Windows

Chocolatey Goodness

One of the reasons I prefer Linux over Windows is the ease of package management.
Apt, Yum, and Pacman depending on your distribution (Debian:Ubuntu, RedHat/Fedora or Arch) just seem much more logical than the Microsoft App Store or even Apple’s software store.

I don’t use the GUI interfaces available on any system if I can carry out the same goal from a terminal. I realize all these systems have a “terminal/Command line” available, but a lot of users have grown accustomed to a graphical point and click method. I haven’t, nor do I enjoy navigating around the screens pointing and clicking – it seems like a waste of time.

This is the section that was cutoff


PowerShell on the Windows System is an exception. I’ve gotten used to using the Windows command prompt and netshell when possible, but always felt that neither lived up to the power of BASH. PowerShell has grown and developed into a useful tool that many Linux users would find worthwhile for system administration and troubleshooting functionality.
When you add in the Chocolatey package management tool/repository you start to see potential for a more Linux-like work flow.

I see that there is also a GUI available for Chocolatey for any who prefer, but installing packages via PowerShell is fairly simple – as is searching and listing available packages.

I doubt i’ll abandon my Linux machine just to run PowerShell, but I think it’s beneficial to know how different Operating systems function and carry out similar tasks you might deal with in Linux.

“list, search, info, and install” are the commands I use the most when using Chocolatey.  The “info” command is extremely useful in providing information on the application you may consider installing.

choco -h 

  • list – lists remote or local packages
  • search – searches remote or local packages (alias for list)
  • info – retrieves package information. Shorthand for choco search pkgname –exact –verbose
  • install – installs packages from various sources
  • pin – suppress upgrades for a package
  • outdated – retrieves packages that are outdated. Similar to upgrade all –noop
  • upgrade – upgrades packages from various sources
  • uninstall – uninstalls a package
  • pack – packages up a nuspec to a compiled nupkg
  • push – pushes a compiled nupkg
  • new – generates files necessary for a chocolatey package from a template
  • sources – view and configure default sources (alias for source)
  • source – view and configure default sources
  • config – Retrieve and configure config file settings
  • features – view and configure choco features (alias for feature)
  • feature – view and configure choco features
  • setapikey – retrieves or saves an apikey for a particular source (alias for apikey)
  • apikey – retrieves or saves an apikey for a particular source
  • unpackself – have chocolatey set itself up
  • version – [DEPRECATED] will be removed in v1 – use choco outdated or cup <pkg|all> -whatif instead
  • update – [DEPRECATED] RESERVED for future use (you are looking for upgrade, these are not the droids you are looking for)
Installing Putty with Choco first removed an incomplete install attempt before adding -y

Check out chocolatey.org for more information including more details on security and the community package repository

Installing TCPview – a package from “Windows Sysinternals”

 

For those who would rather not use the Powershell command line, there is a GUI:

choco install chocolateygui –f -y

2018

End of Year

It’s been an interesting year

Security alerts, Cyber threats, Fake news, and more critical patch updates than you can shake a stick at. Robots are competing in the job market, A.I is looming, and cold air from the far north is sweeping across the land.  Whether it was a good year, a bad year, or nothing too impressive, it’s just about over now. The new year is coming fast. Are you smarter than you were a year ago at this time? Hopefully, the answer is yes if you put any effort into improving your skills, knowledge, and confidence level. Now you can set down some goals for next year. You can also reflect on your hopes for next year.

New Year Goals

One of my goals is to continue to improve and refine my command line skills for both Linux and Windows. It’s the same goal every year, but I know I can continue to improve as operating systems and applications are further developed …..which is inevitable if such technologies remain relevant. Amazing enough will be the number of outdated operating systems that remain in operation. Over complex and poorly understood system designs will continue to frustrate many. Buzzwords will be bantered about as opposing views on remote vs local support, maintenance, and storage are pondered. Computer hardware and software skills will still be required in many industries, but knowing more about the core business these components support will also be crucial. Sadly this is often overlooked. If you are reading this then you most likely already know this. Will this all change next year? Probably not. Will more people drop Windows and move over to Linux and OSX? Some might, but most won’t, so you’ll still need to sharpen your “Microsoft” skills unless you’re adamantly opposed to all things “Windows”. Good luck with that. Most of the generic questions and issues techs get presented with are based in the Windows realm.

Sometimes Windows and Linux techs working together enhance each other’s skill sets and often the customer or end-user is the beneficiary.  I guess that’s a plug for “work with others” it isn’t always as painful as you may expect.

If you can navigate your way through all the “Fake News” (technology related of course) and Silo building you may encounter, plus sharpen and learn new skills, you should do well next year.

