Bag Lady of TechEd...

Those quizzical looks said "don't you have a hotel room?" After dragging around a suitcase of toys (uh, er... I mean 'tools') during TechEd, I really appreciate the guy/gal who invented roller bags. The lunch session today - while only 45 minutes long - finally offered me a chance to unload the bag and share some of my favorite tools. From the hot graping tool, Pilot, to NetScanTools (my key reconnaissance/traceback tool) and the infamous SumoBots, Ironkey, the self-destructing USB stick and the Phantom Keystroker that plagued some of the CommNet stations at various points during the network - the 45-minute sessions was a 'spewfest' of fun.


If you'd like to see the list of some of my favorite tools, check out www.wiresharkU.com/tools - if there are tools I should add, send an email to tools@wiresharkU.com.

This week I also created a page with some information and product discount codes over at www.wiresharkU.com/teched. Even if you didn't go to the show, grab the discount codes for AirPcap, NetScanTools, Pilot and the Wireshark University Courses - watch the expiration dates - don't miss your chance to save some money on these hot items.

So what about that Thursday panel? Seated between Steve Riley and Mark Russinovich - the same seating arrangement we had in Barcelona, I knew it would be a hoot. Mark Minasi and Marcus Murray rounded out the geekfest at the front of the room. Without any introductions or scripting, it was a great opportunity to just chat about the issues - unbeknownst to the audience, we rarely all get together in the same room and the same time. When we do... you have five Type A personalities butting heads and trying to one-up each other's stories... and what stories they are!

Now... it's time to relax in the hotel room - I'm totally wiped out from four breakout sessions, a panel, a lunch session, four 'fishbowl' recordings and one TechNet Edge recording (oh, yeah... and some late nights out at the hotel pool and an evening of non-stop walking around Universal Studios).

Off to the HP TechForum conference in Las Vegas - with a pre-conference training session Monday and several sessions Tuesday, it will be a busy week. After that, however, I am thrilled to enjoy the summer with minimal travel. That will give me lots of time to play with new toys and tracefiles. Wheee!

Laura

Smack That ###!

Now before you begin to get all hot and bothered by the title of this splog ("spewed blog") - let me put this in context.

Brenda and I are on an American Airlines flight from SJC to DFW (if you travel much, you'll know the acronyms - if you don't who cares - just take it that we're on a plane). We were thrilled to have been upgraded and shuffled everyone around in first class so we could sit next to each other. I have loads of prep work that I still want to get done before TechEd starts tomorrow. (In truth, we've been cracking up while devising some very juvenile interview questions for our filming this week).

I've just plugged in my AirPcap adapters and set them for scanning mode - I want to know if the flight attendant speech about "please turn off your wireless cards or if your electronic device supports airplane mode, please use that" actually works. And after all - what's the point? Really?

I've talked to tons of pilots who say the whole wireless and cellular on planes is a bunch of hooey (pilot terminology). As Brenda and I hunch over the computer cracking up at the SSIDs flashing across the screen... my heart nearly stops...

"WHAT'S THAT!?" echoes through the entire plane at a decible level that rivals the Rolls Royce engines and makes my teeth ache. Holy shrieks - what was that?

"GIMME IT!" another shriek as my ears begin to bleed and both the parties in row 4 (the ones with hearing aids) keel over (there's just enough room in first class to actually keel over - if this had happened in 'economy class' no one would know until unloading time - you'd just look like you were taking a snoozer while propped up against the seat in front of you - lack of drooling would have been a clue, however).

With the 'Stare of Death' that my kids have feared since birth, I looked across to the nightmare sitting in 6B - with my eyes I try to send a signal of 'you should not be on this plane - and potentially, you should never breed'. I turn to Brenda with a simple question - "Why don't I hear any slapping?"
You see - I'm not wasting my 'Stare of Death' on the little boy who has the lung power to rival Pavarotti (before he died, of course) - the stare is for the mother who is oblivious to her son's inappropriate shrieking - hmmm.... perhaps the woman is deaf? If not, she will be soon. Hmmm.... are those earplugs in her ears? Really! This is a pet peeve of mine - parents who don't teach their kids manners until the kids reach the ripe old (too old for teaching manners) age of 13 or so.

