Categories
CheckPoint

Checkpoint: Configure Wireshark for “fw monitor” Analysis

This article guides you through setting up the Wireshark packet analyser to interpret captures as a Checkpoint FW-1 capture. This will only have an effect on captures taken using “fw monitor”, all other captures will read as normal.

1. Edit -> Preferences -> Protocols -> Ethernet -> Check “Attempt to interpret as Firewall-1 monitor file”:

 

2. Edit -> Preferences -> User Interface -> Columns -> click “New” to add a new column – give it a title of FW Monitor and choose FW-1 monitor if/direction as the format:

You should now have an extra column when you open a capture file – if you open an fw monitor capture file you will see  4 entries for each packet tracked as they go in one interface and out of another.

The ethernet interfaces e.g. eth0, eth1 etc etc are marked with either i, I, o or O.

i = pre-incoming ……….. I = post-incoming

o = pre-outgoing ……….. O = post outgoing

So ..

1          i    eth0                                  <- pre-IN: this is the packet as it arrives at the interface

2               eth0    I                            <- post-IN: this is the packet leaving the interface, now in the CheckPoint kernel

3         o    eth1                                  <- pre-OUT: this is the packet having left the kernel and arriving at the egress interface

4                eth1    O                           <- post-OUT: this is the packet leaving the interface

This is dead handy for loads of troubleshooting situations, an ovious one is NAT being applied, e.g.:

A packet from internal IP 10.1.1.1 headed for a destination on the internet 4.2.2.1 through a firewall with an external IP of 81.82.83.84 would look something like:

SRC                   DST                       FW1

10.1.1.1                4.2.2.1                i   eth0

10.1.1.1                4.2.2.1                eth0    I

10.1.1.1                4.2.2.1                o   eth1

81.82.83.84       4.2.2.1                eth1    O          <- NAT has been applied and the source IP is now the firewall’s external IP

Categories
Linux

Linux: TwonkyMedia Server Licensing Problem Workaround

The system I use at home consists basically of my shuttle server sitting in the cupboard streaming to my XBox360 so that I get HD and upscaling. I’ve tried a few different UPnP media streaming apps and while I’m sure a lot of them are great, I just didn’t have the time to fiddle about constantly and the one which worked out of the box first was the TwonkyMedia trial so I was sold on the convenience.

The problems began after the trial had run out and I purchased the product – the license key didn’t seem to want to play ball. The result of this was a back-and-forth with support while the whole time there were no films or TV to be had so a workaround was needed.

After doing a little research, I found a file in the /bin directory called “.tv5”  and checked the content:

root@merlin:~# find / -name .tv*
/bin/.tv5
root@merlin:~# cat /bin/.tv5
upnp av.xml

Strangely enough, it was created on the very date I installed the trial! And indeed, stopping the twonkymedia daemon, removing this file and restarting the daemon allowed me to carry on in trial mode whilst the licensing was sorted with support. And very helpful they were too >:)

root@merlin:~# ps aux | grep -i twonky
root       957  0.0  0.0   1884   268 ?        S<   Sep01   0:00 /usr/local/twonky/twonkymedia
root       958  0.1  0.3   8068  2432 ?        S<l  Sep01  38:32 /usr/local/twonky/twonkymediaserver
root      3410  0.0  0.1   3340   884 pts/2    S<+  20:38   0:00 grep -i twonky
root@merlin:~# kill 958
root@merlin:~# rm /bin/.tv5
root@merlin:~# /usr/local/twonky/twonkymedia
twonkymedia        twonkymediaserver  twonkymedia.sh
root@merlin:~# /usr/local/twonky/twonkymedia
TwonkyMedia Version 5.0.61
using logfile /tmp/TwonkyMediaServer-log.txt

Categories
Windows

Windows: Controls on this property sheet are disabled because one or more other Network property sheets are already open ..

This article details how to fix the seemingly eternal windows error from XP onwards: “Controls on this property sheet are disabled because one or more other network property sheets are already open ..”

Scenario: You boot your PC and want to change your IP / DNS / other network setting and you get:

“The controls on this property sheet are disabled
because one or more other Network property sheets
are already open. To use thse controls, close all
these property sheets and then reopen this one.”

Except you don’t have other property sheets open. Reboot, no joy.

To be honest, I don’t know how this happened, the only change I think I made was to re-enable the bluetooth service on my laptop but who knows, maybe there was an auto-update.

Anyways, checking through my startup programs using startup.cpl by Mike Lin (a great utility) I found the following:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]   “NCInstallQueue”=”rundll32 netman.dll,ProcessQueue”

Delete the string value or untick it if you’re using the utility, reboot and you are now the master of your own network settings again.

Hope this helps!