Wi-Fi: diagnosi lato client/edge
Sonde di Synthetic Monitoring permettono di avere il corretto Feedback necessario per la gestione di infrastrutture di rete complesse
VMware’s Nathan Small who works as a Staff Engineer at Global Support Services has put together a great presentation about Advanced Root Cause Analysis. The presentation was designed to give you more insight into how a VMware Technical Support Engineer reviews logs, gathers data and performs in-depth analysis. Nathan is hoping to show you the skills they’re using every day to help determine the root cause for an issue in your environment. With this core knowledge, you will become more self-sufficient within your own environment and be able to diagnose an issue as it occurs rather than after the damage has been done.
Labs cisco ccna icnd1 proposé par firebrandtraining pour appliqué les connaissances apporté.
les bonnes pratiques dans le domaine reseau informatique vous obliger de faire des labs après la fin de chaque chapitre abordé dans les classes cisco.
Пять секретов оптимальной настройки цифровой АТС Cisco UCMSkillFactory
Александр Левичев – ведущий инструктор онлайн-школы SkillFactory по направлению VoIP – о способах оптимальной настройки цифровых АТС Cisco Unified Communications Manager 8.6
Hunting for APT in network logs workshop presentationOlehLevytskyi1
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
Es gibt viele Möglichkeiten hoch verfügbare und/oder skalierbare Dienste zu bauen, die weitläufig im Einsatz sind: DNS Round-Robin, ein Satz Loadbalancer oder Reverse-Proxies, etc. pp. An Anycast und BGP im eigenen Rechenzentrum trauen sich einige Admins und Entscheider nicht heran.
Warum es OK ist, wenn einige bis viele Server die selbe IP-Adresse haben, viele Wege nach Rom führen und wie man so ein Setup aufbaut und betreibt soll in diesem Vortrag praxisnah gezeigt werden. Wir bauen auf Basis von Debian Linux, Bird und Bind einen Cluster von Webservern und spielen ein bisschen damit herum (wenn noch genug Zeit ist).
VMware’s Nathan Small who works as a Staff Engineer at Global Support Services has put together a great presentation about Advanced Root Cause Analysis. The presentation was designed to give you more insight into how a VMware Technical Support Engineer reviews logs, gathers data and performs in-depth analysis. Nathan is hoping to show you the skills they’re using every day to help determine the root cause for an issue in your environment. With this core knowledge, you will become more self-sufficient within your own environment and be able to diagnose an issue as it occurs rather than after the damage has been done.
Labs cisco ccna icnd1 proposé par firebrandtraining pour appliqué les connaissances apporté.
les bonnes pratiques dans le domaine reseau informatique vous obliger de faire des labs après la fin de chaque chapitre abordé dans les classes cisco.
Пять секретов оптимальной настройки цифровой АТС Cisco UCMSkillFactory
Александр Левичев – ведущий инструктор онлайн-школы SkillFactory по направлению VoIP – о способах оптимальной настройки цифровых АТС Cisco Unified Communications Manager 8.6
Hunting for APT in network logs workshop presentationOlehLevytskyi1
Nonamecon 2021 presentation.
Network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year.
The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.
Presentation topics:
- Netflow Mitre Matrix view
- Full packet captures vs Netflow
- Zeek
- Zeek packages
- RDP initial comprometation
- Empire Powershell and CobaltStrike or what to expect after initial loader execution.
- Empire powershell initial connection
- Beaconing. RITA
- Scanning detection
- Internal enumeration detection
- Lateral movement techniques widely used
- Kerberos attacks
- PSExec and fileless ways of delivering payloads in the network
- Zerologon detection
- Data exfiltration
- Data exfiltration over C2 channel
- Data exfiltration using time size limits (data chunks)
- DNS exfiltration
- Detecting ransomware in your network
- Real incident investigation
Authors:
Oleh Levytskyi (https://twitter.com/LeOleg97)
Bogdan Vennyk (https://twitter.com/bogdanvennyk)
Es gibt viele Möglichkeiten hoch verfügbare und/oder skalierbare Dienste zu bauen, die weitläufig im Einsatz sind: DNS Round-Robin, ein Satz Loadbalancer oder Reverse-Proxies, etc. pp. An Anycast und BGP im eigenen Rechenzentrum trauen sich einige Admins und Entscheider nicht heran.
Warum es OK ist, wenn einige bis viele Server die selbe IP-Adresse haben, viele Wege nach Rom führen und wie man so ein Setup aufbaut und betreibt soll in diesem Vortrag praxisnah gezeigt werden. Wir bauen auf Basis von Debian Linux, Bird und Bind einen Cluster von Webservern und spielen ein bisschen damit herum (wenn noch genug Zeit ist).
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current EC2-Classic network customers and help you prepare to adopt Amazon VPC.
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
OpManager is an integrated network management tool that helps you monitor your network, physical & virtual servers, bandwidth, configurations, firewall, switch ports and IP addresses
Similar to Evento formativo Spring 3 ottobre 2019 (20)
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
5. Feedback
5
w i f i p r o b e . i n r e t e . i t
"On governors" 1868 - J.C. Maxwell
“Cybernetics" 1948 - Norbert Wiener
Introducono il concetto di feedback e ne
danno la formalizzazione matematica.
Norbert Wiener va oltre creando il nuovo
termine "Cybernetics" ed affermando che:
Ogni comportamento intelligente è il risultato
di un corretto meccanismo di feedback
7. SNMP non è un end-to-end feedback
7
w i f i p r o b e . i n r e t e . i t
8. SNMP non è un appropriato feedback
8
w i f i p r o b e . i n r e t e . i t
9. Wi-Fi icon nella status bar rappresenta il Feedback
9
w i f i p r o b e . i n r e t e . i t
Connesso a Wi-Fi senza accesso a Internet
Connesso a Wi-Fi e Internet
….
10. RUM and Synthetic Monitoring
10
w i f i p r o b e . i n r e t e . i t
RUM (Real User Monitoring) e Synthetic Monitoring sono due modalità per avere il corretto feedback
• RUM include del codice all' interno della app utente o webpage, che raccogliere dati sulla
esperienza utente e sulle prestazioni, ha però un accesso limitato alle informazioni più di dettaglio
dagli strati tecnologici sottostanti, che sono determinanti per una diagnosi dell' infrastruttura, è
quindi più utilizzato per gli studi di comportamento degli utenti (A/B testing)
• Synthetic Monitoring si basa su codice sw (scripted test) che riproduce le azioni degli utenti,
tipicamente installato una una sonda dedicata, ha accesso a tutte le informazioni dei differenti
strati tecnologici e della infrastruttura di rete
La attuale evoluzione dell' hardware IoT permette di realizzare Synthetic Monitoring Probe con costi
altamente competitivi.
https://en.wikipedia.org/wiki/Real_user_monitoring https://en.wikipedia.org/wiki/Synthetic_monitoring
11. Cape Networks https://capenetworks.com/
HP Hewlett Packard Aruba Networks
Cisco Aironet Active Sensor
Epitiro Wi-Fi and Cellular Network Performance Monitoring https://www.epitiro.com/
7SIGNAL Enterprise Wireless Network Monitoring https://7signal.com/
Komodo Systems WiFi Komodowifi https://www.komodowifi.com/
NetBeez Network Monitoring from the User Perspective https://netbeez.net/
Sistemi edge di monitoring e diagnostica WiFi
11
w i f i p r o b e . i n r e t e . i t
12. Sonde WiFiProbe: Plug / PoE / Pocket / IP / Lamp
12
w i f i p r o b e . i n r e t e . i t
13. Misura e diagnosi WiFi dall’ edge
13
w i f i p r o b e . i n r e t e . i t
Oggigiorno, data la complessità dei sistemi e dei protocolli,
per diagnosticare una rete WiFi è molto vantaggioso utilizzare gli
stessi tipi di moduli e chipset WiFi presenti negli apparati utente
14. Misura come esperimento scientifico
14
w i f i p r o b e . i n r e t e . i t
Misura ≡ Esperimento Scientifico
Spiegabile (documentato)
Ripetibile (confermabile)
15. Esperienza utente: elementi dello stack
15
w i f i p r o b e . i n r e t e . i t
• RADIO SPECTRUM
• ACCESS POINT / WPA NEGOTIATIONS
• AUTHENTICATION SYSTEMS (radius...)
• DHCP
• DNS
• SWITCHES & FIREWALL
• CAPTIVE PORTAL
• INTERNET LINK
16. Connessione con wpa_supplicant
16
w i f i p r o b e . i n r e t e . i t
wpa_supplicant
https://en.wikipedia.org/wiki/Wpa_supplicant
http://w1.fi
wpa_supplicant -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -K -t -W -Dnl80211
wpa_cli -p /var/run/wpa_supplicant -i wlan0
wpa_supplicant non è solo un sw Linux che gira su Raspberry Pi, ma è
dentro ogni telefono Android e ogni device Apple con Wi-Fi
17. Jouni Malinen (aka Mr. wpa_supplicant/hostapd)
17
w i f i p r o b e . i n r e t e . i t
26. > select_network 0
OK
<3>Trying to associate with 40:a5:ef:de:ed:fd (SSID='MyNetESSID' freq=2462 MHz)
<3>Associated with 40:a5:ef:de:ed:fd
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>Authentication with 40:a5:ef:de:ed:fd timed out.
<3>CTRL-EVENT-DISCONNECTED bssid=40:a5:ef:de:ed:fd reason=3 locally_generated=1
<3>WPA: 4-Way Handshake failed - pre-shared key may be incorrect
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="MyNetESSID" auth_failures=1 duration=10
reason=WRONG_KEY
<3>CTRL-EVENT-SSID-REENABLED id=0 ssid="MyNetESSID"
<3>Trying to associate with 40:a5:ef:de:ed:fd (SSID='MyNetESSID' freq=2462 MHz)
<3>Associated with 40:a5:ef:de:ed:fd
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>Authentication with 40:a5:ef:de:ed:fd timed out.
<3>CTRL-EVENT-DISCONNECTED bssid=40:a5:ef:de:ed:fd reason=3 locally_generated=1
<3>WPA: 4-Way Handshake failed - pre-shared key may be incorrect
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="MyNetESSID" auth_failures=2 duration=20
reason=WRONG_KEY
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="MyNetESSID" auth_failures=3 duration=30
reason=CONN_FAILED
>
27.
28. > add_network
0
> set_network 0 ssid "MyNetESSID"
OK
> set_network 0 key_mgmt WPA-PSK
OK
> set_network 0 psk "MYPASSWORD"
OK
> set_network 0 bgscan "simple:5:-60:30"
OK
>
29. #
# bgscan: Background scanning
# wpa_supplicant behavior for background scanning can be specified by
# configuring a bgscan module. These modules are responsible for requesting
# background scans for the purpose of roaming within an ESS (i.e., within a
# single network block with all the APs using the same SSID). The bgscan
# parameter uses following format: "<bgscan module name>:<module parameters>"
# Following bgscan modules are available:
# simple - Periodic background scans based on signal strength
# bgscan="simple:<short bgscan interval in seconds>:<signal strength threshold>:
# <long interval>"
# bgscan="simple:30:-45:300"
# learn - Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
# bgscan="learn:<short bgscan interval in seconds>:<signal strength threshold>:
# <long interval>[:<database file name>]"
# bgscan="learn:30:-45:300:/etc/wpa_supplicant/network1.bgscan"
# Explicitly disable bgscan by setting
# bgscan=""
#
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
34. > add_network
0
> set_network 0 ssid "MyNetESSID"
OK
> set_network 0 key_mgmt WPA-PSK
OK
> set_network 0 psk "MYPASSWORD"
OK
> set_network 0 bssid 00:1e:52:6c:91:5f
OK
>
35. Complete multi ESSID/BSSID coverage
35
w i f i p r o b e . i n r e t e . i t
Probe Test Schedule Cycle
AP_102 PublicNetwork 2412
AP_101 PublicNetwork 5190
AP_103 PrivateNetwork 2462
AP_103 PublicNetwork 5755
AP_104 PrivateNetwork 2462
AP_102 PrivateNetwork 5230
AP_101 PublicNetwork 2412
AP_104 PublicNetwork 5795
AP_103 PublicNetwork 2462
AP_101 PrivateNetwork 5190
AP_101 PrivateNetwork 2412
AP_102 PublicNetwork 5230
AP_104 PublicNetwork 2462
AP_103 PrivateNetwork 5755
AP_102 PrivateNetwork 2412
AP_104 PrivateNetwork 5795
36. Parametri di rete con DHCP
36
w i f i p r o b e . i n r e t e . i t
DHCP client
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
https://roy.marples.name/projects/dhcpcd
https://www.isc.org/dhcp/
dhclient -d -v -1 wlan0
ISC dhcp e dhpcd non solo due sw Linux, ma sono i due codici inclusi
dentro ogni telefono Android e ogni device Apple con Wi-Fi
37. dhcpcd in Android Open Source Project (AOSP)
37
w i f i p r o b e . i n r e t e . i t
39. # dhclient -d -v wlan0
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/wlan0/40:a5:ef:48:47:92
Sending on LPF/wlan0/40:a5:ef:48:47:92
Sending on Socket/fallback
DHCPREQUEST for 10.111.111.82 on wlan0 to 255.255.255.255 port 67
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 1
DHCPOFFER of 192.168.255.219 from 192.168.255.1
DHCPREQUEST for 192.168.255.219 on wlan0 to 255.255.255.255 port 67
DHCPACK of 192.168.255.219 from 192.168.255.1
bound to 192.168.255.219 -- renewal in 3261 seconds.
40. # dhcpcd -d -B wlan0
dhcpcd-7.1.0 starting
wlan0: executing `/lib/dhcpcd/dhcpcd-run-hooks' PREINIT
wlan0: executing `/lib/dhcpcd/dhcpcd-run-hooks' CARRIER
DUID 00:03:00:01:40:a5:ef:48:47:92
wlan0: IAID ef:48:47:92
wlan0: delaying IPv4 for 0.0 seconds
wlan0: soliciting a DHCP lease
wlan0: sending DISCOVER (xid 0x1d51dacd), next in 3.5 seconds
wlan0: sending Router Solicitation
wlan0: offered 192.168.255.219 from 192.168.255.1
wlan0: sending REQUEST (xid 0x1d51dacd), next in 3.3 seconds
wlan0: acknowledged 192.168.255.219 from 192.168.255.1
wlan0: leased 192.168.255.219 for 7200 seconds
wlan0: renew in 3600 seconds, rebind in 6300 seconds
wlan0: writing lease `/var/lib/dhcpcd/wlan0-IPAP.lease'
wlan0: IP address 192.168.255.219/24 already exists
wlan0: adding route to 192.168.255.0/24
wlan0: adding default route via 192.168.255.1
wlan0: ARP announcing 192.168.255.219 (1 of 2), next in 2.0 seconds
wlan0: executing `/lib/dhcpcd/dhcpcd-run-hooks' BOUND
wlan0: ARP announcing 192.168.255.219 (2 of 2)
wlan0: sending Router Solicitation
41. # dhclient -d -v wlan0
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/wlan0/40:a5:ef:48:47:92
Sending on LPF/wlan0/40:a5:ef:48:47:92
Sending on Socket/fallback
DHCPREQUEST for 192.168.255.219 on wlan0 to 255.255.255.255 port 67
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 2
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 2
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 1
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 2
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 2
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 1
No DHCPOFFERS received.
No working leases in persistent database - sleeping.
42. Check raggiungibilità di Internet
42
w i f i p r o b e . i n r e t e . i t
Android, IOS, Windows e MacOs appena una connessione Wi-Fi viene
attivata, controllano se la rete Internet è raggiungibile oppure devono
mostrare una pagina intermedia di login via Captive Portal.
Android check: http://connectivitycheck.gstatic.com/generate_204
IOS check: http://captive.apple.com/hotspot-detect.html
43. Risoluzione nome host con DNS
43
w i f i p r o b e . i n r e t e . i t
Non esiste un vero e proprio DNS client, la risoluzione dei
nomi DNS è embedded nelle librerie di base (libc o bionic)
del sistema operativo
Esistono però due comandi che aiutano nel analisi e nel
debug della risoluzione DNS, nslookup e dig.
44. # ping -c 1 PLUTOPAPERINO.gstatic.com
ping: PLUTOPAPERINO.gstatic.com: Temporary failure in name resolution
#
# ping -c 1 PLUTOPAPERINO.gstatic.com
ping: PLUTOPAPERINO.gstatic.com: Name or service not known
#
#
#
#
# ping -c 1 connectivitycheck.gstatic.com
PING connectivitycheck.gstatic.com (216.58.205.131) 56(84) bytes of data.
