Mac Network Utility

Note: The Network Utility app is included in macOS and was relocated to /System/Library/CoreServices/Applications.

The Network Utility is a collection of tools that helps provide information for troubleshooting network issues. It can also assist with network security by providing functionality like port scanning.

The Network Utility is not a replacement for Nmap or other security utilities, but can certainly be helpful when you forget to install Nmap or just feel lazy and don’t want to enter commands manually into Terminal. 

The Network Utility includes NetstatPing, Lookup, TracerouteWhoisFinger, and Port Scan. These tools can quickly help with the following tasks:

  • Check network routing tables and stats.
  • Check connections between you another machine.
  • Query your DNS servers.
  • Trace the paths of your network or internet traffic.
  • Scan for open network ports.

Launching Network Utility

You can quickly open the Network Utility from Spotlight or the Terminal application.

  • Use Spotlight by hitting “Command-Space” from the keyboard and typing in “Network Utility”.
  • From Terminal.app in Utilities use the “open” command.

Example:

open /System/Library/CoreServices/Applications/Network\ Utility.app/

macOS Code Signing Validation

Code signing allows security-conscious users to know if an application is from an authentic source, unmodified, or even corrupt.

Manually checking the authenticity of applications is typically not needed for the average Mac user, because the majority of users obtain their software from the Mac App Store which is certified.

macOS and some versions of OS X run Gatekeeper which warns and rejects an application from being installed by checking if an unknown developer created it. Gatekeeper will enable users to open applications without any warnings if they are signed.

Everyone should be aware of any apps integrity from any source. It never hurts to validate outside of Apples built-in security features.


Manual validation

Personally, when I manually check an app, I look for hash type, hash checksum, and authority for validation.
We will be using the codesign command in Terminal.

Verify authority:

codesign -dvvv /path/Foo.app

Note: Applications distributed on the Mac App Store are all signed by Apple’s certificate.

Gatekeeper like verification:

codesign --verify --deep --strict --verbose=2 /path/Foo.app/

EdgeOS NetFlow IPFIX Configuration

EdgeOS is an operating system from Ubiquiti which allows you to configure and manage your EdgeRouter. This includes the ability to generate, view, and forward NetFlow information.

I will be using NetFlow version 10 also called IPFIX. IPFIX information can be sent to a third party collector to help gain better network visibility.  A collector like IBM’s QRadar and IPFIX can discover malicious behavior indicating a compromise, finding unusual ports, unknown destinations, and much more.

For more information on IPFIX see the following RFC’s: 5101 and 5153.


Configuration

The configuration will be from the Command Line Interface (CLI).

Set Port interface for collection, typically eth0 which is my WAN interface:

set system flow-accounting interface <interface>

Choose the ID number of the flow switching engine:

set system flow-accounting netflow engine-id <0-255>

Collect flows for egress traffic:

set system flow-accounting netflow enable-egress

Set the IP and Port of the remote collector that will receive flows:

set system flow-accounting netflow server <IP> port <2055>

Specify version number of NetFlow to use:

set system flow-accounting netflow version <10>

I have the timeout options using default values found in EdgeOS configuration.

You can double check your work once you committed and saved your configuration by using the following command to view flow activity:

show flow-accounting

Example running config

}
system {
    domain-name name.local
    flow-accounting {
        ingress-capture post-dnat
        interface eth0
        netflow {
            enable-egress {
            }
            engine-id 2
            server 192.168.0.0 {
                port 2055
            }
            timeout {
                expiry-interval 60
                flow-generic 3600
                icmp 300
                max-active-life 604800
                tcp-fin 300
                tcp-generic 3600
                tcp-rst 120
                udp 300
            }
            version 10
        }

Shuttle DS81 Sophos UTM Install Fix

I’ve found installing various Linux/Firewall distributions like Sophos UTM end up getting stuck during install on the Shuttle DS81. After continuous research, I finally discovered it was not because it had a built-in memory card reader or HDMI input. It is actually due to the lack of VGA support.

Adding the VGA port accessory (Part number PVG01) available from Shuttle fixed the issue. The VGA output replaces one of the two available COM ports on the back. The VGA port accessory works on the following models:

  • XH81
  • XH81V
  • DS81
  • DS81L
  • DS81C
  • DS87
It appears other folks have encountered the same issue:

Product photos