Showing posts with label Wireshark. Show all posts
Showing posts with label Wireshark. Show all posts

Tuesday 1 March 2022

TLS 1.2 & Wireshark Refresher

Overview:  I have lost count of the number of TLS upgrades I have worked on.  The upgrades are easy as long as you understand the basics.  I always throw a test rig together to check settings, update settings and get the configuration and the ability to check the traffic.  

Understanding Server and Client Registry Settings for TLS

  • "Client" registry keys govern outbound protocol availability.
  • "Server" registry keys govern which protocols are available for inbound connections.

Check TLS 1.2. connections from a client to a SQL Server:

The client machine host a Console/C# Test Rig that is connecting to SQL Server that supports only TLS1.2.  Then on the client Windows registry settings you are interested in the TLS1.2/Client/Enabled setting as shown above.  

  • Below is a screen shot of a C# test rig, used to ensure the registry settings are correct (I restart the test rig after I make a change to the client/TLS registry settings.  Running the "Test Connection", tells me outbound traffic is using TLS1.2, the successful connection tells me that SQL Server is accepting TLS1.2 traffic.

If unsuccessful or you want proof: 
Wireshark - replicates the network traffic packets going thru the machines drivers/adapters.
  • Wireshark is a great tool, and can be used to verify the underlying traffic, in this scenario I have Wireshark on the client machine to capture and analyze the TLS traffic going to the SQL Server generated by the C# test rig.
  • Ensure you have the adapters you want to monitor selected, and I have added a  filter to only show traffic being sent to the SQL Server using the IP address.  "hosts 10.1.x,25"

Capture the traffic, you'll see the connection being setup in the packet transfer.  The protocol will show TLSv1.2 in Wireshark.

TLS1.2 traffic

TLS1.0 Outbound Traffic

Use Netsh or Pktmon to capture local adapter traffic, then load the logs in Wireshark.  c:> netsh trace start capture=yes from the admin run cmd prompt to capture packets.   Packet Monitor (Pktmon) is also an option.

tcpdump is a good tool also. 

More Info:

https://social.technet.microsoft.com/wiki/contents/articles/41703.sql-server-securing-network-communications.aspx

Monday 24 December 2012

Digital Signatures and Install Software gotcha

Problem: In automating SQL Server and SharePoint images, the actual installation is taking a long time on my managed environment whereas my developer laptop is fast.  All installations are done without Internet access (offline).

I have a dev environment build on my laptop that runs SSD and I run 3 VM using VMware workstation 9 (all use Windows 2008 R2 SP1).  I create an 1) AD with 1GB or RAM and 1 CPU 2) SQL 20012 with 10GB RAM and 4 CPU's 3) SP2010 CU Aug 2012 10GB 4 CPU's.  All the installation is automated using slip streamed images.

So for simplicity on the CI environment I will explain a simplified comparable setup. I have 3 machines with the same roles however the SQL 2012 and SP2010 install take considerably longer.  The CI environment is on ESX (Cisco blades & chassis, and Violin (SSD) storage.  The CPU/compute is connected to the storage via SAS/Fibre channel made no difference either).  I have summarised the results below:

                                                                 SQL2012 (duration)      SP2010 (duration)
Laptop(VMworkstation Workstation)           15 min                              16 min
CI (ESX)                                                        22 min                              92 min 

Finding: My hardcore/good ESX infrastructure is taking 9 minutes longer to install SQL Server 2012 on beter hardware and an amazing 70 minutes longer to install SP2010.

Update 21 Feb 2013: Don't use PowerShell 3 with AutoSPInstaller (including using the version switch i.e. -version 2), it doesn't work and even changing AutoSPInstallers internal web call fail.  It can be made to work with the version 2 switch but it isn't worth the effort.

Initial Hypothesis:
After many many hours between service providers managing the infrastructure, it was not hardware or ESX configuration/setup.  However if the network card on the VM is disabled, the performance change improves to:

                                                          SQL2012 (duration)            SP2010 (duration)
CI (ESX)                                                     13 min                       5 min and 5 seconds

Pretty hefty improvement.  Using netstat is looks like there are requests to the Internet.  After adding Wireshark to monitor all traffic.  I can see requests being sent to crl.mirosoft.com (certificate revocation lists) and ctldl.windowsupdate.com

Issue shown in Wireshark
Issue Shown in Fiddler
This is the 1st time I have seen this issue in a clients production environment.  If the WFEs/SP servers have internet access (less preferable) or the servers don't have access the install work in a timely fashion.  The symtoms of the issue are when the WFE's/SP Servers don't have internet access but think they do.  All the binaries are digitally signed and the install will try validate the signatures despite this being an offline install.

