Draw network diagrams online [2016 Edition]

In this post from 2011 I was explaining that my preferred online tool to draw network diagrams is LucidChart.com. Since then LucidChart.com developed really good and added constantly new features. Unfortunately with the new great additions some not so nice restrictions appeared for the free account.
Those restrictions (like 5 active documents) really make it difficult for me to work with this tool as I got used to a different style.

I’m not a cheap guy! If I would use this tool professionally there would be no problem to buy a subscription package, but at work Visio is saint (unfortunately) and the rest of the time, especially when I’m on my Mac, I just need a fast tool to draw brief network diagrams like for my blog or fast explanation to somebody online.

LucidChart.com is my recommendation if you rely on online tool to work with Visio documents. Last time when I checked their Visio import tool was doing a great job.

Back to this story, I was looking online for another tool when I came across Draw.io.

Draw.io doesn’t need an account creation, rather it just give you direct access to the tool.
Since you don’t have an account you cannot save your work on the application, but it does offer you the option to save on Dropbox, Google Drive or OneDrive online or directly on your machine.
Later you can open your document from any of these locations.

In terms of shape the tool is pretty generous and the Cisco ones, really important for me, are there:

draw.io

The tool is very easy to use, it gives you a Visio feeling (if you’re used with this Microsoft software) and works pretty fast for me.

I tried to open a Visio document from my machine…did not work that well:

draw.io-visio-open

Importing the same document did not work better:

draw.io-import-visio

It seems that in both cases the Riverbed Steelhead shapes loaded fine, but not the Cisco ones.

Well, I would like to see this working, but in the end nothing to complain. I explained already that I don’t need the online tool to work with Visio. It’s nice if it can, but not mandatory for me. I’ll try some more tests with different Visio files, who knows maybe it’s something wrong with my test file.

One feature which I would like to see is the ability to add your own shapes. Who knows maybe in the future.

If you know a better alternative to LucidChart.com that has a free option and you consider it better than Draw.io please let me know.

Remote desktop, GNS3 crashes when drag and drop topology objects

Couple of days ago I reinstalled my machine that I use as GNS3 server. It was about time as thing started to become a bit unstable after so many patches and updates to bring it up from Ubuntu 8.04.

I picked Xubuntu 14.04 LTS as my distro because I like XFCE and with the new GNS3 installed directly from PPA following https://www.gns3.com/support/docs/linux-installation it seems to be a piece of cake the entire story.

Unfortunately the reality was different. The above machine is sitting in my lab and most of the time I do just remote desktop on it via X2GO or XRDP. The issue that I encounter was that GNS3 was starting fine, everything looked to be working correctly, but when I was trying to drag and drop an object (like router, switch) to the topology the GNS3 would crash and the logs would show a nice segmentation fault.

I spent a lot of hours reading about and it seems I’m not the only one which had this strange behavior. However nobody could actually point out a real solution to this problem.

One workaround that I found to be working is to use Thinlinc, a remote desktop server provided by Cendio. The free version supports for up to 10 concurrent users and in my case this limitation should not pose a problem. One disadvantage can be seen that it’s not open source and you need to install also the client software. Again not a big deal, at least for my scope.

If you arrived to my post looking for a solution, the above workaround can be one and it’s working fine.

However, the engineer in me was not satisfied as why the solution would not work just using the included packages in Ubuntu 14.04 LTS.

Digging more, I found that the problem is not actually related to GNS3, but rather to the Qt version that comes with Ubuntu 14.04. Also it’s seems that not only GNS3 is affected by this issue, which appears to be a Qt Bug, but also other software used via a remote X11 connection – https://bugreports.qt.io/browse/QTBUG-38109

Now if you check the GNS3 Linux manual installation page, you’ll see that python3-pyqt5 must be installed. When you install it from PPA, the same python3-pyqt5 is installed, just that maybe you’ll miss it among the other packets that are added automatically.

Checking the Ubuntu 14.04 packages http://packages.ubuntu.com/trusty/python/ (search for python3-pyqt5 to avoid going via all packages) I noticed that the default version is 5.2.1 I’ve checked for particular Bugs with this version that can be related to my problems, unfortunately my search brought no conclusive result, so I had to assume that this version has a problem. I’m not a developer so this task was even harder for me.

