Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at

Tuesday, September 23, 2008

Pimping Podcasts and Packets

Well... with a title like that you just have to read this, don't ya?

Ok... there are really two subjects here - one is pimping podcasts and the other is packets, but they came together this evening with a new podcast series I am developing and a quick analysis of some podcasting traffic.

Pimping podcasts? This title came to mind as I searched for some lead-in/closing music for the upcoming podcast series. After searching for royalty-free music for a bit, I found a little ditty that turned my head (including my ears). The music was described as "70's, pimp-stylin, funkin', porn music. If prostitution is a victimless crime, then where's my wallet?"

I HAD to listen to this music!

Sure enough - this was some seriously funky music - it dripped of sexual innuendo with loads of wawawa slipping through dadum dadum with a funk beat - this could have been background music for Shaft! I could honestly imagine myself following that attitude-adjusting swank with a serious conversation about the If-Modified-Since HTTP header field! What a mood setter!

Note: We'll cover the importance of that header field in the upcoming Summit 08 ( when analyzing web browsing traffic.

So what do packets have to do with this? Well... since I was on the topic of podcasting, I thought I'd check out the traffic rate of the recent podcast I did with Ron Nutter's Help Desk Toolchest over at Network World ( - I found that the podcast MP3 file was 31,640,580 bytes and downloaded in just over 30 seconds at an average rate of 8.77 Mbit/s. This was waaaaay bigger than the Internet radio trace I'd taken a while back when studying streaming methods and bandwidth usage. Ron's podcast runs for 65 minutes and 55 seconds. When there I injected traffic into the network to cause packet loss and higher latency, I didn't notice it at all.

Tomorrow I should finish my analysis of Spore's network traffic and have the signatures to spot and eradicate that little primordial slime off the network (oh, sure... play it at home all you want!).

Don't forget - register for the Summit by September 30th for the Early Bird Special!

Friday, September 19, 2008

Where the *(@#$# Have I Been?

It's been ages since my last post - so where on Earth have I been (assuming I've been on Earth, of course). Good question...

I've been halfway around the world in Canberra, Australia (snoooooooze) and assorted places in the US. Mostly, however, I have been buried in the deep, dark and exotic... lab! Playing around with the VoIP analysis functions in Wireshark, cool enhancements in NetScanTools Pro and wireless views in Pilot. I'm also enjoying playing with systems that have been left naked and exposed on the Internet (eek!) - analyzing the methods used to compromise those systems.

I've also been writing a series of articles on topics ranging from "Optimize Your Network Regardless of IT Budget Cuts" ( to "Getting More Pool Time (aka Graphing Wireless Network Behavior with Pilot™)" ( and "Enhancing Windows® XP Performance with RFC 1323" (also and a few podcasts with my friend Ron Nutter were we discussed DNS security faults, strange traffic on the network (check out the live analysis results of going to - yucko!), and Microsoft's TCP enhancements in Vista/Server 2008 (all three to air at

Most excitingly, however, I've been working on the Student Manuals for the Summit (Network Analysis and Network Forensics Training) that takes place November 4-5 ( - I extended the Early Bird registration price until September 30th because of the hardships caused by Ike and the roller coaster ride we call the Stock Market.

Over the next two weeks I'll be releasing some of the lab information for the Summit - giving you a taste of the hands-on labs that we'll tackle together. Oh, yeah... we'll definitely do some VoIP playback and work in the wireless world! Join us for accelerated analysis/forensics training at the Summit.

Better go - it's 5:30pm and I have a few more hours-worth of trace files I want to review this evening! Yippie!