diff --git a/items/2022-12-12_long_getting-started-with-nmap.md b/items/2022-12-12_long_getting-started-with-nmap.md
index c25ef8e..a00723a 100644
--- a/items/2022-12-12_long_getting-started-with-nmap.md
+++ b/items/2022-12-12_long_getting-started-with-nmap.md
@@ -15,7 +15,7 @@ I'll show you the basics of nmap in this post. This is more than enough to get s
**Important**: I recommend using nmap as **root** since not all scans are available for non-root users. The kernel constrain standard users from using all functions of the NIC.
-## Specify the hosts or networks to scan #
+## Specify the hosts or networks to scan
You'll start by defining the range of the scan. This is mandatory and there are multiple ways to do it.
@@ -44,7 +44,7 @@ Nmap would scan 3 hosts.
Choose a random number of hosts within a chosen range:
: `nmap 10.10.10.0/24 -iR 5`
-#### Exclude hosts and networks from scans #
+#### Exclude hosts and networks from scans
Choose hosts or networks that should be excluded:
: `nmap 192.168.0.0/24 --exclude 192.168.0.2`
@@ -52,7 +52,7 @@ Choose hosts or networks that should be excluded:
Use a file with a list of exclusions:
: `nmap 10.10.10.0/24 --excludefile /path/to/file.txt`
-## SPECIFIC PORT RANGES #
+## SPECIFIC PORT RANGES
**Side note**: Without a flag, it runs the 1000 common TCP ports by default. [Source](https://nmap.org/book/port-scanning.html)
@@ -88,7 +88,7 @@ If you only want to scan UDP ports, use the `-sU` flag to do so.
I am not familiar with it, but you can work with protocol names like this:
: `nmap 10.10.10.0/24 -p smtp` *# Thanks to k3vinw*
-#### Exlude ports from scan #
+#### Exlude ports from scan
Simply us the `--exlude-ports` option and the ports / port range:
: `nmap 10.10.10.1 -p 1-100 --exlude-ports 22,53`
@@ -99,7 +99,7 @@ Simply us the `--exlude-ports` option and the ports / port range:
Use the `-g` flag to specify the source port of the scan:
: `nmap 10.10.10.1 -g 12345`
-## Save output to file #
+## Save output to file
There are 3 formats you can pick between:
@@ -117,7 +117,7 @@ Saves output of ALL 3 formats:
If you want to append the results to a file, simply add the `--append-output` option to the command.
-## Port states #
+## Port states
Nmap distinguishes the state of the port in six categories. This section is copied from the [official documentation](https://nmap.org/book/man-port-scanning-basics.html) since it is explained really well.
@@ -145,7 +145,7 @@ Nmap distinguishes the state of the port in six categories. This section is copi
> This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
-## Scan timing / timing templates #
+## Scan timing / timing templates
With these timing templates, you can decide how aggressively and fast you want to scan your targets. The lower the number, the slower scan and vice versa. You can choose them with the `-T` flag like this:
: `-T0` paranoid
@@ -159,7 +159,7 @@ With these timing templates, you can decide how aggressively and fast you want t
A detailed table of differences can be found in the [official documentation](https://nmap.org/book/performance-timing-templates.html)
-## Scripts #
+## Scripts
**Disclaimer + Important:** Scripts are not run in a sandbox and thus could accidentally or maliciously damage your system or invade your privacy. Never run scripts from third parties unless you trust the authors or have carefully audited the scripts yourself.
@@ -177,7 +177,7 @@ Often enough scripts are used to find vulnerabilities. One example can be found
For more information about scripts for nmap, check out the following blog post: [Getting started with nmap scripts](https://ittavern.com/getting-started-with-nmap-scripts/)
-## Helpful additional scan options #
+## Helpful additional scan options
Verbosity of the scan:
: `-v` / `-vv` / `-vvv`
@@ -246,7 +246,7 @@ TCP ACK Ping use
: *Port 40125 is the default, if no port entered*
-#### IDS/ FW Evasion #
+#### IDS/ FW Evasion
This is a topic for another time and unnecessary for beginners, but just some IDS/FW evasion methods.
diff --git a/items/2022-12-15_long_10-prompts-1000-ai-generated-images-openai-dall-e.md b/items/2022-12-15_long_10-prompts-1000-ai-generated-images-openai-dall-e.md
index ac03d97..6c26aa7 100644
--- a/items/2022-12-15_long_10-prompts-1000-ai-generated-images-openai-dall-e.md
+++ b/items/2022-12-15_long_10-prompts-1000-ai-generated-images-openai-dall-e.md
@@ -34,7 +34,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
**So, enjoy!**
-## 1 - Cats #
+## 1 - Cats
> photo of a kitten on a carpet in the living room, digital art
@@ -44,7 +44,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 2 - Robot #
+## 2 - Robot
> small robot wandering around in an post-apocalyptic world, digital art
@@ -54,7 +54,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 3 - Donut #
+## 3 - Donut
> minimalist logo of a donut shop
@@ -64,7 +64,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 4 - Dackel #
+## 4 - Dackel
> dackel in a suit in a library, digital art
@@ -74,7 +74,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 5 - Poster #
+## 5 - Poster
> movie poster for an action movie from the 80s, digital art
@@ -84,7 +84,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 6 - Citylife #
+## 6 - Citylife
> a black and white photo of the life in new york
@@ -94,7 +94,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 7 - Dolphin #
+## 7 - Dolphin
> sticker illustration of a cute dolphin
@@ -114,7 +114,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 9 - Monster #
+## 9 - Monster
> detailed sketch of an evil monster, digital art
@@ -124,7 +124,7 @@ You can find a **technical write-up** at the end of the post. But as a disclaime
---
-## 10 - Cyberpunk #
+## 10 - Cyberpunk
> realistic photo of a colorful cyberpunk city in the rain at night, digital art
diff --git a/items/2022-12-20_long_online-security-guide.md b/items/2022-12-20_long_online-security-guide.md
index 70795b3..7f77509 100644
--- a/items/2022-12-20_long_online-security-guide.md
+++ b/items/2022-12-20_long_online-security-guide.md
@@ -6,13 +6,13 @@ Let me start with; **there is no perfect security**. Your goal is to make it as
I keep it as short as possible and focus on the 'what' and 'why', not the 'how'. There are many ways to achieve the goals, but this is a topic for itself, and depends on the circumstances.
-## "I am not a target" #
+## "I am not a target"
Unfortunately, anyone is, and yes, ANYONE can become a victim of a cybercrime. Cybercrime is highly lucrative, and criminals become more creative every year. Automation makes it simple to find easy targets or attack a large group of targets.
I'll try to provide you with enough information for safe internet use. If you feel overwhelmed, tackle one topic at a time, and keep improving. **It is never too late to care about your online security**.
-## TLDR - 5 most crucial tips #
+## TLDR - 5 most crucial tips
If you only take away these five things, I will be more than happy. These steps alone take your security to the next level and are crucial. I'll go into more detail later in the post.
@@ -50,7 +50,7 @@ Answering security questions truthfully makes you vulnerable to social engineeri
---
-## Password Security #
+## Password Security
**Summarized: Generate and store a random and unique 16+ characters password for every account in your password manager.**
@@ -102,7 +102,7 @@ It does not hurt to change passwords regularly, but it is not worth the hassle,
---
-## Multi-/2-factor authentication #
+## Multi-/2-factor authentication
This authentication method requires the user to provide two or more factors to access the desired service. Those factors can be: **knowledge** (something you know (e.x. pin, password, security question)), **possession** (something you have (e.x. security token, security key, second device)), and **inherence** (something you are (e.x. fingerprint, iris)).
@@ -161,7 +161,7 @@ PIN:
**Important**: I cannot stress enough how important backups are. Even though MFA is a must and brings your online security to the next level, there is a legit risk of getting locked out if you lose access to the second factor.
-## Do not overshare #
+## Do not overshare
I might be paranoid, but the internet can be a dangerous place. As the police would say: '**everything you say can and will be used against you**'. This section relates to targeted rather than automated attacks.
@@ -172,7 +172,7 @@ Something you can do is **lie, share wrong information about yourself, use an a
Be skeptical and keep in mind: **the internet does not forget**.
-## Check twice, click once #
+## Check twice, click once
The best security strategy is worthless if someone clicks and downloads anything negligently.
@@ -184,7 +184,7 @@ To provide some examples: 2 ways to deal with suspicious messages would be to, f
Being careful is an important part of being secure online.
-## Secure your device #
+## Secure your device
**Keep your operating system, browser, antivirus, and everything else up-to-date**. I cannot stress enough how important that is.
@@ -202,7 +202,7 @@ Do your research. There are good and bad VPN providers, and NEVER use free VPN o
In the end, I have to mention **Tor**. Tor routes your traffic through of network of nodes and makes it almost to track back. It is an important tool, but I am afraid that a detailed description is out of the scope of this post.
-## Conclusion #
+## Conclusion
So, I hope I could provide some new ideas on how to protect your online activity. Just start with the five most important points that I showed at the start, and tackle other topics later. And keep in mind, there is no perfect security, just making it more complex, and limiting the damage in case of a security incident.
diff --git a/items/2022-12-25_long_guide-to-wireshark-display-filters.md b/items/2022-12-25_long_guide-to-wireshark-display-filters.md
index 586ad20..8fe4826 100644
--- a/items/2022-12-25_long_guide-to-wireshark-display-filters.md
+++ b/items/2022-12-25_long_guide-to-wireshark-display-filters.md
@@ -32,7 +32,7 @@ The display filter hides filtered packets and is mainly used on already saved pa
Just so you know the difference when you search for more commands.
-## Saving display filters #
+## Saving display filters
There are two common ways to save filters. They can then be used in later sessions or help you switch between different filters, especially since certain filters can get very long.
@@ -44,7 +44,7 @@ There are two common ways to save filters. They can then be used in later sessio
-## Color of the display filter bar #
+## Color of the display filter bar
Green:
: Filter is accepted, syntax is ok
@@ -57,7 +57,7 @@ Yellow:
: *(haven't found too much information about it)*
-## Operators #
+## Operators
### Logical operators
@@ -146,7 +146,7 @@ smb.path contains "\\\\SERVER\\SHARE"
\UNNNNNNNN Unicode codepoint U+NNNNNNNN
```
-# Time filter #
+# Time filter
`frame.time >= "Dec 23, 2022 17:00:00" && frame.time <= "Dec 23, 2022 17:05:00"`
@@ -173,7 +173,7 @@ MAC / Ethernet address:
VLAN:
: `eth.vlan.id==1`
-## IP #
+## IP
[Full reference (ip)](https://www.wireshark.org/docs/dfref/i/ip.html)
@@ -190,7 +190,7 @@ Filter IP addresses:
Filter packet TTL:
: `ip.ttl == 64`
-## ICMP #
+## ICMP
[Full reference (icmp)](https://www.wireshark.org/docs/dfref/i/icmp.html)
@@ -204,7 +204,7 @@ ICMP echo reply (ping):
: `icmp.type == 0`
-## ARP #
+## ARP
[Full reference (arp)](https://www.wireshark.org/docs/dfref/a/arp.html)
@@ -220,7 +220,7 @@ Target IP address:
Sender IP address:
: `arp.src.proto_ipv4`
-## TCP #
+## TCP
[Full reference (tcp)](https://www.wireshark.org/docs/dfref/t/tcp.html)
@@ -246,7 +246,7 @@ Look for 3-way-handshakes:
Fitlers for TCP resets flag:
: `tcp.flags.reset==1`
-## UDP #
+## UDP
[Full reference (udp)](https://www.wireshark.org/docs/dfref/u/udp.html)
@@ -258,7 +258,7 @@ Filter UDP ports:
: `udp.srcport == 68` *# source UDP port*
: `udp.dstport == 68` *# destination UDP port*
-## DHCP #
+## DHCP
[Full reference (dhcp)](https://www.wireshark.org/docs/dfref/d/dhcp.html)
@@ -298,7 +298,7 @@ Finding rogue DHCP server:
Check if other DNS server are getting populated:
: `dhcp.option.dhcp == 2 && !(dhcp.option.domain_name_server == 9.9.9.9) && !(dhcp.option.domain_name_server == 149.112.112.112)`
-## DNS #
+## DNS
[Full reference (dns)](https://www.wireshark.org/docs/dfref/d/dns.html)
diff --git a/items/2023-01-01_long_visual-guide-to-ssh-tunneling-and-port-forwarding.md b/items/2023-01-01_long_visual-guide-to-ssh-tunneling-and-port-forwarding.md
index e731edc..02d1a39 100644
--- a/items/2023-01-01_long_visual-guide-to-ssh-tunneling-and-port-forwarding.md
+++ b/items/2023-01-01_long_visual-guide-to-ssh-tunneling-and-port-forwarding.md
@@ -4,7 +4,7 @@ To make it quick, I wish I had known about port forwarding and tunneling earlier
**Topics**: use cases, configuration, SSH jumphosts, local/remote/dynamic port forwarding, and limitations
-## Use cases #
+## Use cases
SSH tunneling and port forwarding can be used to forward TCP traffic over a secure SSH connection from the SSH client to the SSH server, or vice versa. TCP ports or UNIX sockets can be used, but in this post I'll focus on TCP ports only.
@@ -30,7 +30,7 @@ There are many more use cases, but this overview should give you a sense of poss
Before we start: the options of the following examples and be combined and configured to suit your setup. As a side note: if the `bind_address` isn't set, localhost will be the default
-## Configuration / Preparation #
+## Configuration / Preparation
* The **local and remote users must have the necessary permissions** on the local and remote machines respectivly to open ports. **Ports between 0-1024 require root privileges** - if not configured differently - and the rest of the ports can be configured by standard users.
* **configure clients and network firewalls accordingly**
@@ -44,7 +44,7 @@ If you forward ports on interfaces other than 127.0.01, then you'll need to enab
Remember to **restart the ssh server service**.
-## SSH jumphost / SSH tunnel #
+## SSH jumphost / SSH tunnel
Transparently connecting to a remote host through one or more hosts.
@@ -74,7 +74,7 @@ Jumphosts must be separated by commas:
: `ssh -J user@REMOTE-MACHINE:22,user@ANOTHER-REMOTE-MACHINE:22 -p 22 user@10.99.99.1`
-## Local Port Forwarding #
+## Local Port Forwarding
#### Example 1
@@ -99,7 +99,7 @@ Access logs of the webserver on REMOTE-WEBAPP:
: the request originates from the intern IP of LOCAL-MACHINE (10.99.99.2)
-## Remote Port Forwarding #
+## Remote Port Forwarding
#### Example 1+2
@@ -120,7 +120,7 @@ Access logs of the webserver on REMOTE-WEBAPP:
**Important**: `GatewayPorts yes` must be enabled on the SSH server to listen on another interface than the loopback interface.
-## Dynamic port forwarding #
+## Dynamic port forwarding
To forward more than one port, SSH uses the [SOCKS](https://en.wikipedia.org/wiki/SOCKS) protocol. This is a transparent proxy protocol and SSH makes us of the most recent version SOCKS5.
@@ -146,7 +146,7 @@ I won't go into detail, but you can create a bi-directional TCP tunnel with the
`-w local_tun[:remote_tun]`
-## How to run SSH in the background #
+## How to run SSH in the background
The native way to run the tunnel in the background would be `-fN`:
: `-f` - run in the background
@@ -189,7 +189,7 @@ There are mutliple ways to do it; autossh, scripts, cronjobs, and so on.
This is beyond this post and I might write about in the future.
-## Limitations #
+## Limitations
#### UDP
diff --git a/items/2023-01-10_long_backup-guide.md b/items/2023-01-10_long_backup-guide.md
index 492b773..e4e293e 100644
--- a/items/2023-01-10_long_backup-guide.md
+++ b/items/2023-01-10_long_backup-guide.md
@@ -9,7 +9,7 @@ I've tried to keep this guide accessible for personal and corporate backups.
The main goal of backups is data loss prevention. There are numerous risks that could cause data loss, and we try to prevent them with a backup strategy that fits our needs. I'll go into more detail in the next section.
-#### Risks #
+#### Risks
The following risks exist for data in production and for your backups! - There are many more, but this section will give you a feeling of the most common risks.
@@ -40,7 +40,7 @@ Some 'disasters' affect only a single hard drive, some devices, or the whole net
**Side note**: Backups do not prevent those risks, but minimize the damage and help to recover from them.
-#### RAID/snapshots are no backups! #
+#### RAID/snapshots are no backups!
**RAID** - *redundant array of independent disks* - is a method to either increase the performance, the availability and resiliency, or both. Misconfigured, it can even cause more damage; for example, a RAID0 can make the whole array useless after a disk failure. Don't let me get started with broken hardware RAID controllers or RAID expansions.
@@ -54,7 +54,7 @@ Snapshots, therefore, should not be considered a valid backup!
Both solutions can be part of your backup strategy but can't replace a regular backup.
-# Determine what to backup and why #
+# Determine what to backup and why
What and why you backup specific files highly depend on your needs. It is helpful to have an inventory of critical infrastructure to determine what to backup.
@@ -68,7 +68,7 @@ Some other category is the frequency with which the data gets updated. An exampl
Remember to provide some kind of backup solution for devices like laptops and smartphones.
-# Data Retention Policy #
+# Data Retention Policy
With the Data Retention Policy, we try to specify how long to retain certain data. There are various factors you should consider: usefulness, compliance, laws, and so on.
@@ -76,7 +76,7 @@ Some system data, like old configuration files, can be deleted after a short tim
**Side note**: as mentioned before, this highly depends on your setup, and speaking to the relevant departments is recommended.
-#### Backup/data deletion #
+#### Backup/data deletion
Deleting data or backups seems not worth talking about, but data can be easily recovered if it is not done correctly.
@@ -86,7 +86,7 @@ Some laws/compliances require you to destroy data in a certain way. To make sure
To be secure, store your backups encrypted in the first place.
-# Decide the backup frequency #
+# Decide the backup frequency
The frequency of your backups will determine the impact of a disaster in terms of data loss. The more frequently you do backups; the less is data loss in case a disaster occurs. There are two metrics you could consider: **RTO** and **RPO**.
@@ -106,7 +106,7 @@ With the RTO we want to determine the maximum tolerable amount of down time afte
Like the RPO, every system can have its own RTO, and the RTO ends when data is recovered and it is up again.
-# Document everything #
+# Document everything
As in so many areas; documentation is king.
@@ -123,11 +123,11 @@ Something that should not be overlooked is a **contact list**. What people must
Don't forget to **store** the documents **securely, but accessible**. Detached from the backup, like printed out, or on a USB stick in a safe.
-# How to backup! #
+# How to backup!
As mentioned before, there is no perfect solution, and you must find a backup strategy that works for you. Like everything, it has pros and cons, and you have to decide what works for you. I'll show you some points to consider.
-#### 3-2-1 rule #
+#### 3-2-1 rule
I want to start with the well-known **3-2-1 rule**:
: have **3** copies of your data
@@ -136,7 +136,7 @@ I want to start with the well-known **3-2-1 rule**:
The 3-2-1 rules should be considered the bare minimum of every backup strategy. I'll go into more detail in the following points.
-#### Have multiple copies of your data #
+#### Have multiple copies of your data
Who would have known? But just to be sure, consider some points.
@@ -144,7 +144,7 @@ Sounds obvious, but avoid storing backups of a system on the same system or stor
Spread copies over multiple mediums and use different methods. Every storage medium/method has its risks, and having copies on multiple mediums increases the resiliency overall.
-#### Locations #
+#### Locations
Make use of **different locations**.
@@ -156,13 +156,13 @@ Some examples would be:
Just make sure that you can access the offsite backups whenever you can and add this factor into your strategy.
-#### Encrypt backup storage and transfer #
+#### Encrypt backup storage and transfer
This is especially important for offsite backups but can be necessary for local backups too. Make sure that you use a **secure encryption method**, **use a secure password/password** or another method, and **encrypt the transit and storage**! Still will protect the integrity of your data from tampering of a third party, and makes your data worthless in case a third party gets access to the backups.
**Important**: **Do not lose the keys!** - Backup your decryption method, store it securely (not with your backups), and ensure that the decryption key is **accessible in any disaster scenario**!
-#### Think about the right tools #
+#### Think about the right tools
Could you access your backups in 10 years? Is the technology still around? Is the de-/encrpytion service provider still in business?
@@ -172,11 +172,11 @@ It is recommended to use **well-known open-source services**. Niche and propriet
Try to **automate** as much as possible, so backups won't be forgotten, and make sure that the **backup process doesn't disrupt** the daily business.
-#### Store backups immutable/read-only #
+#### Store backups immutable/read-only
Keeping the backup storage immutable prevents anyone from tampering with the backups and increases the data integrity. There are cases in which you have to delete certain data from backups, but in general, it is recommended to store them immutable.
-#### Choose the right storage medium #
+#### Choose the right storage medium
There are multiple factors that will play into the choice of a storage medium.
@@ -200,18 +200,18 @@ Things to consider:
The choice of medium will affect the recovery process and speed and is overall important.
-#### Have the recovery process in mind #
+#### Have the recovery process in mind
Think backward from a recovery standpoint. You have to recover system 'A' and what else must be up to get system 'A'
running again? This might give you another perspective.
-#### Avoid single point of failures #
+#### Avoid single point of failures
There are plenty of examples: single backup server, a single person with access to backups, single internet connection with cloud backups only, and so on.
-#### Use different backup types #
+#### Use different backup types
I won't go into detail, but the main goal is to save time and storage.
@@ -226,13 +226,13 @@ I won't go into detail, but the main goal is to save time and storage.
**Incremental backups** store the changes from the last full backup or incremental backup.
-#### Restrict and secure access to the backups #
+#### Restrict and secure access to the backups
Backups should only be accessible by trusted parties. Admins only, separate network, MFA, and other security measurements are recommended. The goal is further to limit the risks of tampering, theft or deletion.
**Side note**: make sure that you do not lock yourself out. This is critical and should be tested regularly.
-# Trust but verify #
+# Trust but verify
@@ -245,7 +245,7 @@ Things to look for: failed backup jobs, unusual activities, access attempts, and
Let third party/experts **audit** your backup strategy. It is easy to overlook certain things, and it can be beneficial to have another perspective.
-# Test recoverability regularly #
+# Test recoverability regularly
diff --git a/items/2023-01-17_long_ssh-troubleshooting-guide.md b/items/2023-01-17_long_ssh-troubleshooting-guide.md
index fdb7634..702b59f 100644
--- a/items/2023-01-17_long_ssh-troubleshooting-guide.md
+++ b/items/2023-01-17_long_ssh-troubleshooting-guide.md
@@ -5,7 +5,7 @@ I won't go into specific cases in this blog post. This is a general guide on how
In this post, I'll use a **Linux** client and server as a reference.
-## Logging #
+## Logging
**Client**
@@ -31,7 +31,7 @@ Thanks to [youRFate on Lobste.rs](https://lobste.rs/s/wombsw/ssh_troubleshooting
As mentioned, there are many more, but the following list will give you a great starting point.
-#### Hostname resolution #
+#### Hostname resolution
```markdown
error output
@@ -45,7 +45,7 @@ This error message implies a problem with the DNS.
- check hostname resolution with `nslookup` or other tools
-#### Connection timeout #
+#### Connection timeout
```markdown
Error output
@@ -63,7 +63,7 @@ Routing:
Firewalls:
: check the firewalls on the client, server, and network firewalls and make sure that the connection is allowed.
-#### Connection refused #
+#### Connection refused
```markdown
Error output
@@ -83,7 +83,7 @@ SSH server running:
: make sure that the SSH server is running, e.x. with `systemctl status sshd`
-#### Permission denied #
+#### Permission denied
`Permission denied (publickey,password)`
@@ -124,7 +124,7 @@ Private key no longer accepted on the server:
: a workaround would be to add the insecure key algorithm to the SSH server config to the accepted keys `PubkeyAcceptedKeyTypes`.
-#### SSH protocol version #
+#### SSH protocol version
`Protocol major versions differ: 1 vs. 2`
@@ -147,7 +147,7 @@ On the server, you can check the provided SSH protocol version in the configurat
If this option is missing, the mordern SSH server will use SSHv2 by default. It is worth adding it just to be sure and have it documented.
