If you got my most recent newsletter, you saw our survey regarding virtual conferences. Times have changed, folks... no training budgets, no travel budgets and likely absolutely no conference budgets in 2009.
Wednesday, December 17, 2008
If you got my most recent newsletter, you saw our survey regarding virtual conferences. Times have changed, folks... no training budgets, no travel budgets and likely absolutely no conference budgets in 2009.
Thursday, November 27, 2008
Wednesday, November 12, 2008
Tuesday, September 23, 2008
Ok... there are really two subjects here - one is pimping podcasts and the other is packets, but they came together this evening with a new podcast series I am developing and a quick analysis of some podcasting traffic.
Pimping podcasts? This title came to mind as I searched for some lead-in/closing music for the upcoming podcast series. After searching for royalty-free music for a bit, I found a little ditty that turned my head (including my ears). The music was described as "70's, pimp-stylin, funkin', porn music. If prostitution is a victimless crime, then where's my wallet?"
I HAD to listen to this music!
Sure enough - this was some seriously funky music - it dripped of sexual innuendo with loads of wawawa slipping through dadum dadum with a funk beat - this could have been background music for Shaft! I could honestly imagine myself following that attitude-adjusting swank with a serious conversation about the If-Modified-Since HTTP header field! What a mood setter!
Note: We'll cover the importance of that header field in the upcoming Summit 08 (http://www.chappellsummit.com/) when analyzing web browsing traffic.
So what do packets have to do with this? Well... since I was on the topic of podcasting, I thought I'd check out the traffic rate of the recent podcast I did with Ron Nutter's Help Desk Toolchest over at Network World (http://www.networkworld.com/podcasts/nutter/) - I found that the podcast MP3 file was 31,640,580 bytes and downloaded in just over 30 seconds at an average rate of 8.77 Mbit/s. This was waaaaay bigger than the Internet radio trace I'd taken a while back when studying streaming methods and bandwidth usage. Ron's podcast runs for 65 minutes and 55 seconds. When there I injected traffic into the network to cause packet loss and higher latency, I didn't notice it at all.
Tomorrow I should finish my analysis of Spore's network traffic and have the signatures to spot and eradicate that little primordial slime off the network (oh, sure... play it at home all you want!).
Don't forget - register for the Summit by September 30th for the Early Bird Special!
Friday, September 19, 2008
I've been halfway around the world in Canberra, Australia (snoooooooze) and assorted places in the US. Mostly, however, I have been buried in the deep, dark and exotic... lab! Playing around with the VoIP analysis functions in Wireshark, cool enhancements in NetScanTools Pro and wireless views in Pilot. I'm also enjoying playing with systems that have been left naked and exposed on the Internet (eek!) - analyzing the methods used to compromise those systems.
I've also been writing a series of articles on topics ranging from "Optimize Your Network Regardless of IT Budget Cuts" (www.chappellsummit.com) to "Getting More Pool Time (aka Graphing Wireless Network Behavior with Pilot™)" (searchnetworking.techtarget.com) and "Enhancing Windows® XP Performance with RFC 1323" (also searchnetworking.techtarget.com) and a few podcasts with my friend Ron Nutter were we discussed DNS security faults, strange traffic on the network (check out the live analysis results of going to www.usatoday.com - yucko!), and Microsoft's TCP enhancements in Vista/Server 2008 (all three to air at www.networkworld.com/podcasts/nutter/).
Most excitingly, however, I've been working on the Student Manuals for the Summit (Network Analysis and Network Forensics Training) that takes place November 4-5 (www.chappellsummit.com) - I extended the Early Bird registration price until September 30th because of the hardships caused by Ike and the roller coaster ride we call the Stock Market.
Over the next two weeks I'll be releasing some of the lab information for the Summit - giving you a taste of the hands-on labs that we'll tackle together. Oh, yeah... we'll definitely do some VoIP playback and work in the wireless world! Join us for accelerated analysis/forensics training at the Summit.
Better go - it's 5:30pm and I have a few more hours-worth of trace files I want to review this evening! Yippie!
Friday, August 15, 2008
Geez... it takes a ton of work to put on a Summit/Conference! Reviewing the contract with the hotel nearly made me gag! We did select a fantastic hotel and we hope to take over the entire ballroom/meeting room area - giving us plenty of room to spread out with our laptops and great visibility for all attendees. Hey - if you're going to head out and spend time geeking out with us, you might as well be someplace nice (sorry, Detroit Days Inn... I just couldn't do it!).
I am working on the student kits and the new sets of trace files. I am most excited to work together on the new Microsoft TCP/IP stack stuff, optimization of XP communications and then the compromised host evidence area. In addition, we'll get to work with new trace files of unusual/suspicious traffic to locate their signatures and figure out how to block this crap from the network. Users get more bold every day with the dirty applications they try to run on network!
