The Lazy Networker

Blog

  • EVE-NG Installation on VMware Workstation

    Installing EVE-NG on VMware Workstation involves several steps. Here’s a step-by-step guide:

    Prerequisites

    1. VMware Workstation Pro or VMware Workstation Player installed.
    2. EVE-NG ISO or OVA downloaded from EVE-NG website.
    3. Adequate System Requirements:
      • At least 4 CPU cores (8+ recommended).
      • 16GB RAM (More for large labs).
      • 100GB+ SSD storage.
      • Intel VT-x/EPT or AMD-V/RVI enabled in BIOS.
      • VMware installed with nested virtualization support enabled.

    Method 1: Install EVE-NG using OVA (Recommended)

    Step 1: Download the EVE-NG OVA File

    • Download the EVE-NG Community OVA or EVE-NG Professional OVA from EVE-NG.net.

    Step 2: Import the OVA in VMware

    1. Open VMware Workstation.
    2. Click File → Open.
    3. Select the EVE-NG OVA file.
    4. Click Import and wait for the process to complete.

    Step 3: Adjust VM Settings

    • Increase CPU Cores (Recommended: 4 or more).
    • Increase RAM (Recommended: 8GB or more).
    • Set Network Adapter to Bridged (for external access).
    • Enable Nested Virtualization:
      • Go to Processors → Enable “Virtualize Intel VT-x/EPT or AMD-V/RVI”.

    Step 4: Start the VM & Configure EVE-NG

    1. Power on the VM.
    2. Login using default credentials:
      • Username: root
      • Password: eve
    3. Change the root password when prompted.
    4. Configure network settings using the CLI or DHCP.
    5. Access the web GUI via **http://<EVE-NG-IP>/`.

    Method 2: Install EVE-NG from ISO (Manual Installation)

    Step 1: Create a New VM

    1. Open VMware Workstation and click Create a New Virtual Machine.
    2. Select “Custom (Advanced)” and click Next.
    3. Choose “I will install the operating system later” and click Next.
    4. Select Linux → Ubuntu 64-bit.
    5. Name the VM (e.g., EVE-NG) and choose the storage location.

    Step 2: Configure VM Settings

    • CPU: At least 4 cores (More recommended).
    • RAM: At least 8GB (More recommended).
    • Hard Disk: 100GB or more.
    • Network Adapter: Set to Bridged or NAT.
    • Enable Virtualization: Go to Processors and enable VT-x/EPT.

    Step 3: Mount & Install EVE-NG

    1. Attach the EVE-NG ISO:
      • Go to CD/DVD (IDE) settings.
      • Select “Use ISO Image File” and browse for the EVE-NG ISO.
    2. Power on the VM.
    3. Follow the installation wizard:
      • Choose Install EVE-NG.
      • Select disk and proceed with the installation.
      • Set up a root password.
      • Configure network settings.
    4. After installation, reboot the VM.

    Step 4: Access EVE-NG

    • Login via CLI using:makefileCopyEditUsername: root Password: (your password)
    • Find the IP address of the VM (ifconfig or ip a).
    • Open a web browser and go to http://<EVE-NG-IP>/.

    Post-Installation Steps

    1. Enable SSH & Web GUI Access

    • Ensure EVE-NG is reachable from your network.
    • Use a browser to access the Web GUI at http://<EVE-NG-IP>/.

    2. Upload & Install Network Images

    • Upload images (Cisco, Juniper, Fortinet, etc.) to /opt/unetlab/addons/qemu/.
    • Fix permissions using:bashCopyEdit/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

    3. Connect to the Lab

    • Use SecureCRT, Putty, or the built-in console to connect to network devices.

    Troubleshooting

    1. Web GUI Not Accessible?
      • Check network settings and ensure Bridged Adapter is selected.
      • Try systemctl restart networking inside EVE-NG.
    2. VM Won’t Boot?
      • Enable VT-x/EPT in BIOS.
      • Ensure Nested Virtualization is enabled in VMware.
    3. Slow Performance?
      • Allocate more CPU cores and RAM.
      • Ensure SSD storage is used.