I confirmed the problem being how the networking is setup.  My issue shows up on the VM NIC adapter, Originally the IPv4 Connectivity has a status of "No Internet Access", once I ping google I get a reply and the status changes to "Internet".  I can ping google but not browse to it.


Resolution:  The problem is that executable code is digitally signed.  This is good, all code should be digitally signed so it can be authenticated.  However in this situation a lot of requests are being sent out from the VM as the install tries to verify all the SharePoint complied code.  The install on the local VM acts as if there is an Internet connection (which there is not).

It takes unique networking to get into this issue and SP/any digitally signed code will check the digital certs.

There are a few fixes such as:
1.> Allowing the servers to get out to the Internet, so open the firewall or set a proxy on the local VM.
2.> Add host entries to the cert fails immediately but will continue installing (This is not working for me).
3.> Make the following registry change:
set-ItemProperty -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" -name State -value 146944
set-ItemProperty -path "REGISTRY::\HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" -name State -value 146944
get-ChildItem REGISTRY::HKEY_USERS | foreach-object {set-ItemProperty -ErrorAction silentlycontinue -path ($_.Name + "\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing") -name State -value 146944}


More Information:

Certificates for installing sofware is cause slow install:
http://joelblogs.co.uk/2011/09/20/certificate-revocation-list-check-and-sharepoint-2010-without-an-internet-connection/

http://ddkonline.blogspot.co.uk/2010/05/fix-sharepoint-very-slow-to-start-after.html

If you want to verify if a machine is having problems with a poarticlar process Process Explorer (Usefule if a machine has high memory, CPU or IO issues)

Tuesday 8 June 2010

Developer SharePoint Machine Prep

BgInfo - Automatically display local computer information on the desktop's background, such as the computer name, IP address, ect
Disable ShutDown Event Tracker - Stop the comment box on Shut down of your developer machine.
CKS - Community Kit for SharePoint: Development Tools Edition by Matt Smith and others. Invaluable if not just for deployment of code.
.NET reflector - Explore compiled .NET assemblies
SharePoint Dispose Checker Tool
SharePoint Manger
U2U - CAML builder tool - Still a great tool and works with SP2010
WireShark
SharePoint Designer (SPD) 2010
Visual Studio 2010 (Professional version is the lowest edition but any version will work)
FireFox with Firebug (like the IE developer toolbar, good developer tools e.g. css), collazilla (colour picker for firefox), Firequery (jQuery addin), FiddlerHook (integrate Fiddler) & YSlow (Page performance and optimisation)
Fiddler
IE Developer Toolbar part of IE 8
Update 29/08/2010 - Visual Studio 2010 SharePoint Power Tools - Useful if you are using Sandboxes, adds 2 functions: Sandbox visual web parts & Sandboxed compilation.  Also note CKS has remove there sandboxed template in version CKSDev 1.1 release 1 August 2010.  Update 23/06/2012 - CKSDev is at version 2.4
Accessibility: http://www.cynthiasays.com/ &
Update 20/09/2010 - Also add Visual Studio 2010 Sharepoint Power Tools, it has sandboxed solutions and sandboxed visual web parts has been removed from the CKSDev project, so also get the latest CKSdev code.
Update 20/09/2010 - SPTraceView on codeplex is worth installing.
Update 26/11/2010 - Enable wifi on Windows 2008 R2
Update 24/06/2011 - Smtp4Dev is a useful codeplex project for collecting email sent from the dev machine.
Update 24/06/2011 - Office 2010 Plus has all the office applications and includes InfoPath.
Update 24/06/2011 - Visual Studio 2010 SP1 was realease in May 2011 and should be installed.
Update 24/06/2011 - Unit Testing nUnit, TestDrive.NET & TypeMoch or Rhino Mochs.
Add VS cmd prompt to VS using External Tools:  %comspec% /k ""C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"" x86
Update 08/01/2013 - Create Shortcuts on the desktop using Powershell (14 hive folder and  hosts.exe) download
Update 09/01/2013 - Ps to add hosts entries.
Update 13/02/2014 - Process Explorer (Usefule if a machine has high memory, CPU or IO issues)
SoapUI if you are working with web Services.