🦈Leveraging Fusion SD-WAN's Advanced Troubleshooting Tools by defending your business like Mr Robot 🤖

🦈Leveraging Fusion SD-WAN's Advanced Troubleshooting Tools by defending your business like Mr Robot 🤖

Enhance Network Diagnostics with Fusion SD-WAN and Wireshark

·

5 min read

Fusion Broadband South Africa SD-WAN introduces a game-changing troubleshooting tool called eport, designed to provide advanced diagnostic capabilities for network administrators. This tool is a reverse proxy deployed on the SD-WAN edge, offering high bandwidth capabilities and secure access to various network devices and services, including on-prem servers, routers, switches, VoIP phones, printers, and IoT devices. One of the standout features of eport is its ability to perform remote packet capture using Wireshark, allowing network engineers to delve deep into network traffic and pinpoint issues efficiently.

Deployment of eport

The first step in utilizing eport is to set up an eport server, which acts as a Bastion server for secure access. The eport client is then installed on the Fusion SD-WAN edge device, ensuring secure communication via cryptographic keys. This setup enables network administrators to access any IP or port associated with Fusion edge devices and other network endpoints.

Remote Packet Capture with Wireshark

eport's standout capability lies in its support for remote packet capture using Wireshark. This method allows network engineers to leverage Wireshark directly from their laptops and capture traffic directly from the Fusion Edge at high bit rates. Unlike traditional methods like tcpdump, remote packet capture with Wireshark offers significantly faster capture speeds and can handle bandwidth-intensive tasks effectively. Filters can be implemented to reduce bandwidth usage and focus on specific traffic patterns. Instead of using tcpdump on the Fusion edge, DumpCAP from tshark which is installed on the edge device is utilized.

Value and Benefits

  1. Comprehensive Troubleshooting: With eport and Wireshark integration, network administrators gain a powerful troubleshooting tool that can identify a wide range of network issues. Whether it's misconfigurations, cyber attacks, or performance bottlenecks, Wireshark's detailed analysis capabilities provide insights into network behavior.

  2. Cybersecurity Insights: eport's ability to perform remote packet capture is invaluable in cybersecurity scenarios. It can detect lateral movement in cyber attacks, identify misconfigured networks, and help in uncovering potential compromises. For example, detecting abnormal traffic patterns indicative of malware activity or unauthorized access attempts.

  3. Proactive Network Monitoring: By leveraging Wireshark remotely, businesses can proactively monitor their network for anomalies and potential threats. Early detection of suspicious activities can lead to swift action and mitigation, preventing potential compromises and data breaches.

  4. Cost Savings: The ability to remotely diagnose network issues and security threats using eport and Wireshark can result in significant cost savings. It reduces downtime, prevents costly cyber incidents, and enhances overall network performance and reliability.

Jumping the Shark

Leveraging Wireshark and DumpCAP

Troubleshooting Session Example: Proving Email Blacklisting with Wireshark

Scenario: During a recent troubleshooting session, a client reported that their email service was not accessible, and all attempts to access emails were met with errors. The client suspected a network issue, as they were able to access emails using a personal hotspot from a mobile phone.

Initial Assessment: Upon receiving the report, the support engineer conducted initial checks on the network infrastructure, including the Fusion SD-WAN setup. No obvious issues were found, and the network appeared to be functioning normally.

Client's Assertion: The client insisted that there must be a network fault, as emails were accessible via a personal hotspot using his laptop and phone but not through the corporate network. They believed that the network configuration was causing the email access problem.

Utilizing Fusion SD-WAN's Troubleshooting Tool: To delve deeper into the issue and pinpoint the root cause, the support engineer decided to leverage Fusion SD-WAN's advanced troubleshooting tool, eport, which integrates with Wireshark for remote packet capture and analysis.

Steps Taken:

  1. Setting up Wireshark Capture: The support engineer remotely accessed the Fusion SD-WAN edge device and initiated a Wireshark capture using the eport tool. This allowed real-time monitoring of network traffic passing through the Fusion SD-WAN device.

  2. Analyzing Email Traffic: With the Wireshark capture in progress, the engineer focused on analyzing the email traffic to and from the client's email server. This included examining SMTP (Simple Mail Transfer Protocol) communication, DNS queries related to email servers, and any unusual network behavior.

  3. Identifying Blacklisting Issue: Upon thorough analysis, the network administrator discovered that the client's network NAT IP address was being blocked by the cloud-based email server. This blockage was due to repeated failed login attempts caused by a user with an incorrectly configured email password.

  4. Understanding Network Impact: The blockage of the network's NAT IP address by the email service resulted in all email traffic from the client's network being blocked, hence the inability to access emails.

The troubleshooting session using Fusion SD-WAN's eport with Wireshark integration successfully identified the root cause of the email access issue. It was not a network fault as initially suspected but rather a blacklisting issue caused by incorrect email credentials and subsequent blocking by a security service.

Wrap

Wrapping up, Fusion SD-WAN's eport with integrated Wireshark capabilities revolutionizes network troubleshooting and cybersecurity practices. It empowers network and cybersecurity engineers to delve deep into network traffic, identify issues proactively, and ensure a robust and secure network infrastructure. With eport, businesses can achieve zero downtime, enhance network stability, and mitigate cybersecurity risks effectively, making it a must-have tool in the arsenal of modern network management.

This Swiss Army knife from Fusion Broadband South Africa has the potential ability to save a business billions and it enables the functionality to detect lateral movement, which is something that all the fancy pants systems from Silicon Valley are failing in delivering!

Ronald ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa. 👉 Contact Fusion

Originally published on LinkedIn by Ronald Bartels: