How do I dump raw data from a TCP port in Windows using the netsh command?

I have an apparently simple issue which is proving very difficult to find an answer for.

The site has a highly-secured Windows Server 2019 installation and an appliance connected to it running on a certain TCP port.

I need a sample of the raw data coming out of that port, taken for a few minutes, dumped into a binary file. It needs to be as raw as possible (i.e. it needs to resemble what we would read from the TCP stream when we would connect to that same port from a local .NET application).

It is highly preferable to use only built-in Windows tools for this (i.e. netsh), but worst-case windump or telnet are also fine.

Go to Source
Author: Ruslan

Running Windows in QEMU with LVM causes very slow disk acess

I have the problem, that whenever I try to run Windows within QEMU, it seems that disk access is becomming very slow after a short while. Surprisingly both access to the disk from within the VM as well as outside of the VM seems to become slow.

I have both my home and my QEMU windows drive on the same disk (this is a laptop, so I cannot use multiple disks), but on different LVM volumes (no qcow or anything, just the raw LV). Just after few minutes, windows becomes unusably slow, and the host also becomes slow. As soon as I disable the VM, the host becomes usable again. I have traced back the problem in windows to slow disk access using the resource monitor. But the problem seems to be in on the LVM side of the host. If I run iostat -xz I get the following:

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          17,36   10,14    5,41   38,51    0,00   28,58

Device            r/s     rkB/s   rrqm/s  %rrqm r_await rareq-sz     w/s     wkB/s   wrqm/s  %wrqm w_await wareq-sz     d/s     dkB/s   drqm/s  %drqm d_await dareq-sz  aqu-sz  %util
dm-0             7,63     82,81     0,00   0,00   84,37    10,85   22,74    209,61     0,00   0,00  121,53     9,22    0,00      0,00     0,00   0,00    0,00     0,00    3,41   3,32
dm-1             0,05      0,27     0,00   0,00    5,05     5,49    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00   0,00
dm-2             0,00      0,09     0,00   0,00    6,10    21,75    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00   0,00
dm-3             2,28      9,12     0,00   0,00   21,28     4,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,05   0,53
dm-4             0,02      0,09     0,00   0,00    4,95     4,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00   0,00
dm-5             0,00      0,00     0,00   0,00   31,64     4,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00   0,00
dm-6             0,02      0,09     0,00   0,00    4,94     4,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00   0,00
dm-7             0,00      0,09     0,00   0,00    6,85    21,75    0,00      0,00     0,00   0,00    0,00     0,00    0,00      0,00     0,00   0,00    0,00     0,00    0,00   0,00
dm-8            36,13   1454,39     0,00   0,00   46,74    40,25  528,37   2107,50     0,00   0,00  122,58     3,99    0,00      0,00     0,00   0,00    0,00     0,00   66,46  12,66
dm-9             7,63     82,77     0,00   0,00   84,49    10,85   22,74    213,86     0,00   0,00 1578,74     9,40    0,00      0,00     0,00   0,00    0,00     0,00   36,55   3,18
nvme0n1          4,49    176,13     5,82  56,45    0,19    39,26  101,54    445,00     0,07   0,07    0,95     4,38    0,00      0,00     0,00   0,00    0,00     0,00    0,07   0,38
sda             41,89   1547,29     4,19   9,10   46,21    36,93   41,60   2317,08   509,51  92,45  158,29    55,70    0,00      0,00     0,00   0,00    0,00     0,00    8,40  15,35

dm-8 is the windows LV and dm-9 is my home drive. So for some reason it seems that data is being queued for both these drives. The write speed isn’t terribly fast while the system is sluggish, somewhere around 1-5MB/s at most, which is very slow for the drive I have in the system.

CPU Usage is very low, while the VM is running (both inside the VM using resource monitor, as well as on the host). Usually, it is only around 10%.

I am using Virtio as a storage adapter and I already tried different configurations (threads, caching etc), but nothing seems to change this problem.

Is there some other configuration that I could try to get a better disk access?

Go to Source
Author: LiKao

MySQL stops in windows VM and shows innodb error log sequence number is in future

2020-08-28 16:46:02 d64 InnoDB: Error: page 1 log sequence number 23113680
InnoDB: is in the future! Current system log sequence number 3181581.
InnoDB: Your database may be corrupt or you may have copied the InnoDB
InnoDB: tablespace but not the InnoDB log files. See
InnoDB: http://dev.mysql.com/doc/refman/5.6/en/forcing-innodb-recovery.html
InnoDB: for more information.

