CB-BITS (Central Bucks Business Information Technology Services, LLC)

March 14 2011 by jmcdonald in Other stuff |No Comments

I’ve decided that it’s time to start a new company.   This company will focus primarily on providing quality Information Services to businesses of all sizes.  CB BITS (Central Bucks Business Information Technology Services, LLC) will be a premier IT services provider with a focus on reselling services rather then just physical products.

By providing services and consultants to companies that can’t afford an on site staff to handle their IT needs it will be the go to company to aid in implementing and maintaining the IT infrastructure of any company.  We will partner with other companies to provide on-site support for solutions implementations and consultation.

We will focus on the latest in office technologies and solutions from main stream providers such as Cisco, F5, Microsoft.  But will look to develop  solutions using the latest in open source and public domain where and when ever possible.

So look for the new web site and a new company to arrive on the scene. www.cb-bits.com

 

F5 Regional User Group Meetings

March 11 2011 by jmcdonald in Network Hardware, Uncategorized |No Comments

Just wanted to write a quick note about a great new group that F5 Networks is forming for regional centers to help support its user base.  Its an old fashion style user group,  born out of the devcentral user forums.  Its a great way to meet your peers and trade ideas and issues you may be having with your particular implementation.

Alot of good information was exchanged at the first ever meeting for the Philadelphia Region, including some details on current products and they best was to consider using them.

 

So if you are already a member of devcentral.f5.com then be sure to join your areas particular meeting.  Else you should check it out!  It’s worth while.

 

 

 

Comments are back.

March 11 2011 by admin in Other stuff |Comments Off

Comments should be back online.

Quick Note

October 19 2010 by admin in Other stuff |Comments Off

Just a quick note, comments are offline.  It would seem something in Captcha broke with the latest update.  Until I find the root cause it will remain off line.

Sorry.

Lets talk about SSL

October 18 2010 by jmcdonald in Other stuff, Uncategorized |No Comments

One of the most difficult things to analyze is traffic that’s been encrypted.  Some might say, well duh, that’s the idea isn’t it?  We want it to be difficult for someone to peak into what we are doing on the web.  Especially if its our private banking, financial type stuff, right?

Well, for those of us that are tasked with troubleshooting an applications performance over the wire, it adds an extra layer of difficulty to the mix, we not only need to figure out what that applications is doing to run so slow over a network, we now need to decrypt it before we can see the really important parts of the conversation, the packets payload and any encrypted header packets.

Fortunately there are ways to do it; you just need the right tools and the right pieces of the puzzle.

In this article I don’t plan to cover every last detail for decrypting and analyzing network traffic.  I will just providing the basics and a high level overview of what is needed to get started.  Later on I will write a detailed article on some of the finer points of analysis.  But for discussions on cracking codes and decoding network traffic, you will need to go elsewhere.

So let’s get started with the right tools, what is it you need?  First off you need a tool to capture and store the packets or frames to disk so that you can review them.  Generally speaking this is called a sniffer.  There are several utilities out there that can capture packets and save them off.  In the *nix world you have TCPDump, generally installed with just about every distro’ out there.  It allows you to capture data on a host machine that is involved in the conversation you are looking to analyze.  In the windows world, it gets a little more complex.  You have Microsoft’s own network monitor software or NetMon that can do both packet capture as well as some basic analysis.  There’s also Windows ports of TCPDump one of the better ones called WinDump, it requires the installation of WINPCAP to function.  These are all examples of free and open source software that can be used, but If you are lucky enough to have licensing to use it, OPNET has a capture agent that can be accessed remotely from any PC.  This has the advantage of not needing direct access to the host machine to capture the packets you need for analysis.

Next you will need a packet analyzer; several come to mind, with the best known and most versatile being Wireshark.  Wireshark has been around for years, it was previously known too much of us as Ethereal, but changed names about 5 years ago.  The best thing about Wireshark is its FREE!  Yes there are others out there that do all kinds of neat stuff, such as OPNET’s IT Guru suite and its ACE (Application Characterization Engine) or Wild Packets EtherPEAK.  But both carrier hefty price tags and are generally only for those of us that work in the corporate world in IT departments with deep pockets.