-#### Failed host key verification #
+#### Failed host key verification
```markdown
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@ -162,7 +162,7 @@ Clearing the host key from `~/.ssh/known_hosts` our use `ssh-keygen -R #
+#### Unable to negotiate ciphers, MACs, or KexAlgorithms
```
Unable to negotiate with 10.10.10.10: no matching key exchange method found.
@@ -187,14 +187,14 @@ There are workarounds with the `-o` flag to set temporary options, but I am not
`ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 user@10.10.10.10`
-#### Connect without startup file #
+#### Connect without startup file
This is not that common but there are ways to lock you out after changes to the startup files like `.bashrc`, `.profile`, and so on. You simply can avoid loading those profile files with the following command.
`ssh -t user@host bash --norc --noprofile`
-#### Handling SSH sessions with escape sequences #
+#### Handling SSH sessions with escape sequences
SSH provides some **escape sequences** with which you can kill the session on the client.
diff --git a/items/2023-01-24_long_basics-of-power-over-ethernet.md b/items/2023-01-24_long_basics-of-power-over-ethernet.md
index 7934fa6..96a7cf5 100644
--- a/items/2023-01-24_long_basics-of-power-over-ethernet.md
+++ b/items/2023-01-24_long_basics-of-power-over-ethernet.md
@@ -10,7 +10,7 @@ PoE generally requires Cat5+ cables and has a normal working distance of 100m. A
The usage of PoE over a connection should not have any effect on the transfer or latency of the data connection. That said, cheap hardware can still do, and I had 3 cases in which turning off PoE explicitly on a switch port helped to solve a problem with disconnecting a non-PoE device. I still blame the printers.
-# Specification #
+# Specification
The following standards were created by the Institute of Electrical and Electronics Engineers (IEEE), and the following overview should give you a quick insight of the differences of the common standards.
@@ -48,7 +48,7 @@ The following standards were created by the Institute of Electrical and Electron
**UPoE/UPoE+** are Cisco proprietary and I won't go into detail. I think it is still worth mentioning.
-# Active PoE / Passive PoE #
+# Active PoE / Passive PoE
Active and passive PoE are **not inter-compatible** and PSE and PD must support the same type.
@@ -60,7 +60,7 @@ PSE with **active PoE** does a handshake with the PD to determine how much power
**Side note**: some passive PoE PSEs can have a shorter distance and be limited to 100Mb/s.
-# Power management classes #
+# Power management classes
Power management classes prevent the over-powering of PDs.
@@ -75,7 +75,7 @@ Class - power at PD:
: **Class 7** - 62W *(802.3bt Type 4)*
: **Class 8** - 71,3W *(802.3bt Type 4)*
-# Modes #
+# Modes
There are three modes available. The following modes determine what pairs the power will be delivered to the PD. **Mode A** provides the power over the same pairs that are used for the data transfer (T568A pairs #1 + #2, T568B pairs #2 + #3) and **Mode B** delivers the power over the spare pairs (T568A + T568B pairs #3 + #4). **4PPoE** stands for 4-pairs Power over Ethernet - and as the name implies - uses all four pairs to deliver the power to the PD.
diff --git a/items/2023-01-28_long_getting-started-with-gnu-screen.md b/items/2023-01-28_long_getting-started-with-gnu-screen.md
index f64e1e5..41e620a 100644
--- a/items/2023-01-28_long_getting-started-with-gnu-screen.md
+++ b/items/2023-01-28_long_getting-started-with-gnu-screen.md
@@ -3,7 +3,7 @@
[Screen](https://www.gnu.org/software/screen/) is a terminal multiplexer and has a wide feature set. It allows you to split your terminal window into multiple windows (split screen feature), detach sessions to let commands run in the background, connect to a device via serial interface, and many more.
Screen sessions keep running even if you disconnect, which is especially great for unreliable connections. There are more advanced use cases, but we will focus on the basics.
-# Basics #
+# Basics
You can have multiple **sessions** within the screen and each session can contain multiple **windows**. When you use the split screen function, each panel would be a window called **region** in screen.
@@ -24,7 +24,7 @@ You can have multiple **sessions** within the screen and each session can contai
└───── window 1: name b
```
-#### Escape combination (Prefix) #
+#### Escape combination (Prefix)
In this blog post, I'll call the **escape combination** 'prefix', but there are multiple names for it: meta key, leading key, escape combination, and some others.
@@ -32,7 +32,7 @@ The prefix tells the terminal that the following command or shortcut will be use
A list of all default key bindings can be found in the [official documentaion](https://www.gnu.org/software/screen/manual/html_node/Default-Key-Bindings.html).
-## Configuration files #
+## Configuration files
Screen won't create the startup configuration file by default but will look for these two files if it gets started.
@@ -60,7 +60,7 @@ startup_message off
Simply add these lines to your configuration file, and the copyright message won't appear again.
-## Logging #
+## Logging
Before we start with the sessions and windows, it might be beneficial to talk about logging. For most troubleshooting sessions, it is required to save the logs. I am going to show you some ways to do it.
@@ -79,7 +79,7 @@ Logging is disabled by default.
You can start a logged screen session with `-L` flag + `-Logfile /path/to/logfile.txt`. If you are already in a session, you can activate it with `Prefix` + `SHIFT` + `h`. The output file will be called `screenlog.n`, where 'n' is the number of the current window.
-## Working with sessions #
+## Working with sessions
Show all sessions:
: `screen -ls`
@@ -119,7 +119,7 @@ Rename session in terminal:
: `screen -S OLDSESSIONNAME -X sessionname NEWSESSIONNAME`
: `Prefix` + `:sessionname NEW-NAME` *# screen command to change the current session name*
-## Working with Windows #
+## Working with Windows
Show list of all windows of current session:
: `Prefix` + `SHIFT` + `w`
@@ -137,7 +137,7 @@ Kill the current window:
: `exit`
: `Prefix` + `k`
-## Working with Regions / Split screen #
+## Working with Regions / Split screen
Screen has the feature to show multiple windows in a split screen. Every window would then be a so called 'Region' in screen.
@@ -164,7 +164,7 @@ Fit the regions to a resized terminal window:
You could create layouts, and save and reuse them later. This topic is out of the scope of this post and I am going to write about it later. You can get a reference and further information in the [official documentaion](https://www.gnu.org/software/screen/manual/screen.html#Layout).
-## Screen commands #
+## Screen commands
It can be used to try out configurations and screen-specific commands.
@@ -174,7 +174,7 @@ It can be used to try out configurations and screen-specific commands.
I am not too familiar with screen commands, so I won't go into detail. A list of all commands can be found in the [official documentaion](https://www.gnu.org/software/screen/manual/screen.html#Command-Summary).
-# Check if you are still in a screen session #
+# Check if you are still in a screen session
Screen sets an environment variable `STY`. If the output is empty, you are not in a screen session.
diff --git a/items/2023-02-03_long_basics-of-the-linux-bash-command-history.md b/items/2023-02-03_long_basics-of-the-linux-bash-command-history.md
index 4c02a10..eb72ff0 100644
--- a/items/2023-02-03_long_basics-of-the-linux-bash-command-history.md
+++ b/items/2023-02-03_long_basics-of-the-linux-bash-command-history.md
@@ -4,7 +4,7 @@ The bash command history shows the previously used commands. By default, the his
I use RHEL and Debian-based Linux distributions and bash in this blog post as a reference.
-# Configuration #
+# Configuration
I want to start with ways to configure the behavior of the bash history.
@@ -19,7 +19,7 @@ If you want to use an option for one session only, you can just type it in like
In both ways, you would disable the history for the current bash session.
-# The basics #
+# The basics
The bash history should be enabled by default, but you might want to change some settings.
@@ -55,7 +55,7 @@ Delete a specific history entry or range:
: `history -d 15-20` *# range*
: `history -d -5` *# last 'n' of entries*
-#### Disabling bash command history #
+#### Disabling bash command history
As mentioned above, there are multiple options to disable the bash command history.
@@ -70,7 +70,7 @@ The following option sets the maximum number of entries in the history on disk:
: `HISTFILESIZE=2000`
-# Search function #
+# Search function
You can start a **reversed search** through the history by pressing `CTRL` + `r` and entering the search term. You can jump to the next result by pressing `CTRL` + `r` again. After finding the desired command, you can press `TAB` to get filled to the current command line or press `ENTER` to run the command immediately.