There was a major change made from the time we polled the mailing list to the current time - I want to give all attendees a copy of the WSU03: Troubleshooting Network Performance self-paced DVD course instead of the WSU02: Analyzing TCP/IP Communications. The WSU02 stuff is the perfect prerequisite to ensure you get the most out of the conference.
New trace files - new toys (uh, er... I mean tools) - hands-on labs! It's gonna be a blast! Make sure you register before September 1st to get the Early Bird Special. Ideally, I'd like to have enough attendees to ensure we take over the hotel. Oh, yeah - and hotel room discount rates are only available until October 20th.
Get the full outline and details at www.chappellsummit.com and let me know your thoughts!
Monday, June 30, 2008
Friday, June 13, 2008
If you'd like to see the list of some of my favorite tools, check out www.wiresharkU.com/tools - if there are tools I should add, send an email to tools@wiresharkU.com.
This week I also created a page with some information and product discount codes over at www.wiresharkU.com/teched. Even if you didn't go to the show, grab the discount codes for AirPcap, NetScanTools, Pilot and the Wireshark University Courses - watch the expiration dates - don't miss your chance to save some money on these hot items.
So what about that Thursday panel? Seated between Steve Riley and Mark Russinovich - the same seating arrangement we had in Barcelona, I knew it would be a hoot. Mark Minasi and Marcus Murray rounded out the geekfest at the front of the room. Without any introductions or scripting, it was a great opportunity to just chat about the issues - unbeknownst to the audience, we rarely all get together in the same room and the same time. When we do... you have five Type A personalities butting heads and trying to one-up each other's stories... and what stories they are!
Now... it's time to relax in the hotel room - I'm totally wiped out from four breakout sessions, a panel, a lunch session, four 'fishbowl' recordings and one TechNet Edge recording (oh, yeah... and some late nights out at the hotel pool and an evening of non-stop walking around Universal Studios).
Off to the HP TechForum conference in Las Vegas - with a pre-conference training session Monday and several sessions Tuesday, it will be a busy week. After that, however, I am thrilled to enjoy the summer with minimal travel. That will give me lots of time to play with new toys and tracefiles. Wheee!
Monday, June 9, 2008
Brenda and I are on an American Airlines flight from SJC to DFW (if you travel much, you'll know the acronyms - if you don't who cares - just take it that we're on a plane). We were thrilled to have been upgraded and shuffled everyone around in first class so we could sit next to each other. I have loads of prep work that I still want to get done before TechEd starts tomorrow. (In truth, we've been cracking up while devising some very juvenile interview questions for our filming this week).
I've just plugged in my AirPcap adapters and set them for scanning mode - I want to know if the flight attendant speech about "please turn off your wireless cards or if your electronic device supports airplane mode, please use that" actually works. And after all - what's the point? Really?
I've talked to tons of pilots who say the whole wireless and cellular on planes is a bunch of hooey (pilot terminology). As Brenda and I hunch over the computer cracking up at the SSIDs flashing across the screen... my heart nearly stops...
"WHAT'S THAT!?" echoes through the entire plane at a decible level that rivals the Rolls Royce engines and makes my teeth ache. Holy shrieks - what was that?
"GIMME IT!" another shriek as my ears begin to bleed and both the parties in row 4 (the ones with hearing aids) keel over (there's just enough room in first class to actually keel over - if this had happened in 'economy class' no one would know until unloading time - you'd just look like you were taking a snoozer while propped up against the seat in front of you - lack of drooling would have been a clue, however).
With the 'Stare of Death' that my kids have feared since birth, I looked across to the nightmare sitting in 6B - with my eyes I try to send a signal of 'you should not be on this plane - and potentially, you should never breed'. I turn to Brenda with a simple question - "Why don't I hear any slapping?"
You see - I'm not wasting my 'Stare of Death' on the little boy who has the lung power to rival Pavarotti (before he died, of course) - the stare is for the mother who is oblivious to her son's inappropriate shrieking - hmmm.... perhaps the woman is deaf? If not, she will be soon. Hmmm.... are those earplugs in her ears? Really! This is a pet peeve of mine - parents who don't teach their kids manners until the kids reach the ripe old (too old for teaching manners) age of 13 or so.
What's wrong with saying to little Jimmy, "no, sweetie - we don't stand on the table at restaurants" or "no, honey, we don't give the cat a haircut using a butcher knife"? Geez - can't you get that kid a video game to play - laptops are cheap - get him Grand Theft Auto - that' oughta hold his attention - especially if his favorite color is red.
So... back to the wireless traffic - here's a list of the SSID's being requested by the various laptops on this flight (notice the lack of querying for WSU? I listen to those aero-cops big time now with the recent Call-Ahead-to-have-a-Passenger-Arrested-if-They-Don't-Wait-for-the-Beverage-Cart-to-Pass-Before-You-Want-to-Go-to-the-Bathroom law.
InternetIvy Room - (97)
Space Park #1
Westin-Aruba (this is just wrong - in Aruba hitting the wireless?)
After a bathroom break (I'll talk about the Coffe-Pack-in-the-Bathroom-Issue in another splog), I asked the flight attendants who were up in the front galley hiding away from the noise... "What's the deal with wireless communications on the plane? What happens if a laptop is turned on with wireless enabled?" In tandem, as if they'd practiced this response one thousand times (hmmm... mind-control training of flight attendants - that explains a LOT!) they synced "It interferes with the instrument panel!" I did mention that we must have lots of laptops on this plane with their wireless turned on - "How come we aren't plummeting to the ground by now?" Ok... wrong question. It took a bit of time to ensure them I wasn't interested in parking the plane over a corn field and I finally snuck back to my seat.
I reviewed the results of my wireless scan - systems desparately seeking 45 different SSIDs! Whoa! Doesn't anyone care about the dangers of wireless transmissions on the plane? Hey folks - our plane's instrument panel is probably popping outta the dash the and pilots are using hand-signals before turning! YOU'RE RISKING MY LIFE HERE, BUBBA! I feel like doing a 'puter smack-down of the systems on the plane, but feel that is likely to land me in Club Fed long before I'm ready... I sit down and pick up some SMB2 specs to review...
Now considering that TechEd starts tomorrow and we're on a flight from the Silicon Valley - I'm quite certain some of these yapping systems are headed for the conference center. It's kind of like meeting people ahead of time. When we get there, we'll check for some of the same SSID requests and who knows... we might find we're surrounded by friends before the conference even starts.
Uh oh... gotta go - landing time "Please turn off and stow all electronic devices..." Hmm.... maybe it would be interesting to see if people turn off their laptops during landing...
p.s. Visit the new www.wiresharkU.com/tools.html page! Enjoy!
Wednesday, June 4, 2008
Tuesday, May 27, 2008
TIME TO CAPTURE PACKETS, KIDS!
Cheers all around! Papers and books are shoved into backpacks at a frenzied pace. The bags are tossed unceremoniously into the corner of the room - making way for a much more important project - capturing network traffic! Ok, ok... my kids sound a bit strange... but this is a project they've waited for. The day had finally arrived.
In preparation for TechEd 2008, I wanted to pull together new trace files for...
MMORPGPCA (Massive Multiplayer Online Role-Playing Game Packet Capture and Analysis!)
Most of the games were pre-installed on the lab systems. All I needed were players... hmm... now where would I find fanatical players who would generate the much-needed traffic showing character creation, acquisition of quests, travel through surreal worlds to slash nightstalkers, destroy or tame ravagers, dual with other loyal Alliance members, pzwn noobs, kill the dreaded Horde and obtain mystical skills to use in a constant quest to level up?
Yes! This must be why I had kids! [In the olden days of IPX-based game analysis, I gathered a group of 'professional game players' in my garage and found the experience very frustrating... these folks didn't take direction well - my trace files were a mess of processes that took me hours to sort out - not to mention the bankroll I blew on candy bars and the unique aroma that made me seriously regret I'd removed the automatic garage door system and didn't install a window for ventilation!]
On today's plate:
- World of Warcraft
- Team Fortress
My goal - identify the transport methods, static ports (if any), related DNS queries, bandwidth usage and any game signatures. How could a network analyst detect this traffic and, if desired, how could an IT professional block it?
This family-based lab exercise (which lasted well past bedtime to the delight of my kids) yielded almost 100 trace files showing all aspects of game play - information I'll show next month at TechEd (Session SEC356: Analyzing Questionable Traffic) and include in the hands-on labs in my preconference seminar at HP TechForum - both taking place.
"Family Night" has evolved!
Thursday, May 8, 2008
It's like Christmas - a geek Christmas! The myriad of multi-sized boxes piled around my desk are calling me... "don't write that blog... open me!" "No! Open me first!" "Hey - I was here first!" Can't you just hear them?
The boxes are filled with products that range from the absolute necessities (such as the USB version of NetScanTools) to the absurd (8-Bit Dynamic Life shirt set - that includes a transmitter for folks who have no friends)!
Why the *(#$*$#@%! do we have all these new products rolling in? Well - it's simple - BitSpitters!
Taking the advice of our buddy Wil and numerous folks who told us to "go viral," we took the leap!
The first four BitSpitters videos are online (see www.wiresharkU.com/bitspitters.html for the links and HTML code to embed on your site, which we'd love!). Alternately you can search YouTube for "bitspitters."
This is what I've learned from my initial foray into the world of viral videomaking:
- I talk too much - YouTube's limitation of 10 minutes for the cheapo freebie account has to be first and foremost in my mind when I start recording. I really only want the videos to be between 1 and 3 minutes long. So far, the closest I've gotten to this lofty goal is 3:44. Maybe I can cut out the title and ending slides!
- People want to be entertained more than educated - the humorous "Look Really Smarterest" is viewed twice as often as the straight-tech talks. That's ok since I think this techie stuff is pretty entertaining anyway - we're going to follow this trend and keep the BitSpitters videos light and lively.
- Watching hit counts is addictive... within minutes of posting the first video I had a hit count of five. Not a big deal in the YouTube world, but fascinating to know some late-night insomiac was already viewing stuff I'd just recorded. (I could only hope they were properly dressed at that hour.)
The upcoming BitSpitters will be shorter (maybe I could cheat and do 'part 1' and 'part 2' videos) and hit some of the more humorous topics, such as:
- How to Keylog Your Kids
- Is Microsoft Unedumacated?
- Secrets of Laura's Lab Kit v9
- Macof Ate My Network!
- Is Nessus Naked?
- Is NetBIOS Ignorance Bliss?
- Aliens and IPv6
If you have ideas for future BitSpitters episodes, send them to me at firstname.lastname@example.org. Watch for the announcement regarding Binary Balloons as well... he he he...
Time to put my headset on and spew!
Friday, April 25, 2008
Sunday, April 13, 2008
Things were little too hot in many areas of the country as American Airlines grounded some 3,000 flights last week. I was lucky. I was on code share flight with Alaska Airline. Of course, my Alaska Airline flight didn't take off on time (out of the last 10 round-trip flights Alaska Airlines, my flights have been delayed 8 times - they are a pretty mellow bunch). But hey, I was just happy that the plane took off within a couple of hours of the scheduled departure time and I didn't have to put up with the nasty stench of burning wires on the flight.
On Friday evening, I received an e-mail from Dan Garton, American Airlines' Executive Vice President of Marketing. Dan referred to me as "one of our most valued customers" in his apologetic e-mail addressing the grounding of the DC 80 planes. Considering that I have now almost reached my 3,000,000 mile mark with American Airlines, it's a miracle that I didn't have an AA flight schedule for last week. It sure seemed strange to me that the e-mail apology was sent from American Airlines VP of marketing. Don't you think it would been better to send the e-mail from the CEO, Gerard Arpey? Hmmm...
"The work being done now centers on a need to change the way in which American complied with the Airworthiness Directive (AD) regarding such items as the spacing of the ties on the wiring bundles and the direction of the retention clips and lacing cords. We are highly confident that this is not a safety of flight issue because the wire bundle is secure. It is a matter of how the work was done, not whether aircraft were protected from the threat of wire exposure and chafing that could cause fire."
Perhaps this whole world of a wired technology is passé. Maybe it's time to take a look over at MIT and check out the "WiTricity" project (http://web.mit.edu/newsoffice/2007/wireless-0607.html). These folks have it right. Wireless electricity! Take a bit further and imagine having roaming wireless electricity. As you cruise through the airport, your laptop would connect to various wireless electricity taps in charge itself to 100%. Considering the number of times I've plugged my computer into a power strip and then forgot to turn on th power strip - this could be very handy technology! Another plus would be the removal of the dreaded "power cord to the podium" that I've tripped over numerous times... the comedic fall that I've taken so many times would be missing from my presentations, but it's the price we pay for keeping up with technology.
So, back to the Redmond trip. On June 9, the week of TechEd, I'll be able to explain why I've been spending time in Redmond. I'll be arriving at the TechEd conference on a red-eye flight from Redmond that gets me into Orlando around 6:30 a.m. on June 10th. Mark Penaroza, the Security Track Manager, was nice enough to book me in afternoon sessions that Tuesday. As long as American Airlines doesn't ground their fleet that week, I should get there in plenty of time to present. (Crossing my fingers and wires!)
Now back to working on the Wireshark University certification test... we're almost there!
Thursday, April 3, 2008
What an event...!
I'd planned to blog on Tuesday evening after the second day of Sharkfest, but I hit a serious case of brain-drain. In addition, my feet were demanding my attention (see "Ugly Shoe Syndrome" below).
I hate to gush too boldly about the event, but notice I have a bit of Sharkfest afterglow today... that twinkle in my eye, spring in my step (ok, ok... my feet periodically do remind me of the past three days of abuse) - heck, I almost caught myself singing the theme to jaws (one of the few tunes that I can actually muddle through).
I believe the key factors that made Sharkfest such a unique and successful conference were the laid-back campus atmosphere at Foothill College, the 'no suits' image of the attendees and presenters, the refreshing lack of marketing and sales 'pukes' in sight, the sponsoring companies who actually had hot products I want to own, the impressive list of attendees (how do you avoid getting flustered when presenting in front of the creators of Kismet, NMap and WinPcap and the core developers of Wireshark?), the creative and entertaining presenters and the other-worldly oration by luminary Vint Cerf. [My kids would like me to note that the oversized chocolate chip cookies I brought home were better than the tshirts they got from the last few conferences I spoke at...]
An Impressive Launch
Early on the first morning I settled into my seat at the keynote - honestly, I had no preconceived notion of the conference experience we were embarking on. Mike Kershaw (creator of Kismet) had already settled in and was playing around on his Nintendo DS. Gerald was nervously sipping his coffee while John Bruno (co-founder of CACE Technologies) paced about, waiting to start. Loris Degioanni and Gianluca Varenni (co-creators of WinPcap) alternately joked and bickered like an old married couple as they prepared for their moments in the keynote.
Mike leaned over just before the keynote started... pushing his DS under my nose pointing at the screen with a wicked gleam in his eye. (Oh geez... I am not a big video game fan... I won't know anything about the games except what I've learned of the Legend of Zelda from my kids....sigh)... but when I looked at the screen the only characters running around were related to the WiFi signals he was picking up with his ported version of Kismet! Now THAT I understand! Very cool!
I knew this wasn't going to be your typical conference...
As John Bruno acknowledged the many sponsors and Tim O'Neill who was instrumental in making Sharkfest happen by getting us some visibility and bringing in Vint Cerf for the Tuesday morning keynote, we all wished Tim could have been there to hear the applause (I know at least one person, Betty DuBois, called him during the keynote to fill him in on our sincere appreciation of his efforts!). Thanks so very much, Tim! You are a star!
The keynote took a unique turn as John set the framework for the next section - "Gerald, This is Your Life" - a story tying together the elements that would become a cohesive group of Wireshark, WinPcap, CACE Technologies and Wireshark University.
Gerald sprung up to the stage to begin... only to find that John had taken all Gerald's notes from the podium. Being a bit scattered with a diabolical sense of humor, one has to ponder whether this was an intentional ploy - it garnered laughs through the audience as John rapidly riffled through his papers to see if he could find Gerald's notes... forcing Gerald to hold is breath and sweat it out while praying the notes would be found soon. A collective sigh of relief could be heard when the notes were handed over - you could tell this audience respected Gerald and felt his pain for those few brief moments.
Gerald thanked the people who encouraged (and in some cases pushed) him to focus on Ethereal in the early days. He gave us all an inside view of his initial foray into creating Ethereal (and the importance of that barn in the early days - I, for one, am glad he fully explained that line item on his slide!) and segued into the current stats on Wireshark:
- 9+ years in development
- 600+ developers
- 6 hosting providers
- 3 domains
- 2 names
- 1 barn with livestock (it's a long story)
- 1.5 million lines of code
- 300,000 downloads per month
- 900+ protocols
- 1.0 revision released this week
I had a few moments to recognize the phenomenal Wireshark University instructors and pester Gerald to tell the audience about one of the alternate names that were considered before "Wireshark" was chosen. EtherWeasel! Thankfully, Gerald followed the level-headed advice of his wife, Karen, and went with the Wireshark name. Thanks Karen! We all owe you one!
It was time to look to the future... Gerald brought Loris back up on stage to announce and demonstrate Pilot - CACE Technologies' graphing and reporting tool built around Wireshark! [Insert drooling images here, please...] Loris deftly manipulated a 100MB file - displaying throughput graphs and pulling out sections to send to Wireshark for further analysis. Control-clicking on multiple graphed elements and drilling down for more comparative detail, I could hardly contain myself. There are so many features in Pilot that I have dreamt about for many years. Finally, Loris entered some comments on one of the graphs, selected to export the graph and comments to PDF format and BING! Up came a report containing all the supporting graphs and verbiage depicting the findings in a clear, colorful manner that even a CEO could understand! All attendees received a DVD containing videos showing Pilot in action. [No price was stated, but the release date is just a few weeks away. Check http://www.cacetech.com/ for more details.]
The keynote concluded right on time (an unheard of feat these days) and we were off... ready to hit the sessions and charged up (with lots of coffee, sodas and candy bars) for the three days ahead.
A 'Who's Who" of Attendees
On Monday morning we arrived at campus at 6:00am to blow up Sharkfest balloons, hang banners, prepare the registration desk and open the speaker lounge (a room that was never used by speakers - all speakers hung out in the Campus Center - there was no separation between speakers and attendees - we were all there a collaborators, colleagues and partners).
During the registration process (which was, in itself, a unique process given the 'register by first name' process - ok, ok... last names next time), I caught myself staring at the folks coming up to the table - check out this impressive list of folks who strolled the campus this week:
- Joe Bardwell (packet guru; Connect 802)
- Gerald Combs (creator of Ethereal/Wireshark)
- Loris Degioanni (creator of WinPcap; creator of Pilot)
- Thomas D'Otreppe (creator of the Aircrack-NG suite)
- Jonathan Fairtlough (LA District Attorney's office)
- Scott Haugdahl (BitCricket; creator of PacketScrubber; former CTO WildPackets)
- Mike Kershaw (creator of Kismet)
- Fyodor, aka Gordon Lynn (creator of NMap)
- Mike Pennacchi (packet guru; Network Protocol Specialists)
- Gianluca Varenni (creator of WinPcap; creator of TurboCap)
and many more... all there for one reason - to support, enhance and share knowledge on Wireshark features, future and related technologies and products.Wireshark University Instructors and ExecuTrain Group
This was the first time I've been in the same room with four of my five Wireshark Instructors as well as my ExecuTrain team that deals with the Wireshark bootcamp course. I know why I selected these folks to work with - the instructors are the best in the industry! Some were my competitors for years - they became my colleagues over the years and now I am fortunate to have them as my partners in the Wireshark University adventure!
- Betty DuBois (Certified Wireshark University Instructor)
- Tony Fortunato (Certified Wireshark University Instructor)
- Priscilla Oppenheimer (Certified Wireshark University Instructor)
- Phill Shade (Certified Wireshark University Instructor)
- Chris Bell (Certified Wireshark University Instructor) - absent sadly... someone's got to work!
- Tom Robinson (ExecuTrain/Next Step Learning Managing Director - Wireshark University)
- Dave Raab (ExecuTrain/Next Step Learning VP Sales - Wireshark University)
Every attendee got the latest version of the Laura's Lab Kit (v9) in their bags - if you didn't attend, download the ISO image (3.3GB) from www.novell.com/connectionmagazine/laurachappell.html when you have a lot of spare time.
Campus Center Hang-Out
The Campus Center was definitely the place to collaborate. At times you'd see a table of the impressive Wireshark core developers dotted with attendees who were soaking up the brilliance emitted from the creative minds surrounding them. Conversations would wander from war stories of beleaguered networks overloaded with BitTorrent traffic to newer functions added to Wireshark over the past several revs to "I have a dumber network user than you do" competitions.
On the first day I wore my conference-ready Aerosole heels... they look good and give me another couple inches in height. By the end of the first day I was hobbling around as my feet screamed at me to sit down. I couldn't - it just wasn't that type of atmosphere. There were too many people to locate for a chance to talk and several presentations to make (sans chair to rest upon). By day two, I'd switched into my loafers... I was noticeably shorter, but much happier... until the end of the day when my feet again reared their ugly little (actually big) soles and screamed bloody murder. On day three I could have been mistaken for one of the many gardeners working the grounds at Foothill. My heels and loafers had been replaced with my backyard shoes - the ones that have been left outside in the pouring rain and pounding sun. Ugly a sin, but comfy as... well almost as comfy as slippers.
Still in pedagony, I hobbled home at the end of Wireshark - thankful that it was a three-day conference. If it had gone on one more day I would have had to bring out the SpongeBob slippers (it's difficult to hide bright yellow sponges hanging off your feet). A fifth day at the conference would have required an extra power strip behind the podium as I would have stood in a foot spa at the front of the room.
Worshipping at the Church of Vint Cerf
Shortly after Vint Cerf took the stage, Gerald came over to me practically shaking with excitement - "Isn't this COOL!" He was bubbling over with the excitement of a 5-year old at Christmas. My mind immediately flashed on an image of Gerald as a 5-year old kid diving at the presents under the Christmas tree... a strange vision because the ecstatic kid was wearing his "Vint Cerf jammies" and hoping for a new compiler tool... oh, well... I digress...
Vint Cerf is a cross between Santa Claus and Arthur C. Clarke. With a brilliant, luminary mind that sees things others cannot fathom and a kind, humble manner, he would be the ideal grandfather! Many people may have grandfathers that twitter about imaginary concepts brought on by some form of dementia, but in this case those concepts have become or are becoming reality. Interplanetary communications? Geez... I'm still trying to figure out how to get rid of Vista's 'donut from hell' half the time. (See http://www.ipnsig.org/.)
Quick thinking on the part of the guys from LOVEMYTOOL - Tim O'Neill and Denny Miu - they videotaped Vint's speech - visit www.lovemytool.com/ to watch and feel inadequate, inconsequential, but inspired by this most eloquent, humble and visionary man! He gave us all the best Christmas present we could have - a globalized communication system.
One of the most heart-warming moments at the conference was when we watched Steve Karg's son approach Vint Cerf to say hello ("Mr. Cerf") and ask Vint shyly if Vint would sign his Strategy Guide. When Angela (from Wireshark University and a key player in coordinating the conference) asked the boy, "Do you know who Vint Cerf is?" he gave her an incredulous look and replied, "Of course! He's the Father of the Internet - didn't you Wikipedia him?" What a hoot! Perhaps Vint is the Grandfather of the Internet to him...
Mingling with the Core Developers
At several points during the conference I wandered over to the Developer Track training room... almost sneaking up on them as they mingled outside the room. Feeling like a kid trying to get close to a sports-star, I tried to just 'melt in' with the group - be one of them... but I wasn't. These folks have a bond that goes back many years - they are bound by their dedication to Wireshark and the open source vision. I must admit... in my head I'd pictured a few of them as unshaven, scraggly-looking misfits who were unaccustomed to natural sunlight. I was pleasantly surprised to find that they not only knew all about modern shower systems, but they had an effusive sense of humor that was exponentially amplified when you get a group of them together!
After all these years of reading the patient and insightful answers posted religiously by these folks, I finally got to catch them in person. Honestly, they are the reason we were all gathered there at Sharkfest - they took up the challenge to continue Gerald's quest.
- Sake Blok
- Anders Broman
- Stig Bjorlykke
- Mike Duigou
- Andrew Feren
- Stephen Fisher
- Guy Harris
- Steve Karg
- Jaap Keuter
- Tomas Kukosa
- Ulf Lamping
- Graeme Lunt
- Martin Mathieson
- Christopher Maynard
- Bill Meier
- Greg Morris
- Richard Sharpe
- Sebastien Tandel
- Michael Tuexen
Back to Work...
I returned from Sharkfest energized with the contacts I made and excited about the future of Wireshark and Wireshark University. I returned from Sharkfest energized with the contacts I made and excited about the future of Wireshark and Wireshark University.
The past months have offered grueling work for Janice Spampinato, Nicole Martin and Angela Sherman - the three amigas who coordinated everything - balloons, banners, hotels, registration, food, on-campus services, track topics, presenters, welcome packs for presenters, show bags, sponsorships, and much, much more. With their angel, Tim O'Neill, providing encouragement, I think they pulled off one hell of a conference! Thank you so much for your perseverance!
As I sit here with my SpongeBob slippers soothing my feet through the recovery process, I find myself looking forward to future Sharkfest conferences. The future is bright... the sun is shining, the latency on my network is low and I haven't seen a single lost packet or duplicate ACK in over two minutes - ahhh.... life is good.
"Da dum... Da dum..."
Thursday, March 27, 2008
Note: The new Laura's Lab Kit v9 ISO image can be downloaded from:
Ok, ok... before you get your iPod cables in a bunch, one vendor blew it by calling this the HackTool virus when they should have simply said you've got a hacker tool there, bubba. Let's quickly look at a description of the "Hacker Tool" designation from one of the VD (virus detection) vendors:
Here's the scoop... the HackTool or Hacker Tools designation does indicate that there is a potentially unwanted program on your computer or on connected media. You do want to know about that, don't you? The Laura's Lab Kit always contains some programs that could potentially be nasty if used in the wrong hands -- Cain and Abel always makes VDs spew forth complaints. Even sweet little Wireshark can cause VDs to scream bloody murder.
F-Secure's Description of "HackerTool"
Hacker Tool (generic description)
Hacker Tool is usually a standalone file. In many cases such tools are used by hackers to perform certain actions on a compromised computer, for example to crack passwords or to scan for vulnerable computers. It should be noted that such tools are sometimes used by system administrators.
Our corporate customers prefer hacker tools to be detected by F-Secure Anti-Virus. If a system administrator still wants to use a hacker tool, he can exclude the tool's file from scanning. For ordinary users running such tools should be prohibited.
Don't get me wrong, you probably do want to know when there's a HackTool issue on your system - a message that your system is infected with the HackTool.rootkit virus should make your skin crawl. But before you freak out about Laura's Lab Kit, check out which tools are associated with the HackTools warning - they may become your favorite secuirty research tools and replace your lost hours on World of Warcraft with the thrill of idle scanning or redirecting traffic usinig ICMP (instead of plain old ARP).
Oh... and one more thing... The fact that we release Laura's Lab Kit on the ides of March is purely coincidence! Now get back to work!
Tuesday, March 25, 2008
It was a major coup to get Vince Cerf out to Sharkfest! What a line-up! We'll have Gerald there teaching how to create dissectors and Loris will be showing the new hot tool graphing and reporting for Wireshark. My Monday presentation was altered so Loris could join me and show this hot tool in action.
Geez... the show bags, the logistics, the marketing, the presenters, the signage, the food... the FOOD! I am shocked at how much conference people eat! I am thrilled we don't have to supply the booze for the conference!
Conference attendees’ concentration levels change as their blood alcohol levels adjust throughout the week. During the first day, their bodies are relatively free of booze toxins (BTs). As the week progresses, the BT level increases as does the sleep deprivation (SD) level. I prefer teaching morning sessions at conferences unless my BT/SD levels are also accelerated. As the week progresses, I see more eyelids than the eye shadow tester brush in the front aisle at Sephora (a very popular cosmetic pusher located in airports and swanky shopping malls. Nothing costs less than US $20... unless it is orange... or is that popular now?).
