Pages

12/03/2015

Bandwidth Throttling with Robocopy

Bandwidth throttling with Robocopy

Calculate the /IPG number.

BA=Kbps of circuit

BD=approximate Kbps you want to allow




IPG = ((BA-BD)/BA*BD)*512*1000

10/22/2015

Fix my IT system: Manage Windows Network Bandwidth with native QOS

Fix my IT system: Manage Windows Network Bandwidth with native QOS: Manage Windows Network Bandwidth with native QOS




Windows 2012 QOS!




Get-NetQosPolicy
New-NetQosPolicy
-Name "FileCopy" -SMB -ThrottleRateActionBitsPerSecond 2MB






Set-NetQosPolicy
-Name "FileCopy" -ThrottleRateActionBitsPerSecond 10MB






Remove-NetQosPolicy
-Name "FileCopy"





10/20/2015

Reverse DNS records not registered when using DHCP

Reverse DNS records not registered when using DHCP


Windows client > NIC > ipv4 > check the box named:
        Use this connection's DNS suffix in DNS registration

10/19/2015

Recognizing and Categorizing Symptoms of Voice Quality Problems - Cisco

Recognizing and Categorizing Symptoms of Voice Quality Problems - Cisco:

Interesting categorization with sample sound bites.


How to Do TCP Sequence Number Analysis

How to Do TCP Sequence Number Analysis

From packetbomb.com
  • TCP typically ACKs every other segment
  • Add sequence number, next sequence number, and acknowledgment number to your Wireshark columns
  • Next sequence number is sequence number plus TCP data payload length
  • ACK number tells you what data has been received and what the next received sequence number should be
  • TCP will ACK every packet when in recovery


  • Command line: Using tcpdump to find scanning activity

    Command line: Using tcpdump to find scanning activity

    Great Stuff from packetbomb.com

    10/02/2015

    Windows DNS Server: Security Settings

    Do a DNS test at:
    DNS Stuff


    You will get warnings of various kinds.  A couple of important fixes are:


    Disable Version Query

    dnscmd /config /EnableVersionQuery  0


    Disable Recursion

    dnscmd  /Config /NoRecursion 1

    9/29/2015

    List all SPNs in Active Directory

    From TechNet


    
    cls
    $search = New-Object  DirectoryServices.DirectorySearcher([ADSI]“”)
    $search.filter = “(servicePrincipalName=*)”
    $results = $search.Findall()
    
     
    
    #list results
    foreach($result in $results)
    {
            $userEntry  = $result.GetDirectoryEntry()
            Write-host "Object Name = " $userEntry.name -backgroundcolor "yellow" -foregroundcolor "black"
            Write-host "DN      =      "  $userEntry.distinguishedName
            Write-host "Object Cat. = "  $userEntry.objectCategory
            Write-host "servicePrincipalNames"
            $i=1
            foreach($SPN in $userEntry.servicePrincipalName)
            {
                Write-host  "SPN(" $i ")   =      " $SPN       $i+=1
            }
            Write-host ""
    
    } 
    

    7/12/2015

    Packet Capture From Cisco Router


    7K

    ethanalyzer local interface inband limit-captured-frames 20000 autostop duration 120 write bootflash:capture.pcap

    IOS-XE Router


    monitor capture CAP int Gi0/0/1 both
    monitor capture CAP match ipv4 any any
    monitor capture CAP start
    show monitor capture CAP buffer brief
    monitor capture CAP stop
    monitor capture CAP export ftp://10.1.10.27/CAP.pcap
    no monitor capture CAP

    IOS Router

    1. create access-list for packet filter
    2. access-list 1 permit 10.100.1.45
    3. create buffer
    4. monitor capture buffer holdpackets
    5. filter buffer
    6. monitor capture buffer holdpackets filter access-list 1
    7. create capture point
    8. monitor capture point ip cef mytrace all both
    9. associate capture point with buffer
    10. monitor capture point associate mytrace holdpackets
    11. start capture
    12. monitor capture point start mytrace
      • Look at progress
      show monitor capture buffer all parameters
      • See list of capture points
      show monitor capture point all
    13. Stop the capture
    14. monitor capture point stop mytrace
    15. Export buffer as PCAP
    16. monitor capture buffer holdpackets export tftp://10.1.10.27/mytrace.pcap
    17. Remove buffer
    18. no monitor capture buffer holdpackets
    19. Remove capture point
    20. no monitor capture point ip cef mytrace all both



    4/14/2015

    3/26/2015

    Windows Firewall Command Line

    Windows FW Command
    disable netsh advfirewall set domainprofile state off
    enable netsh advfirewall set domainprofile state on
    block it all netsh advfirewall set domainprofile firewallpolicy blockinboundalways,blockoutboundalways
    restore default netsh advfirewall reset
    restrict an app netsh advfirewall firewall add rule name="secure" dir=in action=deny program="c:\program files\app.exe" enable=yes
    allow app to range of IP's netsh advfirewall firewall add rule name="secure" dir=in action=allow program="c:\program files\app.exe" enable=yes remoteip=206.13.28.12,LocalSubnet profile=domain

    Win7/8 Start Run Commands

    Win7/8 Start Run Commands


    Open Documents Folder documents
    Open Videos folder videos
    Open Downloads Folder downloads
    Open Favorites Folder favorites
    Open Recent Folder recent
    Open Recent Folder logoff
    Open Pictures Folder pictures
    Windows Sideshow control.exe /name Microsoft.WindowsSideshow
    Windows CardSpace control.exe /name Microsoft.cardspace
    Windows Anytime Upgrade WindowsAnytimeUpgradeui
    Taskbar and Start Menu control.exe /name Microsoft.TaskbarandStartMenu
    Troubleshooting control.exe /name Microsoft.Troubleshooting
    User Accounts control.exe /name Microsoft.UserAccounts
    Adding a new Device devicepairingwizard
    Add Hardware Wizard hdwwiz
    Advanced User Accounts netplwiz
    Advanced User Accounts azman.msc
    Backup and Restore sdclt
    Bluetooth File Transfer fsquirt
    Calculator calc
    Certificates certmgr.msc
    Change Computer Performance Settings systempropertiesperformance
    Change Data Execution Prevention Settings systempropertiesdataexecutionprevention
    Change Data Execution Prevention Settings printui
    Character Map charmap
    ClearType Tuner cttune
    Color Management colorcpl
    Command Prompt cmd
    Component Services comexp.msc
    Component Services dcomcnfg
    Computer Management compmgmt.msc
    Computer Management compmgmtlauncher
    Connessione proiettore di rete netproj
    Connect to a Projector displayswitch
    Control Panel control
    Create A Shared Folder Wizard shrpubw
    Create a System Repair Disc recdisc
    Credential Backup and Restore Wizard credwiz
    Data Execution Prevention systempropertiesdataexecutionprevention
    Date and Time timedate.cpl
    Default Location locationnotifications
    Device Manager devmgmt.msc
    Device Manager hdwwiz.cpl
    Device Pairing Wizard devicepairingwizard
    Diagnostics Troubleshooting Wizard msdt
    Digitizer Calibration Tool tabcal
    DirectX Diagnostic Tool dxdiag
    Disk Cleanup cleanmgr
    Disk Defragmenter dfrgui
    Disk Management diskmgmt.msc
    Display dpiscaling
    Display Color Calibration dccw
    Display Switch displayswitch
    DPAPI Key Migration Wizard dpapimig
    Driver Verifier Manager verifier
    Ease of Access Center utilman
    EFS Wizard rekeywiz
    Event Viewer eventvwr.msc
    Fax Cover Page Editor fxscover
    File Signature Verification sigverif
    Font Viewer fontview
    Game Controllers joy.cpl
    Getting Started gettingstarted
    IExpress Wizard iexpress
    Getting Started irprops.cpl
    Install or Uninstall Display Languages lusrmgr
    Internet Explorer iexplore
    Internet Options inetcpl.cpl
    iSCSI Initiator Configuration Tool iscsicpl
    Language Pack Installer lpksetup
    Local Group Policy Editor gpedit.msc
    Local Security Policy secpol.msc
    Local Users and Groups lusrmgr.msc
    Location Activity locationnotifications
    Magnifier magnify
    Malicious Software Removal Tool mrt
    Manage Your File Encryption Certificates rekeywiz
    Math Input Panel mip
    Microsoft Management Console mmc
    Microsoft Support Diagnostic Tool msdt
    Mouse main.cpl
    NAP Client Configuration napclcfg.msc
    Narrator narrator
    Network Connections ncpa.cpl
    New Scan Wizard wiaacmgr
    Notepad notepad
    ODBC Data Source Administrator odbcad32
    ODBC Driver Configuration odbcconf
    On-Screen Keyboard osk
    Paint mspaint
    Pen and Touch tabletpc.cpl
    People Near Me collab.cpl
    Performance Monitor perfmon.msc
    Performance Options systempropertiesperformance
    Phone and Modem telephon.cpl
    Phone Dialer dialer
    Power Options powercfg.cpl
    Presentation Settings presentationsettings
    Print Management printmanagement.msc
    Printer Migration printbrmui
    Printer User Interface printui
    Private Character Editor eudcedit
    Problem Steps Recorder psr
    Programs and Features appwiz.cpl
    Protected Content Migration dpapimig
    Region and Language intl.cpl
    Registry Editor regedit
    Registry Editor 32 regedt32
    Remote Access Phonebook rasphone
    Remote Desktop Connection mstsc
    Resource Monitor resmon
    Resultant Set of Policy rsop.msc
    SAM Lock Tool syskey
    Screen Resolution desk.cpl
    Securing the Windows Account Database syskey
    Services services.msc
    Set Program Access and Computer Defaults computerdefaults
    Share Creation Wizard shrpubw
    Shared Folders fsmgmt.msc
    Snipping Tool snippingtool
    Sound mmsys.cpl
    Sound recorder soundrecorder
    SQL Server Client Network Utility cliconfg
    Sticky Notes stikynot
    Stored User Names and Passwords credwiz
    Sync Center mobsync
    System Configuration msconfig
    System Configuration Editor sysedit
    System Information msinfo32
    System Properties sysdm.cpl
    System Properties (Advanced Tab) systempropertiesadvanced
    System Properties (Computer Name Tab) systempropertiescomputername
    System Properties (Hardware Tab) systempropertieshardware
    System Properties (Remote Tab) systempropertiesremote
    System Properties (System Protection Tab) systempropertiesprotection
    System Restore rstrui
    Task Manager taskmgr
    Task Scheduler taskschd.msc
    Trusted Platform Module (TPM) Management tpm.msc
    User Account Control Settings useraccountcontrolsettings
    Utility Manager utilman
    Version Reporter Applet winver
    Volume Mixer sndvol
    Windows Action Center wscui.cpl
    Windows Activation Client slui
    Windows Anytime Upgrade Results windowsanytimeupgraderesults
    Windows CardSpace infocardcpl.cpl
    Windows Disc Image Burning Tool isoburn
    Windows DVD Maker dvdmaker
    Windows Easy Transfer migwiz
    Windows Explorer explorer
    Windows Fax and Scan wfs
    Windows Features optionalfeatures
    Windows Firewall firewall.cpl
    Windows Firewall with Advanced Security wf.msc
    Windows Journal journal
    Windows Media Player wmplayer
    Windows Memory Diagnostic Scheduler mdsched
    Windows Mobility Center mblctr
    Windows Picture Acquisition Wizard wiaacmgr
    Windows PowerShell powershell
    Windows PowerShell ISE powershell_ise
    Windows Remote Assistance msra
    Windows Repair Disc recdisc
    Windows Script Host wscript
    Windows Update wuapp
    Windows Update Standalone Installer wusa
    Versione Windows winver
    WMI Management wmimgmt.msc
    WordPad write
    XPS Viewer xpsrchvw