@@ -100,7 +100,7 @@ kuser@pleasejustwork:$ echo nightmare # dolphins chasing me in a mall
nightmare
```
-# Exclusions #
+# Exclusions
We can add exclusion with the `HISTIGNORE` option in your startup file. This can be useful for privacy and security reasons.
@@ -117,7 +117,7 @@ You can add commands too.
`HISTIGNORE="ls:pwd:cd"`
-# Timestamps #
+# Timestamps
Timestamps are often important for reviews of troubleshooting sessions. With the `HISTTIMEFORMAT` option, you can add timestamps in various formats to your history.
@@ -159,7 +159,7 @@ You can adjust the format with the following placeholders:
%c: complete date and timestamp (day-D-M-Y H:M:S format)
```
-# Re-run commands #
+# Re-run commands
`!!` is a variable for the previous command and, for example, can be used to run the last command as 'sudo' .
diff --git a/items/2023-02-08_long_detecting-rogue-dhcp-server.md b/items/2023-02-08_long_detecting-rogue-dhcp-server.md
index 2787018..6dadb8c 100644
--- a/items/2023-02-08_long_detecting-rogue-dhcp-server.md
+++ b/items/2023-02-08_long_detecting-rogue-dhcp-server.md
@@ -1,6 +1,6 @@
# Detecting Rogue DHCP Server
-# What is a rogue DHCP server #
+# What is a rogue DHCP server
A rogue DHCP server is an unauthorized DHCP server that **distributes knowingly or unknowingly wrong or malicious information** to clients that send DHCP discover packets within a network. The following section lists some examples of rogue DHCP servers.
@@ -18,7 +18,7 @@ Misconfiguration:
-# Signs of a Rogue DHCP server #
+# Signs of a Rogue DHCP server
Some signs of having a rogue DHCP server on your network are listed below:
@@ -29,7 +29,7 @@ Some signs of having a rogue DHCP server on your network are listed below:
- more than usual DHCP traffic
- DHCP traffic from new/unknown IPs
-# What is DHCP #
+# What is DHCP
I won't go into too much detail on how DHCP is. In a nutshell, DHCP stands for Dynamic Host Configuration Protocol and allows automatic assigning of IP addresses to devices and provides more information about the network, like the default gateway, subnet mask, DNS server, NTP server, and more.
@@ -62,7 +62,7 @@ The following screenshots show a rough overview of the DORA process. Since this
So, enough theory; let us detect the rouge DHCP server.
-# Detecting a rogue DHCP server #
+# Detecting a rogue DHCP server
There are various ways to detect a rogue DHCP server. Some work on the client or network level, or both.
@@ -70,7 +70,7 @@ In the following sections, we assume that we only have **one legitimate DHCP ser
**Side note**: You can **release the old and request a new IP** on **Windows** via command line `ipconfig /release` and `ipconfig /renew` and on **Linux** with `sudo dhclient -v -r` and `sudo dhclient -v`. Don't forget to specify the interface if you use multiple.
-## Packet capture #
+## Packet capture
@@ -80,7 +80,7 @@ You should look for **UDP traffic on ports 67 and 68**. It makes it easier to de
You can find more DHCP display filters for Wireshark in this [post](https://ittavern.com/guide-to-wireshark-display-filters/#dhcp).
-## Using nmap #
+## Using nmap
Scan for IPs that listen on the UDP port 67 in your network:
: `sudo nmap -sU -p 67 -d 10.10.20.0/24`
@@ -106,7 +106,7 @@ Final times for host: srtt: 406 rttvar: 3765 to: 100000
This gives you a quick overview of your network.
-#### nmap Scripts #
+#### nmap Scripts
The required NSE script `broadcast-dhcp-discover` should be installed by default together with nmap. More information to the script can be found in the [official documentation](https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html).
@@ -159,7 +159,7 @@ Nmap done: 0 IP addresses (0 hosts up) scanned in 1.23 seconds
For more information about `nmap` visit the [nmap guide](https://ittavern.com/getting-started-with-nmap/) or other `nmap` [posts](https://ittavern.com/tags/nmap/).
-## Windows DHCP server event logs #
+## Windows DHCP server event logs
The following event logs on the authorized Windows DHCP server can indicate a rogue DHCP server on a network.
@@ -180,7 +180,7 @@ The source can be found on [microsoft.com](https://learn.microsoft.com/en-us/pre
You can check the logs regularly or add those events to your monitoring solution.
-## Microsoft Rogue DHCP Checker #
+## Microsoft Rogue DHCP Checker
Microsoft provided a tool to detect rogue DHCP servers, but this blog post from 2009 is no longer available. But thanks to archive.org we can find the [blog post](https://web.archive.org/web/20140812200404/http://blogs.technet.com/b/teamdhcp/archive/2009/07/03/rogue-dhcp-server-detection.aspx) and download the 'RogueChecker' there.
@@ -188,17 +188,17 @@ Microsoft provided a tool to detect rogue DHCP servers, but this blog post from
Installed it on Windows 10 and it seems to work.
-## Turn off your own DHCP server #
+## Turn off your own DHCP server
Especially in larger networks, this often enough is not a solution, but I thought it would still be noteworthy. Disable the legitimate DHCP server in some way, release the IP on the client and ask for another IP. You shouldn't get a new legitimate IP address! - In case you receive a new IP address, the chances are high that there is a rogue DHCP server.
You can now check the DHCP server on the client and use other methods to find the rogue DHCP server on your network.
-## Intrusion Detection Systems #
+## Intrusion Detection Systems
There are many solutions that cover the detection of rogue DHCP servers, but not all companies have the capacities to maintain such a system. Therefore, we do not need to go into detail, but it is still worth mentioning.
-# Preventing actions of a rogue DHCP server #
+# Preventing actions of a rogue DHCP server
Detecting is one thing; preventing any damage from a rouge DHCP server is another. This post focuses on detection, but I thought it won't hurt to list some prevention measurements.
diff --git a/items/2023-02-14_long_simulate-an-unreliable-network-connection-with-tc-and-netem-on-linux.md b/items/2023-02-14_long_simulate-an-unreliable-network-connection-with-tc-and-netem-on-linux.md
index a37f0ec..b4e29e7 100644
--- a/items/2023-02-14_long_simulate-an-unreliable-network-connection-with-tc-and-netem-on-linux.md
+++ b/items/2023-02-14_long_simulate-an-unreliable-network-connection-with-tc-and-netem-on-linux.md
@@ -4,7 +4,7 @@
This a blog post about the basics of `netem` and `tc` on how to modify the **outgoing** traffic. You could modify the incoming traffic with an Intermediate Functional Block pseudo-device in Linux, but I am not too familiar with it and is out of scope for now.
-# Reasons to simulate an unreliable network connection #
+# Reasons to simulate an unreliable network connection
There are various reasons why you want to modify the traffic between devices. The last time we had to ensure that a streaming server in Frankfurt could handle incoming video streams with a high latency over an unreliable connection from the US. The other time we had to provide proof that some SAP modules can't handle the additional latency of a VPN and that the problem is on their side and not ours.
@@ -28,7 +28,7 @@ We are going to cover the basics of the following options in this post:
Those options can be combined and will cover most of the cases.
-# Basics of tc #
+# Basics of tc
`tc` stands for 'traffic control' and, as the name implies, is used to configure the traffic control of the Linux kernel and is part of the `iproute2` package. [`Netem`](https://man7.org/linux/man-pages/man8/tc-netem.8.html) stands for 'network emulator' and is controlled by the `tc` command.
@@ -63,7 +63,7 @@ Unfortunately, it is not that easy to limit the applied options to a specific IP
I might rework this section at some point. For further reading, feel free to check the [official documentation](https://man7.org/linux/man-pages/man8/tc-ematch.8.html) for the filters.
-# Units used for Parameters for the netem options #
+# Units used for Parameters for the netem options
Almost every 'nenum' option can have one or more parameters. I thought it would make sense to show you the available units before we start with the practical part.
@@ -88,7 +88,7 @@ The time for latency and other options can be specified as follows:
: `ms` - Milliseconds
: `s` - Seconds
-# Netem Options #
+# Netem Options
I am going to explain the syntax in the first scenario.
