Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at

Tuesday, January 19, 2010

Haiti: High and Low Tech Rescue

It's heartbreaking to see the loss of life in Haiti right now, especially the children. One image from haunts me – a 1 month old child held in the arms of a rescuer (image #12 at

Cellular communications has had a tremendous role in this disaster – from victims text messaging for assistance to families finding each other. It underscores the importance of shoring up cellular networks in preparation for

Google updated their satellite imagery to show amazing before and after images of the devastation - Click on one of the images to zoom in as close as you can.

At, image #32 at displays SearchCam, a victim location device that offers tremendous ability in looking in confined spaces. You can watch a video about SearchCam technology at

The other impressive group in these disasters is always the canine units: Irish and Spanish rescuers, Germany’s International Search and Rescue (ISAR) group, Canadian Search and Disaster Dog Association, California's National
Disaster Search Dog Foundation (SDF), and many others.

These dogs react differently to survivors and victims – if a survivor is found, the dogs bark loudly; if a victim is found, they scratch at the rubble. For all of our high technology, they still amaze us. Nearly 70 hours after the quake, Hunter (a Border Collie from SDF) found two young girls trapped under 4 feet of concrete.

Our thanks to the many military, civilian and canine heroes helping the victims and families who have been devastated by this quake.

Please donate to your favorite relief charity today.


Wednesday, January 13, 2010

Google vs. China

Posted: 2010-01-13 09:19:54
Call for Case Studies at left!

In essence, Google discovered a security breach with the following
  • the attack was not just against Google - at least 20 other large
    companies worldwide have been targeted
  • the target appeared to be Gmail accounts of Chinese human rights
  • other Gmail accounts of human rights activists have been breached

Imagine if Google decides to pull because of the human rights
violations persistently perpetrated by the Chinese government! Whoa!

For a while now I've been saying... the only way to run a secure network in China
is to... not run a network in China.

The Chinese government has their paws over every bit of data at their whim. If
you are a Chinese dissident, they are listening. If you are a foreign company with
intellectual property (IP) to steal, they are listening.

I applaud Richard Bejtlich at for focusing on China
(read his October 22, 2009 blog and follow him religiously) and loved his
prediction of a cloud-based security incident. Did you read my "cloud concerns"
article at as well?

So -- is your company gong to jump to cloud computing? Are you going to open
up that China office and try to set up a 'secure connection to the US?' (best of
luck there - just wait for the knock on your door asking you to install a tap for
government snooping).

The Chinese government is totally out of control. It will be interesting to see the
details emerge. I am certain the CG will respond with some shrug and a sly grin.
They realize the value and economical nature of cyber-espionage and they don't
give a damn who they step on.

Ok... yeah - this hit a nerve.

Have you looked at your traffic today?

The image above shows the traffic to/from a host in our lab that was hacked.
Notice the interesting target? Have you set up GeoIP in Wireshark yet?

C'mon - check out the setup/use video over at
to-Track-IP-Address-Locations-in-Wireshark-video.aspx - use Firefox as your
default browser to save yourself some troublshooting time.

(GeoIP was the topic of the last Wireshark Weekly Tip - sign up at www. to get an email each week with a new tip.)

Ok... now to go throw out some "Made in China" junk around here!

Enjoy life one bit at a time!

p.s. Thanks to everyone who is submitting case studies for the book! I am
reviewing them, categorizing them, responding with questions (if I have some)
and moving right along in reading them - some really great ones! I'm also
interested in those 'newbie tips' so keep 'em coming in - see the link at left to
submit your case study!

Wednesday, January 6, 2010

Birthing a Book...

I'm getting down to the final writing and editing process before release of the
"Wireshark Network Analysis" book (the name is still being debated)... low on
sleep... high on ideas...

In my experience, there are two ways to write a book – “carve it” or “birth it.”

When you carve a book, you start with a large piece of granite and painstakingly
shape each part of the book through laborious research on topics you do not
deal with on a daily basis, but you must cover in the tome. The chisel you use is
the size of a toothpick and at times it feels just as fragile against the cold,
unfeeling slab of rock you have decided to mold.

Birthing a book is easier than birthing a human child...

When you birth a book, the entire book is formulating in your head – the table of
contents is taking shape, the tone and depth is coming into focus until… plop!
There it is! You just need to get it out of your head in a clear and concise manner,
get it formatted, proofread and bundled in a warm blanket to show to the world.
The "Wireshark Network Analysis" book has been written by the "birthing"

In essence, I was in labor for 20 years – and yes, damn it, I’d
like a bit of sympathy!

Twenty years ago I presented a session on ARCnet communications to a group
of peer instructors. I delved into the idea of packet structure and the mythical
belief at that time that everyone cared. Somehow though, I related the ARCnet
networking rules and limitations to Sister Gerald, the militant no-nonsense head
of discipline at my Catholic boarding school… and I got a few laughs.

Imagine that… networking can be funny!

(BTW... my spell checker is freaking out over the word "ARCnet"! Ha ha...)

Now – before you think I’m going to mention any of the nuns, my techno-
challenged father, my WoW-addicted son (go Alliance!), my iPhone toting
daughter (who I hope will grow up and make iTunes a less pathetic application)
and my Pavlovian response to a trace file filled with hideous communications
issues and delicious security flaws – this book is not a breezy stroll through the
world of packets.

This book is packed with basic through advanced techniques, tips and tricks to
analyze a variety of network types. It is designed to get you from point A to point Z
(or perhaps I should say point 0x00 to point 0xFF) as fast as possible with a
solid understanding of the processes, protocols, and putrid things that occur
under our noses (or under our feet).

If you don’t have Wireshark loaded on every computer within reach, stop now!

Wireshark is the best girlfriend/boyfriend, wife/husband, mother/father,
sister/brother, dog/cat or lover you have ever had.

* Who is always there to listen to you with a patient and understanding
silence when you are crying in your latte because the users keep
complaining about network performance? Wireshark.

* Who never threatens to fire you if you don’t get those file transfers to occur
at ‘acceptable speeds’ before lunch today? Wireshark.

* Who smiles and sits around all day long just waiting for the moment you
say “I need help”? Wireshark.

That’s right.

So… it’s time to elevate Wireshark from “network wallflower” to network
powerhouse. It’s time to roll up your sleeves(1), get rid of the training wheels, put
on your helmet and reflective gear, tell everyone to get the hell out of your way, get
on that bike – and ride!

By the way – you have no idea how difficult it was to refrain from adding humor
(or at least what I call humor) to this book. It crept in at various points – some I
left in (nestled inside tips throughout the book). Most humorous comments I
simply moved aside for a later book that might focus on the funny side of packet
analysis. I’ll have to wait – that one isn’t even in the early gestational period yet.

Happy New Year to all.

Enjoy life one bit at a time!

(1) I recently heard a talk show host state that "In difficult times, there are those
who throw up their hands and others who roll up their sleeves"... I am likely the