Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at

Wednesday, December 17, 2008

BrainShare... End of an Era or Time to Change?

Just moments ago I heard the final decision - BrainShare 2009 is cancelled. A wave of sadness passed through me... I thought back to the early days at the University of Utah, the Port 'o Call, speaking in the keynote room (just once), Meet the Experts partying, the concerts, the many friends I'd meet just one a year in Salt Lake City, Utah.  

Novell's cancellation of BrainShare 2009 definitely marks the end of an era for me - I've presented at every BrainShare since 1998 - since before my kids were born and my hair went grey and I lived in a packet-driven world of analysis. Back in 1998 I was a young whippersnapper skulking around Novell's hallways looking for the secrets behind this networking geek lab. Ray Norda was shuffling his way down the hallway keeping an eye on things and LANalyzer was still a hardware solution owned by Excelan Corporation (which Novell would soon purchase). I was the only girl hanging around the technical support guys (for professional reasons) and truly enamored with the SuperSet guys. 

Novell's announcement (and Apple pulling out of MacWorld in 2010) are indicative of our need to accept and move to a virtual world in more facets of our lives. 

If you got my most recent 
newsletter, you saw our survey regarding virtual conferences. Times have changed, folks... no training budgets, no travel budgets and likely absolutely no conference budgets in 2009. 

Can virtual conferences replace physical ones? Can we replace the human interaction and still walk away (albeit only a couple of feet) to feel satisfied that we've learned a lot in our time 'away' from the office? Can we replace the human networking aspect with something just as satisfying personally and professionally? Time will tell. 

Yes... it's the end of an era... or maybe the beginning of something new and exciting... regardless, I want to thank Novell for putting on one hell of a classy show each year - one that I looked forward to participating in swore I would be at until the day they said 'don't come.' 


Thursday, November 27, 2008

Turkey Technology

It's here again... the dreaded 'Turkey Day'. Time to be humiliated in the kitchen once again...
Three times now I have been thwarted by technology in my attempts to cook the perfect turkey.
Year 1: Bought frozen turkey; put in refrigerator to thaw. Tough getting the thermometer into the dang bird (nearly broke the hammer I used to get it in). After 3 hours, thermometer never moved off '0' - figured the thing was broken. After 4 hours and a nicely browned skin in view, pulled turkey out and dressed it up for serving only to find that the bird must have still been frozen and there were bags o' turkey guts/neck still thawing inside the bird - whoops. Chinese restaurant open today. I am thankful for Mu Shu Pork!
Year 2: Thermometer got a bad rap last year. Thawed turkey completely; pulled out all bags o' bunk; into the oven it went. After 4 hours and a nicely browned bird, the thermometer wasn't up to the desired 165 degrees. Gave it another 2 hours and it still didn't get to 165... smell indicated something wasn't right. Removed charred and whithered bird and threw away thermometer. Papa John's is open today. I am thankful for pizza!
Year 3: Martha Stewart's 'high-heat' turkey would only take 2 hours to cook an 18 pounder - no thermometer needed - guaranteed by Martha. Bought the Martha roasting pan, cranked up oven to 475 degrees and threw the damn bird in. Set timer for 2 hours and relaxed with a glass of wine. Determined not to fret over bird. After two hours, opened oven to find the turkey took the heat quite well, but Martha's roasting pan didn't - flakey pieces of some coating material wafted up in the air and was stuck to the outside of the turkey, spotting it with silver 'snowflakes' of faux aluminum or some other toxic substance. Pulled out batch of spaghetti sauce I'd made that morning just in case. MMMM.... a home cooked meal on Thanksgiving! I'm thankful for foresight and decent chardonnay from a local winery.
This Year: After 3 years of humbling experienes and technology failures, friends have stepped up to invite my family to 'stop by' on Thanksgiving. Kids a bit to excited over the idea. Hmmm... Planning on going house to house bringing store-made pies and wine. My family and I will mooch our way through Thanksgiving and hope to spare the life of one turkey this year. No technology to count on other than my car. I expect my friends will share my 'turkey travails' with all the guests - I hear it's a good dinner story... I am thankful for my friends.
Next Year: Premade turkey with lasagna as a back-up (in case the bird doesn't fit in the microwave for reheating - the oven is retired and now stores kitchen items I'll never use again).
Happy Thanksgiving to all who celebrate.

Wednesday, November 12, 2008

Summit08 Wraps!

Puff, puff... It's a heck of a lot of work putting on a conference - hats off to the folks who do it year in and year out and actually smile through the process (they must have some strong meds). You are a sick lot, you know! Anyone care to guess how many pieces of bacon, sodas and beers were downed during the two-day Troubleshooting and Security Summit08 conference (November 4-5)? Me neither.

One of the highlights of the conference was having Gerald Combs (creator of Wireshark) join us to talk about capturing traffic in a virtual environment and Tom Quilty (BD Investigations) talking about the steps to take before and after a network breach occurs. Who ya gonna call?

It was great sitting around a table at the vendor party with those two as well as Ron Nutter from Network World as we swapped geeky war stories and shared some of the inside scoop on cybercrime events and Wireshark development (which are mutually exclusive topics, by the way). He he...
For those of you who didn't join us, you missed a great time. We played with VoIP reassembly, some ugly WLAN communications, loads of ugly file transfers caused by packet loss/high latency, a DHCP server gone awry, nasty SNMP traffic (that we configured to see using the MIB printer configuration), problems with autonegotiation, SMB2 protocol negotiation during a Vista client/Server 2008 connection, lost packets, totally pathetic websites, evidence of a "DNS walking" application, a redirector infection, SNMP scanning host and traffic hidden through port swapping.

Two nights before the conference I added a set of trace files taken at a client and a server - I really wanted to show how to alter the timestamps because one analyzer was off on the timesync and then merge the two traces together, colorizing the two sets to differentiate them. I love this stuff!

Now my days are spent buiding the Summit 08 Wrap-Up site - if you attended Summit 08 you will receive your login credentials by the end of the week. I've put together four videos covering the MS08-067 vulnerability, the trace file merging process, building and sending custom packets and the Summit 08 Wrap-Up Checklist. In addition, I have a discount code for NetScanTools Pro and Pilot/Pilot+AirPcap EX3 bundle also going up on your Wrap-Up site (you already should have the code for 50% off the Wireshark University self-paced courses - good through December 31st).

So... would we ever do the conference again? Absolutely! We've already started planning based on the feedback we received. Register for notification at and I'll send you an email when Summit 09 registration opens and details on the Early Bird Special pricing. Alumnae will get special discounted pricing on Summit 09.

Now... just a couple more days until I head off to Portugal for the Vantagem conference. After that, it's the ATT Live conferences in Salt Lake City and then... well... then it's 2009 and time to start development on Summit 09!

[off to the Wrath of the Lich King launch party... 2 hours and counting...]

Tuesday, September 23, 2008

Pimping Podcasts and Packets

Well... with a title like that you just have to read this, don't ya?