64 bytes from mil04s27-in-f131.1e100.net (216.58.205.131): icmp_seq=1 ttl=53 time=8.22
ms
--- connectivitycheck.gstatic.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.220/8.220/8.220/0.000 ms
#
46. # dig @1.8.8.8 -4 -t A connectivitycheck.gstatic.com +time=10 +qr
; <<>> DiG 9.11.5-P1-1-Debian <<>> @1.8.8.8 -4 -t A connectivitycheck.gstatic.com
+time=10 +qr
; (1 server found)
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60271
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a632d9dbf8bb39a7
;; QUESTION SECTION:
;connectivitycheck.gstatic.com. IN A
;; QUERY SIZE: 70
;; connection timed out; no servers could be reached
#
47. Controllo http con cURL
47
w i f i p r o b e . i n r e t e . i t
Per verificare il successo ed il dettaglio di un dialogo HTTP, è più conveniente
utilizzare la linea comandi invece del browser.
cURL è il comando per il debug HTTP più utilizzato, è disponibile come default
su Windows 10, MacOs, Android
https://en.wikipedia.org/wiki/CURL
48. # curl --url 'http://connectivitycheck.gstatic.com/generate_204' -v -sS --ipv4 -w 'SESSION TIME :
%{time_total}n'
* Trying 216.58.205.131...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x14b2770)
* Connected to connectivitycheck.gstatic.com (216.58.205.131) port 80 (#0)
> GET /generate_204 HTTP/1.1
> Host: connectivitycheck.gstatic.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 204 No Content
< Content-Length: 0
< Date: Wed, 27 Feb 2019 14:22:18 GMT
<
* Connection #0 to host connectivitycheck.gstatic.com left intact
SESSION TIME : 0.067276
#
49. # curl --url 'http://captive.apple.com/hotspot-detect.html' -v -sS --ipv4 -w 'SESSION TIME : %{time_total}n'
* Trying 17.253.37.210...
* TCP_NODELAY set
* Expire in 149973 ms for 3 (transfer 0x10e6770)
* Expire in 200 ms for 4 (transfer 0x10e6770)
* Connected to captive.apple.com (17.253.37.210) port 80 (#0)
> GET /hotspot-detect.html HTTP/1.1
> Host: captive.apple.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
< x-amz-id-2: TZtjOQGvfqZuvB0Eh4Bi2/yCGF6Bi39BQYWNjIc+tTcEKjtsjmlPWhkXXIpQ6KzbaXxqkI4AjNU=
< x-amz-request-id: 28820D6F0EA2B200
< Date: Wed, 27 Feb 2019 14:23:06 GMT
< Last-Modified: Fri, 17 Feb 2017 20:36:28 GMT
< Cache-Control: max-age=300
< Accept-Ranges: bytes
< Content-Type: text/html
< Content-Length: 69
< Server: ATS/8.0.2
< Via: http/1.1 uklon6-edge-lx-010.ts.apple.com (ApacheTrafficServer/8.0.2), http/1.1 uklon6-edge-bx-
034.ts.apple.com (ApacheTrafficServer/8.0.2)
< CDNUUID: 00f706fe-7a17-4df0-8419-6c16853f4785-2131150787
< X-Cache: hit-fresh, hit-fresh
< Etag: "41ba060eb1c0898e0a4a0cca36a8ca91"
< Age: 73
< Connection: keep-alive
<
<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>
* Connection #0 to host captive.apple.com left intact
SESSION TIME : 0.150642
50. # curl --url 'http://captive.gapple.com/WHATEVER' -v -sS --ipv4 -w 'SESSION TIME :
%{time_total}n'
* Trying 185.53.178.9...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x11eb770)
* Connected to captive.gapple.com (185.53.178.9) port 80 (#0)
> GET /WHATEVER HTTP/1.1
> Host: captive.gapple.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx
< Date: Wed, 27 Feb 2019 14:28:35 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host captive.gapple.com left intact
SESSION TIME : 0.080016
#
51. Ping
51
w i f i p r o b e . i n r e t e . i t
Il comando ping è molte volte utilizzato per controllare lo stato di un link, ma
come «una rondine non fa primavera» un ping non fa una rete funzionante
Occorre usare uno «stormo» di ping rappresentativo di un traffico reale
Sono da evitare strumenti quali Iperf, Netperf, TRex, che durante la loro
misura danneggiano gravemente tutte le utenze sullo stesso canale
52. # ping -c 20 -i 0.5 -n -s 512 -w 15 -W 2 -O 192.168.255.1
PING 192.168.255.1 (192.168.255.1) 512(540) bytes of data.
