Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at

Tuesday, May 27, 2008

Homework Interferes with World of Warcraft!

No, no, kids... put those schoolbooks away. Right now! I mean it! <... putting on my best Mom-is-in-charge-here look, crossing my arms and tapping my foot impatiently...> The looks on their faces question my sanity... nothing new.


Cheers all around! Papers and books are shoved into backpacks at a frenzied pace. The bags are tossed unceremoniously into the corner of the room - making way for a much more important project - capturing network traffic! Ok, ok... my kids sound a bit strange... but this is a project they've waited for. The day had finally arrived.

In preparation for TechEd 2008, I wanted to pull together new trace files for...

MMORPGPCA (Massive Multiplayer Online Role-Playing Game Packet Capture and Analysis!)

Most of the games were pre-installed on the lab systems. All I needed were players... hmm... now where would I find fanatical players who would generate the much-needed traffic showing character creation, acquisition of quests, travel through surreal worlds to slash nightstalkers, destroy or tame ravagers, dual with other loyal Alliance members, pzwn noobs, kill the dreaded Horde and obtain mystical skills to use in a constant quest to level up?

Yes! This must be why I had kids!
[In the olden days of IPX-based game analysis, I gathered a group of 'professional game players' in my garage and found the experience very frustrating... these folks didn't take direction well - my trace files were a mess of processes that took me hours to sort out - not to mention the bankroll I blew on candy bars and the unique aroma that made me seriously regret I'd removed the automatic garage door system and didn't install a window for ventilation!]

On today's plate:

- World of Warcraft
- GuildWars
- Team Fortress
- AdventureQuest

My goal - identify the transport methods, static ports (if any), related DNS queries, bandwidth usage and any game signatures. How could a network analyst detect this traffic and, if desired, how could an IT professional block it?

This family-based lab exercise (which lasted well past bedtime to the delight of my kids) yielded almost 100 trace files showing all aspects of game play - information I'll show next month at TechEd (Session SEC356: Analyzing Questionable Traffic) and include in the hands-on labs in my preconference seminar at HP TechForum - both taking place.

"Family Night" has evolved!


Thursday, May 8, 2008

Spitting Bits....

The office is wild these days!

It's like Christmas - a geek Christmas! The myriad of multi-sized boxes piled around my desk are calling me... "don't write that blog... open me!" "No! Open me first!" "Hey - I was here first!" Can't you just hear them?

The boxes are filled with products that range from the absolute necessities (such as the USB version of NetScanTools) to the absurd (8-Bit Dynamic Life shirt set - that includes a transmitter for folks who have no friends)!

Why the *(#$*$#@%! do we have all these new products rolling in? Well - it's simple - BitSpitters!

Taking the advice of our buddy Wil and numerous folks who told us to "go viral," we took the leap!

The first four BitSpitters videos are online (see for the links and HTML code to embed on your site, which we'd love!). Alternately you can search YouTube for "bitspitters."

This is what I've learned from my initial foray into the world of viral videomaking:
  • I talk too much - YouTube's limitation of 10 minutes for the cheapo freebie account has to be first and foremost in my mind when I start recording. I really only want the videos to be between 1 and 3 minutes long. So far, the closest I've gotten to this lofty goal is 3:44. Maybe I can cut out the title and ending slides!
  • People want to be entertained more than educated - the humorous "Look Really Smarterest" is viewed twice as often as the straight-tech talks. That's ok since I think this techie stuff is pretty entertaining anyway - we're going to follow this trend and keep the BitSpitters videos light and lively.
  • Watching hit counts is addictive... within minutes of posting the first video I had a hit count of five. Not a big deal in the YouTube world, but fascinating to know some late-night insomiac was already viewing stuff I'd just recorded. (I could only hope they were properly dressed at that hour.)

The upcoming BitSpitters will be shorter (maybe I could cheat and do 'part 1' and 'part 2' videos) and hit some of the more humorous topics, such as:

  • How to Keylog Your Kids
  • Is Microsoft Unedumacated?
  • Secrets of Laura's Lab Kit v9
  • Macof Ate My Network!
  • Is Nessus Naked?
  • Is NetBIOS Ignorance Bliss?
  • Aliens and IPv6

If you have ideas for future BitSpitters episodes, send them to me at Watch for the announcement regarding Binary Balloons as well... he he he...

Time to put my headset on and spew!