You don’t need anyone to tell you how good you are at anything. You know how good you are. That’s the bottom line. Resist the urge to speak when often it’s more productive to listen. Learn from any and all mistakes you or others may make, and try not to stress out too often. Make next year a great year whoever you are or wherever you are. Practice, practice, practice, it might just pay off in ways you don’t foresee. You can always improve your skills. The trick is to avoid wasting time and energy on the technology you’ll  never use or won’t encounter often. Distractions are everywhere. Know your strengths and weaknesses, but also be realistic about your limitations. Try to get the most out of what you already have. Your “experience” is often an asset, but getting more out of less is a skill.  Re-read some of those tech manuals that are still relevant. My best advice though will be to take a break once in a while. Enjoy all the non-tech parts of life. Take time to unplug and recharge.

Resource monitor

Linux type solutions on Windows

The “Microsoft” Ubuntu command line “App”

Sometimes you find yourself working on a Windows-based machine, have to perform a quick task that might normally be very straightforward on a LINUX machine, and you don’t want to spend too much time fumbling through the GUI pointing and clicking until you stumble across what you’re looking for.
My first gut instinct usually is to get to the command line quickly and work from there.
I installed the “Microsoft” Ubuntu command line “App” on a Windows 10 test machine recently hoping it would become the perfect solution to such situations, but it has been a disappointing experience so far. Maybe I’ll have a better opinion after I spend more time with it, but I doubt I’ll see this installed on too many machines I run into – at least for a while. Luckily Windows command line tools are pretty robust – especially PowerShell.

As a side note, I really find Sysinternals very useful as a nice set of tools for some very interesting challenges you might run into while doing some diagnostic investigation on problematic systems.
For the most part, Windows usually has some nice built-in diagnostic tools – if you know where to look and can find them in a timely manner.

I had a question come up recently about port connections. Usually, I suggest Wireshark as a go-to tool for any supporting operating system, but this situation was for a system that did not have it available – disregarding the fact that you might or might not have the ability to monitor the packet traffic with a tap or port forwarding access via a test laptop. The discussion was on using the computer in question for any diagnostics – and of course, it wasn’t a LINUX machine. Anyhow, here’s a few ideas I floated for such situations – try a few if you haven’t already and see what you think.

Finding port connections in Windows

Use Wireshark to parse out port numbers by adding Destination and Source port columns for both TCP and UDP port numbers. Under each corresponding Wireshark header right-click on destination/source and apply as a column. Edit the name to differentiate between UDP or TCP.
Filtering for a specific protocol number is just as straightforward.
Examples:
tcp.dstport == 80
tcp.srcport == 80

TCP

 

 

If you’re a fan of Sysinternals you may find TCPView a nice alternative to monitor your PC’s connections – close to a real-time view of connections made and unmade.

TCP

 

 

 

Either from the basic Windows CMD or from within Powershell “netstat” similar to its LINUX long-lost cousin is a simple and quick way to view connection status.

Netstat

 

 

 

 

While you’re working in Powershell, check out network connections with Get-NetTCPConnection.

Powershell

 

 

 

If your set on using the GUI on Windows, the “Resource Monitor” Network – Listening Ports works quite well.

Resource monitor

 

 

 

 

 

Back on Linux, you can run netstat, lsof, ss, or nmap.
Each has many options and allow you to customize your scans.
Here a few quick checks:

netstat -a | grep CONNECTED

or

lsof -i

or

ss | less

You could always load nmap and scan your own local ports as an alternative port check.

Windump

Windump (back to basics)

Sometimes I like to go back to the basics, for network troubleshooting a good packet analyzer is what I need. I use Wireshark and Tshark if I can, but sometimes I get everything I need out of TCPDUMP. Sometimes I find myself staring at a Windows machine and not at a Linux command line. No problem, Windows has a couple of useful shells to work with, and it can run something very very close to TCPDUMP.

So, if you are also looking for a simple alternative to Message Analyzer, Wireshark, or Tshark than WinDump – (a port of LibPcap ) may be just what you’re looking for. If you are familiar with TCPDUMP on Linux or UNIX, than you will find WinDump works very much the same.

Download windump here

verify your download:

SHA1: d59bc54721951dec855cbb4bbc000f9a71ea4d95

MD5: 7b50683722d9efd3dccbb9e65ec0f2df

You can use Sigcheck to verify the file:

https://download.sysinternals.com/files/Sigcheck.zip

Also available is the entire suite of System Internal Tools which also contains SigCheck

https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

Another available but currently unsupported command line utility that computes MD5 or SHA1 cryptographic hashes for files that works with Windows 10:

Microsoft File Checksum Integrity Verifier tool

(Windows-KB841290-x86-ENU.exe)

https://www.microsoft.com/en-us/download/details.aspx?id=11533

 

I find it easier to place both WinDump and fciv in the same folder.

