Tuesday, 21 June 2022

powershell script to test ping http ports and and RDP

 Function TestPingAndRDP ($IP)

{

Write-Host ***********************************************************

Write-Host Checking ping

Write-Host ***********************************************************


ping $IP


Write-Host $IP, "PING", ([System.Net.NetworkInformation.Ping]::new().Send($IP)).Status


Write-Host ***********************************************************

Write-Host Checking RDP

Write-Host ***********************************************************


Test-NetConnection -ComputerName $IP -CommonTCPport rdp

Write-Host ***********************************************************


}


Function PingOnly ($IPING)

{

Write-Host ***********************************************************

Write-Host Checking ping ONLY

Write-Host ***********************************************************


ping $IPING


Write-Host $IPING, "PING", ([System.Net.NetworkInformation.Ping]::new().Send($IPING)).Status

Write-Host ***********************************************************

}


Function TestWeb ($IWEB)

{

Write-Host ***********************************************************

Write-Host Checking web port 80

Write-Host ***********************************************************

Test-NetConnection -ComputerName $IWEB -CommonTCPport http


Write-Host ***********************************************************

Write-Host Checking web port 443

Write-Host ***********************************************************

Test-NetConnection -ComputerName $IWEB -Port 443

Write-Host ***********************************************************

}


Function TestHTTPCode ($url)

{

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$date = Get-Date

Write-Host $url, "HTTP STATUS CODE" (Invoke-WebRequest -uri $url).StatusCode, $date

}


###############################

# Remove comment by removing the #, then the code will be run

###############################


#TestPingAndRDP 192.168.100.10

#PingOnly 192.168.100.50

#PingOnly 8.8.8.8

#PingOnly www.google.com

#TestWeb www.google.com

#TestHTTPCode www.google.com


Posted by at No comments:
Labels: ,

Monday, 13 June 2022

check web server for weak SSL ciphers

We can use the namp command 

nmap -p 443 --script ssl-enum-ciphers 100.100.100.20

See if TLS1.0 / 1.1 is still enabled and looks for weak ciphers they will usually have a grade like C

These need to be disabled on the web server


Alternative test site can only test with URL for free:

https://www.ssllabs.com/ssltest/

Posted by at No comments:

Wednesday, 8 June 2022

global NAT on cisco FMC

Devices -> NAT

Edit NAT pol

Add rule button

NAT rule: Auto NAT rule

Type: Dynamic

Interface, set inside -> outside


Translated destination interface IP

Posted by at No comments:
Labels: , , ,

domain controller ports

Needed some objects with the usual domain controller ports. I'm sure not all are required for all deployments for example some installs might be using LDAP (389) others LDAPS (636) or vice versa.


Taken from here:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN


object-group service DC_PORTS_UDP udp

 port-object eq 389

 port-object eq 88

 port-object eq 445

 port-object eq 123

 port-object eq 464

 port-object eq 138

 port-object eq 67

 port-object eq 2535

 port-object eq 137



object-group service DC_PORTS_TCP tcp

 port-object eq 389

 port-object eq 636

 port-object eq 3268

 port-object eq 3269

 port-object eq 88

 port-object eq 53

 port-object eq 445

 port-object eq 135

 port-object eq 5722

 port-object eq 464

 port-object eq 9389

 port-object eq 139

Posted by at No comments:

cisco nexus 5k

Need to put the config in twice on 5k01 and 5k02

Don't forget you may need to add vlans to PortChannel vPC's on both sides too

Make sure to use the switchport trunk allowed vlan add command don't want to take out the port chan

*** add vlan 99 to the port channel

Create the vlan on both 5k01 and 5k02

interface port-channel10
switchport trunk allowed vlan add 99

Make same change on 5k01 and 5k02
This is because nexus are datacentre equipment



Posted by at No comments:
Labels: ,

Tuesday, 7 June 2022

test outbound UDP traffic from citrix netscaler

I needed a way to test outbound UDP traffic from citrix netscaler to prove traffic was working.

Normally I would use telnet for a quick TCP port check or the "nc" command but nc was not available on NetScaler and I could not install. I was able to test like so


Log into citrix netscaller

"shell" to get into CLI mode

echo -n "Test from 192.168.0.10" > /dev/udp/172.30.50.50/514

This sent UDP traffic from 192.168.0.10 (citrix) to 172.30.50.50 (logserver) on UDP port 514 (syslog)

I was able to see it arrive in my wireshark capture on 172.30.50.50

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)