -H 'content-type: application/force-download' "https://gm.eventguyz.corp/http_direct_file_io/req_id-DOWNLOAD-0601172346205840/Leases.csv" -o "Leases.csv" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 8221k 100 8221k 0 0 359k 0 0:00:22 0:00:22 --:--:-- 286k As cleanup, remove the token provided in step 1 curl -k -u 'admin:infoblox' -H 'content-type: application/json' -X POST "https://gm.eventguyz.corp/wapi/v2.9/fileop?_function=downloadcomplete" -d '{"token" : "eJytjk0LgjAYx7+K7Jxu0/mCN8OCQBQi6DjEPdnAt7YVRfTd2w517dL19399IrgvUj24kSOg3KNJ\nzChJszAJQpKFGaErD13VYCV0NmbROcaUBCwKKGPWEmNHuZAKOsNPcgAuZ6zgwqXwy+ZYV01R+iQh\nlKZhxBKbyBjBFbQadNDpG7L9ojUth6mbhZx6t7Te1V8+zsIdQ2VxKPh+s/0IjmFtZtX2gM24/OOI\nFK71Vwi93qrJWuw=\n"}' That's all there is to it and now you have ALL the DHCP Leases in Leases.csv on your machine that you downloaded from Infoblox
-
How to Decrypt SSL Traffic on LTM
For this to work you need to decrypt the traffic as it comes in. Its too late if you did a capture and all the traffic is encrypted. So this entry is for those of you that would like to do some work ahead of time on the F5 and then have the user do some application testing while you are running a tcpdump. In many cases for me, I have only needed to do this on our DMZ LTM which is where the our F5 works as an SSL Bridge SETUP Put the source IPs in a txt file. I'm calling mine /var/tmp/app1_dg_nonprod_address.txt Create a datagroup tmsh create /sys file data-group dg.app1.nonprod separator ":=" source-path file:/var/tmp/app1_dg_nonprod_address.txt type ip Create iRule and reference datagroup ## irule.ssl.decrypt.app1.nonprod when CLIENTSSL_HANDSHAKE { if {[class match [getfield [IP::client_addr] "%" 1] equals dg.app1.nonprod] } { log local0. "CLIENT_Side_IP:TCP source port: [IP::client_addr]:[TCP::remote_port]" log local0. "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]" log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]" } } when SERVERSSL_HANDSHAKE { if {[class match [getfield [IP::client_addr] "%" 1] equals dg.app1.nonprod] } { log local0. "CLIENT_Side_IP:TCP source port: [IP::client_addr]:[TCP::remote_port]" log local0. "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]" log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]" } } Add iRule to Virtual Server you want to capture traffic on Start Capture via cli where the iRule is tcpdump -ni 0.0:nnn -s0 --f5 ssl host 198.200.19.151 or host 10.46.69.31 -w /var/tmp/app1-ext.hosangit.com_tcpdump_VS_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pcap Start Capture via cli on downstream F5 (optional) tcpdump -ni 0.0:nnn -s0 --f5 ssl host 10.46.69.31 or host 10.46.126.197 or host 10.46.126.242 or host 10.46.126.253 -w /var/tmp/app1-int.hosangit.com_tcpdump_VS_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pcap BEGIN testing application to reproduce the error, once error occurs STOP captures by issuing a CTRL + C Download .pcap file(s) Get those secrets off the F5 that you have the iRule running sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /var/tmp/app1-ext.hosangit.com-sessionsecrets_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pms Download the sessionsecrets (.pms file) example: /var/tmp/appi-ext.hosangit.com-sessionsecrets_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pms
-
Using ssldump on F5
You can use the ssldump utility to examine, decrypt, and decode SSL-encrypted packet streams managed by the BIG-IP system. The ssldump utility can act on packet streams real-time as they traverse the system, or on a packet capture file saved in the libpcap format, such as that produced by the tcpdump utility. Although it is possible for the ssldump utility to decode and display live traffic real-time as it traverses the BIG-IP system, it is rarely the most effective method to examine the voluminous and complex output of the ssldump utility. Capturing the target traffic to a file using the tcpdump utility, then decoding the file using the ssldump utility offers a better opportunity to examine the traffic in detail. Here are the steps Capture the traffic Examine the SSL handshake and other SSL traffic Examine the decrypted application data Capture the traffic Capture traffic that contains the SSL traffic you want to examine. When you capture SSL conversations for ssldump examination, follow these guidelines: If you use a browser to test, first close all existing browser windows and then use a newly-opened browser window to reproduce the issue to ensure a new session key is used. The ssldump utility cannot decrypt traffic