@@ -113,7 +113,7 @@ PING 10.10.22.1 (10.10.22.1) from 10.10.22.51 eth0: 56(84) bytes of data.
rtt min/avg/max/mdev = 0.376/0.465/0.550/0.060 ms
```
-## Add Latency / Delay #
+## Add Latency / Delay
The netem latency will be added to the normal latency of the connection.
@@ -155,7 +155,7 @@ To **remove** this `tc` rule, send the same command again, but replace `add` wit
`sudo tc qdisc del dev eth0 root netem delay 100ms`
-#### Add Jitter #
+#### Add Jitter
If you want to add more Jitter - or in other words - variance in latency, add another parameter at the end. This is a plus/minus value.
@@ -184,12 +184,12 @@ rtt min/avg/max/mdev = 54.495/110.797/145.590/25.366 ms
The added latency will be in a range from **50-150ms** from now on.
-#### Send duplicate packets #
+#### Send duplicate packets
Sending random duplicate packets over a specific interface:
: `sudo tc qdisc change dev eth0 root netem duplicate 1%`
-## Simulate Packet loss #
+## Simulate Packet loss
There are various reasons for packet loss: an unreliable network connection, network congestion, bugs, and so on.
@@ -215,7 +215,7 @@ PING 10.10.22.1 (10.10.22.1) from 10.10.22.51 eth0: 56(84) bytes of data.
rtt min/avg/max/mdev = 0.302/0.505/0.833/0.145 ms
```
-#### Corrupt packets #
+#### Corrupt packets
Introduced an error at a random position of the packet.
diff --git a/items/2023-03-05_long_icmp-echo-requests-reference-guide.md b/items/2023-03-05_long_icmp-echo-requests-reference-guide.md
index ac2d551..eb70c2d 100644
--- a/items/2023-03-05_long_icmp-echo-requests-reference-guide.md
+++ b/items/2023-03-05_long_icmp-echo-requests-reference-guide.md
@@ -6,7 +6,7 @@ In a nutshell: ICMP echo requests can be used to check the reachability of two h
**Side note**: All Linux references should work on **MacOS** too.
-# Simple ping without any options #
+# Simple ping without any options
Linux:
: `ping 10.10.20.1`
@@ -85,7 +85,7 @@ PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
```
-## Continuous ping requests #
+## Continuous ping requests
Linux:
: *continuous pings by default*
@@ -98,7 +98,7 @@ Windows - Powershell 7.2+ - Test-Connection:
: `-Repeat`
-## Number of ping requests #
+## Number of ping requests
Sets the number of pings
@@ -114,7 +114,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: `-Count NUMBER`
: Default is 4
-## Using a specific interface #
+## Using a specific interface
Linux:
: `-I INTERFACE-NAME`
@@ -125,7 +125,7 @@ Windows - Cmd Line:
: *you have to choose the IP of the interface to use it for a ping*
-## domain name resolution #
+## domain name resolution
You get results faster if you can avoid domain name resolution.
@@ -138,7 +138,7 @@ Windows - Cmd Line:
: `/a` / `-a`
-## Avoid output / quiet mode #
+## Avoid output / quiet mode
Linux:
: `-q`
@@ -153,7 +153,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: Just outputs `True` / `False`
-## Add timestamp #
+## Add timestamp
Linux:
: `-D`
@@ -163,7 +163,7 @@ Windows:
: *haven't found an option. There are multiple ways with bash scripting*
-## Packet Size #
+## Packet Size
Linux:
: `-s NUMBER`
@@ -178,7 +178,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: data bytes. The default is 32 bytes + 8 bytes ICMP header data.
-## TTL / Time to live #
+## TTL / Time to live
Sets the IP Time to live!
@@ -193,7 +193,7 @@ Windows - Powershell 5.1+ - Test-Connection:
: *default is 128*
-## Sets "Don't Fragment" bit #
+## Sets "Don't Fragment" bit
Sets the DF flag in the IP header.
@@ -207,7 +207,7 @@ Windows - Powershell 7.2+ - Test-Connection:
: `-DontFragment`
-## IP Protocol 4 or 6 #
+## IP Protocol 4 or 6
Linux:
: `-4` *# IPv4*
diff --git a/items/2023-04-07_long_getting-started-with-nmap-scripts.md b/items/2023-04-07_long_getting-started-with-nmap-scripts.md
index 67b287d..85907a8 100644
--- a/items/2023-04-07_long_getting-started-with-nmap-scripts.md
+++ b/items/2023-04-07_long_getting-started-with-nmap-scripts.md
@@ -10,7 +10,7 @@
This blog post will cover the general usage of nmap scripts, not the scripting itself. Check out the [getting started with nmap post](https://ittavern.com/getting-started-with-nmap/) if you are new to nmap.
-# Basics usage #
+# Basics usage
The **Nmap Scripting Engine (NSE)** allows you to run and share pre-made and custom scripts. Scripts are written in Lua and use the file extension `.nse`. NSE will enable you to scan and analyze any host and network in-depth and according to your needs. Automation, vulnerability scans, and many other functions are possible with the NSE.
@@ -41,7 +41,7 @@ Example with different syntaxes:
**Side note**: Scanning the domain `scanme.nmap.org` is permitted in low volumes as stated on [their page](http://scanme.nmap.org/), but please do not abuse it!
-#### Using multiple scripts #
+#### Using multiple scripts
There are various ways to use multiple scripts at once. The easiest way would be to separate them with a **comma**.
@@ -79,7 +79,7 @@ The official syntax is:
If you have many arguments to run, you can call them from a file with `--script-args-file FILENAME`.
-# Script directory #
+# Script directory
You usually can find the default scripts in the following directories.
@@ -107,7 +107,7 @@ NSE will look for the script in the following places until found:
More complex scripts require separate data sets, databases, and other things. Those must be placed in the NSE data directory. It works similarly to the script directory but is out of this post's scope. Most scripts that require this function will let you know. I just thought it would be beneficial to mention.
-# Custom scripts #
+# Custom scripts
It is straightforward to use and add custom scripts, that are either created by yourself or downloaded from the internet.
@@ -124,7 +124,7 @@ Add the `.nse` file to the script directory and run the following command to add
You should now be able to run the script with the name only.
-# Script categories #
+# Script categories
NSE categorizes its scripts, so you can run a bunch of them at once. The following categories are currently there:
diff --git a/items/2023-04-30_long_curl-reference-guide.md b/items/2023-04-30_long_curl-reference-guide.md
index 070d380..4460923 100644
--- a/items/2023-04-30_long_curl-reference-guide.md
+++ b/items/2023-04-30_long_curl-reference-guide.md
@@ -4,7 +4,7 @@ Curl is a powerful tool that is mainly used to transfer data. It has way more fu
Most of it should work on other operating systems too, but I'll use **Linux** as reference. I'll keep this page up-to-date and add more topics in the future.
-# General #
+# General
**Side note**: put the URL into single or double quotes if it contains special characters.
@@ -14,7 +14,7 @@ A quick example to get you public IP:
: `curl brrl.net/ip`
: `curl -L brrl.net/ip` # `-L` to get through the HTTP>HTTP if necessary
-#### Saving to disk #
+#### Saving to disk
You can redirect the content from stdout to another application, save it as a file or download the target file.
@@ -30,28 +30,28 @@ If you want to create a **new directory**, you can use `--create-dirs` like this
The **permission** used is 0750.
-#### Specific interface #
+#### Specific interface
You can use the `--interface` option to use one specific interface. You are free to use the interface name, the IP address, or the hostname.
-#### Specific DNS server #
+#### Specific DNS server
You can choose a specific DNS server with the following option. Multiple DNS servers can be chosen and must be separated by a comma.
`--dns-servers 9.9.9.9:53,149.112.112.112:53`
-#### Redirects #
+#### Redirects
If you want curl to follow redirects, simply use the `-L` flag.
-#### Import curl options and targets from the file #
+#### Import curl options and targets from the file
Some tasks require many options. To keep it organized, you can import those options from a file with the `-K` or `--config` and followed by the name of the file.
Example:
: `curl --config curl-options.txt https://example.com`
-#### Data tranfer limits #
+#### Data tranfer limits
You can set up- and download limits with `--limit-rate`. The default are bytes/second, and you can use `K`,`M`,`G`,`T` for Kilo-,Mega-,Giga- and Terabyte, respectively.
@@ -61,7 +61,7 @@ You can set up- and download limits with `--limit-rate`. The default are bytes/s
--limit-rate 10M
```
-#### Parallel function #
+#### Parallel function
To let curl transfer data parallel, you can use the `-Z` or `--parallel` and choose `--parallel-immediate` to start immediately.
@@ -80,11 +80,11 @@ Unreliable connections are a pain, and you can tell curl to retry and continue d
[Source from StackExchange](https://superuser.com/a/142480)
-# Wildcards / Multiple downloads #
+# Wildcards / Multiple downloads
**Side note**: make sure to put the full URL into single or double quotes if you work with wildcards and sequences.
-#### Sets #
+#### Sets
You can tell curl to transfer multiple files by putting the names into curly brac `{}`
@@ -124,7 +124,7 @@ kuser@pleasejustwork:~/temp/curl$ ls
file_1_3.txt file_1_4.txt file_2_3.txt file_2_4.txt
```
-#### Sequence #
+#### Sequence
Use `[]` for alphanumeric sequences:
: `curl -O 'http://example.com/picture-[1-51].img'`
@@ -138,7 +138,7 @@ Adding steps:
: `curl -O 'http://example.com/picture-[1-50:2].img'` # every second picture
-# Proxies #
+# Proxies
I am not too familiar with the proxy functions. I normally just use it to download things from Tor.
@@ -157,7 +157,7 @@ The usual syntax for proxies looks like this, according to the manual:
Another example of HTTP basic auth proxy:
: `curl --proxy-basic --proxy-user user:password -x http://proxy.example https://example.com`
-# Authentication #
+# Authentication
Example for basic authentication:
: `curl -u name:password --basic https://example.com`
diff --git a/items/2023-06-11_long_getting-started-with-tcpdump.md b/items/2023-06-11_long_getting-started-with-tcpdump.md
index 7aaccfb..19b52a2 100644
--- a/items/2023-06-11_long_getting-started-with-tcpdump.md
+++ b/items/2023-06-11_long_getting-started-with-tcpdump.md
@@ -2,7 +2,7 @@
In this blog post, I assume that `tcpdump` is already installed since the installation method can vary from system to system, and basic Linux and CLI skills already exist. I'll try to keep it as short as possible while providing all the necessary information.
-# General #
+# General
`tcpdump` is a CLI tool to capture network traffic to help you troubleshoot specific issues. I'll use a Linux system as a reference system.
@@ -13,7 +13,7 @@ You can get more help with the `-h` / `--help` or get the current version of `tc
The following sections show you how to filter the traffic and save your packet captures to disk. For more advanced filters, you can use logical operators to combine filters.
-# Limit the hosts or networks #
+# Limit the hosts or networks
There are many ways to filter the packets you want to capture, and we are going to start with the host and network filters. Here are some examples:
@@ -48,7 +48,7 @@ You can specify whether the IP should be the source or destination instead of bi
Use logical operators to filter for more than one host.
-#### Network filter #
+#### Network filter
If you want to traffic for a **specific network**, you can use the `net` option together with the **network address** and **CIDR notation**.
@@ -59,7 +59,7 @@ You could combine this option with `src` or `dst` to see only the incoming or ou
: `sudo tcpdump src net 10.10.10.0/24`
: `sudo tcpdump dst net 10.10.10.0/24`
-#### MAC address filter #
+#### MAC address filter
If you need to filter captures for a specific MAC address, you simply could use the previous filters with `ether`.
@@ -80,7 +80,7 @@ I've never used this option, but you can use a filter for incoming or outgoing t
: `sudo tcpdump -Q in` / `sudo tcpdump --direction=in` # all incoming traffic
: `sudo tcpdump -Q out` / `sudo tcpdump --direction=out` # all outgoing traffic
-# Port filters #
+# Port filters
Packet capture filter for a specific port:
: `sudo tcpdump port 53` # source or destination port
@@ -94,7 +94,7 @@ Use `portrange` instead if you want to filter a range of ports:
: `sudo tcpdump portrange 53` # source or destination port
: `src` and `dst` can be used too!
-# Protocol filters #
+# Protocol filters
The most common protocol filters are:
: `tcp`
@@ -104,7 +104,7 @@ The most common protocol filters are:
: `ip6`
: `arp`
-# Using a specific interface #
+# Using a specific interface
Choosing the proper interface is one of my most used options to keep the pcap file as small as possible. Most servers have multiple NICs, and many troubleshooting sessions require me to be connected to multiple networks. Choosing a single interface keeps things sorted.
@@ -133,7 +133,7 @@ To choose an interface for your packet capture, simply use `-i` / `--interface`
You could use `any` as an interface for all interfaces, which is the current default anyway.
-# Miscellaneous options #
+# Miscellaneous options
These are just some filters that are important to know.
@@ -160,7 +160,7 @@ net 10.10.20.0/24 and port 53
**Important:** Some options - like the choice of the interface - can not be put into this file, and the `tcpdump` user must be an owner or in the owner group of the file with the filters to get it working. Additional filters provided in the CLI will be ignored!
-# Logical operators #
+# Logical operators
As mentioned before, filters can be combined, and logical operators can be used for more advanced filter combinations.
@@ -176,7 +176,7 @@ A more complex `tcpdump` with more options could look like this:
**Side note:** You need to place the filters in quotes if you want to use parentheses.
-# Display options #
+# Display options
You've got various options to adjust the display of the captured packets in the terminal. This won't affect the raw packet capture that you would write to disk.
@@ -198,7 +198,7 @@ Various options for timestamps at the beginning of the line:
: `-ttttt` # delta between current and the first packet of this capture in microseconds per default > `00:00:04.013707`
-# Saving capture to a file on disk #
+# Saving capture to a file on disk
Before we start, `tcpdump` overwrites files and does not append existing files. There is no option to change that, to my knowledge.
@@ -250,7 +250,7 @@ total 3096
If you want to **limit the number of files**, you can create a **rotating buffer** with `-W NUMBER`. If the chosen number of files is reached, `tcpdump` starts to overwrite the first file again. It must be combined with the `-C` option.
-# Reading PCAPs #
+# Reading PCAPs
As mentioned before, `tcpdump` saves everything raw in binary in a file that is not human readable. You can read this file again, **make it human readable again**, and **apply new filters again**.
diff --git a/items/2023-06-16_long_create-tmux-layouts-using-bash-scripts.md b/items/2023-06-16_long_create-tmux-layouts-using-bash-scripts.md
index 7c200ca..4208d8e 100644
--- a/items/2023-06-16_long_create-tmux-layouts-using-bash-scripts.md
+++ b/items/2023-06-16_long_create-tmux-layouts-using-bash-scripts.md
@@ -39,7 +39,7 @@ The creation of the script involves a lot of trial and error. I hope I can provi
**Side note:** just in case, here is a link to the [tmux primer](https://ittavern.com/getting-started-with-tmux/).
-#### Session and window overview #
+#### Session and window overview
Get an overview of all tmux sessions, windows and panes by pressing the `Prefix` + `w` shortcut. This allows you to get a quick overview and move fastly within your tmux environment.
@@ -47,7 +47,7 @@ To get a quick overview of the panes of the current window, press `Prefix` + `q`
-#### Syntax of the tmux commands #
+#### Syntax of the tmux commands
Just to provide you with a quick explanation of the syntax of the following commands.
@@ -62,7 +62,7 @@ Run a command in a specific pane:
Just to give you an idea of how a simple command can look and what everything means.
-# The essential commands #
+# The essential commands
Create a new window:
: `tmux new-window -t $session_name:1`
@@ -76,7 +76,7 @@ Select a specific window:
Select a specific pane on the current window:
: `tmux select-pane -t 0`
-#### Spliting windows #
+#### Spliting windows
Split current pane horizontally:
: `tmux split-window -h -p 50 -t $session_name:0`
@@ -111,7 +111,7 @@ Split current pane vertically:
**Side note:** Since there is a lot of trial and error involved, you can kill a tmux session with `Prefix` + `:kill-session`.