You may choose to move WinDump after you scan your download with an antivirus and/or Malware detection tool and verify the file integrity

 

 

 

Windump

 

Windump

 

 

Using “-both” to see both the SHA1 and MD5  output together

Windump

 

You can find the manual for WinDump (actually its also the TcpDump manual) at:

https://www.winpcap.org/windump/docs/manual.htm

 

windump.exe version 3.9.5, based on tcpdump version 3.9.5

WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008)

Usage: windump.exe [-aAdDeflLnNOpqRStuUvxX] [ -B size ] [-c count] [ -C file_size ]

                [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]

                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]

                [ -W filecount ] [ -y datalinktype ] [ -Z user ]

                [ expression ]

 

 

If you’re interested in whats new with Tcpdump and LibPcap check out the latest releases:

http://www.tcpdump.org/#latest-releases

 

If all you want to do is collect packet data (with low overhead) so that you can examine the capture later in Tshark or Wireshark, and you have Wireshark tools installed, than Dumpcap is another useful option. I believe on Linux, TcpDump may drop fewer packets than Dumpcap (and Tcpdump can parse data in near real time for viewing), so I would lean more toward using WinPcap on Windows machines if available. You may find that Tshark and Dumpcap work better for your system, but I tend to use either Tcpdump/WinDump or Wireshark. I will use Tshark on occasion, but rarely would I limit my use to Dumpcap only.

 

Chains breaking

Breaking the Chains

Lately I have become less enchanted with Windows 10 per each update. It might be the weird mood in the air this summer. Updating an Arch based spin always feels like an improvement rather than a “HotFix” for something that needs “fixing”.

I know Linux updates are intertwined with numerous fixes, but there’s something enlightening and less mysterious about updating from a repository with “Paceman“. I sense something about Windows that feels like I have less control over my computer than I do with Linux. Aside from all the privacy and system reporting tweaks when installing Windows you are allowed to do. There are still some veiled baked in settings that you get hard coded just for you. It’s like the system is telling you what is good for you “We know what’s best for you…just check yes for every question we present you Ah ha ha”. (Overly dramatic) Windows is a good operating system, I have no doubt about that since I’ve had to learn to work with it. Of course I’ve gotten some things accomplished with Windows because that is what I was “given” to work with.

I’ve duel-booted Windows and Linux out of convenience, but lately that seems unnecessary.

Windows 10 doesn’t feel anywhere near as streamlined or respond as quickly as an Arch based Linux Distro. Windows 10 is still a big improvement over 8,7, Vista, and dare I say the “Legendary” XP that some Microsoft users tend to frequently reminisce about.

On the other hand Ubuntu, and Fedora based Distros also feel a bit soggy and often somewhat lethargic. (This is just my opinion of course) I know a lot of people who love both of those Distros and won’t stop talking about them. It’s almost as bad as Mac users who stare me down and wonder why I spend so much time working on my system instead of just using it. (I would think Mac users must eventually get bored having their systems continuously work all the time.)

A lot is also dependent on the hardware you’re using, but running the same systems on the same machine duel booted and single OS boot over time is very useful if only for an eye opener.

Don’t remind me that I could run virtual machines with different operating systems instead regular drive installs.

I’m not a fan of Virtual Box

Mostly because of the resource limitations of your memory and processors. I guess if I were to use a much more powerful machine as a daily driver I would have a slightly more tempered opinion, but I use what I have, and usually it’s adequate for what I need. I just prefer to get the most out of my OS as do many other Linux users. I’ve worked with Unix, and Mac OSX. Both very stable and solid operating systems, but neither fit well as a daily driver.

I just have a hard time totally eliminating my reliance on Windows. It’s like a habit that’s hard to give up. Every time I think I can totally eliminate Windows from my life, something inevitably comes up and once again I’m drawn back into the Microsoft universe. A little voice in the back of my head whispers: “buy yourself a fully loaded new computer and maybe you’ll appreciate Windows 10 more” but I already have a nice wimpy under powered computer that works fine with Linux. I don’t want to buy a new computer every year. I just want to get stuff done.

why don’t you use your Mac?

That’s a Good question. I don’t know, no wait a minute, I know; it was very expensive and I don’t want to drop it and break it. Is that a good answer? No, it’s because I live to fix things and there’s not much to fix on the Mac. I’m probably just procrastinating from actually doing anything productive by continuously changing operating systems.

I think it would be much easier for me to go 100% Linux if I could convince the rest of the world to run Linux, but that isn’t going to happen. Let’s face it, Windows runs the world. I’m just so tired of being told not shut off my computer because Windows is updating…, and updating….. and updating.