for which the handshake including the key exchange was not seen. To write the captured packets to a file for examination with the ssldump utility, you must specify the -w option with the name of the file to which the captured data should be stored. Use the -i option to specify the interface or VLAN from which traffic is to be captured. Use the appropriate tcpdump filters to include only the traffic you want to examine. If you want to decrypt and examine the application data, you must capture the entire packet by specifying a value of 0 or the maximum size of the target packet to the -s option. Consider using the -v (verbose) option to increase the level of detail captured. Capturing traffic examples if you want to save for examination client-side traffic to a specific SSL virtual server listening on the VLAN external, the following command includes the appropriate options and filters on the virtual server's IP address and port: tcpdump -vvv -s 0 -nni external -w /var/tmp/www-ssl-client.cap host 10.1.1.100 and port 443 If you want to examine server-side traffic from one client to any pool member, use the -i option to specify the VLAN on which the servers reside, and filter on the client IP address, the server subnet, and the port on which the servers are listening. To do so, use the following command: tcpdump -vvv -s 0 -nni internal -w /var/tmp/www-ssl-server.cap host 192.168.22.33 and net 10.1.1.0/24 and port 8080 The traffic matching the specified filter is saved to the indicated capture file. The options used are: -vvv Maximum verbosity -s Snaplength (0 captures full packets) -nn Do not resolve host or service names -i Interface - can be ifname or vlan name -w Write output to file Examine the SSL handshake and other SSL traffic SSL connections are established on top of an existing TCP connection using an SSL handshake that accomplishes the following: The client and server negotiate security capabilities, such as the public-key algorithm, the symmetric key algorithm, and compression algorithms. The server transmits its certificate to the client, allowing the client to validate the identity of the server. The client and server exchange session key information. The client may also send its certificate to the server, allowing the server to validate the identity of the client. The handshake transactions consist of a number of SSL record messages. These messages can be examined by executing the ssldump utility using the -r option to specify the path and name of the tcpdump capture file to be examined. Other useful options include the following: -n Do not resolve host names. -A Print all fields (ssldump, by default, prints only the most interesting). -e Print absolute timestamps. -d Display application data, including traffic before session initiates. -M Output a pre-master secret log file (v. 11.2.0 and later) For example, the following command displays all of the SSL record messages found in the tcpdump capture file named www-ssl-client.cap: ssldump -nr /var/tmp/www-ssl-client.cap The SSL records printed by the ssldump utility appear similar to the following example: New TCP connection #2: 172.16.31.22(32866) <-> 192.168.1.8(8389) 2 1 0.0002 (0.0002) C>S Handshake ClientHello Version 3.0 resume [32]= a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50 d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55 cipher suites SSL_DHE_RSA_WITH_AES_256_CBC_SHA SSL_DHE_DSS_WITH_AES_256_CBC_SHA SSL_RSA_WITH_AES_256_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Unknown value 0xfeff SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA Unknown value 0xfefe SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT1024_WITH_RC4_56_SHA SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 compression methods NULL 2 2 0.0277 (0.0274) S>C Handshake ServerHello Version 3.0 session_id[32]= a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50 d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55 cipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod NULL 2 3 0.0277 (0.0000) S>C ChangeCipherSpec 2 4 0.0277 (0.0000) S>C Handshake 2 5 0.0282 (0.0005) C>S ChangeCipherSpec 2 6 0.0282 (0.0000) C>S Handshake 2 7 0.0282 (0.0000) C>S application_data 2 8 0.0289 (0.0006) S>C application_data 2 9 0.0289 (0.0000) S>C application_data 2 10 0.0292 (0.0003) C>S application_data 2 11 0.0296 (0.0003) S>C application_data 2 12 0.0296 (0.0000) S>C application_data 1 24 3.5016 (0.5372) S>C application_data 1 25 3.5016 (0.0000) S>C application_data 2 13 0.5424 (0.5128) C>S application_data 2 14 0.5429 (0.0005) S>C