520 bytes from 192.168.255.1: icmp_seq=1 ttl=64 time=0.750 ms
520 bytes from 192.168.255.1: icmp_seq=2 ttl=64 time=1.65 ms
520 bytes from 192.168.255.1: icmp_seq=3 ttl=64 time=1.66 ms
520 bytes from 192.168.255.1: icmp_seq=4 ttl=64 time=1.62 ms
520 bytes from 192.168.255.1: icmp_seq=5 ttl=64 time=0.558 ms
520 bytes from 192.168.255.1: icmp_seq=6 ttl=64 time=0.546 ms
520 bytes from 192.168.255.1: icmp_seq=7 ttl=64 time=1.63 ms
520 bytes from 192.168.255.1: icmp_seq=8 ttl=64 time=0.552 ms
520 bytes from 192.168.255.1: icmp_seq=9 ttl=64 time=1.62 ms
520 bytes from 192.168.255.1: icmp_seq=10 ttl=64 time=1.62 ms
520 bytes from 192.168.255.1: icmp_seq=11 ttl=64 time=1.73 ms
520 bytes from 192.168.255.1: icmp_seq=12 ttl=64 time=1.65 ms
520 bytes from 192.168.255.1: icmp_seq=13 ttl=64 time=1.63 ms
520 bytes from 192.168.255.1: icmp_seq=14 ttl=64 time=1.62 ms
520 bytes from 192.168.255.1: icmp_seq=15 ttl=64 time=1.64 ms
520 bytes from 192.168.255.1: icmp_seq=16 ttl=64 time=1.63 ms
520 bytes from 192.168.255.1: icmp_seq=17 ttl=64 time=1.62 ms
520 bytes from 192.168.255.1: icmp_seq=18 ttl=64 time=1.76 ms
520 bytes from 192.168.255.1: icmp_seq=19 ttl=64 time=0.608 ms
520 bytes from 192.168.255.1: icmp_seq=20 ttl=64 time=1.70 ms
--- 192.168.255.1 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 552ms
rtt min/avg/max/mdev = 0.546/1.389/1.756/0.459 ms
#
59. Analisi di spettro
59
w i f i p r o b e . i n r e t e . i t
La funzionalità di Analisi di Spettro permette di visualizzare
lo spettro radio analogico con diagrammi “in cascata” e
“per densità” nel contesto della misura
Visualizzazione dello spettro radio durante un test di misura:
sono visibili delle interferenze esterne al canale misurato
66. Script di misura personalizzati
66
w i f i p r o b e . i n r e t e . i t
67. WiFiProbe / NetProbe
67
w i f i p r o b e . i n r e t e . i t
Verifica il funzionamento dei servizi di rete:
• senza la presenza di un tecnico specializzato
• per giorni o settimane
• in luoghi non presidiati
Permette di:
• aumentare la qualità di servizio
• diminuire i costi operativi
WiFiProbe / NetProbe è:
• un dispositivo hardware
• un servizio cloud
68. Edge & Cloud
68
w i f i p r o b e . i n r e t e . i t
I dati delle misure sono salvati su memoria flash di ogni Probe e sincronizzati sul Cloud:
questa operazione può essere attivata durante la misura senza ulteriori collegamenti
La stessa interfaccia utente è disponibile sia dal Cloud che direttamente dal dispositivo
Gli allarmi generati possono essere inviati a sistemi di monitoraggio già esistenti
Si possono anche creare file .pcap per essere poi analizzati con strumenti appositi, tipo
Wireshark
69. Machine Learning e integrazione AI
69
w i f i p r o b e . i n r e t e . i t
WiFiProbe può lavorare come sonda a sè stante, oppure unitamente ad un potente servizio
Cloud che acquisice i dati per fornire una diagnostica avanzata generata tramite i moderni
algoritmi di Machine Learning
L’Intelligenza Artificiale sul Cloud si integra con l’infrastruttura presente per operare sui
componenti in errore, al fine di correggerne automaticamente le anomalie
70. Prezzi
70
w i f i p r o b e . i n r e t e . i t
Le sonde WiFiProbe sono costruite per essere direttamente impiegate in siti remoti, per cui
la loro robustezza ed efficienza sono di fondamentale importanza.
• Singola sonda WiFiProbe: 480 Eu
• Servizi cloud (per sonda): 9.90 Eu/mese
71. Tel. +39 011 6811590
Mail: info@inrete.it
Web: www.inrete.it
Grazie !! INRETE S.r.l.
I-10024 Moncalieri (TO)
Via Fortunato Postiglione, 29