Private "voluntary class attendees" usually want to be in the class. That doesn’t mean they can give you their full attention, however. They are balancing work responsibilities, family responsibilities and their reputations. They are often in class with a peer, senior member of their firm or some junior smartass who wants to take their job. I do not fault them for being distracted and late to return from the breaks – I appreciate that they could give me a moment of their attention – let alone 6-1/2 hours a day for numerous days in a row.
Private-class "forced attendees" are just warm bodies in the room. They don’t want to be there, but some management mucky muck has decided that this class will suddenly make them worth the paperwork used to hire them. Since I truly do believe the topics I teach are important and make more effective and efficient network troubleshooters and better security technicians, these are the worst students to encounter. Many times I’ve considered handing out the Certificate of Completion papers during the first morning break, thereby weeding out these indentured students from the rest of the class.
Well - the music is blaring and it's time to play with beta products - hopefully, I will see you at Sharkfest... or at least I'll see your eyelids!
Saturday, March 22, 2008
I decided to stop by the office for a quick 'check in' - yipes! The office was crammed with boxes of all sizes - nearly floor to ceiling. Hoping I hadn't hit eBay after a late night of Port o' Calling last week, I nonchalantly asked Angela 'what's in the boxes?' She raced over to rip one open (apparently these were not tipsy eBay purchases - phew!) - Sharkfest conference goodies!
Sharkfest is just 9 days away! Eek! Time flies when conference time rolls around. It promises to be an interesting conference considering you have some of the premier Wireshark contributors coming from all over the world to sit face-to-face with Gerald Combs, Loris Degioanni and Gianluca Varenni. In addition, we'll all get to spend more time with Pilot, the new graphing and reporting tool for Wireshark. I showed Pilot during the Meet-the-Experts night at BrainShare. CACE Technologies (http://www.cacetech.com/) is expected to release Pilot on March 31st! Keep an eye out for it. Check out the entire Sharkfest schedule at the CACE Technologies site when you get a chance.
One of the myriad of boxes in the office held the 'shark shaped shirts' (glad I did not have a rum and coke before trying to say that). These shirts are a bit freaky, if you ask me. They are compressed and squeezed into the shape of a shark. Although everyone assures me that a slight bump on the box will not cause sudden decompression and the boxes will not expload with shirts and fill up all the breathing room around... I am staying away from those boxes!
So... as I sit here gazing out the window at a 70-degree plus day, I find myself putting together the schedule for the coming week in the lab:
- Finalize my Sharkfest presentations (one session has a last-minute enhancement)
- Do the final review of the Wireshark Certification Test question bank
- Upgrade my old Windows 2003 servers to Windows 2008 servers
- Perform daily updates to my Pilot Beta software and give it a good workout
- Organize all the business cards and contacts received during BrainShare
- Review, clean and release some of the trace files gathered last week
- Finish up and turn in Microsoft project "R"
- Record at least three hours of the new NetScanTools course (coming soon)
Yup - the week will be busy and filled with exciting new projects and opportunities. Before I head into my lab and immerse myself in packets (especially those 'ICMP Communication Administratively Prohibited' packets), however, I will catch a few moments in the sun to ward off a florescent-light pallor...
Wednesday, March 19, 2008
After the vendor party, we joined NetVision upstairs in the Port o’ Call to "bust a move"! Only one person fell on the dance floor (and it wasn’t me!) - a definite improvement over past years. Amazing how much my feet hurt early in the evening, but as the evening unfolded I couldn’t even feel my feet.
This afternoon we hit the OpenAudio booth to record a conversation recapping some of my sessions and talking a bit about Thursday’s scheduled videocast at the Meet the Experts event. I will be giving away the hidden secrets in the Laura’s Lab Kit during that session and talk about other cool tools related to troubleshooting and security. The OpenAudio booth was swelteringly hot inside, but the recording was (as always) a hoot! This time Brenda joined us for the taping - tomorrow she will be recording on her own... next thing you know, she’ll be taking over my sessions. See http://www.novell.com/openaudio for more information.
Speaking of sessions - head over to the FIN BIT page at http://www.wiresharku.com/ to get the slides from the four BrainShare presentations.
Again, Novell gave me access to the double conference room and had tables and power strips setup up for the BYOL (Bring Your Own Laptop) sessions. It is a great configuration for conferences.
For those of you who are not at the show, don’t forget to download the new Laura’s Lab Kit v9 from http://www.novell.com/connectionmagazine/laurachappell.html. The ISO image is 3.3 GB, so start the download and go have a good lunch or dinner... That is also where you will find the latest animated articles.
Now it’s time to catch up with a few hundred emails that are overflowing my inbox! Must... hang... in... there... must... stay... awake...