application_data 2 15 0.5429 (0.0000) S>C application_data 1 26 6.0378 (2.5362) C>S application_data 1 27 6.0411 (0.0033) S>C application_data 1 28 6.0411 (0.0000) S>C application_data 2 16 3.1243 (2.5814) C>S application_data 2 17 3.1455 (0.0212) S>C application_data 2 18 3.1455 (0.0000) S>C application_data 1 29 9.2325 (3.1914) C>S application_data 1 30 9.2359 (0.0033) S>C application_data 1 31 9.2359 (0.0000) S>C application_data 1 32 9.3185 (0.0826) C>S application_data 2 19 6.3589 (3.2133) C>S application_data 1 33 9.3276 (0.0090) S>C application_data 1 34 9.3276 (0.0000) S>C application_data 2 20 6.3632 (0.0043) S>C application_data 2 21 6.3632 (0.0000) S>C application_data 1 35 12.3565 (3.0289) C>S application_data 1 36 12.3682 (0.0116) S>C application_data 1 37 12.3682 (0.0000) S>C application_data The first line defines a new TCP connection which appears similar to the following example: New TCP connection #2: 172.16.31.22(32866) <-> 192.168.1.8(8080) To differentiate records belonging to different connections, each connection is numbered. The example defines connection 2. The host that sends the first SYN is printed on the left and the host that responds is printed on the right. In most cases, the SSL client is printed on the left with the SSL server on the right. In this case we have a connection from 172.16.31.22 port 32866 to 192.168.1.8 port 8080. Subsequent lines represent SSL records sent between the client and the server. The printout of each SSL record begins with a record line. It contains the connection number with which the record is associated, and the sequence number of the record itself, followed by two time stamps. The first time stamp is the time, in seconds, since the beginning of the connection. The second time stamp is the time, in seconds, since the previous record on the same connection. The next column indicates the origin of the message. Communications originating from the client are indicated in the next column by C>S (client to server), while messages originating from the server are marked with S>C (server to client). The last column indicates the type of SSL record message that was received, which can be either Handshake, Alert, ChangeCipherSpec, or application_data. Finally, the ssldump utility may print record-specific data on the rest of the line. For Handshake records, the utility prints the handshake message. For application_data messages, the utility prints the decrypted application data. By default, the ssldump utility decodes and displays useful details of some SSL record messages. For example: ClientHello Details the version, offered cipher suites, and session id, if provided. ServerHello Details the version, session_id, chosen cipher suite, and compression method. Alert Details type and level, if provided. The following example is the ssldump output for the second record on connection 2: 2 2 0.0277 (0.0274) S>C Handshake ServerHello Version 3.0 session_id[32]= a3 ca ad 46 95 5d 64 bb 33 ec b5 12 91 21 a3 50 d2 c0 c5 f6 67 c3 cc 9e c0 4a 71 1b 92 dc 58 55 cipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod NULL The record was sent by the server, and it is a Handshake record that contains a Server Hello message. Examine the decrypted application data The ssldump utility must have access to either the (asymmetric) private key from the server you want to debug, or the (symmetric) pre-master secret keys. Using the pre-master secret keys allows you to examine the decrypted application data in Wireshark without having access to the (asymmetric) private key. Examine the decrypted application data using the (symmetric) pre-master secret keys Beginning in BIG-IP 11.2.0, the ssldump -M option allows you to create a pre-master secret (PMS) key log file. You can load the PMS log file into Wireshark (1.6 and later) along with the capture file and use it to decrypt the application data without having access to the server's private key. This option gives F5 Support the ability to fully decrypt sessions in the targeted capture file without revealing sensitive information about the private key. To run ssldump using the -M option to create a pre-master secret key log file, perform the following procedure: Log in to the BIG-IP command line. Capture the packet trace containing the SSL traffic (refer to the Capturing the target traffic section). To create a pre-master secret key log file, use the following ssldump syntax: ssldump -r /path/to/capture_file -k /path/to/private_key -M /path/to/pre-master-key_log_file For example, the following ssldump command reads the www-ssl-client1.cap capture file using the test.org key file to decrypt the session, and creates the PMS log file called client1.pms: ssldump -r /var/tmp/www-ssl-client1.cap -k /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:test.org.key_1 -M /var/tmp/client1.pms You can now load the capture file and the PMS log file into Wireshark (1.6 and later). Note: To load the pre-master secret (PMS) key log file in Wireshark, go to Edit > Preferences > Protocols > TLS, and enter the path and file name of the PMS key in the (Pre)-Master-Secret log filename field. Examine the decrypted application data using the (asymmetric) private key To decrypt and display application data, the ssldump utility will need a copy of the private key from the server you want to debug. If you do not have the key, the application data cannot be decrypted, and you will only be able to examine and decode the SSL handshake packets. In the previous example, the ssldump command that is provided prints the application_data record type but does not display the application data itself. Since no key was provided, the application data has not been decrypted. To print the decrypted application data, use the -k option to specify the path and name of the file containing the server's private key. For example: ssldump -Aed -nr /var/tmp/www-ssl-client.cap -k /config/ssl/ssl.key/www-ssl.key Decoded application data records printed by ssldump appear similar to the following example: 3 7 1247932735.6286 (0.0031) C>SV3.1(436) application_data --------------------------------------------------------------- GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 1.1.4322; msn OptimizedIE8;ENUS) Accept-Encoding: gzip, deflate Host: 172.24.72.169 Connection: Keep-Alive 3 8 1247932735.8015 (0.1728) S>CV3.1(1540) application_data --------------------------------------------------------------- HTTP/1.1 200 OK Date: Sat, 18 Jul 2009 15:25:37 GMT Server: Apache/2.2.3 (Debian) PHP/4.4.4-8+etch4 mod_ssl/2.2.3 OpenSSL/0.9.8g mod_perl/2.0.2 Perl/v5.8.8 Last-Modified: Tue, 08 Jan 2008 22:59:06 GMT ETag: "3306ee-8be-ec750280" Accept-Ranges: bytes Content-Length: 2238 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html Locate a BIG-IP virtual server's private key The private key that the BIG-IP system uses for a virtual server is specified in the Client SSL profile applied to the virtual server. The key file locations are listed below: BIG-IP 11.x - 16.x: /config/filestore/files_d/<partition_name>_d/certificate_key_d/ For example: /config/filestore/files_d/Common_d/certificate_key_d/:Common:test.org.key_1 To determine the key used for a particular virtual server, examine the virtual server configuration to determine the name of the SSL profiles applied to the virtual server, then examine the SSL profile configuration to determine the name of the key file. Resumed TLS handshake One of the most common reasons an ssldump may not decrypt application data, is if the data is contained within a resumed TLS session. Public key operations are expensive in terms of processing power during the initial setup and key exchange. TLS specifications allow a secure shortcut by using the session_id to resume an SSL connection for which the key exchange was already performed. In situations where the SSL communication is using a resumed session, ssldump will not be able decrypt the application data unless the capture file contains the initial handshake containing the asymmetric key exchange and session_id. The ssldump utility relies on the information that is exchanged during the initial session setup to decrypt the data. The following packet capture output example shows a resumed connection: A client requesting to resume an SSL session appears similar to the following example: New TCP connection #2: 192.0.2.42(37811) <-> 198.51.100.47(443) 2 1 1296947622.6312 (0.0006) C>SV3.1(156) Handshake ClientHello Version 3.1 random[32]= 4d 4d d9 b3 c1 db aa 8e 2a fc 95 ce c0 66 dc 49 a9 49 a5 bf bc c3 3d 67 e5 ba be 77 44 44 6f 8b resume [32]= c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad 4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9 cipher suites TLS_DHE_RSA_WITH_AES_128_CBC_SHA Unknown value 0x45 TLS_DHE_RSA_WITH_AES_256_CBC_SHA Unknown value 0x88 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0x44 TLS_DHE_DSS_WITH_AES_256_CBC_SHA Unknown value 0x87 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_RC4_128_SHA Unknown value 0x90 Unknown value 0x91 Unknown value 0x8f Unknown value 0x8e TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x41 