I like Wireshark. But I don’t like to install software on a server for troubleshooting purposes. Especially when you need software like PCAP to sniff some network data.
But what you can do is capture data data with netsh, copy the data to your workstation, convert the data so you can read it with wireshark and do you thing.
Capture the data
Run this command to capture the data (elevated command prompt)
For me, this was a pain in the ass for a long time. When I connect to a Windows server through RDP/RDS it sometimes takes more than 2 minutes to connect to a server. Today after some waiting, and waiting and some more waiting I did a deep dive with Wireshark to figure out why it was so slow.
My setup
Azure domain joined Windows 10 device (Laptop)
Connection over a Cisco Anyconnect VPN
Remote Desktop Manager (Devolutions)
Native RDP client
MremoteNG
Remote VS local
I know for sure the issue should be in my setup. Because when I connect first to a jump host (RDP) and then connect to other domain-joined servers everything was connected almost immediately after I put in my user credentials.
What to do (TL;DR)
There are four things you have to modify to speed up the initial remote desktop connection speed:
Disable SSL / TLS1.0
Disable Netbios on the VPN network adapter
Disable automatic proxy settings in Windows
Change the credential to domain.local\admin or [email protected] instead of domain\admin
Disable SSL / TLS1.0
No, you don’t have to negotiate what protocol you have to use to connect a server. Use TLS1.2 or I don’t want to connect with you ๐ So:
How to
Start > Run > Regedit
Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
If the TLS 1.0 and Client folders doesn’t exists create these keys
Create a 32 DWORD value with the name Enabled
Value data: 0 (Hex)
Restart the client
Enabled = 0
Disable Netbios on the VPN adapter
What I was seeing in my Wireshark capture is that RDP was trying to broadcast to get information over NETBIOS. You have a DNS server so you don’t need a legacy broadcast protocol! Unfortunately, I don’t have any screenshot of the capture but you can always check yourself ๐
How to
Change the VPN Adapter and reboot the computer:
Disable Netbios
Disable the proxy
After connection to a server with RDP and you enter the credentials Windows is trying constantly to WPAD.domain.local to autoconfigure itself. WPAD stands for Web Proxy Auto-Discovery and I think you never want to autoconfigure a MITM ehh proxy device. You always want to have full control of your device. So, disable this to speed up the connection and make your device more secure.
Wireshark Capture WPAD A record
How to
Go to settings
Search for proxy
Switch the Automatically detect settings to Off
Restart Windows
Turn WPAD off
Change the login name
I found out that this is the most annoying and time consuming one. I always use DOMAIN\User when I connect to a server. But this is what happens:
Domain.Domain.TLD
Kerberos is doing a DNS query on _kerberos._tcp.dc._msdcs.domain.domain.tld and of course he will never can find that double domain A record. But if you change the logon name to domain.tld\admin or [email protected] Kerberos will find the A record and connects immediately ๐
Top speed!
Kerberos
And even now it’s possible to tune the Kerberos authentication further and fix the last KRB5KDC_ERR_PREAUTH_REQUIRED error you can see in the screenshot. Maybe next time but for now I’m happy with the initial connection speed ๐
It can be fun to reverse engineer some android applications. I think it’s better to do this on your workstation instead of your phone because it’s way more flexible and you don’t ruin your phone when you break things ๐
In my case, I use Debian 11. But of course, you can do this with any OS.
Requirements
An app you want to debug
OWASP ZAP Proxy
Genymotion
NPM
APK Export (Android App)
OWASP ZAP Proxy
I use the snap package for ZAP because it’s easy to install and you’ve always the latest version.
$ sudo snap install zaproxy --classic
Start ZAP and export the dynamic certificate (tools > options)
Dynamic SSL Certificate
Click on the save button an place the file somewhere on your disk.
Follow the wizards, create an genymotion account and create a new virtual device. In my example I used a google Pixel 3 with Android 10.
Overview virtual devices
Now it’s time to configure the proxy within the android device!
Configure proxy in Android
Start the created virtual genymotion android device and copy the certificate file we create earlier with a simple drag and drop.
drag & drop the certificate file
Succesfull copy
Now we can can configure the proxy in the wifi settings.
Go to settings > search for certificate and install the certificate.
settings > find >certificates
Import the certificate
Edit the wifi connection, add the proxy and restart the wifi.
Edit the Wifi
Go to the advance options
Set the proxy to Manual
The IP is always: 10.0.3.2This is the “localhost” setting for the genymotion host server
Port 8080
Genymotion Proxy Settings
When you (re)connect the the wifi you have the accept the proxy error (but this is a good thing).
Sign in the the wifi
Accept the warning
Now you will see all the traffic. But only the traffic for the apps who respect the android HTTP_PROXY settings. So this is what you can do when an app don’t respect this setting:
Rebuild the APK with APK-MITM
Now everything is in place. So the last thing we need to do is rebuild the APK file so we can proxing all the network traffic. So:
Everything is in place now. So the only thing you have to do is drag & drop the *-patched.apk file to genymotion, install this file and you are fully in control ๐
Unable to negotiate with blog.wapnet.nl port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
The authenticity of host 'blog.wapnet.nl' can't be established.
RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Are you sure you want to continue connecting (yes/no/[fingerprint])?
It cost me a lot of time to troubleshoot the screen tearing. So I want to share my solution for everyone with the same frustrating tearing issues. My private setup is a Lenovo Ideapad (gaming) with Nvidia and Intel (Prime) GPU. I use the laptop screen and an external 24″ HDMI display.
In Windows 10 everything goes smooth but when I switch my dual boot to Linux than the frustrations begin.
I tried a lot of different Linux distributions (Fedora, Solus, Ubuntu, Pop_OS!, Arch Linux, OpenSuse, and Zorin OS) and I try KDE Plasma, Gnome, and Budgie a lot of hacks for all these systems to get a smooth Linux GUI without screen tearing or other lag.
But I don’t like manual modifications/hacks to get the Nvidia setup smooth. Especially the proprietary Nvidia drivers can break your system easily. So this fix is easy to remember and easy to switch if you want the power saver back to full and use the Intel driver instead of the Nvidia one.
Important, choose your display!
What you have to keep in mind when you have a lot of screen tearing is to make a decision. Use your laptop display or external display. You can fix both displays but not at the same time in a smooth way. If I found a solution in the feature I will post it on my blog. But in the meanwhile, I use only one screen at the same time.
This procedure is for Ubuntu 20.04 LTS but it will work for other distributions for sure.
Install the driver
After a fresh ubuntu installation, Nvidia and HDMI do not work as they should be. So, kick off the first command and reboot.
$ sudo ubuntu-drivers autoinstall
And reboot!
Configure Nvidia driver Part I
Now configure the Nvidia/Intel prime in on-demand mode. So you can do further configuration in the nvidia-settings gui
$ sudo prime-select on-demand
And reboot again
Now start Nvidia settings and switch to NVIDIA (Performance Mode)
Click save and….. reboot!
Turn off one display
Go to your KDE or Gnome display settings and turn off one display. KDE saves these settings so when you plug out the HDMI cable afterward KDE will activate your laptop display. And of course, when you plug in your HDMI cable next time he will turn off your laptop display.
Configure Nvidia driver Part II
These steps are optional but needed for a better performance.
Start nvidia-settings > GPU 0 > PowerMixer
Change the Preffered Mode to “Prefer Maximum Performance”
Last but not least: Firefox hardware rendering
For some compatibility reasons, hardware rendering in Firefox is turned off by default. So you have to enable it.
about:config
Set layers.acceleration.force-enabled to true
Quit Firefox and restart it
Some debug information
I always use this YouTube video to check if the screen tearing is varnished completely
When you want to see if your have the right drivers loaded, use this command:
$ lspci -k | grep -EA3 'VGA|3D|Display'
And you can start an application with max video power with this command. Change gears to your own program off course. But I like gears because you can see the FPS realtime (see the screen what a differance ๐ )
$ __NV_PRIME_RENDER_OFFLOAD=1 glxgears
With nvidia-smi you can see if nvidia is running the application
Enjoy your tearing free Linux ๐
/edit
Hahaha I saw this video today ๐ Exactly my thoughts
I want to move this blog to my own NAS because I have plenty enough bandwidth and with Cloudflare as reverse proxy it is secure enough also (and I like to hobby off course ๐ ).
I tried to use the Duplicator WordPress plugin to make a dump of my website and do a restore in the Synology Webstation. But during the database restore in step 2 every time I was getting a 504 gateway timeout after a minute (exactly 60 seconds).
What I could have done was a manual (ftp & database) copy and restore the files. But I was sure I was getting other errors in the future when I had to update WordPress or other plugins. So fixing this timeout issue was the only solution.
On different places on the internet, I found that I had change the Nginx site settings. So I put the timeout settings in the associated “/etc/nginx/conf.d/site.conf” and restart Nginx and restore the database Nginx was still was failing.
Then I’ll try to put these lines in the “/etc/nginx/nginx.conf” but when I restart the nginx the settings were overwritten and my changes are gone.
Every time you restart, Nginx Synology make use of a file “/usr/syno/share/nginx/nginx.mustache” to create a new nginx.conf file. I change the lines in that file and *boom* everything was working ๐
So TLDR;
sudo su -
vim /usr/syno/share/nginx/nginx.mustache
#add these lines
send_timeout 600s;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
synoservice --restart nginx