So now we have the basic tools needed, now what?  Well now we need some help from the server group;  you will now need to beg your servers admin to export the Private keys from the host servers who’s traffic you need to analyze.  Without that you are pretty much up a creek without a paddle, unless you happen to have a Cray super computer in your back pocket.  To export the keys from a *nix machine is pretty simple, generally they will just need to find a file with the .key or .pem extension defined in their web server/ application servers configuration, tar it up and ship it off to you.  For windows systems of course it’s a little more tricky, to export from a windows system they can follow the directions in this Microsoft KB article – http://support.microsoft.com/kb/232136 .

Once you have these files in hand, you will need to convert them to PEM format using OpenSSL.  While this might sound difficult its not really to bad, you will need to get yourself a copy of OpenSSL for windows, if you are working on a windows machine, or simply use the OpenSSL installed in most *nix distro’s.  Then from a command prompt –

Openssl pkcs12 –in filename.pfs –nocerts –out key.pem

If it completes successfully you are done, if you needed to enter a password then you will need to do it with the –nodes flag.  This will remove the password.  Not very secure I know, but otherwise it’s a pain to use the key in most analysis tools, including Wireshark.

Now you need to configure your tool to use the private key, for Wireshark, go into the preferences -> protocols -> SSL.  Give Wireshark the details of where the file is and when to use it.

So you would do something like this:

Ip,        port,    protocol,         Directory of the file
0.0.0.0, 443,     http,                C:\{directory}\{filename}.pem

So now you have the tools, now you need to actually capture some packets, well, its not as easy as you might think.  To get any of the analysis tools to decode the packets for you, you will need to get the very 1st part of the entire encrypted conversation.  This means you will need to get the encrypted handshake.  The handshake is a multi-step process that involves exchanging public keys and agreeing on ciphers.  If you are lucky to capture that traffic, the tools should do the rest of the work.

So that’s the basics.  Now we just need to figure out what its doing to make it run so slow.   ;-)

What to expect from this site

June 17 2010 by jmcdonald in Application performance, Network Hardware, Other stuff, Performance Tuning, Server Hardware, WAN Optimization |No Comments

I’m sure if you found my site you are asking your self, why are you doing this?  Why does anyone build a blog?  Why else but to express them selves and their thoughts.  To share with the rest of the community the knowledge they have gained, whether it was through training or experimentation.  So with this site I plan to share my knowledge as a network engineering professional.  I will discuss how to optimize traffic across a network.  What technologies seem to work the best and which ones not so well.

I will share scripts that I write and find that are in the public domain.  Software packages and source code that have worked well for me.  How to best use these tools in troubleshooting and analyzing an application or networks performance.

I will also discuss issues that effect IT consultants in general from current political trends to employment trends.  But I will try to keep from getting to political myself and just discuss the facts.  Hopefully being more fair minded then some have been in the past.

A new site and a new start

June 10 2010 by jmcdonald in Other stuff |Comments Off

Well, I have a new site to start of a new beginning.

First perhaps an introduction is in order, my name is James McDonald.  By profession I am a network engineer, but at heart I am admittedly just a geek.  I love all things electronic and absolutely love all things futuristic.  From the latest in eco-friendly energy sources to the latest and greatest in home entertainment and automation.  I’ve built my own solar powered shed that provides my work shop with 1kw of  free electricity and have remolded  part of my house with my own home theater.

I’ve been working, ok playing, with computers and network hardware since the mid 1980′s.  After college I continued working with main frames and DEC net hardware while working for the County of Bucks in both the IT department as well as the emergency dispatch center.   During that time I grew my skills by doing part time consulting work and continued learning as much as I could as fast as I could gaining knowledge in both Microsoft products and Cisco network hardware.

After working for the county for the better part of the 1990′s I moved on to a banking software company called Sanchez Computer associates.  Working with the folks at SCA I was able to continue growing my skills and knowledge.  When SCA was bought in the later part of 2004 I became a consultant full time working for such companies as Radian Group, US Allianze, Merrill Lynch Investment Manager, Wyeth Pharmaceuticals and Glaxo Smith Kline.

Over the past 15+ years I have developed skills in packet analysis, network analysis, design, architecture & optimization.  In the field of Server management and systems integration, I’ve learned a great deal about both Microsoft Windows as well as various flavors of Linux, Unix and a little VMS.  WAN technologies such frame relay, ATM circuits, MPLS, DWDM and the routing protocols that run on them.

I could go on about myself and my skills.  But hopefully that gives anyone that cares a good flavor of where I’ve been as for where I’m going.  I will continue to grow and learn.