  • MAC address learning process

    A switch learns MAC addresses using a process called MAC address learning or learning and forwarding. Here’s how it works:

    1. Receives a Frame: When a switch receives an Ethernet frame on a port, it examines the frame’s source MAC address.
    2. Updates the MAC Table (CAM Table):
      • The switch stores the source MAC address and the port number in its MAC address table (also called the Content Addressable Memory (CAM) table).
      • This way, the switch knows which device is connected to which port.
    3. Forwards the Frame:
      • If the destination MAC address is already in the MAC table, the switch forwards the frame only to the corresponding port.
      • If the destination MAC address is not in the table, the switch floods the frame to all ports except the one it was received from. This is called unknown unicast flooding.
    4. Refreshes Entries:
      • MAC address entries have a timeout (typically 5 minutes by default).
      • If a device doesn’t send traffic for a while, its MAC entry is removed from the table to free up space.

    Example Scenario:

    • A device with MAC AA:BB:CC:DD:EE:01 sends a frame through Port 1.
    • The switch records AA:BB:CC:DD:EE:01 → Port 1 in its MAC table.
    • If the destination MAC is unknown, the switch floods the frame.
    • When the destination device responds, the switch learns its MAC and updates the table.

    This process helps switches efficiently forward traffic and reduce unnecessary network congestion.

  • Cisco SD-WAN Templates

    Cisco SD-WAN uses device and feature templates to manage configurations efficiently across multiple devices. Here’s a breakdown of how these templates work:

    • Device Templates: These are specific to a device model, such as vEdge routers, and are used to configure the complete operational setup of a device. A device template consists of one or more feature templates. Device templates can be customized for different locations or roles within a network.
    • Feature Templates: These templates define configurations for specific software features on Cisco SD-WAN devices. They can be applied across multiple device types and are used to configure parameters like system settings, interfaces, routing protocols, and security settings. Feature templates can be mandatory or optional, and some have default configurations that can be overridden.
    • Parameter Scope: Parameters in feature templates can have different scopes:
      • Device Specific: Values are unique to each device and are entered when attaching a device template to a specific device. Examples include system IP address, hostname, and GPS location.
      • Global: Values apply to all devices using the template, such as DNS server settings or interface MTUs.
    • CSV Files: Device-specific settings can be managed using CSV files. Each row in the CSV file corresponds to a device, with columns for parameters like device ID, IP address, and hostname. These files are uploaded when attaching a device template to a device.
    • Template Creation: Templates can be created from feature templates or via the CLI. Mandatory feature templates and some optional ones have default configurations. Custom templates can be created to tailor configurations to specific needs.
    • Configuration Management: Templates help in managing configurations across multiple devices, reducing human error and scaling issues. They support features like zero-touch provisioning (ZTP) and automatic rollback, ensuring efficient and error-free deployment.

    These templates streamline the configuration process, making it easier to manage and scale Cisco SD-WAN networks.

  • What is the Dark Web?

    The dark web is a part of the internet that is not indexed by search engines and requires specific software to access. It is designed to provide anonymity and privacy to its users, allowing them to communicate and conduct business without revealing their identifying information.

    Key Features of the Dark Web:

    • Not indexed by search engines
    • Requires specific software to access (e.g. Tor browser)
    • Provides anonymity and privacy to users
    • Often associated with illegal activities and selling stolen personal information

    How to Access the Dark Web:

    1. Install Tor Browser: Download and install the Tor browser from the official website.
    2. Use Special Search Engines: The dark web uses special search engines designed to help you find hidden sites.
    3. Navigate .onion Domains: Websites on the dark web end with the “.onion” domain extension.
    4. Stay Safe: Be cautious when accessing the dark web as it can be a dangerous place. Use security measures like antivirus software and avoid downloading files from untrusted sources.

