• Best VPN Service

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

DHCP Option 82 Message Format, Analysis. DHCP Snooping Option 82 Injection & Removal Method, Trusted – Untrusted Switch Ports

Posted in Cisco Switches - Catalyst Switch Configuration

This article provides in-depth analysis of DHCP Option 82 (DHCP Relay Agent) which is one of the +180 DHCP Options available to the DHCP protocol and used by the Bootstrap Protocol (BOOTP) used for allowing  diskless client machines to discover and obtain their IP address. We’ll show you how DHCP Option 82 is used when implementing DHCP Snooping, the structure and content of DHCP Option 82, how and where it’s injected and removed from DHCP messages plus much more. You’ll can also download our DHCP/BOOTP Options Excel file and Wireshark packet captures of DHCP packets with Option 82 used in this article to help further understand all topics covered.

Let’s take a look at the list of topics covered in this article:

It’s highly recommend to read through our DHCP Snooping – DHCP Attack Mitigation article which is a foundation article.

The ‘DHCP Options’ Field within a DHCP Packet

The DHCP Options field is included inside every DHCP packet and is critical for the correct operation of the DHCP/BOOTP protocol.  You’d be surprised to know that there are almost 200 different DHCP Options available and there are more added as new features are introduced in the protocol.

The material used in this article such as wireshark DHCP Options 82 packet captures and DHCP/BOOTP Options excel file are freely available to download from our Article Attachments section.

The diagram below shows the structure of a DHCP packet and highlights the position of the DHCP Options field.

DHCP Packet-Diagram

It is important to understand that the above DHCP packet is the data payload within an Ethernet frame using UDP as the transport protocol.

The below screenshot was taken from a packet analyzer and shows an Ethernet frame with the DHCP data payload expanded:

dhcp packet capture with dhcp options

We’ve highlighted sections of the DHCP protocol using the same colours as our previous diagram to help the correlation process. Every field shown in our diagram maps directly to the fields of the captured DHCP packet.

The area marked in green is the section where the DHCP Options field is located. In our captured packet there are a total of 8 DHCP Options used, among them is also Option 82 (Agent Information Option).

DHCP Option 82 (Agent Relay) Message Format, Structure & Fields

The DHCP Option 82, aka Agent Relay Information Option or Agent Information Option, was originally created by RFC 3046 to allow the DHCP relay agent (e.g switch, router, firewall or server) to identify itself and the DHCP client that sent the original DHCP message.

The DHCP Option 82 is inserted and removed by the DHCP Agent Relay (e.g switch) as shown in the diagram below:

 insertion of dhcp option 82 by relay agent

While some DHCP servers might not support the Option 82 they are still required to copy the Option 82 value received from the DHCP client and include it in all replies back to the client. We’ll discuss the Option 82 insertion and removal process in the next section.

As we saw earlier, the DHCP Options field is positioned at the end of the DHCP packet and always contains multiple DHCP options. This of course means the DHCP Option field varies in length according to the number of options used:

The Most Common Worst Networking Practices and How To Fix Them

Posted in SD-WAN

gartner report worst networking practicesIn the rush to keep pace with the many challenges facing today’s organizations, all too often networking teams end up adopting practices and processes that are, shall we say, less than perfect. You probably have seen a few yourself in your own organization.

Management refusing to consider new vendors because, well, they’re new. Engineers wanting to do everything manually when automation would save them a ton of time. Overspending on capacity when there are more affordable alternatives. You get the picture.

Some practices are well known, others are less obvious. A great starting point for identifying the worst of the worst in your organization was a recent list compiled by Gartner. The list culls insight from several thousand client interactions.  While the Gartner report requires payment,  a free eBook from Cato Networks explains each networking practice and how they can be addressed with a cloud-based SD-WAN.

The practices fall into three categories — cultural, design and operational, and financial:

  • Cultural practices describe how IT teams relate to collaboration, and more broadly, innovation. Excessive risk avoidance is one example of a “worst” cultural practice. Adherence to manually configuring networking device and the silo-ism that often crops up among IT teams are other examples.
  • Design and operational practices are those practices that restrict the agility, increase the costs, and complicate the troubleshooting of the enterprise network. These practices often stem from having amassed legacy technologies, forcing less than ideal practices. Other practices include the lack of a business-centric network strategy, spending too much for WAN bandwidth, and restricted visibility into the network.
  • Financial “bad” practices stem from the dependencies IT organizations have on their legacy vendor relationships. All too often, busy IT professionals cut corners by leaning on their vendors for technology advice. This particularly the case in newer technologies where an IT professional may lack sufficient background to conduct an assessment. Vendors and their partners have a commercial interest in furthering their own aims, of course. As such, companies end up being locked into vendors or following questionable advice.

Download Altaro Free VM Backup & Win a PlayStation 4 Pro, Xbox One X, 3-Year Amazon Prime and more!

Posted in Windows Server 2016

We have some exciting news for you today!

Altaro has launched a great contest in celebration of SysAdmin Day on 27th July 2018!

They will be giving away Amazon eGift Cards to the first 100 eligible entries and 1 Grand Prize to 1 lucky winner.

The Grand Prize winner will be able to choose any prize from the following: a PlayStation 4 Pro, Xbox One X, a 3-year membership of Amazon Prime, an Unlimited Plus Edition of Altaro VM Backup, and more!

All contest participants will even get FOREVER FREE backup for 2 VMs when they download Altaro VM Backup!

altaro 2018 syadmin day - Free Grand Prizes

Want to WIN?

Here’s what you need to do to:

  1. Download Altaro VM Backup from https://goo.gl/Zvedfs using a valid work email address
  2. Set up a virtual machine on Altaro VM Backup and take a screenshot. Only screenshots that show at least 1 VM added for backing up will be considered as eligible.
  3. Upload the screenshot and the Grand Prize choice at the link you will receive via email once you download Altaro VM Backup from the contest landing page.

Good luck!

Complete Guide to DHCP Snooping, How it Works, Concepts, DHCP Snooping Database, DHCP Option 82, Mitigating DHCP Starvation Attacks, DHCP Hijacking, Man-in-the-Middle Attacks & Rogue DHCP Servers

Posted in Cisco Switches - Catalyst Switch Configuration

This article covers popular Layer 2 & Layer 3 network attacks with a focus on DHCP Starvation Attacks, Man-in-the-Middle attacks, unintentional rogue DHCP servers and explains how security features like DHCP Snooping help protect networks from these attacks. We explain how DHCP Snooping works, cover DHCP Snooping terminology (trusted, untrusted ports/interfaces) and more. Finally we talk about the importance and purpose the DHCP Snooping Binding Database also used by Dynamic ARP Inspection to prevent ARP Poisoning and ARP Spoofing attacks.

Topics covered include:

DHCP Starvation Attack, Man-in-the-Middle Attack, DHCP Hijacking & Reconnaissance Attacks

DHCP Starvation attack is a common network attack that targets network DHCP servers. Its primary objective is to flood the organization’s DHCP server with DHCP REQUEST messages using spoofed source MAC addresses. The DHCP server will respond to all requests, not knowing this is a DHCP Starvation attack, and assign available IP addresses until its DHCP pool is depleted.

At this point the attacker has rendered the organization’s DHCP server useless and can now enable his own rogue DHCP server to serve network clients. DHCP Starvation is often accompanied by a Man-in-the-Middle attack as the rogue DHCP server distributes fake IP address parameters, including Gateway & DNS IP address, so that all client traffic passes through the attacker for inspection.

rogue dhcp server man in the middle attackTypical Man-in-the-Middle attack. Client data streams flow through the attacker

Using packet capture and protocol analysis tools the attacker is able to fully reconstruct any data stream captured and export files from it. In fact the process so simple it only requires a basic level of understanding of these type of network tools.

In other cases the Man-in-the-Middle attack can be used as a reconnaissance attack with the objective to obtain information about the network infrastructure, services but also identify hosts of high interest such as financial or database servers.

It should be by now evident how a simple attack can become a major security threat for any organization. The above attacks are examples on how easy hackers can infiltrate the network and get access to valuable information by simply connecting an unauthorized/untrusted device to an available network port effectively bypassing firewalls and other levels of security.

Rogue DHCP Servers – A Major Security Threat & Source of Network Disruptions

Rogue DHCP servers are a common problem within enterprise organizations and are not always directly related with an attack. Rogue DHCP Servers tend to appear out of nowhere thanks to users who connect consumer-grade network devices to the network infrastructure unaware that they have connected an unauthorized device with a rogue DHCP server enabled.

The Rogue DHCP server then begins assigning IP addresses to hosts within the network therefore causing network connectivity problems and in many cases – major service disruptions. In a best case scenario DHCP clients are served with an invalid IP address disconnecting them from the rest of the network. Worst case scenario would be the clients been assigned an IP address used by network infrastructure devices e.g the VLAN interface on the Core switch or a firewall interface, causing serious network disruptions and conflicts.

rouge dhcp server in action
A rogue DHCP server in action, taking control of DHCP services

While many organizations enforce security policies that do not allow 3rd party or unauthorized devices to be connected to their network, there are still incidents where users who do not understand (or care about) the security implications continue to connect these devices to the network infrastructure without consulting their IT Department.

Educating users and enforcing security policies can be extremely challenging which is why security mechanisms need to be in place to help mitigate these incidents and is where DHCP Snooping comes into the picture.

DHCP Snooping Support for Cisco Catalyst and Nexus Switches. Licensing & Features

Acunetix v12: More Comprehensive, More Accurate and now 2X Faster Web Vulnerability Scanner

Posted in Web Application Vulnerability Scanners

acunetix logo22nd May 2018: Acunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites. With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.

“Acunetix was always in the forefront when it came to accuracy and speed, however now with the re-engineered scanning engine and sensors that support the latest JavaScript and Java technologies, we are seeing websites scanned up to 2x faster without any compromise on accuracy.” announced Nicholas Sciberras, CTO.

A free trial version can be downloaded from: http://www.acunetix.com/vulnerability-scanner/download/

Support for latest JavaScript

acunetix v12 introAcunetix DeepScan and the Acunetix Login Sequence Recorder have been updated to support ECMAScript version 6 (ES6) and ECMAScript version 7 (ES7). This allows Acunetix to better analyse JavaScript-rich sites which make use of the latest JavaScript features. The modularity of the new Acunetix architecture also makes it much easier now for the technology to stay ahead of the industry curve.

AcuSensor for Java

Acunetix version 12 includes a new AcuSensor for Java web applications. This improves the coverage of the web site and the detection of web vulnerabilities, decreases false positives and provides more information on the vulnerabilities identified. While already supporting PHP and ASP .NET, the introduction of Java support in AcuSensor means that Acunetix coverage for interactive gray box scanning of web applications is now possibly the widest in the industry.

acunetix web vulnerability scanner v12 AcuSensor for Java

Speed and efficiency with Multi-Engine

Combining the fastest scanning engine with the ability to scan multiple sites at a time, in a multi-engine environment, allows users to scan thousands of sites in the least time possible. The Acunetix Multi-engine setup is suitable for Enterprise customers who need to scan more than 10 websites or web applications at the same time. This can be achieved by installing one Main Installation and multiple Scanning Engines, all managed from a central console.

Pause / Resume Feature

Acunetix Version 12 allows the user to pause a Scan and Resume the scan at a later stage. Acunetix will proceed with the scan from where it had left off. There is no need to save any scan state files or similiar - the information about the paused scan is automatically retained in Acunetix.

acunetix web vulnerability scanner paused scan

A free trial version can be downloaded from: http://www.acunetix.com/vulnerability-scanner/download/


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup