NetDetective – TCPDump and NMAP plugin for LabTech

netdetective-logo

 

Net Detective is a plugin for LabTech that brings the power of TCPDump and NMAP to the LabTech console. You can use this tool to capture network packets traveling around the remote network or scan addresses and address ranges for open ports and network connectivity.

Become a Net Detective!

packetcapture

 

 

nmap

 

Version 1.0.2 available

download

 

 

 

 

 

 

 

Enjoy

 

Cubert

 

LabTech – Agent Status Plugin provides client level view of deployed agents

 

gear-logo-100

 

 

View Agents Differently

Sometimes bringing the horse to water is not enough as I was finding with some of the techs and engineers that I work with. We were once a Kaseya house and now that we were 2 years into LabTech; why was it they still seemed to want to go to several basic tools in Kaseya to get the same data that was available in LabTech? Interviewing on of my engineers I was given a simple reason and that was “he liked the view..” Well if that is all you need is a logical view of the data in a simple and easy place to find it then we can replicate that in LabTech.

In steps Agent Status

Agent Status tries to replicate the Agent -> Status view on the Kaseya RMM tool in LabTech in a simple and logical manor. We have placed a tab on the Client Console that provides a complete view of all systems and quick access to mass amounts of common data about the agents you have deployed for that client.

mainview-line

 

 

New in version 1.0.2

Added refresh button
Added Extend View which includes AV Scanner, Def dates, Hardware Name, Memory, Open Ports and last windows updates
Redesigned screen to expand to windows size

 

New in Version 1.0.4

Added Export to Excel button
Added control (Double Click) to open LT computer console
Added integrated function script so no more importing of scripts

 

New in Version 1.0.5

Fixed Automated data probe, now runs 3 times a day
Fixed table layout re sizing cells
Updated Interfaces.dll
Fixed launcher for computer console so a double click anywhere will launch.

 

Version 1.0.9

download

LabTech – Map Drives plugin shows you mappings by client.


logo-1
Ever wished you just could see everyone’s mapped drives at one time so you could see who had what mappings and where they went? Me too. Well now in LabTech there is a plugin for that! Squidworks has created a new plugin that fetches all the mapped drives for all systems under a given client and displays them in a nice list that has sort-able columns.

 

updated-1

 

What is a Drive Map Plugin if it can’t map drives?

Capture

Map both drive letters to network shares or Printer ports to Network printers with this simple tool. Right click on a listed system in the Map Drives plugin and select the menu option to Map a Drive.

 

#New in version 1.0.2

We now added the ability to export the mappings to an Excel spreadsheet.

#New in version 1.0.3

Improved the export the mappings to an Excel spreadsheet.
Made it LabTech 10.5 functional
Added new console menu
Added location column
Added online status

#New in version 1.0.4

We now added the ability to map drives to systems listed in Map Drives List

MapDrives Plugin Version 1.0.4  zip file

download

 

 

 

 

 

Buffer Bloat, a minis to the TCP protocol

Today I would like to take a minute of your time and talk about Bandwidth usage and a little known  phenomenon called Buffer Bloat.

 

What is Buffer bloat and what does it effect?

 

Buffer bloat is the product whereby excess buffering of packets inside the network causes high latency and jitter, as well as reducing the overall network throughput. Buffer bloat occurs when a network link becomes congested, causing packets to become queued in the buffer of a router or switch. As traffic passes from one router to another this buffering can become amplified. Amplification of Buffer bloat happens as each router segment buffers the netflows, the more router segments between the endpoints the larger the bloat can grow. The problem is caused mainly by router and switch manufacturers making incorrect assumptions and buffering packets for too long in cases where they should be dropped. Dropping packets is not always a bad thing. TCP is built so that when packets are dropped the protocol slows the transmission down. Transmission speeds up and slows down until it finds an equilibrium equal to the speed of the link. However, for this to work the packet drops must occur in a timely manner and buffering packets negates this process.

 

In a network buffer (router memory), packets are queued before being transmitted and in the problematic situation packets are only dropped if the buffer is full. With the advent of cheap RAM router manufactures have been adding more and more RAM to their systems allowing for larger and larger buffers. On older routers, buffers were fairly small so they filled quickly and therefore packets began to drop shortly after the link became saturated, the TCP protocol could adjust, and the issue wouldn’t become apparent. On newer routers buffers have become large enough to hold several megabytes of data, which translates to 10 seconds or more at a 1 Mbit/s line rate.

 

The problem is not limited to just TCP, these problems also affects other protocols. All packets passing through a simple buffer implemented as a single queue will experience the same delay, so the latency of any connection that passes through a filled buffer will be affected, this includes protocols like ICMP and UDP.  If you have read this please send me a email back, I would like to see how many of us out there read this far.

 

Want to learn more about Buffer bloat and how it effect endpoints and company networks? Please visit this article on Buffer bloat at http://gettys.wordpress.com/2010/12/03/introducing-the-criminal-mastermind-bufferbloat/

 

 

2 Common Issues With Microsoft Terminal Services

Many WAN connections can vary in quality and latency, and often times these two characteristics will manifest themselves in disconnected terminal services sessions. By doing two relatively easy registry hacks, you can reduce these disconnects and improve the overall experience of your users.

 

Keep Alives:

In the registry at HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server, create or edit the DWORD value of KeepAliveEnable and set it to 1. This will turn Keep Alives on. This will serve to stabilize the connection by sending ‘heartbeat’ packets to the client every so often. This will cause an idle connection to be probed every so often just to be sure that the connection is still alive and that the client is still listening on the other side. This will also help prevent disconnects by preventing network devices from killing off sockets that it assumes to be idle.  By turning on Keep Alives, the connection will not appear idle, and therefore the network device will not attempt to terminate the socket.

Two other registry entries to look at are at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveInterval and HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime.  KeepAliveInterval determines the interval separating keep alive retransmissions until a response is received. If a response is received, the delay until the next keep alive transmission is again controlled by the value of KeepAliveTime. KeepAliveTime controls how often TCP attempts to verify that an idle connection is still intact by sending a keep alive packet. If the remote system is still reachable and functioning, it will acknowledge the keep alive transmission.

 

TcpMaxDataRetransmissions:

In the registry at HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, create or edit the DWORD value of TcpMaxDataRetransmissions. By default it is set to 5, but I would recommend doubling that value, to 10.  The value of TcpMaxDataRetransmissions is the number of times TCP retransmits an unacknowledged data segment on an existing connection. TCP retransmits data segments until they are acknowledged or until this value expires.

 

Enjoy..

[Solved] – Network Location in no longer available or Error 59 on Windows XP system

You may have gotten a pop up on Windows that says your network resource is no longer available after a password change or password expired notice and while using Network Neighborhood. During troubleshooting you find that others can access share, the server is pingable but you can not access any share on system and it feels like XP thinks the server is not there.

I have found that this was caused by Windows Credentials being stored in the system and that the credentials  were not correct.    This issue happens in both Windows 7 and XP.

In order to fix something like this you will need to go into the Windows Credential Manager and remove the stored password.

 

To do this:

 

Windows 7: Control Panel – Windows Credential Manager

Windows XP – User Accounts – Username – Stored Network Passwords (Top left link)

 

 

Once removed retry to access share, you should now see share respond and pop up a user password windows. Place in the correct credentials and you’re in.

 

 

I hope this helps someone out there..

 

Cubert  😎

WiFi Pineapple? More like a WiFi Grenade!

WiFi Pineapple discovery!

 

I came across this little jewel at a Kaseya  Connect conference in Vegas in 2012, as a victim of this little  bastard with my IPad ID up on display for all to see at the conference. I was intrigued . Yes Cubert logged on to a Kaseya Conference Free Wifi the day before and the IPad remembered the network and along comes this security guru guy, plays a little trick on the unsuspecting convention goers by dropping a Jasager WiFi Pineapple “Grenade” (Pineapple + Karma + DNS Spoof + SSLStrip + URL Snarf)  in the middle of the conference main gallery. So there I am checking my mail and Ebay’ing for a newly used Harley RoadKing when it got really slow and the  connection, all of a sudden seemed  like the wifi signal started to suck. I poped open the available networks and found that I was connecting to the Kaseya SID but right beside it was the real SID the guru was using to acces his WiFi Pineapple but the Pineapple would answer for any SID you had ever connected to.

 Cubert – “I’ve coined the phrase Pineapple Grenade, You take this this little bastard and lob it into the middle of a pubic room like a grenade and the results can be deadly! Facebook will never be the same.” 

Holy Shit!!

 

Next thing I know I am one of many Vegas conference junkies that was on display for all to see. I will tell you I was bummed… I consider myself a…  well an above average computer guy. Linux is an old friend, and I have worked  on the platform for almost 2 decades. I remember building for fun over a weekend LFS (Linux from Scratch) when it was in it 1.0 series several times because my programming buddy at college kept formatting my build drive .  The makeup of the Pineapple Mark IV is not foreign  to me at all, I was so intrigued that I looked up Hak5 and ordered one as soon as I got home from the conference as many I bet did.. $89.00 dollars plus shipping of $6.00 for a total of $92 dollars gets me a nice prebuilt compact wireless linux box with tools to play man in the middle to any public wireless service any where? What a Deal!

 

Delivery Day!

 

So I crack open my package I received from Hak5 and there it was, my very own WiFiPineapple. Well I could not wait to jump in and start playing with all the neat things this little bastard could do. I read over the little pamphlet that came with it. It gave you the basic low down on what this this WIFi Pineapple does and a very simple explanation of how it works. That is pretty good, as a basic Windows Geek will have issues understanding a lot of the routing and backend modifications this basic OpenWRT linux wireless unit will require to make use of the product. With a nice little interface and several tools, the expectations that you have the knowledge to take it to the next level is required.

 

Warning, Be Smart!

 

So feel safe some what in he fact that not every kid with a PC has one but “before warned” it is out there and you will need to be mindful that there is no wireless AP that is safe or secure as a  connection to the Internet. Never do any banking or other secure service over a free WiFi!! You have been warned! SSL is not secure and is meaningless to a device like this. They will own you if you are not paying attention.  Be smart people!

 

For more information on the WIFI Pineapple Mark IV goto WiFi PineApple

 

I will be writing up my experiences and sharing the knowledge on how this works and what it can do so watch for my posts on the WiFi Pineapple Mark IV.

 

Until then,

Hola

Cubert  8-).

 

[Solved] Appassure Replay snapshots or base image fails to copy from Agent to Core on or after new installs

So you may have a Windows 2003 server or servers that after installing the agents, configuring permissions and setting system to Protect on your core keeps failing to grab the first snapshot from your system.

This is quite common in Windows 2003 but may see it in 2008 as well. The issue is that the Winsock is messed up. Download and run LSPFix.exe on the client system and restart the agent services afterwards. Then go back to the core and select to force new snapshot to start the download. You should see the system start the download with in 5 minutes and no more errors in events.

 I am using Replay version 4.7.2 at the time of this post

Error that may show up when fix is needed:

Logger: tevolib.txtrack
Context: PG=VolsWithInterval60Minutes Volume=\\?\Volume{741d2f02-3eb0-11dd-8e1a-806e6f6e6963}\ DriveLetter=C:
Source Location: TransmissionTracking.cpp:115
Details:
Transmission of volume ‘C:’ started when another transmission of that volume is already in progress

Logger: tevoSource.snapshotHandler
Context: PG=VolsWithInterval60Minutes Volume=\\?\Volume{741d2f02-3eb0-11dd-8e1a-806e6f6e6963}\ DriveLetter=C:
Source Location: SnapshotHandler.cpp:992
Details:
Transfer failed on volume: C: Epoch: 204 Target: CNSCOLO-BDR Port: 8001 – Unspecified error

Logger: exceptions.seh
Context: PG=VolsWithInterval60Minutes
Source Location: exceptions\SehHandler.cpp:151
Details:
Encountered a serious error EXCEPTION_ACCESS_VIOLATION.  Exception dump logged to C:\Documents and Settings\cns\Application Data\AppAssure\ErrorDump-TevoSource.exe-2012-02-28-11-43-41-0625-41.dmp.bz2

 

Enjoy

Cubert 😎

[Solved]-Windows Easy Transfer Won’t Connect Between Systems Across The Network

How to get your Windows Easy Transfer to work over the Network.

This is a very common issue, I seem to hit the never ending “Trying to Connect” cycle of death on just about every other time I use Windows Easy Transfer. It doesn’t matter if your doing a transfer from XP to 7 or from 7 to 7, I’ve seen it time and time again.

I foung the Quick fix that works everytime I’ve used it.

The Guys over at LSP-Fix have a simple little program that fixes winsock issues.

LSP-Fix is a free Windows utility to repair a loss of Internet access associated with certain types of software. This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to and from the Internet. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, causing the Internet connection to become inaccessible or just a wee bit unstable. 

Download LSP-Fix here.

I know it doesn’t seem plausible that your winsock is messed up but take it from me, New Laptops out of the box can and will have issues. Download and run the tool and it will corrected the issues and your copy will start working.

LSP-Fix does not delete anything, it only fixes the order of the LSP’s. It does not require a reboot after you run the tool, just run the tool, select fix and then restart your Windows Easy Transfer process. I would suggest that you run it on both the sending and receiving systems, I find that they all seem to need  reording.

I hope this helps someon out there.

Cubert

Howto : Remove Windows Server 2008 / Windows 7 multiple default gateways with the first being 0.0.0.0

Windows has 2 default gateways set and the first is 0.0.0.0 which is causing network failures

You may have installed a new Windows 2008 server or Windows 7 workstation with a static IP address but networing outside your localnet fails. After you investigate you find by running “ipconfig” that there is 2 default routes listed. You see first 0.0.0.0 and then you see your real default router IP address below the 0.0.0.0 address.

This is preventing you from accessing the Internet as it believes the first route to the internet is your local IP address and it goes nowhere. You need to get the first route out but if you use “route delete” on the next reboot it will right back and you will be left without Internet access so what do you do?

You need to edit the registery and remove the entry listed in the default route key. To do this go to:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\your interface #\DefaultGateway

You will most likely find if you edit this key 2 IP addresses listed and the one you want being listed as the second IP in the list. Just remove all IP addresses but the real gateway address.

Close and reboot then try to ping out and it should now work.

Enjoy.

Cubert