-# Send keystrokes to pane #
+# Send keystrokes to pane
There are many things you could do with this one. Toy around and see what works for you. Changing directories, creating temp files, open specific files, running commands, starting scripts or programs, and so on.
@@ -121,7 +121,7 @@ Some examples:
: `tmux send-keys -t $session_name:2.2 'htop' C-m` *# start `htop` in the third window (starts with 0) and pane number 2*
-# Design / customization #
+# Design / customization
You can use color names like `red` or hex color codes like `#ff1900`
@@ -142,7 +142,7 @@ Set the background color of the currently active pane:
: `tmux set -g window-active-style "fg=white bg=black"`
-# Demo #
+# Demo
@@ -201,7 +201,7 @@ fi
tmux attach -t $session_name
```
-# Conclusion #
+# Conclusion
As I mentioned before, there are multiple ways to do it. From the config file to random plugins. I am still using it since it provides me with a lot of flexibility and per-project customizability. If you have any questions or tips, feel free to reach out.
diff --git a/items/2023-07-06_long_url-explained-the-fundamentals.md b/items/2023-07-06_long_url-explained-the-fundamentals.md
index 0ac9aed..1e3f931 100644
--- a/items/2023-07-06_long_url-explained-the-fundamentals.md
+++ b/items/2023-07-06_long_url-explained-the-fundamentals.md
@@ -2,7 +2,7 @@
In this post, I'll try to explain the syntax and use of an URL and the difference between URI, URL, URN, and URC.
-# URL explained #
+# URL explained
@@ -20,7 +20,7 @@ Noted that the 'authority' can have the following syntax:
More information follow in the following sections.
-## URI Scheme #
+## URI Scheme
Always required, but often hidden by the application, e.x. most commonly in browsers as `http` or `https` is the default and implied.
@@ -38,7 +38,7 @@ There is a large - but now retired - list of [Public registered and un-registere
As a side note, the double slashes were a choice of [Tim Berners-Lee, which he regrets since they have no other purpose](https://archive.nytimes.com/bits.blogs.nytimes.com/2009/10/12/the-webs-inventor-regrets-one-small-thing/?partner=rss&emc=rss).
-## UserInfo #
+## UserInfo
The UserInfo is optional, and often enough gets discarded by applications. Most browsers will ignore that information or warn you since it is a security risk.
@@ -46,7 +46,7 @@ An example where it is used normally:
`ssh://username@example.com:2222`
-## Host #
+## Host
This is the host section. It can be the **same system, a hostname, an IP, or a domain**.
@@ -55,7 +55,7 @@ Examples:
: `https://ittavern.com/url-explained-the-fundamentals/`
: `vnc://10.10.20.57:5900`
-#### Domains #
+#### Domains
Just a short digression into the world of domains.
@@ -84,11 +84,11 @@ The **list of all TLDs** can be found in the [docs of IANA](https://data.iana.or
There are two kinds of TLDs - **Generic top-level domain (gTLD)** like .com .info .net and **Country-code top-level domain (ccTLD)** like .nl .de .us and some **combinations** like .co.uk or .com.au.
-## Port #
+## Port
Many schemes have a default port number, allowing most programs to hide the port number to avoid confusion for their users. `http` has port 80, `https` has port 443, `ssh` has port 22, and so on. The same applies to the transport protocol, for example, `TCP` or `UDP`. They are required, but most applications hide them, if the default port is being used, e.x. browsers hide the `:443` and show `:10443` if the used protocol is `https`.
-## Path #
+## Path
The path is a hierarchical naming system of **subdirectories or subfolders and files**, goes from left to right and is required. Unlike domains, **the path is case-sensitive**!
@@ -99,7 +99,7 @@ Examples:
As a side note, the first example leads to an image, and in the second example, you might have noticed that the file is missing. The browser will open the `random-post` subfolder and the webserver is so configured that it provides the browser with a pre-definded file. Those files are Usually called index.html, but that can vary from setup to setup. That is also called 'Pretty URLs.'
-## Queries #
+## Queries
Carries optional parameters that can be used on the server or client site. Commonly use cases are referrer information, variables, option settings, and so on. The delimiters between parameters are `&` and `;`.
@@ -108,20 +108,20 @@ Examples:
: `https://youtu.be/dQw4w9WgXcQ?t=4` *# on Youtube, it tells the client where to start the video*
: `https://youtu.be/dQw4w9WgXcQ?list=PLi9drqP&t=9` # multiple parameters containing the playlist and timestamp
-## Fragments #
+## Fragments
Fragments are optional references for a specific location within a resource. For example, HTML anchors like this in HTML files.
`https://ittavern.com/url-explained-the-fundamentals/#fragments`
-#### Difference between Absolute and Relative URL #
+#### Difference between Absolute and Relative URL
Until now, every URL was an absolute URL. Relative URLs are often enough just the `Path` and require a reference or base URL to work.
Examples:
: `/de-DE/same-page-different-lang`
: `/img/logo.png`
-# Difference between URI and URL and URN and URC #
+# Difference between URI and URL and URN and URC
URI stands for Uniform Resource Identifier and is a unique string of characters to identify anything and is used by web technologies. URIs may be used to identify anything logical or physical, from places and names to concepts and information. [2]
@@ -134,7 +134,7 @@ The different subsets have different tasks: an URN identifies an item, an URL le
URL stands for Uniform Resource Locator and specifies where an identified resource is available and the mechanism for accessing it. Further details can be found above.
-#### URN #
+#### URN
Identifies a resource by a unique and persistent name without any location
@@ -150,7 +150,7 @@ Every URN should have the following structure:
: **NID** *# namespace identifier (letters, digits, dashes)*
: **NSS** *# namespace-specific string that identifies the resource (can contain ASCII codes, digits, punctuation marks and special characters)*
-#### URC #
+#### URC
URC stands for Uniform Resource Characteristic or Uniform Resource Citation. According to [Wikipedia](https://en.wikipedia.org/wiki/Uniform_Resource_Characteristic), the former is the currently used name.
@@ -162,7 +162,7 @@ That said, there was never a final standard produced, and URCs were never widely
---
-# References #
+# References
- https://cv.jeyrey.net/img?equivocal-urls
- https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/What_is_a_URL
diff --git a/items/2023-07-23_long_getting-started-with-netcat-on-linux.md b/items/2023-07-23_long_getting-started-with-netcat-on-linux.md
index 11e9c78..d7b9977 100644
--- a/items/2023-07-23_long_getting-started-with-netcat-on-linux.md
+++ b/items/2023-07-23_long_getting-started-with-netcat-on-linux.md
@@ -4,7 +4,7 @@ In this blog post, I'll focus on the basics of netcat. More advanced options and
Netcat is available on almost any Linux host and is easy to use. It is an excellent tool for troubleshooting network issues or gathering information and a great addition to any tool portfolio.
-# Basics of netcat #
+# Basics of netcat
Netcat and nc can be used interchangeably. I've decided to use `nc` for this blog post. On RHEL, it is often called ncat and part of the nmap packet.
@@ -32,7 +32,7 @@ Use UDP instead of TCP:
: `-u`
: *I don't focus on UDP in this post, but I might add more related content in the future*
-#### Interfaces & source port #
+#### Interfaces & source port
Sometimes it is necessary to specify an interface since hosts often enough have multiple. You can choose the source/interface IP on both sides with the `-s` flag and the source port on the client with the `-p` flag.
@@ -43,7 +43,7 @@ Example as a client:
: `10.20.10.7` *# IP of the server*
: `9999` *# destination port of the server*
-#### Destination Ports #
+#### Destination Ports
You can choose multiple destination ports for most Netcat functions on the client side.
@@ -62,7 +62,7 @@ Examples of service names:
Combination:
: `ssh 2222 10022-10080`
-# Simple port scan #
+# Simple port scan
There are better options like nmap, but it is often enough all you need.
@@ -88,7 +88,7 @@ nc -vz 10.20.10.8 20-23 2>&1 | grep succeeded
Connection to 10.20.10.8 22 port [tcp/ssh] succeeded!
```
-#### More information about the running service #
+#### More information about the running service
You can get more information about the running service with the following command:
@@ -119,7 +119,7 @@ Connection: close