  • Configuring Pi-hole for Ad Blocking

    To configure Pi-hole to block ads, follow these steps:

    1. Set Up Raspberry Pi: First, configure a Raspberry Pi running Raspberry Pi OS. You can use any Raspberry Pi model, but the Zero 2 W is recommended for its low power consumption. Install Raspberry Pi OS Lite (32-bit) to run headlessly (without a mouse and keyboard).
    2. Install Pi-hole: Once your Raspberry Pi is set up, install Pi-hole software on it. You can use a one-line script installer provided by Pi-hole to set up the software easily.
    3. Assign Static IP Address: Ensure your Raspberry Pi has a static IP address that does not change when it restarts or reconnects to the network. This can be done through your router’s settings by specifying the MAC address of the Raspberry Pi and assigning it a static IP.
    4. Configure Router DNS Settings: Log into your router’s admin interface and change the DNS settings to use the static IP address of your Raspberry Pi. This can usually be found under sections like “Internet,” “DHCP,” “Internet Connection,” or “DDNS.” Enter your Pi-hole’s IP address in the DNS field. If your router provides multiple custom DNS fields, add your Pi-hole address in each field.
    5. Direct DNS Queries to Pi-hole: After configuring your router, all devices connected to your network will send DNS queries to your Pi-hole instead of to a DNS server on the internet. Pi-hole will block requests to ad domains before they leave your network.
    6. Access Pi-hole Dashboard: Visit the Pi-hole dashboard using the admin URL (usually http://pi.hole/admin) to manage your Pi-hole settings. You can block or unblock specific domain names and configure other features from here.

    By following these steps, you can effectively block ads across your entire network, including devices that don’t support browser extensions, such as smart TVs and game consoles.

  • What is SD-WAN ?

    SD-WAN, or Software-Defined Wide Area Network, is a virtual WAN architecture that uses software-defined networking (SDN) principles to manage and optimize the performance of wide area networks. It allows organizations to securely connect users, applications, and data across multiple locations, providing improved performance, reliability, and scalability. SD-WAN simplifies network management by providing centralized control and visibility over the entire network, enabling businesses to use lower-cost Internet access to build higher-performance WANs, often replacing more expensive private WAN connection technologies like MPLS.

    SD-WAN vs MPLS

    The main difference between SD-WAN and MPLS is that SD-WAN is a virtualized network overlay that can combine multiple types of connections, whereas MPLS is a dedicated, hardware-based private network. SD-WAN creates encrypted tunnels over the internet, while MPLS doesn’t directly support encryption but is partitioned from the internet.

    • SD-WAN: A software-defined wide area network that uses virtualization and overlay tunnels to connect users to workloads across multiple transport services and types of existing infrastructure, offering improved bandwidth availability, WAN redundancy, and cost-effectiveness.
    • MPLS: A multiprotocol label switching protocol that improves performance and efficiency of data transmission in a wide area network, operating between Layer 2 and Layer 3 of the OSI model, but with higher per-megabit costs and limited flexibility.

    SD-WAN is generally considered more cost-effective, flexible, and secure than MPLS, with the ability to cost-effectively mix and match network links according to content type or priority. However, MPLS is still in demand, particularly for organizations with specific connectivity and security requirements, due to its lower packet loss and dedicated leased lines. Ultimately, the choice between SD-WAN and MPLS depends on the organization’s specific needs and priorities.

    SD-WAN implementation

    Implementing SD-WAN involves several best practices to ensure a successful and efficient transition. Here are key steps and considerations:

