Need some advice on learning networking

Re: Need some advice on learning networking

21 CMD Commands All Windows Users Should Know

Re: Need some advice on learning networking

After a little more analyzing SMB using WireShark, I find that you can pretty much pinpoint the problem if it resides in the application layer - 5, 6 and 7.

As an example, I changed the log in password to some random number that I knew was wrong and scanned to folder on my PC.

See the image below. It pinpoints the problem.


wscap.JPG

Re: Need some advice on learning networking

So, what happens in WireShark if you enter a bad folder path?


See image below. It says bad "network name" but if you look at the request directly above that one, it shows a request to access folder "scan21122" The correct path is scan2112. I entered an extra '2' to produce this error.



bad.JPG

Re: Need some advice on learning networking

I'm gonna show everyone how dumb I can be at times. In WireShark I decided to move on from SMB to SMTP.

Here's the scenario:

I have the copier set up on a gmail account (smtp.gmail.com) and it's using port 587 which is the port used for STARTTLS.

Under WireShark I set up my SMTP profile along with all the relevant filters and was ready to capture data.

Guess what happened next?

I fired up WireShark and went over to the copier and sent several emails. I come back to my computer expecting to have captured data. Alas, there was no data. Notta. Zilch. Nothing.

This had me perplexed. Obviously the copier was sending data to the email address because I verified it. But there was no data showing on WireShark.

I came up with a new game plan. This time I would send an email directly from my computer and capture data that way.

What did I capture? Nothing.

Now I'm really scratching my head. Why is no data being captured?

Here is the problem, gmail is a webmail service. One gmail user is sending to another gmail user - but both have just logged into the gmail webpage to read, compose, etc - nothing has been "sent".

I did find out that I can capture SMTP data by going to the command prompt and using TELNET. Believe it or not, but you can actually send an email by using the commad prompt but it's time consuming and I find it of no practical use. Not really.

Re: Need some advice on learning networking

As it turns out, you can troubleshot an email server (or any problem connecting to it.) by using telnet & WireShark.

This is kinda complicated but hang with me for a minute.

Instead of accessing gmail via it's webpage, you use Telnet to directly communicate the the gmail server. You do this thru individual commands using Telnet. Basically it works something like this:

Note: The Telnet commands are on the right of -

1. Connect to the gmail server - telnet smpt.gmail.com 587
2. Communicate with gmail server - helo google
3. Define what protocol you're gonna use - start tls login

From there you have to send a command with your email user name and password. The problem is that gmail won't recognize a username and password. Example: Joe@gmaill.com. Instead it must be encoded in Base 64. That is easily accomplished by going to this website that encodes or decodes in Base 64: Base64 Encode and Decode - Online

Here's my final thought on this:

The greatest value in using WireShark may not be capturing the actual data. The greatest value may be that WireShark has forced me to have a deep understanding of SMB and SMTP and that helps me to better troubleshoot a problem involving either protocol.

Re: Need some advice on learning networking

Here's a trace file for SMTP using WireShark. Basically it shows every step of the process involved in sending a email via the gmail server. It's pretty simple, actually. First you connect to the gmail server. Next you tell the gmail server what protocol you want to use. In this case it is START TLS. from there you give your email address and the gmail server sends back a response. Next you send your password and the gmail server will send a response. Next you send the data and the gmail server will send back a response that verifies that it was sent.

See WireShark trace file below:


smtp trace.JPG

Re: Need some advice on learning networking

That's right Billy. You wouldn't use Wireshark outside of your office much. But would use learned from playing with it on a daily basis.
Congrats.

Re: Need some advice on learning networking


Let me add this, also. While I 100% agree with you that WireShark should be a last resort measure, at least when dealing with a copier, the captured data can be invaluable when dealing with a problem that you otherwise can't fix. The problem is that WireShark is intrusive and I doubt too many businesses will allow a person to run it on their network. I'm very new to this and already I've learned to get email log in's and passwords. And I know you can capture VOIP conversations.

With that being said, sometimes it's the best option when all else fails.

Re: Need some advice on learning networking

I don't know about other manufacturers but with Ricoh much of what you need can be found in the communication log. User Tools - System Settings - Interface - Print Network Settings button. The last page is the log. Check it as soon as posible after a scan to failure.

Re: Need some advice on learning networking

The same info. can be found on on the screen or by looking at the service error log on a Kyocera. But it only gives you so much information.

Have you ever used Telnet to send an email, slim? You're basically sending a command line for every step of the emailing process...from beginning to end. From connecting with the email server, to establishing a STARTTLS agreement and finally to logging in to the email account and sending the data.

This is overkill for most situations but it does precisely pinpoint the problem if you have one.

Re: Need some advice on learning networking

PS - You don't even need WireShark to do this. All of this can be done from Command Prompt. Just use Telnet once you're on command prompt. It's pretty cool to me.

Re: Need some advice on learning networking

No. But I have used the command prompt to send jobs to a printer.

Re: Need some advice on learning networking

You strike me as the kind of fella that is all about learning. I'm the same way. We have much in common there..although you're far ahead of me in this subject.

A lot of folks may wonder why I'm learning any of this. I admit that it's overkill for most situations.

But here's the way I try to approach it. I try to envision the worst possible scenario and then try to come up with a plan to repair it. This way when I run into a not so complicated problem...it becomes child's play. I'm a long ways from being there but I'm working on it.

Re: Need some advice on learning networking

I once used Wireshark at a Rightfax installation.

The customer couldn’t send to only a few destinations, all the others were OK.

Using an external service to send through (similar to e-Fax) worked well, and all the other locations were working, it basically eliminated phone line issues, as well as the receiving end.

I did a capture of the VOIP between the server and external modem (the model had 4 analog lines), and once recorded, I was able to play back the audio of the fax conversation. It was a noisy, muddled mess. (I worked with fax for years, and know what “good” sounds like) I sent that capture to the support desk for the modem manufacturer.

Once they played it, they knew immediately what the issue was...a compatibility issue with the receiving end.

A firmware update quickly fixed the problem.

Re: Need some advice on learning networking

When I was in Iraq in 2005 I had an e-Fax account as did 2 or 3 other NCOs in the unit deployed with. Being a deployed reserve unit with over half the members from other units across the US e-Fax came in quite handy when a soldiers need information out of his or her permanent records jacket which is still with their original unit. Regular mail took 10 to 14 days to get to a deployed individual. With our unit the individual's PLT SGT or SQD LDR would give the soldier one of the e-Fax number and tell them to have their unit clerk fax the information. The fax would be received as an email attachment. We could then print the attachment and have it to the soldier by the time they got back from convoy the next night. Nobody in our unit ever missed a cutoff date for submitting a promotion packet.