TLS_RSA_WITH_AES_256_CBC_SHA Unknown value 0x84 TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 Unknown value 0x8c Unknown value 0x8d Unknown value 0x8b Unknown value 0x8a compression methods NULL A server agreeing to resume the session returns the ServerHello with the same session_id as displayed below: 2 2 1296947622.6313 (0.0001) S>CV3.1(74) Handshake ServerHello Version 3.1 random[32]= 19 21 d7 55 c1 14 65 63 54 23 62 b7 c4 30 a2 f0 b8 c4 20 06 86 ed 9c 1f 9e 46 0f 42 79 45 8a 29 session_id[32]= c4 44 ea 86 e2 ba f5 40 4b 44 b4 c2 3a d8 b4 ad 4c dc 13 0d 6c 48 f2 70 19 c3 05 f4 06 e5 ab a9 cipherSuite TLS_RSA_WITH_RC4_128_SHA compressionMethod NULL The previous example is a resumed session; the client sends a ClientHello that includes a resume[], the server responds with a ServerHello that contains the same session_id the client sent. The server is under no obligation to resume a session. This is specified within the TLS 1.0 specification RFC2246: session_id This is the identity of the session corresponding to this connection. If the ClientHello.session_id was non-empty, the server will look in its session cache for a match. If a match is found and the server is willing to establish the new connection using the specified session state, the server will respond with the same value as was supplied by the client. This indicates a resumed session and dictates that the parties must proceed directly to the finished messages. Otherwise this field will contain a different value identifying the new session. The server may return an empty session_id to indicate that the session will not be cached and therefore cannot be resumed. If a session is resumed, it must be resumed using the same cipher suite it was originally negotiated with. To avoid this situation, you can use one of the following methods: Temporarily disable the SSL session cache in the Client SSL profile by disabling the Renegotiation option. Disabling the SSL session cache causes the BIG-IP system to perform a full SSL handshake for each connection. Force the client to start a new session. Here is a nice video / tutorial that you may also find helpful And this video might be helpful as well
-
Backup Invision Community Site
I'm use to using all these different software packages available to other CMS sites like Wordpress, Joomla, Drupal, etc.. that would perform routine backups of your site and make it very easy to restore. In fact cPanel has backup and restore built in for Wordpress sites but that's where it stops. Apparently we are all suppose to use the very slow Wordpress solution. NOT! Briefly here is how you can create the routine to backup your website regardless 1st concentrate on the Database backups since many times you could reinstall the software but much of the content you can find in the database. BACKUP DATABASE in cPANEL with CRON JOB OPTION 1 cpanel cronjobs /usr/bin/mysqldump -u dbusername -p 'dbpassword' dbname > /path/backup.sql OPTION 2 file manager + file .my.cnf edit .my.cnf [client] user = dbusername password = "dbpassword" host = localhost SAVE CHANGES cronjobs mysqldump dbname > /path/backup.sql >/dev/null 2>&1 Now let's concentrate how to backup the files for your website since many of us have files/attachments and we want them to retur
-
Security (CVSS CVE)
Definitions CVSS: Common Vulnerability Scoring System. The CVSS framework is maintained by the Forum of Incident Response and Security Teams (FIRST), a nonprofit organization consisting of more than 500 members. CVSS scores are calculated using a formula consisting of vulnerability-based metrics. A CVSS score is derived from scores in these three groups: Base, Temporal and Environmental. Scores range from zero to 10, with zero representing the least severe and 10 representing the most severe. CVE: Common Vulnerabilities and Exposures. CVE divides threats into two categories: vulnerabilities and exposures. The catalog, which is sponsored by Department of Homeland Security's (DHS), is designed to standardize the way each known vulnerability or exposure is identified. CVE system is a vulnerability classification scheme, which assigns each vulnerability a unique identifier, as listed in the National Institute of Standards and Technology (NIST) National Vulnerability Database. CVE identifiers are formatted as follows: CVE-[Four-Digit Year]-[Sequential Identifier]
-
Ubergeek.tv - Switch To Linux
This was done in flash. Initially drawn as keyframes on his animation desk, then tweened and traced in Flash. Still one of his strongest pieces!