What's wrong with saying to little Jimmy, "no, sweetie - we don't stand on the table at restaurants" or "no, honey, we don't give the cat a haircut using a butcher knife"? Geez - can't you get that kid a video game to play - laptops are cheap - get him Grand Theft Auto - that' oughta hold his attention - especially if his favorite color is red.

So... back to the wireless traffic - here's a list of the SSID's being requested by the various laptops on this flight (notice the lack of querying for WSU? I listen to those aero-cops big time now with the recent Call-Ahead-to-have-a-Passenger-Arrested-if-They-Don't-Wait-for-the-Beverage-Cart-to-Pass-Before-You-Want-to-Go-to-the-Bathroom law.

ARC-WLAN
Bernards-Inn
ATLWifi
GlobalSuite Wireless
GoldenTree
GreatBearCoffee
GuestGuestAccess
HHonors402
IRDWlan
InternetIvy Room - (97)
JPLGuest
InternetLodgeNet
Regents Park
SKYHARBOR PUBLIC
Sheraton_WIFI
Space Park #1
TAA-WiFi-Hotspot
WACWIFI
Wayport_Access
Wayport_Meeting
Westin-Aruba (this is just wrong - in Aruba hitting the wireless?)
admiralsclub
amonien
attwifi
belkin54g
bytelynkc
SBConTWLAN
concourse
hhonors
holidayinn
ibahn
linksys
nasaguest
npwireless.com
omni
picctxsur
roomlinx
stayonline
surfamily
syslink8
tmobile
westinsf
workgroup

After a bathroom break (I'll talk about the Coffe-Pack-in-the-Bathroom-Issue in another splog), I asked the flight attendants who were up in the front galley hiding away from the noise... "What's the deal with wireless communications on the plane? What happens if a laptop is turned on with wireless enabled?" In tandem, as if they'd practiced this response one thousand times (hmmm... mind-control training of flight attendants - that explains a LOT!) they synced "It interferes with the instrument panel!" I did mention that we must have lots of laptops on this plane with their wireless turned on - "How come we aren't plummeting to the ground by now?" Ok... wrong question. It took a bit of time to ensure them I wasn't interested in parking the plane over a corn field and I finally snuck back to my seat.

I reviewed the results of my wireless scan - systems desparately seeking 45 different SSIDs! Whoa! Doesn't anyone care about the dangers of wireless transmissions on the plane? Hey folks - our plane's instrument panel is probably popping outta the dash the and pilots are using hand-signals before turning! YOU'RE RISKING MY LIFE HERE, BUBBA! I feel like doing a 'puter smack-down of the systems on the plane, but feel that is likely to land me in Club Fed long before I'm ready... I sit down and pick up some SMB2 specs to review...

Now considering that TechEd starts tomorrow and we're on a flight from the Silicon Valley - I'm quite certain some of these yapping systems are headed for the conference center. It's kind of like meeting people ahead of time. When we get there, we'll check for some of the same SSID requests and who knows... we might find we're surrounded by friends before the conference even starts.

Uh oh... gotta go - landing time "Please turn off and stow all electronic devices..." Hmm.... maybe it would be interesting to see if people turn off their laptops during landing...

Laura
p.s. Visit the new www.wiresharkU.com/tools.html page! Enjoy!

Homework Interferes with World of Warcraft!

No, no, kids... put those schoolbooks away. Right now! I mean it! <... putting on my best Mom-is-in-charge-here look, crossing my arms and tapping my foot impatiently...> The looks on their faces question my sanity... nothing new.

TIME TO CAPTURE PACKETS, KIDS!

Cheers all around! Papers and books are shoved into backpacks at a frenzied pace. The bags are tossed unceremoniously into the corner of the room - making way for a much more important project - capturing network traffic! Ok, ok... my kids sound a bit strange... but this is a project they've waited for. The day had finally arrived.

In preparation for TechEd 2008, I wanted to pull together new trace files for...

MMORPGPCA (Massive Multiplayer Online Role-Playing Game Packet Capture and Analysis!)

Most of the games were pre-installed on the lab systems. All I needed were players... hmm... now where would I find fanatical players who would generate the much-needed traffic showing character creation, acquisition of quests, travel through surreal worlds to slash nightstalkers, destroy or tame ravagers, dual with other loyal Alliance members, pzwn noobs, kill the dreaded Horde and obtain mystical skills to use in a constant quest to level up?

Yes! This must be why I had kids! [In the olden days of IPX-based game analysis, I gathered a group of 'professional game players' in my garage and found the experience very frustrating... these folks didn't take direction well - my trace files were a mess of processes that took me hours to sort out - not to mention the bankroll I blew on candy bars and the unique aroma that made me seriously regret I'd removed the automatic garage door system and didn't install a window for ventilation!]

On today's plate:

- World of Warcraft
- GuildWars
- Team Fortress
- AdventureQuest

My goal - identify the transport methods, static ports (if any), related DNS queries, bandwidth usage and any game signatures. How could a network analyst detect this traffic and, if desired, how could an IT professional block it?

This family-based lab exercise (which lasted well past bedtime to the delight of my kids) yielded almost 100 trace files showing all aspects of game play - information I'll show next month at TechEd (Session SEC356: Analyzing Questionable Traffic) and include in the hands-on labs in my preconference seminar at HP TechForum - both taking place.

"Family Night" has evolved!

Laura

Wireless Electricity? It's Coming!

Coming home to San Jose was a welcome change after the drizzly cold depressing world known as Microsoft... uh, er, I mean Redmond, Washington . Having grown up in San Francisco, California and living without sunshine the majority of the year, I revel in the sunshine that we have in San Jose, California. This weekend the temperatures topped out around 90° and we had a slight breeze-perfect weather! When the weather drops below 70° we whine an moan about the cold. Yes, we Californians are a spoiled lot!

Things were little too hot in many areas of the country as American Airlines grounded some 3,000 flights last week. I was lucky. I was on code share flight with Alaska Airline. Of course, my Alaska Airline flight didn't take off on time (out of the last 10 round-trip flights Alaska Airlines, my flights have been delayed 8 times - they are a pretty mellow bunch). But hey, I was just happy that the plane took off within a couple of hours of the scheduled departure time and I didn't have to put up with the nasty stench of burning wires on the flight.

On Friday evening, I received an e-mail from Dan Garton, American Airlines' Executive Vice President of Marketing. Dan referred to me as "one of our most valued customers" in his apologetic e-mail addressing the grounding of the DC 80 planes. Considering that I have now almost reached my 3,000,000 mile mark with American Airlines, it's a miracle that I didn't have an AA flight schedule for last week. It sure seemed strange to me that the e-mail apology was sent from American Airlines VP of marketing. Don't you think it would been better to send the e-mail from the CEO, Gerard Arpey? Hmmm...

"The work being done now centers on a need to change the way in which American complied with the Airworthiness Directive (AD) regarding such items as the spacing of the ties on the wiring bundles and the direction of the retention clips and lacing cords. We are highly confident that this is not a safety of flight issue because the wire bundle is secure. It is a matter of how the work was done, not whether aircraft were protected from the threat of wire exposure and chafing that could cause fire."

Perhaps this whole world of a wired technology is passé. Maybe it's time to take a look over at MIT and check out the "WiTricity" project (http://web.mit.edu/newsoffice/2007/wireless-0607.html). These folks have it right. Wireless electricity! Take a bit further and imagine having roaming wireless electricity. As you cruise through the airport, your laptop would connect to various wireless electricity taps in charge itself to 100%. Considering the number of times I've plugged my computer into a power strip and then forgot to turn on th power strip - this could be very handy technology! Another plus would be the removal of the dreaded "power cord to the podium" that I've tripped over numerous times... the comedic fall that I've taken so many times would be missing from my presentations, but it's the price we pay for keeping up with technology.

So, back to the Redmond trip. On June 9, the week of TechEd, I'll be able to explain why I've been spending time in Redmond. I'll be arriving at the TechEd conference on a red-eye flight from Redmond that gets me into Orlando around 6:30 a.m. on June 10th. Mark Penaroza, the Security Track Manager, was nice enough to book me in afternoon sessions that Tuesday. As long as American Airlines doesn't ground their fleet that week, I should get there in plenty of time to present. (Crossing my fingers and wires!)

Now back to working on the Wireshark University certification test... we're almost there!

Laura