    3/02/2015

    DNS Name Server Entries in Parent Domain

    Your domain registrar, for example Network Solutions, maintains the DNS records that resolve your name servers' names to IP's in the parent domain. Your name servers in your start of authority (SOA) might be, for example, ns1.examplename.com and ns2.examplename.com. Records for resolution of those names to IP numbers need to be in the parent domain, such as .com.
    You can verify this with the following procedure:
    Input Result
    nslookup l.root-servers.net
    199.7.83.42
    nslookup
    C:\>nslookup
    Default Server:  router.Belkin
    Address:  192.168.2.1
    >
    
    server 199.7.83.42
    Default Server:  l.root-servers.net
    Address:  199.7.83.42
    >
    
    
    
    > set norecurse
    > set q=NS
    > EXAMPLENAME.com.
    
    Server:  l.root-servers.net
    Address:  199.7.83.42
    
    com     nameserver = a.gtld-servers.net
    com     nameserver = b.gtld-servers.net
    com     nameserver = c.gtld-servers.net
    com     nameserver = d.gtld-servers.net
    com     nameserver = e.gtld-servers.net
    com     nameserver = f.gtld-servers.net
    com     nameserver = g.gtld-servers.net
    com     nameserver = h.gtld-servers.net
    com     nameserver = i.gtld-servers.net
    com     nameserver = j.gtld-servers.net
    com     nameserver = k.gtld-servers.net
    com     nameserver = l.gtld-servers.net
    com     nameserver = m.gtld-servers.net
    a.gtld-servers.net      internet address = 192.5.6.30
    b.gtld-servers.net      internet address = 192.33.14.30
    c.gtld-servers.net      internet address = 192.26.92.30
    d.gtld-servers.net      internet address = 192.31.80.30
    e.gtld-servers.net      internet address = 192.12.94.30
    f.gtld-servers.net      internet address = 192.35.51.30
    g.gtld-servers.net      internet address = 192.42.93.30
    h.gtld-servers.net      internet address = 192.54.112.30
    i.gtld-servers.net      internet address = 192.43.172.30
    j.gtld-servers.net      internet address = 192.48.79.30
    k.gtld-servers.net      internet address = 192.52.178.30
    l.gtld-servers.net      internet address = 192.41.162.30
    m.gtld-servers.net      internet address = 192.55.83.30
    a.gtld-servers.net      AAAA IPv6 address = 2001:503:a83e::2:30
    >
    
    
    
    server 192.5.6.30
    in-addr.arpa    nameserver = a.in-addr-servers.arpa
    in-addr.arpa    nameserver = b.in-addr-servers.arpa
    in-addr.arpa    nameserver = c.in-addr-servers.arpa
    in-addr.arpa    nameserver = d.in-addr-servers.arpa
    in-addr.arpa    nameserver = e.in-addr-servers.arpa
    in-addr.arpa    nameserver = f.in-addr-servers.arpa
    a.in-addr-servers.arpa  internet address = 199.212.0.73
    b.in-addr-servers.arpa  internet address = 199.253.183.183
    c.in-addr-servers.arpa  internet address = 196.216.169.10
    d.in-addr-servers.arpa  internet address = 200.10.60.53
    e.in-addr-servers.arpa  internet address = 203.119.86.101
    f.in-addr-servers.arpa  internet address = 193.0.9.1
    a.in-addr-servers.arpa  AAAA IPv6 address = 2001:500:13::73
    b.in-addr-servers.arpa  AAAA IPv6 address = 2001:500:87::87
    c.in-addr-servers.arpa  AAAA IPv6 address = 2001:43f8:110::10
    d.in-addr-servers.arpa  AAAA IPv6 address = 2001:13c7:7010::53
    e.in-addr-servers.arpa  AAAA IPv6 address = 2001:dd8:6::101
    f.in-addr-servers.arpa  AAAA IPv6 address = 2001:67c:e0::1
    
    Default Server:  [192.5.6.30]
    Address:  192.5.6.30
    
    >
    
    
    
     EXAMPLENAME.com. 
    Server:  [192.5.6.30]
    Address:  192.5.6.30
    
    EXAMPLENAME.com     nameserver = ns1.EXAMPLENAME.com
    EXAMPLENAME.com     nameserver = ns2.EXAMPLENAME.com
    EXAMPLENAME.com     nameserver = ns3.EXAMPLENAME.com
    ns1.EXAMPLENAME.com internet address = 72.240.197.35
    ns2.EXAMPLENAME.com internet address = 72.240.197.36
    ns3.EXAMPLENAME.com internet address = 67.224.124.201
    >
    
    
    

    1/14/2015

    Powershell: File Dialog

    Here is an example of presenting the user with a file dialog. 
    This script also does some conversion and opens the CSV in Excel when it's done.
    ############################################################################################
    #
    # SSID Report Conversion
    # Process SSID report from NCS.  Calculate connection time in seconds and KB transferred
    #
    
    Function Get-FileName($initialDirectory)
    {   
     [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null
     $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog
     $OpenFileDialog.ShowHelp = $true
     $OpenFileDialog.initialDirectory = $initialDirectory
     $OpenFileDialog.filter = "All files (*.*)| *.*"
     $OpenFileDialog.ShowDialog() | Out-Null
     $OpenFileDialog.filename
    } #end function Get-FileName
    
    # 
    
    [string]$infile = Get-FileName -initialDirectory "Downloads"
    if (-not $infile) { exit }
    
    $outfile = $infile -replace ".csv", "-ADJUSTED.csv"
    
    $file = get-content $infile
    $today = Get-Date
    $today = $today.touniversaltime()
    
    write-output "Converted:  $today" | out-file -encoding ASCII -filepath $outfile
    foreach ($line in $file) {
     $field = $line.split(",")
     if ($field.count -eq 13) {# report body
      if ($field[0] -eq "Client Username") { #header line (first field heading matches)
       $heading = $line + ",Seconds Connected,KBytes Transferred"
       write-output $heading | out-file -encoding ASCII -filepath $outfile -append
       continue
      } #end header line
    
      #fix average Kb
      $avgKbits = $field[6]
      if ($avgKbits -eq "<0.1") { $avgKbits = 0 }
     
      #Connection time in seconds
      $conn = $field[5]
      [array]$seperator = " hrs " , " min " , " sec"
      $option = [System.StringSplitOptions]::RemoveEmptyEntries
      $hours = 0
      $minutes = 0
      $seconds = 0
      $connection = 0
      $temp = $conn.split($seperator, $option)
      if ($temp.count -eq 3) {
       $hours = [int]$temp[0]
       $minutes = [int]$temp[1]
       $seconds = [int]$temp[2]
       }
      elseif ($temp.count -eq 2) {
       $minutes = [int]$temp[0]
       $seconds = [int]$temp[1]
       }
      elseif ($temp.count -eq 1) {
       $seconds = [int]$temp[0]
       }
      $connection = ( $hours * 60 * 60 )  + ( $minutes * 60 ) + $seconds
    
      #Bytes transferred
      $KBytes = $connection * $avgKbits * 8
      $line = $line + "," + $connection + "," + $KBytes
      write-output $line | out-file -encoding ASCII -filepath $outfile -append
     }#end if 16 fields
    
     else {# report heading line (does not have 13 fields)
      write-output $line | out-file -encoding ASCII -filepath $outfile -append
     }#end else 
    
    }#end foreach line
    
    start excel $outfile
    

    1/12/2015

    Troubleshooting TCP Throughput

    Good presentation of TCP Throughput troubleshooting:
    PDF:  http://packetbomb.com/understanding-throughput-and-tcp-windows
    Video with example:
    https://www.youtube.com/watch?v=qFWjugyKyrE

    Thanks to kory@packetbomb.com

    Packet-Level: Am I looking at a trace from client side or server side?

    Look at 3 way handshake (SYN, SYN/ACK, ACK.)
      - Client side trace will have delay between SYN & SYN/ACK
      - Server side trace will have delay between SYN/ACK & ACK.

    Duh, this is obvious!  Some might say.  But I find it insightful as TCP analysis is just a "hobby" -- I do it so rarely in my work that I learn and re-learn each time I need to slog through a trace file.

    powershell query remote sharepoint

    Example of query to a sharepoint list on a remote machine.
    ############################################################################################
    # Create $list of server names - in Service Catalog where status equals selection
    #
    
    [array]$list = $null
    $uri = "http://portal/apps/systemscatalog/_vti_bin/lists.asmx?WSDL"
    $listName = "Server Catalog" 
    
    # Create xml query - get the whole list
    $xmlDoc = new-object System.Xml.XmlDocument
    $query = $xmlDoc.CreateElement("Query")
    $vfxml = "" +
     "" +
     "" +
     "" +
     ""
    $viewFields = $xmlDoc.CreateElement("ViewFields")
    $queryOptions = $xmlDoc.CreateElement("QueryOptions")
    $query.set_InnerXml("FieldRef Name='Full Name'") 
    $rowLimit = "3000"
    $serverlist = $null 
    $service = $null  
    try{
        $service = New-WebServiceProxy -Uri $uri  -Namespace SpWs  -UseDefaultCredential
    }
    catch{ 
        Write-Error $_ -ErrorAction:'SilentlyContinue' 
    }
    if($service -ne $null){
        try{        
            $serverlist = $service.GetListItems($listName, "", $query, $viewFields, $rowLimit, $queryOptions, $null)
        }
        catch{ 
            Write-Error $_  -ErrorAction:'SilentlyContinue'
        }
    }
    $output = $serverlist.data.row
    
    
    if ( -not $output) {
     clear-host
     "ERROR:  No output from sharepoint"
     "ERROR:  No output from sharepoint" | out-file $logfile -append
     exit
     }
    
    [string]$status = $null
    foreach ($item in $output) {
     [string]$status = $item.ows_DeploymentStatus
     $Server = $item.ows_Title
     $dmz = $item.ows_IsDMZServer
     if ($dmz -eq $null) { $dmz = 0 }
     if($status -eq $selection) { 
       if ($filterDMZ -and (-not $dmz)) {
      if ($Server) { $list = $list + $Server} #skip a null value
       }#end if
       else {
           if ($Server) { $list = $list + $Server} #skip a null value
           }
     }#end if
     [string]$status = $null 
    } #end foreach
    
    #
    
    $list = $list | sort-object
    
    if ( -not $list) { 
        "ERROR:  No server list to check"
        "ERROR:  No server list to check" | out-file $logfile -append
        exit
        }