-
1984 Apple's Macintosh Commercial
"1984" is an American television commercial which introduced the Apple Macintosh personal computer for the first time. It was conceived by Steve Hayden, Brent Thomas and Lee Clow at Chiat/Day, Venice, produced by New York production company Fairbanks Films, and directed by Ridley Scott. Anya Major performed as the unnamed heroine and David Graham as Big Brother. Its only U.S. daytime televised broadcast was on January 22, 1984 during and as part of the telecast of the third quarter of Super Bowl XVIII. Chiat/Day also ran the ad one other time on television, in December 1983 right before the 1:00 am sign-off on KMVT in Twin Falls, Idaho, so that the advertisement could be submitted to award ceremonies for that year. In addition, starting on January 17, 1984 it was screened prior to previews in movie theaters for a few weeks. It has since been seen on television commercial compilation specials, as well as in "Retro-mercials" on TV Land. The estate of George Orwell and the television rightsholder to the novel 1984 considered the commercial to be a flagrant copyright infringement, and sent a cease-and-desist letter to Apple and Chiat/Day in April 1984. The commercial was never televised as a commercial after that. Back in January 1984, Apple was on the cusp of debuting its successor to both the Apple II and the Lisa - called the Macintosh. But it was a commercial during the Super Bowl that already convinced a bunch of its users to buy one, before it had even been shown in public. As a break began during the third quarter of Super Bowl XVIII, a George Orwell-inspired ad showed a lady running through a futuristic citadel, all directed by Ridley Scott of Alien and Gladiator. She throws a sledgehammer at a screen, to the shock of its citizens, telling viewers to prepare for the Macintosh. It was a huge success, and it's due to its ongoing regenerations that you can go to an Apple Store today and look to buy an iMac, a MacBook Pro, a Mac mini and more - they all originated from that day in January 1984. However, you could argue that the messaging that the commercial gave, brings more relevance now than ever before, due to where Apple is going with the Mac for Apple Silicon chips and rumored plans to take more control over what's inside the iPhone in the coming years.
-
Sticky Session Persistence
Persistence—otherwise known as stickiness—is a technique implemented by ADCs to ensure requests from a single user are always distributed to the server on which they started. Sticky session, or session persistence occurs when the load balancer creates a connection between a network and a user for a direction of the session. Requests for sessions from a client in a sticky session means all requests go to the same machine that received the first request. Sticky sessions ensure that the connection between the client and the network during a session is not lost as a result of requests being routed to different servers. However, sticky sessions can cause uneven load distributions across servers. Load Balancer If user sessions depend on the client always connecting to the same backend, you can send a cookie to the client to enable sticky sessions. Sticky sessions are only visible at the load balancer layer; the cookies used for sticky sessions are both set and stripped at the load balancer. Because those cookies are not present in the request sent to the backend Droplets, backend applications cannot use them. Sticky sessions send subsequent requests from the same client to the same Droplet by setting a cookie with a configurable name and TTL (Time-To-Live) duration. The TTL parameter defines the duration the cookie remains valid in the client’s browser. This option is useful for application sessions that rely on connecting to the same Droplet for each request. Note that sticky sessions do not work with SSL passthrough (port 443 to 443). However, they do work with SSL termination (port 443 to 80) and HTTP requests (port 80 to 80).
