Capture all VPN traffic?

Similar Messages

• Packet Capture for VPN traffic

  Hi Team,
  Please help me to set ACL and capture for Remote Access VPN traffic.
  Requirement is to see how much traffic is flowing from that Source IP.
  Source : Remote Access VPN IP(Tunneled) 10.10.10.10
  Destination : any
  This is what I did which is not working
  access-list VPN extended permit tcp host 10.10.10.10 any
  capture CAP_VPN type raw-data access-list VPN interface OUTSIDE

  Hello,
  If you set up the capture with that access list, you are filtering just TCP traffic, therefore you won't be able to see UDP or ICMP traffic too, I would recommend you using the same ACL, though using IP:
  access-list VPN extended permit ip host 10.10.10.10 any 
  Capture CAP_VPN access-list VPN interface outside 
  Then with:
  show capture CAP_VPN
  You will be able to see the packet capture on the ASA, though you can export the capture to a packet sniffer as follow:
    https://<ip address of asa>/capture/<capname>/pcap   capname-->CAP
  For further details of captures you can find it on this link
  Let me know if you could get the information you were trying to reach.
  Please don´t forget to rate and mark as correct the helpful Post!
  David Castro,
  Regards,

• How can I capture all CAN traffic in VS2009?

  I am debugging CAN communications in VS2009 having the XNET add-on. Frames send fine. Incoming frames look fine monitored externally, but I get value 0 for all channels from incoming frames,
  To troubleshoot the issue I would like to see all frames on the bus as VS sees them. I thought that there was an add-on for VS2009 that added this functionality, but it seems to have disappeared now that the functionality has been rolled into VS2010. Could someone please make the add-on available to me? ...or correct my erroneous memory and offer a suggestion on troubleshooting my issue. - thanks

  As of my knowledge, the XNET add-on custom device for NIVeriStand 09 neither has the capability of raw frame data logging nor to stream data to the bus monitor.
  If you are talking about a generic way to log data, check out the embedded data logging add-on:
  http://zone.ni.com/devzone/cda/epd/p/id/6240
  If you need raw frame data logging I suggest to modify the source of the XNET custom device. The custom device is open source and fairly simple to modify.
  Thanks,
  Tom
  http://www.newgistics.com

• Server 2003 routing and remote access not passing VPN traffic

  I've inherited a network that has two IP scopes that are routed through a Windows 2003 server with Routing and Remote Access.  I can ping both sides (we'll call them HQ and Plant) internally.  My firewall has an IP from the HQ IP scope and when
  I connect via VPN, I can see all the devices on the HQ network including the network card that is in the routing server for that "side".  However, if I'm connected via VPN, I cannot get to any of the IPs on the Plant side, not even the card
  in the routing server.  The buck stops on the server.
  I should mention, that the firewall assigns IP addresses that are on the HQ scope, so all VPN connections will have an address from that side.
  I'm lost on how to get this set up so my VPN traffic coming in from the HQ side can be routed to the Plant devices. 

  Hi,
  To be honest, your statement confused me a bit.
  VPN is used for external client get access to internal resource. When we setup VPN server, we usually have two NICs. We need choose a NIC that will be used when client initiate
  a connection request. I prefer to call it external NIC card. The internal one will work as DHCP relay agent. So this is a single way connection. You cannot dial from internal to external.
  If I misunderstood you, please elaborate what you are trying to do.
  Hope this helps.

• ASA5520 v7.2 - How disable VPN traffic?

  Hi to all,
  I have an ASA5520 with v7.2. I have read in the command reference that, by default, the security appliance allows VPN traffic to terminate on a security appliance interface. And here is my question:
  How can I disable that to filter the VPN traffic with my own access-list?
  Regards, Fernando.

  Hi Shadi,
  Thanks for your answer but it is not correct. If you go to "Usage Guidelines" of "sysopt connection permit-vpn" you can read:
  "You can require an interface access list to apply to the local IP addresses by entering the no sysopt connection permit-vpn command. See the the access-list and access-group commands to create an access list and apply it to an interface. IMPORTANT!!! --> The access list applies to the local IP address, and not to the original client IP address used before the VPN packet was decrypted."
  So that if I disabled "sysopt connection permit-vpn" I will be able to filter the local IP assigned by the vpn_pool but not the real public IP of the client.
  Regards, Fernando.

• RV110W Blocks all inbound traffic

  I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly. Anybody seen this before?

  Hi David,
  Please call the Small Business Support Center and speak with an engineer. The phone numbers for the support center is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport

• How to prevent non VPN traffic?

  I have a VPN connection that is configured as tun0. My intention is to ensure that all my traffic goes through that VPN connection. What I have found is that occassionally, that VPN connection will drop down and traffic will begin routing through eth0 without me knowing and as I have a data cap on my connection this is bad
  Could someone point me to how I might best be able to ensure that I have no traffic running across eyh0, other than of course the ability to create the connection to vpn/tun0?
  Any help would be greatly appreciated.  Thanks.

  Yes read the wiki.  The problem was always that the iptables refused to recognize the --dport option for some reason.  I finally managed to get this working with the following rules.
  iptbales -A OUTPUT -o tun0 -j ACCEPT
  iptables -A OUTPUT -d XXX.XXX.XXX -j ACCEPT
  iptbales -A OUTPUT -j DROP
  Where XXX.XXX.XXX is my vpn providers ip adress.  It seems to be working at the moment.

• How do I direct all internet traffic I on my firefox portable browser I use at school, through to my computer at home, so I can use my modem as a proxy?

  My school has a web filter that prevents me from accessing any website I want to at school, and I want to get past it.
  I know, from experience, that I can use a program called Ultrasurf to get around this, though it requires me to use IE, and is inconvenient.
  I want to know if it's possible to configure the proxy settings on Firefox (and some on my modem/router, and/or computer at home), in order to direct all my traffic through my router at home, similarly to how one would use a proxy.
  If so, how is this possible?
  (I'm relatively experienced with computers, but have very little programming, and other complex knowledge of the workings of these things)
  At home, my computer is running 64 bit Windows 7, has 4 GB of RAM, a 2.1GHz Intel Core 2 Duo processor, and can be turned on and online 24/7, such that if necessary, it can direct traffic sent to it.
  My router/modem at home is (I believe) a Westell 327W, I can get more information by looking at it later if necessary.
  At school, as of last year (and probably the same this year), the computers run Windows XP, and I am able to run programs installed on a flash drive on them, though cannot actually install programs on the computers themselves.
  I'll be using whatever the latest (not beta) version of Firefox Portable exists when I return to school in a week.

  My school has a web filter that prevents me from accessing any website I want to at school, and I want to get past it.
  I know, from experience, that I can use a program called Ultrasurf to get around this, though it requires me to use IE, and is inconvenient.
  I want to know if it's possible to configure the proxy settings on Firefox (and some on my modem/router, and/or computer at home), in order to direct all my traffic through my router at home, similarly to how one would use a proxy.
  If so, how is this possible?
  (I'm relatively experienced with computers, but have very little programming, and other complex knowledge of the workings of these things)
  At home, my computer is running 64 bit Windows 7, has 4 GB of RAM, a 2.1GHz Intel Core 2 Duo processor, and can be turned on and online 24/7, such that if necessary, it can direct traffic sent to it.
  My router/modem at home is (I believe) a Westell 327W, I can get more information by looking at it later if necessary.
  At school, as of last year (and probably the same this year), the computers run Windows XP, and I am able to run programs installed on a flash drive on them, though cannot actually install programs on the computers themselves.
  I'll be using whatever the latest (not beta) version of Firefox Portable exists when I return to school in a week.

• Capture all SQL statements and archive to file in real time

  Want to Capture all SQL statements and archive to file in real time?
  Oracle Session Manager is the tool just you need.
  Get it at http://www.wangz.net
  This tools monitor how connected sessions use database instance resources in real time. You can obtain an overview of session activity sorted by a statistic of your choosing. For any given session, you can then drill down for more detail. You can further customize the information you display by specifying manual or automatic data refresh, the rate of automatic refresh.
  In addition to these useful monitoring capabilities, OSM allows you to send LAN pop-up message to users of Oracle sessions.
  Features:
  --Capture all SQL statement text and archive to files in real time
  --Pinpoints problematic database sessions and displays detailed performance and resource consumption data.
  --Dynamically list sessions holding locks and other sessions who are waiting for.
  --Support to kill several selected sessions
  --Send LAN pop-up message to users of Oracle sessions
  --Gives hit/miss ratio for library cache,dictionary cache and buffer cache periodically,helps to tune memory
  --Export necessary data into file
  --Modify the dynamic system parameters on the fly
  --Syntax highlight for SQL statements
  --An overview of your current connected instance informaiton,such as Version, SGA,License,etc
  --Find out object according to File Id and Block Id
  Gudu Software
  http://www.wangz.net

  AnkitV wrote:
  Hi All
  I have 3 statements and I am writing some thing to a file using UTL_FILE.PUT_LINE after each statement is over. Each statement takes mentioned time to complete.
  I am opening file in append mode.
  statement1 (takes 2 mins)
  UTL_FILE.PUT_LINE
  statement2 (takes 5 mins)
  UTL_FILE.PUT_LINE
  statement3 (takes 10 mins)
  UTL_FILE.PUT_LINE
  I noticed that I am able to see contents written by UTL_FILE.PUT_LINE only after statement3 is over, not IMMEDIATELY after statement1 and statement2 are done ?
  Can anybody tell me if this is correct behavior or am I missing something here ?Calling procedure must terminate before data is actually written to the file.
  It is expected & correct behavior.

• How to configure DNS server to redirect all web traffic to one external website?

  I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
  (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

  Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
  If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
  A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

• How to capture all queries in a log file

  I need a way to capture all queries fired by all my 200+ DAO java objects easily
  in a log file easy debugging purpose.
  Any thoughts?

  I don't know, I always suppress the html output since the
  html it generates isn't W3C-valid in any context I'm designing. I
  use swfobject for my flash files -- thanks for the idea, though!
  Does it enumerate all URLs that are embedded in a flash file's
  actionscript? That seems like it can get rather data-heavy?

• Multiple (but not all) VPN clients failing in Windows 8 and 8.1

  Big question for VPN gurus, with a long story.  I got a new machine with Windows 8 in late December 2012.  I work remotely
  for a bunch of different customers, so 100% of my work is done via VPNs.  My customers use a wide variety of VPN types.  These were all working fine up through early December 2013.  Suddenly a bunch of them stopped working.  I tried a ton
  of stuff:
  - Uninstalling all VPN clients and reinstalling them one at a time
  - Reinstalling / updating network drivers
  - Turning off and uninstalling antivirus and firewall software
  - Verified problem was on my machine, not local network, both by testing other machines on local network and by testing this machine on other networks
  The following VPN clients would not work:
  Cisco VPN Client
  FortiSSL
  Microsoft built-in
  The following VPN clients had no problems:
  Cisco AnyConnect
  ShrewSoft
  Juniper web-based SSL VPN
  Check Point web-based SSL VPN
  As you can imagine, having to use a second (Windows XP) machine to connect to half my customers was a source of some serious headaches.  After 3 weeks of beating my head against this, I finally upgraded my OS to Windows 8.1.  The hail mary worked;
  my VPN problems went away!
  Two weeks later, the exact same symptoms resurfaced.  I've gone back through a bunch of the steps that didn't help the first time around, with the same results.  I expect a system refresh would probably do the trick, probably temporarily like the
  OS upgrade, but I can't afford to spend a week reinstalling dozens of critical applications only to have the problem resurface after another couple of weeks.
  At this point, the closest thing I have to a clue is that in both cases the problems started soon after installing an update to the Cisco AnyConnect client.  After uninstalling the client, the problems do not go away.
  Exactly what do I mean when I say the VPN clients don't work?  That varies from one client to the next:
  Microsoft built-in: Error 720
  FortiSSL: variable - sometimes won't finish connecting, sometimes connects for about a second
  Cisco: variable - sometimes won't finish connecting, sometimes "connects" but I can't access anything
  Has anybody seen this sort of behavior before?  Any suggestions for fixes I may not have tried yet?  Thanks in advance.

  Hi.
  I have been similar issues with VPN clients. In my case cause of this problems seems to be "Deterministic Network Enhancer". So turning this component on and off usually helps.
  Actually I writed one script to fix this probleem for my clients.
  <#
  .Synopsis
     This script is ment for a fixing of network problems which may occur when you use Windows 8/8.1 with Client Hyper-V
  .DESCRIPTION
     This script will disable and then enable again Deterministic Network Enhancer (dni_dne) component from network connections.
     Parameter RegisterScheduledTask will register this script as a scheduled task which will be triggered at every  time when computer starts.
  .EXAMPLE
     Fix-Network.ps1
  .EXAMPLE
     Fix-Network.ps1 -RegisterScheduledTask
  #>
  param
      [switch]$RegisterScheduledTask
  function Test-IsRunAsAdministrator
     $currentUser = New-Object Security.Principal.WindowsPrincipal( [Security.Principal.WindowsIdentity]::GetCurrent())
     $currentUser.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator)
  function Get-RunAsAdministrator
      if(!(Test-IsRunAsAdministrator))
          [string[]]$argumentList = @('-NoProfile' , '-File', $MyInvocation.ScriptName)
          if($RegisterScheduledTask)
              $argumentList += '-RegisterScheduledTask'
          Start-Process PowerShell.exe -Verb Runas -WorkingDirectory $PWD.Path -ArgumentList $argumentList
          break
  Get-RunAsAdministrator
  if($RegisterScheduledTask)
      $actionArgument = '-ExecutionPolicy Bypass -File  "' + $PSCommandPath + '"'
      $action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument $actionArgument
      $trigger  = New-ScheduledTaskTrigger -AtStartup
      $principal = New-ScheduledTaskPrincipal "SYSTEM" -LogonType ServiceAccount -RunLevel Highest
      Register-ScheduledTask -TaskName Fix-Network -Trigger $trigger -Action $action -description "Fix network for Windows 6.X with Hyper-V" -Principal $principal
  else
      $bindings = Get-NetAdapterBinding | Where-Object { ($_.ComponentID -eq "dni_dne") -and ($_.Enabled)}
      $bindings | Set-NetAdapterBinding -Enabled $false
      $bindings | Set-NetAdapterBinding -Enabled $true
      $date = Get-Date
      "Done:  $date" > $PSScriptRoot\Fix-Network.log
  Hope that this will help.
  Br,
  Heiki

• I need to back up my imac running Tiger (no time machine) so that we can upgrade OS. It is set up for multiple accounts.  How do I capture all files in each account using newly purchased USB external hard drive?

  I need to back up my imac running Tiger (no time machine) so that we can upgrade OS. It is set up for multiple accounts.  How do I capture all files in each account using newly purchased USB external hard drive?  Thanks!

  Backup Software Recommendations
  Carbon Copy Cloner
  Data Backup
  Deja Vu
  SuperDuper!
  Synk Pro
  Tri-Backup
  Others may be found at VersionTracker or MacUpdate.
  Visit The XLab FAQs and read the FAQ on backup and restore.  Also read How to Back Up and Restore Your Files.
  Or you can simply use the Restore option of Disk Utility to clone the drive to the backup:
  Clone using Restore Option of Disk Utility
  Open Disk Utility from the Utilities folder.
  Select the destination volume from the left side list.
  Click on the Restore tab in the DU main window.
  Check the box labeled Erase destination.
  Select the destination volume from the left side list and drag it to the Destination entry field.
  Select the source volume from the left side list and drag it to the Source entry field.
  Double-check you got it right, then click on the Restore button.
  Destination means the external backup drive. Source means the internal startup drive.

• Iphoto-I inadvertantly created a smart album.  It has captured all recent photos in it I want to delete it but need to know if this will delete the same photos in their albums?

  iphoto- I accidently created a smart album which is capturing all current new photos.  I put them in their  own album but I can't delete them in the smart album.  Can I delete the smart album without losing the photos in the other albums? larrybksfld

  Yes you can delete the Smaert Album. It will not delete the photos.
  Regards
  TD

• To capture all the objects from an tablespace and restore.

  Hi All,
  I have a situation in the  Schema  refresh process where i may have  to delete a tablespace  and its datafiles.
  Then I have to recreate it as it was before and restore all it objects .
  Is there any way that i can capture all the objects of that tablespace before it is deleted  and then later restore it back as it was .
  Any Expert sugggestion is highly apprciated .
  The Platform is as below ..
  Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
  PL/SQL Release 11.2.0.2.0 - Production
  CORE    11.2.0.2.0      Production
  TNS for Linux: Version 11.2.0.2.0 - Production
  NLSRTL Version 11.2.0.2.0 - Production
  Thanks In Advance .

  There are 2 methods you could use with Data Pump.
  1. tablespace mode export.  expdp user/password tablespaces=<your list here> ...
  2. transportable tablespace mode.  expdp user/password transport_tablespaces=<your tablespace list here> ...
    NOTE:  for #2, you need to have your tablespaces in read only mode, then you need to copy the data files, and the
                  tablespaces need to be self contained.
  Hope this helps.
  Dean