Ok... there are really two subjects here - one is pimping podcasts and the other is packets, but they came together this evening with a new podcast series I am developing and a quick analysis of some podcasting traffic.

Pimping podcasts? This title came to mind as I searched for some lead-in/closing music for the upcoming podcast series. After searching for royalty-free music for a bit, I found a little ditty that turned my head (including my ears). The music was described as "70's, pimp-stylin, funkin', porn music. If prostitution is a victimless crime, then where's my wallet?"

I HAD to listen to this music!

Sure enough - this was some seriously funky music - it dripped of sexual innuendo with loads of wawawa slipping through dadum dadum with a funk beat - this could have been background music for Shaft! I could honestly imagine myself following that attitude-adjusting swank with a serious conversation about the If-Modified-Since HTTP header field! What a mood setter!

Note: We'll cover the importance of that header field in the upcoming Summit 08 ( when analyzing web browsing traffic.

So what do packets have to do with this? Well... since I was on the topic of podcasting, I thought I'd check out the traffic rate of the recent podcast I did with Ron Nutter's Help Desk Toolchest over at Network World ( - I found that the podcast MP3 file was 31,640,580 bytes and downloaded in just over 30 seconds at an average rate of 8.77 Mbit/s. This was waaaaay bigger than the Internet radio trace I'd taken a while back when studying streaming methods and bandwidth usage. Ron's podcast runs for 65 minutes and 55 seconds. When there I injected traffic into the network to cause packet loss and higher latency, I didn't notice it at all.

Tomorrow I should finish my analysis of Spore's network traffic and have the signatures to spot and eradicate that little primordial slime off the network (oh, sure... play it at home all you want!).

Don't forget - register for the Summit by September 30th for the Early Bird Special!

Friday, September 19, 2008

Where the *(@#$# Have I Been?

It's been ages since my last post - so where on Earth have I been (assuming I've been on Earth, of course). Good question...

I've been halfway around the world in Canberra, Australia (snoooooooze) and assorted places in the US. Mostly, however, I have been buried in the deep, dark and exotic... lab! Playing around with the VoIP analysis functions in Wireshark, cool enhancements in NetScanTools Pro and wireless views in Pilot. I'm also enjoying playing with systems that have been left naked and exposed on the Internet (eek!) - analyzing the methods used to compromise those systems.

I've also been writing a series of articles on topics ranging from "Optimize Your Network Regardless of IT Budget Cuts" ( to "Getting More Pool Time (aka Graphing Wireless Network Behavior with Pilot™)" ( and "Enhancing Windows® XP Performance with RFC 1323" (also and a few podcasts with my friend Ron Nutter were we discussed DNS security faults, strange traffic on the network (check out the live analysis results of going to - yucko!), and Microsoft's TCP enhancements in Vista/Server 2008 (all three to air at

Most excitingly, however, I've been working on the Student Manuals for the Summit (Network Analysis and Network Forensics Training) that takes place November 4-5 ( - I extended the Early Bird registration price until September 30th because of the hardships caused by Ike and the roller coaster ride we call the Stock Market.

Over the next two weeks I'll be releasing some of the lab information for the Summit - giving you a taste of the hands-on labs that we'll tackle together. Oh, yeah... we'll definitely do some VoIP playback and work in the wireless world! Join us for accelerated analysis/forensics training at the Summit.

Better go - it's 5:30pm and I have a few more hours-worth of trace files I want to review this evening! Yippie!


Friday, August 15, 2008

Summit 08 Registration Brings Nausea...

At typical conferences, I only have a 1 hour 15 minute time slot to present information - hardly enough to do more than whet your appetite for packet-level life. It is very frustrating when I really want to ensure attendees grasp concepts and walk out with solid skills for immediate gratification. So... I cancelled most of my remaining conferences this year to focus on development of my Troubleshooting and Security Summit on November 4-5th in Las Colinas, Texas (near DFW). Visit or

Geez... it takes a ton of work to put on a Summit/Conference! Reviewing the contract with the hotel nearly made me gag! We did select a fantastic hotel and we hope to take over the entire ballroom/meeting room area - giving us plenty of room to spread out with our laptops and great visibility for all attendees. Hey - if you're going to head out and spend time geeking out with us, you might as well be someplace nice (sorry, Detroit Days Inn... I just couldn't do it!).

I am working on the student kits and the new sets of trace files. I am most excited to work together on the new Microsoft TCP/IP stack stuff, optimization of XP communications and then the compromised host evidence area. In addition, we'll get to work with new trace files of unusual/suspicious traffic to locate their signatures and figure out how to block this crap from the network. Users get more bold every day with the dirty applications they try to run on network!

There was a major change made from the time we polled the mailing list to the current time - I want to give all attendees a copy of the WSU03: Troubleshooting Network Performance self-paced DVD course instead of the WSU02: Analyzing TCP/IP Communications. The WSU02 stuff is the perfect prerequisite to ensure you get the most out of the conference.

New trace files - new toys (uh, er... I mean tools) - hands-on labs! It's gonna be a blast! Make sure you register before September 1st to get the Early Bird Special. Ideally, I'd like to have enough attendees to ensure we take over the hotel. Oh, yeah - and hotel room discount rates are only available until October 20th.

Get the full outline and details at and let me know your thoughts!


Monday, June 30, 2008

No One Wipes Blood Off Their Own Face in Movies!

Well... it's another late night for me... insomnia rules my world at times and I've spent the day working with the new video training interface and the lab exercises for the Pilot beta course (which is debuting on July 18th - check out the calendar page for details).

I am finally settling in to watch a movie (oh, and blogging...) - "The Interpreter" is on... a smarmy show with beautiful-but-quesionable-actress Nicole Kidman and amazingly-talented-but-no-one-I'd-let-stay-in-my-house Sean Penn. The scene that just played had Sean Penn grabbing a paper towel, wetting it down and wiping the blood off Nicole Kidman's face. Now why is it that in movies no one can wipe the blood off their own face or put a simple bandage on their cuts? Geez... if we acted the same way I'm sure we'd all be walking around with oozing wounds and blood-stained faces, hands and feet. Ok... Hollywood is not reality (I want you all to remember that when the "Mother of Invention" movie comes out - if it ever does).

On that note... I've received numerous queries about the film. Last week I spoke with the main writer - the script is on it's 10th rewrite. He asked me some questions (I'm Technical Consultant on the film) about Navy Seals and intercepting radio-control signals. Now what the hell does that have to do with my life? Oh, wait... I'm not supposed to talk about those jobs... Seriously folks... when the film does come out it will have little relationship to my real life (except for that diaper-packed suitcase scene - believe it or not - that is true).

So back to the Pilot labs now - it's just past 12:15 am and I have another 3 hours or so of energy and focus left. I'm excited about this new course - as excited as I am with Pilot. If you don't know about Pilot, check out CACE Technologies' website. I just saved myself about 10 hours creating a report for a customer by using Pilot.

Oh... gotta go - final scenes coming up - helicopters and all... hey, wait a minute! I didn't see any helicopters in my film script!!! Time to make some calls... someone in Hollywood's gonna need some Bandaids!

Friday, June 13, 2008

Bag Lady of TechEd...

Those quizzical looks said "don't you have a hotel room?" After dragging around a suitcase of toys (uh, er... I mean 'tools') during TechEd, I really appreciate the guy/gal who invented roller bags. The lunch session today - while only 45 minutes long - finally offered me a chance to unload the bag and share some of my favorite tools. From the hot graping tool, Pilot, to NetScanTools (my key reconnaissance/traceback tool) and the infamous SumoBots, Ironkey, the self-destructing USB stick and the Phantom Keystroker that plagued some of the CommNet stations at various points during the network - the 45-minute sessions was a 'spewfest' of fun.

If you'd like to see the list of some of my favorite tools, check out - if there are tools I should add, send an email to

This week I also created a page with some information and product discount codes over at Even if you didn't go to the show, grab the discount codes for AirPcap, NetScanTools, Pilot and the Wireshark University Courses - watch the expiration dates - don't miss your chance to save some money on these hot items.

So what about that Thursday panel? Seated between Steve Riley and Mark Russinovich - the same seating arrangement we had in Barcelona, I knew it would be a hoot. Mark Minasi and Marcus Murray rounded out the geekfest at the front of the room. Without any introductions or scripting, it was a great opportunity to just chat about the issues - unbeknownst to the audience, we rarely all get together in the same room and the same time. When we do... you have five Type A personalities butting heads and trying to one-up each other's stories... and what stories they are!

Now... it's time to relax in the hotel room - I'm totally wiped out from four breakout sessions, a panel, a lunch session, four 'fishbowl' recordings and one TechNet Edge recording (oh, yeah... and some late nights out at the hotel pool and an evening of non-stop walking around Universal Studios).

Off to the HP TechForum conference in Las Vegas - with a pre-conference training session Monday and several sessions Tuesday, it will be a busy week. After that, however, I am thrilled to enjoy the summer with minimal travel. That will give me lots of time to play with new toys and tracefiles. Wheee!


Monday, June 9, 2008

Smack That ###!

Now before you begin to get all hot and bothered by the title of this splog ("spewed blog") - let me put this in context.

Brenda and I are on an American Airlines flight from SJC to DFW (if you travel much, you'll know the acronyms - if you don't who cares - just take it that we're on a plane). We were thrilled to have been upgraded and shuffled everyone around in first class so we could sit next to each other. I have loads of prep work that I still want to get done before TechEd starts tomorrow. (In truth, we've been cracking up while devising some very juvenile interview questions for our filming this week).

I've just plugged in my AirPcap adapters and set them for scanning mode - I want to know if the flight attendant speech about "please turn off your wireless cards or if your electronic device supports airplane mode, please use that" actually works. And after all - what's the point? Really?

I've talked to tons of pilots who say the whole wireless and cellular on planes is a bunch of hooey (pilot terminology). As Brenda and I hunch over the computer cracking up at the SSIDs flashing across the screen... my heart nearly stops...

"WHAT'S THAT!?" echoes through the entire plane at a decible level that rivals the Rolls Royce engines and makes my teeth ache. Holy shrieks - what was that?

"GIMME IT!" another shriek as my ears begin to bleed and both the parties in row 4 (the ones with hearing aids) keel over (there's just enough room in first class to actually keel over - if this had happened in 'economy class' no one would know until unloading time - you'd just look like you were taking a snoozer while propped up against the seat in front of you - lack of drooling would have been a clue, however).

With the 'Stare of Death' that my kids have feared since birth, I looked across to the nightmare sitting in 6B - with my eyes I try to send a signal of 'you should not be on this plane - and potentially, you should never breed'. I turn to Brenda with a simple question - "Why don't I hear any slapping?"
You see - I'm not wasting my 'Stare of Death' on the little boy who has the lung power to rival Pavarotti (before he died, of course) - the stare is for the mother who is oblivious to her son's inappropriate shrieking - hmmm.... perhaps the woman is deaf? If not, she will be soon. Hmmm.... are those earplugs in her ears? Really! This is a pet peeve of mine - parents who don't teach their kids manners until the kids reach the ripe old (too old for teaching manners) age of 13 or so.

What's wrong with saying to little Jimmy, "no, sweetie - we don't stand on the table at restaurants" or "no, honey, we don't give the cat a haircut using a butcher knife"? Geez - can't you get that kid a video game to play - laptops are cheap - get him Grand Theft Auto - that' oughta hold his attention - especially if his favorite color is red.

So... back to the wireless traffic - here's a list of the SSID's being requested by the various laptops on this flight (notice the lack of querying for WSU? I listen to those aero-cops big time now with the recent Call-Ahead-to-have-a-Passenger-Arrested-if-They-Don't-Wait-for-the-Beverage-Cart-to-Pass-Before-You-Want-to-Go-to-the-Bathroom law.

GlobalSuite Wireless
InternetIvy Room - (97)
Regents Park
Space Park #1
Westin-Aruba (this is just wrong - in Aruba hitting the wireless?)


After a bathroom break (I'll talk about the Coffe-Pack-in-the-Bathroom-Issue in another splog), I asked the flight attendants who were up in the front galley hiding away from the noise... "What's the deal with wireless communications on the plane? What happens if a laptop is turned on with wireless enabled?" In tandem, as if they'd practiced this response one thousand times (hmmm... mind-control training of flight attendants - that explains a LOT!) they synced "It interferes with the instrument panel!" I did mention that we must have lots of laptops on this plane with their wireless turned on - "How come we aren't plummeting to the ground by now?" Ok... wrong question. It took a bit of time to ensure them I wasn't interested in parking the plane over a corn field and I finally snuck back to my seat.

I reviewed the results of my wireless scan - systems desparately seeking 45 different SSIDs! Whoa! Doesn't anyone care about the dangers of wireless transmissions on the plane? Hey folks - our plane's instrument panel is probably popping outta the dash the and pilots are using hand-signals before turning! YOU'RE RISKING MY LIFE HERE, BUBBA! I feel like doing a 'puter smack-down of the systems on the plane, but feel that is likely to land me in Club Fed long before I'm ready... I sit down and pick up some SMB2 specs to review...

Now considering that TechEd starts tomorrow and we're on a flight from the Silicon Valley - I'm quite certain some of these yapping systems are headed for the conference center. It's kind of like meeting people ahead of time. When we get there, we'll check for some of the same SSID requests and who knows... we might find we're surrounded by friends before the conference even starts.

Uh oh... gotta go - landing time "Please turn off and stow all electronic devices..." Hmm.... maybe it would be interesting to see if people turn off their laptops during landing...

p.s. Visit the new page! Enjoy!

Wednesday, June 4, 2008

TechEd or Jail... Packing Light

With only a few days to go before the TechEd IT Pro conference, I've begun the packing process.

I had some nagging feeling as I carefully entombed my three competition SumoBots and the Annoy-a-tron circuit board in my carry-on bag. Let's see... where can I fit the webcam rocket launcher? What about that 7' antenna I wanted to bring... it'll have to stay home for this show.

I had hoped to have some form of the Digital Dress to bring out, but it's just been delayed again - wouldn't that have made a splash at the show? Of course getting that dress through airport security would be.... OH WAIT A MINUTE! AIRPORT SECURITY!

Mouth agape as I looked through the bag I'd planned to tote onto the plan... when the TSA (Transporation Security Administration) scans this bag, they're just going to throw me in a holding cell as a precaution. The gears, wires and circuitboards of the SumoBots alone will likely have me cuffed face-down in the security line - my nose on par with the putrid unclad feet of the traveling masses.


So... the other suitcase was recovered from the back of the storage shed as I tearfully said 'goodbye' to my favorite toys that would set off even the most dense of TSA agents. How do you describe the purpose of bringing a full-sized keyboard in your over-sized 'purse' (he he... if 'man purses' were a bit more accepted, you'd be stuffing everything in there too, guys!)?

"OH THAT? IT'S ACTUALLY A KEYLOGGING KEYBOARD TO STEAL PASSWORDS AND USER NAMES. No Worries." Don't fret about me, Ms. TSA-woman-with-a-bad-attitude-because-she-is-an-AOL-user. I wouldn't hurt a fly...

I will certainly be in a funk if my SumoBots and flying monkey slingshot get re-routed to Sao Paulo - perhaps it's time to print up some "Baggage Handlers Do It Gently" or "I [heart] Baggage Handlers" or "Chairwoman: Baggage Handlers Union" stickers for my luggage...

As a side note - some of the materials being discussed at TechEd have made me consider teaching a hands-on course - something I haven't done in about 16 months, 2 days and 5 hours (not that anyone is counting). Check out for the survey on the possible course. Or visit and let me know your thoughts.

Now back to packing... goodbye little BillyBot... goodbye little BushBot... goodbye little BallmerBot... (did you see the BallmerBot video yet?)... sob...

Proud parent of three aggressive SumoBots
Fan of Baggage Handlers everywhere!

Tuesday, May 27, 2008

Homework Interferes with World of Warcraft!

No, no, kids... put those schoolbooks away. Right now! I mean it! <... putting on my best Mom-is-in-charge-here look, crossing my arms and tapping my foot impatiently...> The looks on their faces question my sanity... nothing new.


Cheers all around! Papers and books are shoved into backpacks at a frenzied pace. The bags are tossed unceremoniously into the corner of the room - making way for a much more important project - capturing network traffic! Ok, ok... my kids sound a bit strange... but this is a project they've waited for. The day had finally arrived.

In preparation for TechEd 2008, I wanted to pull together new trace files for...

MMORPGPCA (Massive Multiplayer Online Role-Playing Game Packet Capture and Analysis!)

Most of the games were pre-installed on the lab systems. All I needed were players... hmm... now where would I find fanatical players who would generate the much-needed traffic showing character creation, acquisition of quests, travel through surreal worlds to slash nightstalkers, destroy or tame ravagers, dual with other loyal Alliance members, pzwn noobs, kill the dreaded Horde and obtain mystical skills to use in a constant quest to level up?

Yes! This must be why I had kids!
[In the olden days of IPX-based game analysis, I gathered a group of 'professional game players' in my garage and found the experience very frustrating... these folks didn't take direction well - my trace files were a mess of processes that took me hours to sort out - not to mention the bankroll I blew on candy bars and the unique aroma that made me seriously regret I'd removed the automatic garage door system and didn't install a window for ventilation!]

On today's plate:

- World of Warcraft
- GuildWars
- Team Fortress
- AdventureQuest

My goal - identify the transport methods, static ports (if any), related DNS queries, bandwidth usage and any game signatures. How could a network analyst detect this traffic and, if desired, how could an IT professional block it?

This family-based lab exercise (which lasted well past bedtime to the delight of my kids) yielded almost 100 trace files showing all aspects of game play - information I'll show next month at TechEd (Session SEC356: Analyzing Questionable Traffic) and include in the hands-on labs in my preconference seminar at HP TechForum - both taking place.

"Family Night" has evolved!


Thursday, May 8, 2008

Spitting Bits....

The office is wild these days!

It's like Christmas - a geek Christmas! The myriad of multi-sized boxes piled around my desk are calling me... "don't write that blog... open me!" "No! Open me first!" "Hey - I was here first!" Can't you just hear them?

The boxes are filled with products that range from the absolute necessities (such as the USB version of NetScanTools) to the absurd (8-Bit Dynamic Life shirt set - that includes a transmitter for folks who have no friends)!

Why the *(#$*$#@%! do we have all these new products rolling in? Well - it's simple - BitSpitters!

Taking the advice of our buddy Wil and numerous folks who told us to "go viral," we took the leap!

The first four BitSpitters videos are online (see for the links and HTML code to embed on your site, which we'd love!). Alternately you can search YouTube for "bitspitters."

This is what I've learned from my initial foray into the world of viral videomaking:
  • I talk too much - YouTube's limitation of 10 minutes for the cheapo freebie account has to be first and foremost in my mind when I start recording. I really only want the videos to be between 1 and 3 minutes long. So far, the closest I've gotten to this lofty goal is 3:44. Maybe I can cut out the title and ending slides!
  • People want to be entertained more than educated - the humorous "Look Really Smarterest" is viewed twice as often as the straight-tech talks. That's ok since I think this techie stuff is pretty entertaining anyway - we're going to follow this trend and keep the BitSpitters videos light and lively.
  • Watching hit counts is addictive... within minutes of posting the first video I had a hit count of five. Not a big deal in the YouTube world, but fascinating to know some late-night insomiac was already viewing stuff I'd just recorded. (I could only hope they were properly dressed at that hour.)

The upcoming BitSpitters will be shorter (maybe I could cheat and do 'part 1' and 'part 2' videos) and hit some of the more humorous topics, such as:

  • How to Keylog Your Kids
  • Is Microsoft Unedumacated?
  • Secrets of Laura's Lab Kit v9
  • Macof Ate My Network!
  • Is Nessus Naked?
  • Is NetBIOS Ignorance Bliss?
  • Aliens and IPv6

If you have ideas for future BitSpitters episodes, send them to me at Watch for the announcement regarding Binary Balloons as well... he he he...

Time to put my headset on and spew!


Friday, April 25, 2008

"Cut Off its Horns, Wipe its Butt and Throw It On the Grill!"

Insomnia has set in... at nearly 3:00am I find myself settled into the couch watching "Contact" and revisiting the events of the past week - what a week!

Insomnia is a condition I suffer when I my brain simply cannot shut down for longer than three hours at a time. I drift off to sleep easily at 11pm only to fully wake a few hours later ready to go. Numerous times I have dragged myself out of bed, hopped in the shower, sung my children awake (I am a horrible singer - it's a matter of 'wake up or suffer an encore') and started cooking up a nice bacon and eggs breakfast - ready to start the day. As my kids stumbled out of their rooms and settled in at the breakfast table, I noticed how sloth-like they were... hmmm.... maybe they need to get to be a little earlier at night... no more 'extra 15 minutes' of reading for them!

My first indication that it is what I call "Pre-3" (before 3am) is the noticeable empty driveway - no newspaper. The fact that I had to use a flashlight to even see the driveway seemingly passed me by. Grumbling about the newspaper delivery man (oh, times have changed... my newspaper man hurls the paper up my driveway out of his Honda Civic passenger window at a rate that caused me to employ evasive tactics to avoid the inevitable 'tag' that he has played with me as I have waited in my driveway with crossed arms and tapping feet at 6:30am), I return empty-handed to start making breakfast.

Suddenly, it is apparent that something is not right -- you don't need to hit me over the head with a brick (or a newspaper)! It can't be 6:30am yet.... oh no... I sheepishly slink back into my house - my Spongebobs (slippers) weighing heavily on my feet. Please, please let it be at least 5am. I can think of a plethora of reasons as to why I woke them at that hour... Ok... do I fess up or pull the old I'm-the-best-Mom-in-the-world (BMITW) cover-up? "You guys look so tired... I'll tell you what... why don't you two go back to bed for a few minutes - get some extra sleep. I'll wake you up in a bit." Off they go with hugs and kisses for the BMITW!

This morning I woke with the vivid image of Ross Stonecipher, President of ExecuTrain, ordering his steak Monday night at The Tavern in Alpharetta, Georgia. When the waiter rounded the table to ask how Ross would like his steak cooked, he piped up with the indelible phrase, "Just cut off its horns, wipe its butt and throw it on the grill!" What a hoot!

I'll write further about the Monday-Tuesday meetings in Alpharetta - meetings that will alter the image and offerings that I am involved in within the IT industry. The coming weeks will be filled with research and planning to make the new vision a reality. My insomnia was likely triggered by these upcoming changes and my excitement at moving in a new, more diverse direction. Insomnia sets in when I want more hours of work than sleep (rather than when I need more hours of work than sleep).

With the formal release of Pilot ( last Thursday, the fascinating onsite that has dropped into my lap and the future direction plotted out with ExecuTrain this week - how can I sleep!? This is where I dust off the 'stuff I've got to read' pile to search out a sedative...

Ahh... there it is - my tried and true solution!

It rests nonchalantly about halfway down the pile - its ragged edges a testiment to the number of times it has been ripped from the stack in the pre-3 hours in desperate hopes of kick-starting the five-phase process of slumber.

"High Speed Backup Without Stopping Business Applications" - a 5-1/2 page sleep-therapy expose written back in 2005 to explain Fujitsu's ETERNUS disk array series and the importance of live data backup. For over two years now, I have trusted my restorative hours to this document with total confidence that it will immediately cause an encephalic check-out. Never fails! Come on - is there anything more boring than storage solutions?

Just writing about the storage solutions document is lulling me to sleep... so I'd best give in - tomorrow will be a long day of recording the new Pilot self-paced course and charting the path toward some new and exciting opportunities.

Good night - sweet storage dreams!


Sunday, April 13, 2008

Wireless Electricity? It's Coming!

Coming home to San Jose was a welcome change after the drizzly cold depressing world known as Microsoft... uh, er, I mean Redmond, Washington . Having grown up in San Francisco, California and living without sunshine the majority of the year, I revel in the sunshine that we have in San Jose, California. This weekend the temperatures topped out around 90° and we had a slight breeze-perfect weather! When the weather drops below 70° we whine an moan about the cold. Yes, we Californians are a spoiled lot!

Things were little too hot in many areas of the country as American Airlines grounded some 3,000 flights last week. I was lucky. I was on code share flight with Alaska Airline. Of course, my Alaska Airline flight didn't take off on time (out of the last 10 round-trip flights Alaska Airlines, my flights have been delayed 8 times - they are a pretty mellow bunch). But hey, I was just happy that the plane took off within a couple of hours of the scheduled departure time and I didn't have to put up with the nasty stench of burning wires on the flight.

On Friday evening, I received an e-mail from Dan Garton, American Airlines' Executive Vice President of Marketing. Dan referred to me as "one of our most valued customers" in his apologetic e-mail addressing the grounding of the DC 80 planes. Considering that I have now almost reached my 3,000,000 mile mark with American Airlines, it's a miracle that I didn't have an AA flight schedule for last week. It sure seemed strange to me that the e-mail apology was sent from American Airlines VP of marketing. Don't you think it would been better to send the e-mail from the CEO, Gerard Arpey? Hmmm...

"The work being done now centers on a need to change the way in which American complied with the Airworthiness Directive (AD) regarding such items as the spacing of the ties on the wiring bundles and the direction of the retention clips and lacing cords. We are highly confident that this is not a safety of flight issue because the wire bundle is secure. It is a matter of how the work was done, not whether aircraft were protected from the threat of wire exposure and chafing that could cause fire."

Perhaps this whole world of a wired technology is passé. Maybe it's time to take a look over at MIT and check out the "WiTricity" project ( These folks have it right. Wireless electricity! Take a bit further and imagine having roaming wireless electricity. As you cruise through the airport, your laptop would connect to various wireless electricity taps in charge itself to 100%. Considering the number of times I've plugged my computer into a power strip and then forgot to turn on th power strip - this could be very handy technology! Another plus would be the removal of the dreaded "power cord to the podium" that I've tripped over numerous times... the comedic fall that I've taken so many times would be missing from my presentations, but it's the price we pay for keeping up with technology.

So, back to the Redmond trip. On June 9, the week of TechEd, I'll be able to explain why I've been spending time in Redmond. I'll be arriving at the TechEd conference on a red-eye flight from Redmond that gets me into Orlando around 6:30 a.m. on June 10th. Mark Penaroza, the Security Track Manager, was nice enough to book me in afternoon sessions that Tuesday. As long as American Airlines doesn't ground their fleet that week, I should get there in plenty of time to present. (Crossing my fingers and wires!)

Now back to working on the Wireshark University certification test... we're almost there!


Thursday, April 3, 2008

Sharkfest Swims into History: Vint Cerf, Core Developers and New Products Rock the Show!

[warning - 'spew mode' is on... long blog...]

What an event...!

I'd planned to blog on Tuesday evening after the second day of Sharkfest, but I hit a serious case of brain-drain. In addition, my feet were demanding my attention (see "Ugly Shoe Syndrome" below).

I hate to gush too boldly about the event, but notice I have a bit of Sharkfest afterglow today... that twinkle in my eye, spring in my step (ok, ok... my feet periodically do remind me of the past three days of abuse) - heck, I almost caught myself singing the theme to jaws (one of the few tunes that I can actually muddle through).

I believe the key factors that made Sharkfest such a unique and successful conference were the laid-back campus atmosphere at Foothill College, the 'no suits' image of the attendees and presenters, the refreshing lack of marketing and sales 'pukes' in sight, the sponsoring companies who actually had hot products I want to own, the impressive list of attendees (how do you avoid getting flustered when presenting in front of the creators of Kismet, NMap and WinPcap and the core developers of Wireshark?), the creative and entertaining presenters and the other-worldly oration by luminary Vint Cerf. [My kids would like me to note that the oversized chocolate chip cookies I brought home were better than the tshirts they got from the last few conferences I spoke at...]

An Impressive Launch
Early on the first morning I settled into my seat at the keynote - honestly, I had no preconceived notion of the conference experience we were embarking on. Mike Kershaw (creator of Kismet) had already settled in and was playing around on his Nintendo DS. Gerald was nervously sipping his coffee while John Bruno (co-founder of CACE Technologies) paced about, waiting to start. Loris Degioanni and Gianluca Varenni (co-creators of WinPcap) alternately joked and bickered like an old married couple as they prepared for their moments in the keynote.

Mike leaned over just before the keynote started... pushing his DS under my nose pointing at the screen with a wicked gleam in his eye. (Oh geez... I am not a big video game fan... I won't know anything about the games except what I've learned of the Legend of Zelda from my kids....sigh)... but when I looked at the screen the only characters running around were related to the WiFi signals he was picking up with his ported version of Kismet! Now THAT I understand! Very cool!

I knew this wasn't going to be your typical conference...

As John Bruno acknowledged the many sponsors and Tim O'Neill who was instrumental in making Sharkfest happen by getting us some visibility and bringing in Vint Cerf for the Tuesday morning keynote, we all wished Tim could have been there to hear the applause (I know at least one person, Betty DuBois, called him during the keynote to fill him in on our sincere appreciation of his efforts!). Thanks so very much, Tim! You are a star!

The keynote took a unique turn as John set the framework for the next section - "Gerald, This is Your Life" - a story tying together the elements that would become a cohesive group of Wireshark, WinPcap, CACE Technologies and Wireshark University.

Gerald sprung up to the stage to begin... only to find that John had taken all Gerald's notes from the podium. Being a bit scattered with a diabolical sense of humor, one has to ponder whether this was an intentional ploy - it garnered laughs through the audience as John rapidly riffled through his papers to see if he could find Gerald's notes... forcing Gerald to hold is breath and sweat it out while praying the notes would be found soon. A collective sigh of relief could be heard when the notes were handed over - you could tell this audience respected Gerald and felt his pain for those few brief moments.

Gerald thanked the people who encouraged (and in some cases pushed) him to focus on Ethereal in the early days. He gave us all an inside view of his initial foray into creating Ethereal (and the importance of that barn in the early days - I, for one, am glad he fully explained that line item on his slide!) and segued into the current stats on Wireshark:
  • 9+ years in development
  • 600+ developers
  • 6 hosting providers
  • 3 domains
  • 2 names
  • 1 barn with livestock (it's a long story)
  • 1.5 million lines of code
  • 300,000 downloads per month
  • 900+ protocols
  • 1.0 revision released this week
Gerald brought up Loris Degioanni and Gianluca Varenni to the stage to give us the inside view on the development of WinPcap and their unique style of relating to each other. If they ever decide to give up the programming someday, they should consider stand-up comedy. What a pair! Gianluca's ever-present grin reminds you of that little boy who is always in trouble at school, but he's so darn endearing that you just can't send him off to juvenile hall... at least not yet. Loris' self-deprecating humor and quick wit balanced out the pair's ability to come across as two rabble-rousing kids from Italy who are having way too much fun and have inside jokes we'll never be privy to.

I had a few moments to recognize the phenomenal Wireshark University instructors and pester Gerald to tell the audience about one of the alternate names that were considered before "Wireshark" was chosen. EtherWeasel! Thankfully, Gerald followed the level-headed advice of his wife, Karen, and went with the Wireshark name. Thanks Karen! We all owe you one!

It was time to look to the future... Gerald brought Loris back up on stage to announce and demonstrate Pilot - CACE Technologies' graphing and reporting tool built around Wireshark! [Insert drooling images here, please...] Loris deftly manipulated a 100MB file - displaying throughput graphs and pulling out sections to send to Wireshark for further analysis. Control-clicking on multiple graphed elements and drilling down for more comparative detail, I could hardly contain myself. There are so many features in Pilot that I have dreamt about for many years. Finally, Loris entered some comments on one of the graphs, selected to export the graph and comments to PDF format and BING! Up came a report containing all the supporting graphs and verbiage depicting the findings in a clear, colorful manner that even a CEO could understand! All attendees received a DVD containing videos showing Pilot in action. [No price was stated, but the release date is just a few weeks away. Check for more details.]

The keynote concluded right on time (an unheard of feat these days) and we were off... ready to hit the sessions and charged up (with lots of coffee, sodas and candy bars) for the three days ahead.

A 'Who's Who" of Attendees
On Monday morning we arrived at campus at 6:00am to blow up Sharkfest balloons, hang banners, prepare the registration desk and open the speaker lounge (a room that was never used by speakers - all speakers hung out in the Campus Center - there was no separation between speakers and attendees - we were all there a collaborators, colleagues and partners).

During the registration process (which was, in itself, a unique process given the 'register by first name' process - ok, ok... last names next time), I caught myself staring at the folks coming up to the table - check out this impressive list of folks who strolled the campus this week:

  • Joe Bardwell (packet guru; Connect 802)

  • Gerald Combs (creator of Ethereal/Wireshark)

  • Loris Degioanni (creator of WinPcap; creator of Pilot)

  • Thomas D'Otreppe (creator of the Aircrack-NG suite)

  • Jonathan Fairtlough (LA District Attorney's office)

  • Scott Haugdahl (BitCricket; creator of PacketScrubber; former CTO WildPackets)

  • Mike Kershaw (creator of Kismet)

  • Fyodor, aka Gordon Lynn (creator of NMap)

  • Mike Pennacchi (packet guru; Network Protocol Specialists)

  • Gianluca Varenni (creator of WinPcap; creator of TurboCap)

and many more... all there for one reason - to support, enhance and share knowledge on Wireshark features, future and related technologies and products.

Wireshark University Instructors and ExecuTrain Group
This was the first time I've been in the same room with four of my five Wireshark Instructors as well as my ExecuTrain team that deals with the Wireshark bootcamp course. I know why I selected these folks to work with - the instructors are the best in the industry! Some were my competitors for years - they became my colleagues over the years and now I am fortunate to have them as my partners in the Wireshark University adventure!

  • Betty DuBois (Certified Wireshark University Instructor)

  • Tony Fortunato (Certified Wireshark University Instructor)

  • Priscilla Oppenheimer (Certified Wireshark University Instructor)

  • Phill Shade (Certified Wireshark University Instructor)

  • Chris Bell (Certified Wireshark University Instructor) - absent sadly... someone's got to work!

  • Tom Robinson (ExecuTrain/Next Step Learning Managing Director - Wireshark University)

  • Dave Raab (ExecuTrain/Next Step Learning VP Sales - Wireshark University)

Every attendee got the latest version of the Laura's Lab Kit (v9) in their bags - if you didn't attend, download the ISO image (3.3GB) from when you have a lot of spare time.

Campus Center Hang-Out
The Campus Center was definitely the place to collaborate. At times you'd see a table of the impressive Wireshark core developers dotted with attendees who were soaking up the brilliance emitted from the creative minds surrounding them. Conversations would wander from war stories of beleaguered networks overloaded with BitTorrent traffic to newer functions added to Wireshark over the past several revs to "I have a dumber network user than you do" competitions.

Ugly Shoe Syndrome
On the first day I wore my conference-ready Aerosole heels... they look good and give me another couple inches in height. By the end of the first day I was hobbling around as my feet screamed at me to sit down. I couldn't - it just wasn't that type of atmosphere. There were too many people to locate for a chance to talk and several presentations to make (sans chair to rest upon). By day two, I'd switched into my loafers... I was noticeably shorter, but much happier... until the end of the day when my feet again reared their ugly little (actually big) soles and screamed bloody murder. On day three I could have been mistaken for one of the many gardeners working the grounds at Foothill. My heels and loafers had been replaced with my backyard shoes - the ones that have been left outside in the pouring rain and pounding sun. Ugly a sin, but comfy as... well almost as comfy as slippers.

Still in pedagony, I hobbled home at the end of Wireshark - thankful that it was a three-day conference. If it had gone on one more day I would have had to bring out the SpongeBob slippers (it's difficult to hide bright yellow sponges hanging off your feet). A fifth day at the conference would have required an extra power strip behind the podium as I would have stood in a foot spa at the front of the room.

Worshipping at the Church of Vint Cerf
Shortly after Vint Cerf took the stage, Gerald came over to me practically shaking with excitement - "Isn't this COOL!" He was bubbling over with the excitement of a 5-year old at Christmas. My mind immediately flashed on an image of Gerald as a 5-year old kid diving at the presents under the Christmas tree... a strange vision because the ecstatic kid was wearing his "Vint Cerf jammies" and hoping for a new compiler tool... oh, well... I digress...

Vint Cerf is a cross between Santa Claus and Arthur C. Clarke. With a brilliant, luminary mind that sees things others cannot fathom and a kind, humble manner, he would be the ideal grandfather! Many people may have grandfathers that twitter about imaginary concepts brought on by some form of dementia, but in this case those concepts have become or are becoming reality. Interplanetary communications? Geez... I'm still trying to figure out how to get rid of Vista's 'donut from hell' half the time. (See

Quick thinking on the part of the guys from LOVEMYTOOL - Tim O'Neill and Denny Miu - they videotaped Vint's speech - visit to watch and feel inadequate, inconsequential, but inspired by this most eloquent, humble and visionary man! He gave us all the best Christmas present we could have - a globalized communication system.

One of the most heart-warming moments at the conference was when we watched Steve Karg's son approach Vint Cerf to say hello ("Mr. Cerf") and ask Vint shyly if Vint would sign his Strategy Guide. When Angela (from Wireshark University and a key player in coordinating the conference) asked the boy, "Do you know who Vint Cerf is?" he gave her an incredulous look and replied, "Of course! He's the Father of the Internet - didn't you Wikipedia him?" What a hoot! Perhaps Vint is the Grandfather of the Internet to him...

Mingling with the Core Developers
At several points during the conference I wandered over to the Developer Track training room... almost sneaking up on them as they mingled outside the room. Feeling like a kid trying to get close to a sports-star, I tried to just 'melt in' with the group - be one of them... but I wasn't. These folks have a bond that goes back many years - they are bound by their dedication to Wireshark and the open source vision. I must admit... in my head I'd pictured a few of them as unshaven, scraggly-looking misfits who were unaccustomed to natural sunlight. I was pleasantly surprised to find that they not only knew all about modern shower systems, but they had an effusive sense of humor that was exponentially amplified when you get a group of them together!

After all these years of reading the patient and insightful answers posted religiously by these folks, I finally got to catch them in person. Honestly, they are the reason we were all gathered there at Sharkfest - they took up the challenge to continue Gerald's quest.

  • Sake Blok

  • Anders Broman

  • Stig Bjorlykke

  • Mike Duigou

  • Andrew Feren

  • Stephen Fisher

  • Guy Harris

  • Steve Karg

  • Jaap Keuter

  • Tomas Kukosa

  • Ulf Lamping

  • Graeme Lunt

  • Martin Mathieson

  • Christopher Maynard

  • Bill Meier

  • Greg Morris

  • Richard Sharpe

  • Sebastien Tandel

  • Michael Tuexen
There were many core developers who could not attend, but should be recognized. In Wireshark, select Help > About Wireshark > Authors to see how many folks have contributed to the resounding success of Wireshark over the years.

Back to Work...
I returned from Sharkfest energized with the contacts I made and excited about the future of Wireshark and Wireshark University. I returned from Sharkfest energized with the contacts I made and excited about the future of Wireshark and Wireshark University.

The past months have offered grueling work for Janice Spampinato, Nicole Martin and Angela Sherman - the three amigas who coordinated everything - balloons, banners, hotels, registration, food, on-campus services, track topics, presenters, welcome packs for presenters, show bags, sponsorships, and much, much more. With their angel, Tim O'Neill, providing encouragement, I think they pulled off one hell of a conference! Thank you so much for your perseverance!

As I sit here with my SpongeBob slippers soothing my feet through the recovery process, I find myself looking forward to future Sharkfest conferences. The future is bright... the sun is shining, the latency on my network is low and I haven't seen a single lost packet or duplicate ACK in over two minutes - ahhh.... life is good.

"Da dum... Da dum..."


Thursday, March 27, 2008

The "HackTool Virus" is Re-Released

Ah... it must be March. The frantic and outwardly snickering emails are flooding in - "did you know..." The excited caller exclaims, "Your Laura's Lab Kit has a virus on it! Really! I just put it in my drive and my virus detection software came up with a warning about the HackTool Virus! Another virus detection package says the DVD has a Hacker Tool virus as well. One of the applications, Cain and Abel, is infected!"

Note: The new Laura's Lab Kit v9 ISO image can be downloaded from:

Ok, ok... before you get your iPod cables in a bunch, one vendor blew it by calling this the HackTool virus when they should have simply said you've got a hacker tool there, bubba. Let's quickly look at a description of the "Hacker Tool" designation from one of the VD (virus detection) vendors:

F-Secure's Description of "HackerTool"

Hacker Tool (generic description)
Hacker Tool is usually a standalone file. In many cases such tools are used by hackers to perform certain actions on a compromised computer, for example to crack passwords or to scan for vulnerable computers. It should be noted that such tools are sometimes used by system administrators.

Our corporate customers prefer hacker tools to be detected by F-Secure Anti-Virus. If a system administrator still wants to use a hacker tool, he can exclude the tool's file from scanning. For ordinary users running such tools should be prohibited.

Here's the scoop... the HackTool or Hacker Tools designation does indicate that there is a potentially unwanted program on your computer or on connected media. You do want to know about that, don't you? The Laura's Lab Kit always contains some programs that could potentially be nasty if used in the wrong hands -- Cain and Abel always makes VDs spew forth complaints. Even sweet little Wireshark can cause VDs to scream bloody murder.

Don't get me wrong, you probably do want to know when there's a HackTool issue on your system - a message that your system is infected with the HackTool.rootkit virus should make your skin crawl. But before you freak out about Laura's Lab Kit, check out which tools are associated with the HackTools warning - they may become your favorite secuirty research tools and replace your lost hours on World of Warcraft with the thrill of idle scanning or redirecting traffic usinig ICMP (instead of plain old ARP).

Oh... and one more thing... The fact that we release Laura's Lab Kit on the ides of March is purely coincidence! Now get back to work!


Tuesday, March 25, 2008

No Free Sharkfest Booze!

Putting together a conference is a hell of a lot of work - and I'm not even doing all the difficult stuff for Sharkfest, the first Wireshark User and Developer conference taking place next week (March 31-April 2 in Los Altos, California). Visit for the session list and registration information.

It was a major coup to get Vince Cerf out to Sharkfest! What a line-up! We'll have Gerald there teaching how to create dissectors and Loris will be showing the new hot tool graphing and reporting for Wireshark. My Monday presentation was altered so Loris could join me and show this hot tool in action.

Geez... the show bags, the logistics, the marketing, the presenters, the signage, the food... the FOOD!
I am shocked at how much conference people eat! I am thrilled we don't have to supply the booze for the conference!

Conference attendees’ concentration levels change as their blood alcohol levels adjust throughout the week. During the first day, their bodies are relatively free of booze toxins (BTs). As the week progresses, the BT level increases as does the sleep deprivation (SD) level. I prefer teaching morning sessions at conferences unless my BT/SD levels are also accelerated. As the week progresses, I see more eyelids than the eye shadow tester brush in the front aisle at Sephora (a very popular cosmetic pusher located in airports and swanky shopping malls. Nothing costs less than US $20... unless it is orange... or is that popular now?).

Private "voluntary class attendees" usually want to be in the class. That doesn’t mean they can give you their full attention, however. They are balancing work responsibilities, family responsibilities and their reputations. They are often in class with a peer, senior member of their firm or some junior smartass who wants to take their job. I do not fault them for being distracted and late to return from the breaks – I appreciate that they could give me a moment of their attention – let alone 6-1/2 hours a day for numerous days in a row.

Private-class "forced attendees" are just warm bodies in the room. They don’t want to be there, but some management mucky muck has decided that this class will suddenly make them worth the paperwork used to hire them. Since I truly do believe the topics I teach are important and make more effective and efficient network troubleshooters and better security technicians, these are the worst students to encounter. Many times I’ve considered handing out the Certificate of Completion papers during the first morning break, thereby weeding out these indentured students from the rest of the class.

Well - the music is blaring and it's time to play with beta products - hopefully, I will see you at Sharkfest... or at least I'll see your eyelids!


Saturday, March 22, 2008

No Rest for the Wicked?

The flight home from Utah was uneventful - primarily because I slept the entire time. Thanks so much to the BrainShare attendee who sat next to me and let me snooze uninterrupted for the short flight. My voice is recovering nicely after going for 24 hours without speaking (to the delight of all around me).

I decided to stop by the office for a quick 'check in' - yipes! The office was crammed with boxes of all sizes - nearly floor to ceiling. Hoping I hadn't hit eBay after a late night of Port o' Calling last week, I nonchalantly asked Angela 'what's in the boxes?' She raced over to rip one open (apparently these were not tipsy eBay purchases - phew!) - Sharkfest conference goodies!

Sharkfest is just 9 days away! Eek! Time flies when conference time rolls around. It promises to be an interesting conference considering you have some of the premier Wireshark contributors coming from all over the world to sit face-to-face with Gerald Combs, Loris Degioanni and Gianluca Varenni. In addition, we'll all get to spend more time with Pilot, the new graphing and reporting tool for Wireshark. I showed Pilot during the Meet-the-Experts night at BrainShare. CACE Technologies ( is expected to release Pilot on March 31st! Keep an eye out for it. Check out the entire Sharkfest schedule at the CACE Technologies site when you get a chance.

One of the myriad of boxes in the office held the 'shark shaped shirts' (glad I did not have a rum and coke before trying to say that). These shirts are a bit freaky, if you ask me. They are compressed and squeezed into the shape of a shark. Although everyone assures me that a slight bump on the box will not cause sudden decompression and the boxes will not expload with shirts and fill up all the breathing room around... I am staying away from those boxes!

So... as I sit here gazing out the window at a 70-degree plus day, I find myself putting together the schedule for the coming week in the lab:
  1. Finalize my Sharkfest presentations (one session has a last-minute enhancement)
  2. Do the final review of the Wireshark Certification Test question bank
  3. Upgrade my old Windows 2003 servers to Windows 2008 servers
  4. Perform daily updates to my Pilot Beta software and give it a good workout
  5. Organize all the business cards and contacts received during BrainShare
  6. Review, clean and release some of the trace files gathered last week
  7. Finish up and turn in Microsoft project "R"
  8. Record at least three hours of the new NetScanTools course (coming soon)

Yup - the week will be busy and filled with exciting new projects and opportunities. Before I head into my lab and immerse myself in packets (especially those 'ICMP Communication Administratively Prohibited' packets), however, I will catch a few moments in the sun to ward off a florescent-light pallor...


Wednesday, March 19, 2008

BrainShare Highlights

It’s Wednesday and we’re exhausted from the non-stop activity this year at BrainShare. The sponsor party last night seemed to fit the audience - the theme was World of Warcraft, but there were Halo characters (Master Sergeant) and many Wii systems set up in the various booths. Only a few more months until WiiFit comes out - wonder if that would be welcomed as warmly as Wii bowling...?

After the vendor party, we joined NetVision upstairs in the Port o’ Call to "bust a move"! Only one person fell on the dance floor (and it wasn’t me!) - a definite improvement over past years. Amazing how much my feet hurt early in the evening, but as the evening unfolded I couldn’t even feel my feet.

This afternoon we hit the OpenAudio booth to record a conversation recapping some of my sessions and talking a bit about Thursday’s scheduled videocast at the Meet the Experts event. I will be giving away the hidden secrets in the Laura’s Lab Kit during that session and talk about other cool tools related to troubleshooting and security. The OpenAudio booth was swelteringly hot inside, but the recording was (as always) a hoot! This time Brenda joined us for the taping - tomorrow she will be recording on her own... next thing you know, she’ll be taking over my sessions. See
for more information.

Speaking of sessions - head over to the FIN BIT page at
to get the slides from the four BrainShare presentations.

Again, Novell gave me access to the double conference room and had tables and power strips setup up for the BYOL (Bring Your Own Laptop) sessions. It is a great configuration for conferences.

For those of you who are not at the show, don’t forget to download the new Laura’s Lab Kit v9 from
The ISO image is 3.3 GB, so start the download and go have a good lunch or dinner... That is also where you will find the latest animated articles.

Now it’s time to catch up with a few hundred emails that are overflowing my inbox! Must... hang... in... there... must... stay... awake...