-
iphone video only mov
Issue I learned recently but apparently the issue has existed for awhile now. All videos you do on you iOS are .mov files which means when you attach to a post or blog it only works if you are using a Safari browser. If you use a Chrome browser you are screwed. The standard is .mp4 format that works across the board. It reminds me a lot of the lightning cable (apple only) vs usb-c (universal). Huge bummer to learn that only Safari browsers can view these videos that were created by Apple devices. You know it’s the first time I feel Microsoft and Apple are on the same page. Microsoft is very much about proprietary (keep it in the family). Where Apple has all been about ease of use, starting using linux which is supported mainly by the linux community… So needless to say i’m bummed to learn this about only able to view apple movies with apple devices with an apple browser. I hope that Apple joins the standards group so we can use our iOS device videos everywhere. Please allow creating videos in some standard video formats. We all know iOS devices have the best cameras, best OS and best power in a mobile device. No need to keep the video in proprietary mode of .mov
-
Garden of the Gods
Located in Colorado Springs, this is an attraction that brings in huge numbers of visitors from around the globe. At close to 1400 acres, there is plenty for visitors to feast their eyes on at this park with some stunning scenery to take in. Garden of the Gods is designated a National Natural Landmark, making it the perfect attraction for those that want to get close to nature. You will be thrilled with the rock formations found here, which cover geological history going back hundreds of millions of years. You can also enjoy the various walking trails to help you to make the most of your visit to this widely popular natural wonder. So, be sure to add this attraction to your USA bucket list.
-
Disneyland Park
There are so many great attractions in California, but this world-famous theme park is an absolute must when you come to this state. Although there are other Disney theme parks around the globe, this is the only one where construction was personally supervised by the man himself – Walt Disney. This gives it a unique and special twist as well as a little extra Disney magic. Of course, the fabulous rides, magical attractions, and exciting characters also add to its appeal, making it the perfect place for the whole family to visit when visiting this state.
-
Magic Springs and Crystal Falls Water and Theme Park
This theme park provides a day of thrill, amusement, and fun for the whole family. There is something for all ages at this park with both white-knuckle rides and rides for younger ones. If you visit during the summer, you will also enjoy being able to cool off at the water park, which provides a host of additional thrills, including the fabulous wave pools. If you want to chill out and relax for a little while, you can enjoy the lagoons. The impressive water slides offer added excitement for kids and adults alike and thus should be on your USA bucket list.
-
Grand Canyon National park
No trip to Arizona would be complete without a visit to the breathtaking Grand Canyon, which is known as one of the Seven Natural Wonders of the World. You will find plenty to see and do here and some fantastic photo opportunities of the awe-inspiring surroundings. Accessible from both the North and South Rim, the Grand Canyon offers a host of hiking trails for those who really want to explore the area. You can even explore via mule rides if you prefer, although hiking on foot allows you to explore at your own pace and get to one with nature as you take in this stunning natural formation.
-
Glacier Bay National Park
If you enjoy taking in stunning natural beauty, then you will be thrilled with this attraction. Situated in the Alaska panhandle, this is a place where you can immerse yourself in the incredible surroundings that Alaska has become known for. There are many outdoor activities that you can look forward to when you visit this attraction, and there is even a lodge that you can use as your base. Amongst the recreational activities you can enjoy here are kayaking and hiking, not to mention bird watching and fishing. You will be fascinated by the wildlife that is present here too, including mountain goats and black bears.
-
DJ Gig Setup Hardware
When using Virtual DJ and the Allen & Heath ZED10fx you must configure it like shown below to get deck2 through the headphones on the MacBook When do I use the ZED10fx? When I need to plug in lead guitar, bass guitar, drums and a mic
-
EventGuyZ on Programming
This is actually a pretty difficult subject since there are so many different programming languages out there. I will be covering what I have discovered are the more common mostly used programming lanugages which are bash (shell), python and JSON since those are what I use on a daily basis. I'm not an expert in any of these languages but I am happy to share my progress as I go through these. You will find more info under the Programming Club on this site where you'll find discussions, blogs, images, files and more. This page is just a doormat before you walk into the house of Programming.
-
Sunset Pointe
831 N. Section St, Fairhope 36532 http://www.sunsetpointefairhope.com/ Chef and Owner Pete Blohme is making show-stopping seafood in Alabama including an amazing bouillabaisse and a dish with a prized cut of meat from red snapper. He is also the chef and owner of one of Guy’s other favorite joints, Panini Pete’s. Special Dishes: Eastern Shore Bouillabaisse, Gulf Snapper Throats