    1. Assess Your Network: Evaluate your current network infrastructure to identify strengths, weaknesses, and areas that require improvement. This includes understanding your network traffic patterns, application requirements, and performance goals. Assess compatibility issues with legacy systems and ensure your SD-WAN solution aligns with your business objectives.
    2. Define Objectives and Strategy: Clearly define what you want to achieve with SD-WAN, such as cost savings, improved performance, or enhanced security. Align stakeholders and decision-makers on the strategic goals of the SD-WAN implementation.
    3. Choose Deployment Model: Decide whether to deploy SD-WAN in-house, use a managed service provider (MSP), or a hybrid approach. Consider factors like in-house expertise, management and monitoring needs, and budget constraints.
    4. Select the Right Vendor: Choose a vendor that offers robust SD-WAN solutions, including advanced security features, flexible deployment options, and strong customer support. Ensure the vendor can meet industry, country, or region-specific regulations.
    5. Plan for Scalability and Flexibility: Design your SD-WAN solution to handle future growth and changing business demands. This includes considering the number of locations, size, and complexity of your network. Use modular methodologies and configuration templates to streamline deployment and management.
    6. Implement Security Measures: Secure SD-WAN solutions should include advanced security features like Zero Trust Network Access (ZTNA), Intrusion Prevention System (IPS), and application-aware firewall capabilities. Ensure the SD-WAN solution can dynamically scale and adapt to different cloud environments.
    7. Monitor and Troubleshoot: Implement robust monitoring tools to proactively identify and resolve performance issues. Regularly review performance metrics and network logs to ensure optimal performance and address any potential bottlenecks or security threats.
    8. Ongoing Maintenance: After deployment, continue to maintain the SD-WAN network to ensure it operates efficiently. This includes regular updates, monitoring, and troubleshooting.

    FortiGate SD-WAN Configuration Steps

    To configure SD-WAN on a FortiGate device, follow these step-by-step instructions:

    1. Enable SD-WAN Feature: Navigate to System > Feature visibility and ensure the SD-WAN option is selected.
    2. Remove WAN Interfaces from Policies: Go to Policy & Objects > Firewall Policy and remove WAN interfaces from any existing policies to avoid losing internet connection.
    3. Create SD-WAN Interface: Navigate to Network > SD-WAN and create a new SD-WAN interface. Click “Create New SD-WAN Member” on all ports used in SD-WAN.
    4. Configure SD-WAN Members: For each WAN interface, assign the correct network gateway address. For example, set the wan1 interface Addressing mode to DHCP and Distance to 10, and set the wan2 interface IP/Netmask to 10.100.20.1 255.255.255.0.
    5. Enable SD-WAN: In the SD-WAN Interface Members table, click “Create New,” select the interface, and set the appropriate gateway and cost. Set the status to Enable and click OK.
    6. Configure SD-WAN Rules: Define SD-WAN rules to steer traffic based on business applications. These rules are matched in order, and the first match applies to the traffic.
    7. Install Device Settings: Use FortiManager to install device settings, including creating interfaces, building VPN tunnels, and setting up BGP adjacencies. Preview the changes before installation to ensure accuracy.
    8. Map Interfaces: Map your interfaces to Normalized Interfaces so that Policy Packages will install correctly.
    9. Install Policy Packages: Go to Policy & Objects and click Install on the top blue bar. Preview the install before proceeding to ensure all settings are correct.
    Photo by Vladimir Srajber on Pexels.com

  • Python script to check the Cisco IOS version and perform upgrades or downgrades as needed

    This script will utilize the Netmiko library for SSH connections and the NAPALM library for device configuration management.

    Script Requirements

    1. Python 3.x
    2. Netmiko library (install using pip install netmiko)
    3. NAPALM library (install using pip install napalm)
    4. Cisco IOS device(s) with SSH enabled
    5. A configuration file (e.g., config.yaml) defining the recommended IOS versions for each device model
    6. A directory containing the IOS image files (e.g., images/) matching the device models and recommended versions

    Script Structure

    The script will consist of the following components:

    1. Device Connection: Establish an SSH connection to the Cisco device using Netmiko.
    2. IOS Version Check: Retrieve the current IOS version from the device using NAPALM.
    3. Configuration Check: Compare the current IOS version with the recommended version defined in the configuration file.
    4. Upgrade/Downgrade: Perform the necessary upgrade or downgrade using NAPALM, if the current version does not match the recommended version.
    5. Image Transfer: Transfer the required IOS image file from the images/ directory to the device using SCP (or other transfer method).

