Getting email titled: Step 2 of 2: Applying to the Cisco Global Cyber Ops Scholarship – The Prequalification Exam
Now it’s time to take this exam, but the thing is what’s to prepare? what topic’s gonna cover? When I ask someone who experienced it, they just answer ‘it’s so basic’. How basic it is???
Now, I would like to share my experience about the topics this exam covered. Yes, it’s basic, but we need to know what kind of things to prepare for it. I cannot tell you guys specific questions because I don’t remember those :)
As the program stated, you need some prerequisites like need to have some knowledge of CCNA1 & CCNA2 or CCENT or CCNA or other related knowledge.
So let get into What topics:
- Some basic knowledge of how to use computer and internet, it’s like a fun, but it’s true
- Some basic knowledge of using Windows OS regarding to some basic cmd command lines like cmd, gpedit, dir, ipconfig, arp…
- Some basic knowledge of Linux file system and commands like /bin, /home, ifconfig, top, ls, grep…
- Some basic knowledge of the Internet and protocols like TCP, UDP [layer 4], DNS, DHCP, HTTP, HTTPS, SSH [layer 7] or ARP [layer] Here I want to stress as well about a-must knowledge of OSI model
- Some basic knowledge of security and attacks like VPN, SSL, Antivirus, Firewall, Brute force, DoS, malware…
- Some basic knowledge of Computer networking, a plus if related to Cisco devices, like routing table, VLAN, STP, NAT…
- Some basic knowledge of IPv4 and IPv4 addressing like class, netmask, default gateway, private, public, subnetting…
As a conclusion, you must have a fundamental knowledge of computer networking in general, system management on Windows and Linux and security knowledge as it is a so-called “Cisco Global Cyber Ops Scholarship“
Running Kali or some Linux box on VirtualBox on Windows, you might face this kind o problem occurs as in the attached image below.
The error message says: “A fatal error has occurred during virtual machine execution! The virtual machine will be powered off. Please copy the following error message using the clipboard to help diagnose the problem:…”
Don’t be surprise, the error message most of the time tells you where the root of problem is… like in this case, you just need to expand the detail (some of us might ignore reading further the detail) VirtualBox itself tell you where to solve the problem.
The detail says: “The guest is trying to switch to the PAE mode which is currently disabled by default in VirtualBox. PAE support can be enabled using the VM settings (System/Processor).”
*** This happen normally when you use the existing virtual disk (.vdi) that did enable it.
So to solve this problem, what you need to do is just following the message: Go to your Vm –> (right click) Settings –> System –> Processor –> (tick) Enable PAE/NX –> OK
That’s it, it now should start properly
It is bothering sometimes when you’re connecting to the network you wish to, but suddenly your machine (macbook, laptop…) automatically switches to other network with stronger signal (for example).
To fix to the network (specifically for WiFi connection), you can manage the priority (or order) by the followings:
- For MacBook user: System Preferences –> Network –> Advanced… –> Under Preferred Networks, drag networks into the order you prefer –> click OK to finish
- For Windows user: Control Panel –> Network and Sharing Center –> Manage Wireless Networks –> now you can move up or down to find the priority you want
Now, that’s it :) the network you intent to connect to will not be switched to other even it has a little lower signal…
The default Packet List consists of 7 columns: No, Time, Source, Destination, Protocol, Length and Info. Each of them can be sorted for your own need. E.g. You want to know where the longest frame length, then you can select on the column header “Length”.
What if you want to see the packets from the same conversation? Because we can sort once at a time, here I decided to sort TCP conversation by applying “tcp.stream” as column any name you want :) now you can sort it.
Profiles in Wireshark are basically folders that store some files describing those profiles such as coloring rules or column preference. It is not difficult to copy profiles from one machine to another. The important thing is to know the location :)
The easiest way to know the profile’s location is to open Wireshark, then press Ctrl+shift+A (if you use Wireshark in Windows, in macOs would be Command+shift+A), then the profile box will pop-up as shown in the picture below:
In the picture, you will see the blue path like /Users/vserey/.config/wireshark/profiles/WiFi where you can just click on it to go to the location. Now you can go back one folder, then you can see all profiles as folders where you can copy any folder you want or all to /Users/USERNAME/.config/wireshark/profiles in other machine. That’s it
ColoringRules in Wireshark helps you see the specific types of packet easily and the default might not enough. To work on specific problems, specific set of coloring rules might be needed. Let say, if you troubleshoot the wireless related problem, wireless coloring set of rules is very helpful.
Now I will tell you how to use the existing rules created by others by upload/import it to your Wireshark. You can add or edit it manually later if the existing not enough or satisfy.
First you need the file and there’re many can be found at https://wiki.wireshark.org/ColoringRules where you can download it easily there.
Then, after getting the file, you now open your Wireshark, go to “View” menu –> Choose “Coloring Rules…” –> Click on “Import…” –> Browse the file you downloaded and click “Open”
That’s it and enjoy your colorful packet view :D
This error message happened to my Kali Linux when I was trying to enable my WiFi interface by issued command “ifconfig wlan0 up”
If you use command rfkill list all, you will see like
0: py0: Wireless LAN
Soft blocked: yes
Hard blocked: no
The solution to this is simple, you just need to issue a command:
$ rfkill unblock wifi
Try ifconfig again, now the problem should be solved
In our case, we have already captured and saved to a file “afternoon-masterroom-7users.pcapng”. We want to see how many users involved in my WiFi network (AP) and because we didn’t apply capture filter when we captured, then we need to apply display filter to specify only only traffic connected with my AP (We need to know its BSSID, mac address of AP). Finally we export the field ‘wlan.staa’, sort it and get unique mac address to determine number of users
$ tshark -r afternoon-masterroom-7users.pcapng -R ‘wlan.bssid==00:18:e7:ea:df:eb’ -2 -T fields -e wlan.staa | sort | uniq
You may add one more pip as | wc -l to output number