I’m using VM and OS is Windows Server 2016 and Uniform Server.
MySQL stops upon this error and doesn’t work until it is restarted.
After restarting, it runs for some hours and stops again.
I have tried moving ib_logfile but still it didn’t help.
How to overcome this?

Go to Source
Author: Anushree Bharadwaj

Combining Two Containers

I’m working on a Windows laptop and running Docker for Windows on it. I want to run an Ubuntu container with a specific version and a MySQL server on it. So the question is, do I have to download MySQL on the Ubuntu container or can I run 2 containers (Ubuntu and MySQL) and combine them? How do I combine these 2 containers?

Go to Source
Author: user19215

list the users name in specific OU+ the Groups

I need to write a Powershell Skript to list the users name in specific OU+ the Groups in which the user belongs to (but i need to list specific Group and not to see all Groups).

Ex : OU : A

Users under OU A

they are Member to the Groups X Y Z …

i have found this one :

Get-ADUser -Filter * -Properties samaccountname,memberof,description -SearchBase “OU” |

foreach {

$sam = $.samaccountname
$description = $
.description

foreach ($group in $_.memberof) {

New-Object PSObject -Property @{

  UserName = $_.samaccountname;
  Desc = $_.description
  
 Group = ($group -split ",")[0].Substring(3) 

}

}

} |select username,Desc,Group

But it will list all Groups to the user and i want to show all users and thier Groups (but not all Groups just y x)

I want to list all user name in OU A and the Groups (but i want to see just Group y x)
Can Some one help me please ?

Thanks

Go to Source
Author: Adam2020

Printing all existing windows on a windows container

I wrote a simple cpp console app that prints all the open windows titles:

Printf("hellon");
for (HWND hwnd = GetTopWindow(NULL); hwnd != NULL; hwnd = GetNextWindow(hwnd, GW_HWNDNEXT)) { 
    if (!IsWindowVisible(hwnd)) continue; 
    int length = GetWindowTextLength(hwnd);
    char* title = new char[length+1];     
    GetWindowText(hwnd, title, length+1); 
    printf(" Title: %s", title);
}

The main reason of that app is to monitor the windows another exe is opening.
However, it only prints hello and no titles at all.
While it does works on the host windows os and prints all the existing windows on it.
What is the difference on docker and how can I make it work similarly?

Go to Source
Author: flowerProgrammer

How to turn off mouse acceleration in Windows 10?

After the recent Windows 10 update, my mouse has had mouse acceleration on even though I turned it off. I also uninstalled Logitech G Hub (I have Logitech G302 gaming mouse) and reinstalled it. I tried doing clean boots, removing the device from the computers through Control Panel, but nothing has worked so far. What should I do?

Go to Source
Author: Ryan Hong

Dualboot problem with windows 10 and ubuntu in MSI

I have installed windows 10 and ubuntu 20.04 on my laptop, in general it seems that everything works fine.
The problem I observe, is when I’m in ubuntu, and I reboot to enter windows, there are configurations that are reset, like configurations with the graphic card (nvidia), sound card or wifi.

Similarly, when I’m in windows and I switch to ubuntu, the first time I log in, the wifi card never works in ubuntu, I have to reboot twice for ubuntu to detect it…

I was reading that this may be due to the UEFI configuration, which should be using legacy mode. Should I format the disk, switch modes, and reinstall windows + ubuntu?

Also, in other computers I’ve had, I used to have problems changing the time, when I changed OS, but in this case, I find it curious to observe that not only the hour changes but also the minutes, I don’t know if it’s something also rare.

I’ve put all the problems together because I don’t know if they are all due to the same mistake…

Thank you very much in advance

Pablo

Go to Source
Author: Pablo MorPal

LDAP + SAMBA problems

After setting up my openldap on centos 7 i got a problem while integrating samba !
i followed the steps of many tuto :
exemple : https://admin.shamot.cz/?p=470
but i found a problem while taping that command :
net getlocalsid
i got an error :
ailed to bind to server ldap://172.16.0.180 with dn=”cn=ldapadm” Error: Invalid credentials
(unknown)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
pdb backend ldapsam:ldap://172.16.0.180 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
WARNING: Could not open passdb

Go to Source
Author: Bruce

Can I store certificates in the personal store of a virtual service account?