    Script Code

    Here’s a sample script to get you started:

    import os
import yaml
from netmiko import SSHNetmiko
from napalm.base import get_network_driver

# Configuration file path
config_file = 'config.yaml'

# Device model to IOS image mapping
device_models = {
    'WS-C3560X-48P': 'c3560e-universalk9-mz.122-55.SE8.bin'
}

# Recommended IOS versions for each device model
recommended_versions = {
    'WS-C3560X-48P': '15.2(4)E8'
}

def get_current_ios_version(device):
    # Establish SSH connection using Netmiko
    ssh = SSHNetmiko(device['ip'], username='your_username', password='your_password')
    # Retrieve current IOS version using NAPALM
    ios_version = ssh.get_facts()['ios_version']
    return ios_version

def check_ios_version(current_version, recommended_version):
    if current_version != recommended_version:
        return True  # Version mismatch, upgrade/downgrade required
    return False  # Version matches, no action needed

def upgrade_or_downgrade(device, current_version, recommended_version):
    # Determine upgrade/downgrade direction
    if current_version < recommended_version:
        direction = 'upgrade'
    elif current_version > recommended_version:
        direction = 'downgrade'
    else:
        return  # No action needed

    # Transfer required IOS image file using SCP
    image_file = os.path.join('images/', device_models[device['model']])
    ssh.scp.put(image_file, '/tmp/')

    # Perform upgrade/downgrade using NAPALM
    if direction == 'upgrade':
        ssh.load_replace_candidate(filename='/tmp/' + image_file)
        ssh.commit_config()
    elif direction == 'downgrade':
        ssh.load_replace_candidate(filename='/tmp/' + image_file, replace='exact')
        ssh.commit_config()

    # Reload the device to apply changes
    ssh.send_command('reload')

def main():
    with open(config_file, 'r') as f:
        config_data = yaml.safe_load(f)

    for device in config_data['devices']:
        current_version = get_current_ios_version(device)
        recommended_version = recommended_versions[device['model']]
        if check_ios_version(current_version, recommended_version):
            upgrade_or_downgrade(device, current_version, recommended_version)

if __name__ == '__main__':
    main()

    Note

    1. Replace your_username and your_password with your actual SSH credentials.
    2. Update the device_models dictionary to match your specific device models and corresponding IOS image files.
    3. Modify the recommended_versions dictionary to reflect the desired IOS versions for each device model.
    4. Ensure the images/ directory contains the required IOS image files.
    5. This script is a starting point and may require additional error handling, logging, and testing to ensure its reliability.

    Remember to test the script in a lab environment before deploying it to production :)

  • Ways to avoid social engineering attacks

    Assess Requests Realistically: Take the time to assess if a request is realistic and legitimate. Be cautious of requests that seem too good (or bad) to be true.

    Stay Informed: Familiarize yourself with common types of social engineering attacks and how attackers behave. This will help you identify attempts that get past your initial defenses, such as spam filters.

    Secure Devices: Ensure your Anti-Malware and Anti-Virus software is up-to-date to defend your computer against malware from phishing attacks. Patch your security regularly, including software and firmware updates.

    Verify Email Requests: If an email request seems suspicious, verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

    Use Complex Passwords: Train employees to use complex passwords and avoid logging into third-party websites with corporate email addresses to avoid malicious or fraudulent websites.

    Regular Staff Training: Provide regular staff training, including social engineering awareness training, to educate employees on social engineering attack techniques and ensure they follow security best practices.

    Simulation: Conduct simulation exercises to test employees’ ability to recognize and respond to social engineering attempts. This can help identify areas for improvement and enhance overall security.

    Email Gateways: Implement email gateways to flag socially engineered emails as spam in employees’ inboxes. This can prevent up to 99.9% of spam and reduce the risk of social engineering attacks.

    Multifactor Authentication: Enforce multifactor authentication (MFA) to add an extra layer of security and make it more difficult for attackers to gain access to systems.

    Social Media Awareness: Be cautious of social media platforms, as cybercriminals often collect intelligence on victims via these platforms. Limit personal and professional information shared on social media.

    Phishing Detection: Teach employees to identify phishing attempts by looking for red flags such as:

    Spoofed email addresses
    Hyperlinks that don’t match the expected URL
    Urgent or threatening language
    Requests for sensitive information


    Vishing and Smishing Prevention: Be aware of vishing (voice phishing) and smishing (SMS phishing) attacks, and teach employees to verify requests and be cautious of suspicious calls and texts.

    Continuous Monitoring: Continuously monitor your organization’s defenses and employee awareness to stay ahead of evolving social engineering tactics.

    Remember, social engineering attacks rely on human interaction, so educating and training employees is crucial in preventing these types of attacks.

    Photo by Pixabay on Pexels.com

  • What is Identity Theft

    Engage in online harassment or bullying.

    Steal sensitive information, such as login credentials or financial data.

    Scams:
    Fake profiles may be used to promote phishing schemes, investment scams, or other fraudulent activities.
    Common Tactics

    Profile Cloning:
    Criminals create exact replicas of a victim’s profile, often using stolen photos and biographical information.

    Social Engineering:
    Scammers use psychological manipulation to trick victims into revealing sensitive information or performing certain actions.

    Malware and Ransomware:
    Fake profiles may distribute malware or ransomware, compromising victims’ devices and data.
    Consequences

    Financial Loss:
    Identity theft on social media can result in financial losses due to fraudulent transactions, stolen identities, or compromised accounts.

    Emotional Distress: Victims may experience emotional trauma, anxiety, and stress from being impersonated or harassed online.

    Reputation Damage: Fake profiles can tarnish a person’s online reputation, causing harm to their personal and professional relationships.

    Protection Measures

    Verify Profiles: Be cautious when accepting friend requests or connections from unknown individuals.
    Use Strong Passwords: Implement robust password practices and keep them confidential.
    Limit Personal Information: Avoid sharing sensitive data, such as full names, dates of birth, and addresses.
    Monitor Accounts: Regularly check your social media profiles for suspicious activity and report any fraudulent accounts.
    Enable Two-Factor Authentication: Use 2FA to add an extra layer of security to your accounts.
    Reporting and Recovery
    Report Suspicious Activity:
    Inform the social media platform’s support team about any fraudulent profiles or suspicious behavior.
    Contact Authorities:
    Report identity theft to local law enforcement and file a complaint with the Cyber Cell.
    Seek Professional Help:
    Consider consulting with an identity theft resource center or a cybersecurity expert for guidance on recovery and prevention.

    Photo by Pixabay on Pexels.com

  • Introduction to Useful Wireshark Filters

    Photo by Valdemaras D. on Pexels.com

    Wireshark is a powerful network protocol analyzer that helps users capture and analyze network traffic. To make the most out of Wireshark, using the right filters is essential. Filters help narrow down the traffic to specific protocols, IP addresses, or ports, making it easier to analyze and troubleshoot network issues.

    Filter by IP Address: ip.src == x.x.x.x or ip.dst == x.x.x.x to filter by source or destination IP address.

    Filter by Port: tcp.port == 80 or udp.port == 53 to filter by specific TCP or UDP ports.

    Filter by Protocol: http or dns to filter by specific protocols like HTTP or DNS.

    Filter by TCP Flags: tcp.flags == 0x02 to filter by specific TCP flags, such as SYN or ACK.

    Filter by Packet Length: frame.len > 100 or frame.len < 100 to filter by packet length.

    Filter by Conversation: ip.src == x.x.x.x and ip.dst == y.y.y.y to filter by conversations between two specific IP addresses.

    Filter by HTTP Requests: http.request.method == GET or http.request.method == POST to filter by specific HTTP request methods.

    Filter by DNS Requests: dns.qry.type == A or dns.qry.type == AAAA to filter by specific DNS query types.

    Filter by TCP Resets: tcp.flags.reset == 1 to filter by TCP reset packets.

    Filter by Sequence Number: tcp.seq == 12345 to filter by specific TCP sequence numbers.