I went to check the next Ubuntu release. 15.04 is out of the marked since January 2016 and the only alternative was 15.10. I’m not very keen on trying non-LTS versions, but desperate times require desperate measures. Searching for the same python3-pyqt5 (http://packages.ubuntu.com/wily/python/) I saw that this version is 5.4.2.

Next I tried to find a way to install the 5.4.2 python3-pyqt5 version on Ubuntu 14.04. No success here. I ran into more problems than solutions. If you have a solution to have these two versions working together, please let me know.

Having nothing to lose I downloaded the Xubuntu 15.10, installed it and…everything is working like a charm so farm. I can open GNS3 and drag and drop successfully via a remote connection (XRDP or X2GO).

As you can see I have no solution to the actual problem, but at least I can suggest 2-3 workarounds that may get you out of the woods. For me an article like this would have been very helpful while doing my research, but there was none out there, beside different community posts usually without any answer. This is the reason for which I wanted to share this story with you.

If you have this issue and found another solution, please let me know as I would like to use the 14.04 LTS version of Ubuntu, otherwise I need to wait for the release of 16.04 LTS scheduled for this year.

SSL Certificate signed by own CA

There are a lot of “how-to” on the Internet explaining the setup procedure. This is mainly a copy / paste example for those in a hurry :)

How to setup your own CA

Generate a key for CA

Pick a password and remember it!

Generate a SSL certificate for CA

How to create a new SSL certificate signed by your own CA

Request a new key for the new domain that you want to secure

Pick a password and remember it!

Request a CSR and sign it with the previous created key

Request the SSL certificate and sign it against the CA

(Optional for Linux) Secure the key on the server

To have the SSL working you need to copy on the server side
– MyServerName.key
– MyServerName.crt
– myCA.crt (that’s the CA certificate)

How to view a certificate

How to check whether a private key matches a certificate or that the certificate matches the certificate signing request (CSR)

Does anybody knows a simple script that can offer the above functionality from web interface? I was looking around for a while now, but either they are enterprise complex or do not work. Let me know in Comments if you have a good suggestion.

Thanks!

Troubleshooting with Wireshark [Riverbed lab kit]

A while ago I attended a Wireshark webinar from Riverbed in which they presented the tool, some beginner and intermediate users troubleshooting scenarios and some lab kit.

Now I got an e-mail that they made it available for download at http://www.riverbed.com/wireshark-virtual-tour

Part of this Lab Kit were available in the Virtual World Tour 2014 webinar on Troubleshooting with Wireshark, held by Laura Chappell and Gerald Combs.

Kit is a free collection of Wireshark training, trace files and tips and tricks for troubleshooting your network. This lab kit contains the following:

  • Nine Network Analysis Training videos
  • Troubleshooting Checklist
  • Sample Network Analysis Report
  • Practice Trace Files
  • Laura’s Wireshark Troubleshooting Profile
  • Chapter Excerpts from Laura Chappell’s new book “Troubleshooting with Wireshark Locate the Source of Performance Problems”

  • If you are interested in troubleshooting with Wireshark, I think this would be a nice place to start. The presentation page of Wireshark Virtual Tour looks a little bit like comics marketing style, but the materials are pretty good.

    Live digital threats

    I wanted to bring these free tools to my blog to keep track of them, as most probably I will forget about, and to share with anybody interested in gathering information in the security areas.

    First tool was revealed to my in tweet from Greg Ferro:

    https://twitter.com/etherealmind/status/392606499044098049

    As usually I trust his words, I said to give it a try. I can tell that this tool is very interesting. According to the explanation found on http://www.digitalattackmap.com/faq/ :

    The Digital Attack Map presents data gathered and published by Arbor Networks ATLAS® global threat intelligence system. ATLAS sources its data worldwide from 270+ ISP customers who have agreed to share anonymous network traffic and attack statistics. Data is updated hourly and can also be found in Arbor’s ATLAS Threat Portal.

    Below you have an embedded version of this map, but better access the Digital Attack Map website.

    Second tool caught my attention from the Digital Attack Map explanation and it’s called Arbor’s ATLAS Threat Portal.

    Atlat Threat Portal

    This tool is explained as:

    The ATLAS portal today is a public resource that delivers a sub-set of the intelligence derived from the ATLAS sensor network on host/port scanning activity, zero-day exploits and worm propagation, security events, vulnerability disclosures and dynamic botnet and phishing infrastructures.

    If the first tool is related to network attacks, the second one is covering more topics like botnets, phishing, scans and more.
    You can access Arbor’s ATLAS Threat Portal here.