We’d like to make use of virtual accounts (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd548356(v=ws.10)?redirectedfrom=MSDN#using-virtual-accounts) to run some of our applications on our own servers.

It seems easy enough to do, however: some of our applications need access to certain certificates in order to communicate with other (remote) services.

I’ve installing certificates to the user store for a virtual account, and I’ve also tried granting private key access to a cert in the local machine account, both of which seem to have failed.

Is what I’m trying to do impossible?

Go to Source
Author: Richiban

Installing Certificate Authority

I have used this guide to install, in my lab a 2-tier PKI on Windows Server 2019
https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx
I know that guide is pretty old but it seems to have been updated pretty recently. Some steps are slightly different in the newer Windows version but nothing that can’t be figured out. The only deviation from the guide is that I have combined the the roles of the issuing (CA02) and the CDP/AIA publisher (SRV1). Other than that I followed the guide step-by-step (or at least I think I have, there are a couple of parts that are not very clear). I have redone the whole thing a couple of times. I keep winding up with the same issue:
I cannot validate the ldap connections for AIA, CDP or DeltaCRL in PKIView. I also notice that the share location that I create during the initial setup of the issuing server has somehow changed to the CertEnroll folder under certsrv in system32 rather than C:CertEnroll where I created it. How the heck does that happen?!? I am not sure at what point in the process that changes. I’ve just noticed it when I am troubleshooting the pkiview fail after completing all the setup steps. I am obviously most concerned witht he PKIView failure, just really curious as to why that share location changes. Thanks for reading.Screenshot of PKIView

Go to Source
Author: RobS

Are there security reasons for prohibiting universal mac address modification?

Background

In a standard 48-bit MAC address, the 7th (most significant) bit specifies whether it is a universally-administered address (UAA) or a locally-administered address (LAA).

If it is 0, then the MAC address is a UAA and the first 24-bits are the organizationally-unique identifier (OUI) of the manufacturer of the network interface card (NIC).

If it is 1, then the MAC address is just an LAA.

Question

Many drivers and NIC’s often allow users to modify the MAC address of their device.

But, it seems Windows does not allow modifying mac addresses to universal ones (i.e., UAA’s): https://superuser.com/questions/1265544/

What is the reason for this restriction? Are there security implications if this was not the case? Or, perhaps, is this merely just to prevent someone from spoofing a device as some legitimate company’s network communications product? (to their ISP)

Go to Source
Author: ManRow

Login names between sub domains in Active Directory

If I create two subdomains (sub1.domain.com and sub2.domain.com) to my parent domain (domain.com) can different users have the same login in the different subdomains? Or does logins need to be different across the forest.

  • jsmith@domain.com
  • jsmith@sub1.domain.com
  • jsmith@sub2.domain.com

Is this perfectly fine or will sub 1 and 2 conflict with the parent domain. Or will all 3 conflict with eachother?

Go to Source
Author: GSerrano

Make host header correct from upstream

I configured simple load balancer scheme on the windows:

upstream app.local {
    server app1.local:8001 fail_timeout=10s max_fails=10;
    server app2.local:8002 fail_timeout=10s max_fails=10;
}

server {
    listen 8000;

    location / {
        proxy_pass http://app.local;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

Changed hosts file like this

127.0.0.1       app.local
127.0.0.1       app1.local
127.0.0.1       app2.local

All fine, but my web servers behind app1.local and app2.local receive incorrect headers Host: app.local and therefore don’t want resolve requests. I readed
the post where the same problem but top answer not resolved my and i don’t want to use the double layer proxy option straight off.

Go to Source
Author: Vasil Akhmetov

What firewall should I use?

What is the most comprehensive free firewall solution available for Windows? Personal machine, not work machine. I see a ton of choices online, but not sure which one to pick.

Go to Source
Author: PerpetualLearner

ANSWER

For home use I am fine with the built-in and free Windows Firewall (or Windows Defender Firewall) most of the time. It serves its purpose. Does the job. Not overwhelming to use. Customizable enough.

I would also explore the security options that comes with my home router. Many have it included nowadays, and with a little tweaking, should be able to add an extra layer of protection to one’s home network..