Six Wireshark Network Analysis Video Supplements are Ready!

Coffee and a Quickie offers a quick glimpse at some of the topics discussed in the Wireshark Network Analysis book.Yesterday I added another video focusing on using pre-made profile elements. The videos are all over at www.wiresharkbook.com/coffee.

The book is now on Amazon - they are ramping up stock, so be patient!

Conference Season Heating Up
We're working on calendars this week as the conference abstract and presentation deadlines loom. So far, I am planning on being at the following conferences:

• Microsoft TechEd
• Sharkfest 2010
• HP TechForum (preshow seminar)
• HTCIA International

We are looking at running some Wireshark Bootcamps. These will be 3-day intense Wireshark hands-on courses focused on the objectives defined for the Wireshark Certified Network Analyst exam. The objectives are listed at the front of each chapter of the Wireshark Network Analysis book.

Don't Forget - there are lots of resources over at the www.wiresharkbook.com website - don't forget to download the trace files and other supplements.

Enjoy life... one bit at a time.

Laura

Wireshark Network Analysis has Left the Building

What shall I do with myself this morning? Hmmm... I already cleaned off my desk of all remnants of the book writing/editing process. I drafted up the book website (that will be home to the trace files and book supplements).Instinctively I launch Wireshark - heading out to get the latest development release at www.wireshark.org/download/automated/. Ooooh... we're now on version 1.3.4 SVN (subversion) 32095.

Wireshark was a moving target while I wrote the book and we're releasing the book with features you won't even see if you don't load the development version or wait until v1.4 comes out.

I've been examining each feature and working on descriptions and scenarios to depict the out-of-order packets (which are sometimes retransmissions), retransmissions vs. fast retransmissions, duplicate ACKs (and what triggers them)

• HTTPS decryption methods including the long and error prone key entry in the preferences section and the best TCP preference settings to view and filter on the SSL/TLS handshake
• step-by-step procedures for application analysis methods to determine if an application affected network browsing performance (I analyzed Aptimize Website Accelerator running on Microsoft's Sharepoint website) - graphing methods to illustrate the effect of this tuning product
• building a table to show WLAN capture options - when do you want promiscuous mode enabled/disabled and what can you "see" without monitor mode capability
• diagramming networks with NAT/PAT devices, firewalls, layer 2 switches, MPLS configurations and more - all in an effort to explain how these devices affect the traffic
• maintaining my new feature checklist to ensure I covered the new Packet List pane, fabulous load times, ignore packets feature, Apply as Column feature, etc.
• keeping a master list of all the hot capture, display and color filters I've built to catch and vividly show the traffic that really explains what's going on
• inventorying all the book trace files that are referenced in the Practice What You've Learned section of each chapter - that was an undertaking!

It's been a lot of work - puff, puff - but strangely enticing. Each morning I had a list of features I would focus on that day. Each day I was able to marvel at Wireshark's capabilities. Each day I created charts and graphs of amazing network problems.

Oh... gotta go... that new development version of Wireshark is calling!

Laura

Birthing a Book...

I'm getting down to the final writing and editing process before release of the
"Wireshark Network Analysis" book (the name is still being debated)... low on
sleep... high on ideas...

In my experience, there are two ways to write a book – “carve it” or “birth it.”

When you carve a book, you start with a large piece of granite and painstakingly
shape each part of the book through laborious research on topics you do not
deal with on a daily basis, but you must cover in the tome. The chisel you use is
the size of a toothpick and at times it feels just as fragile against the cold,
unfeeling slab of rock you have decided to mold.

Birthing a book is easier than birthing a human child...

When you birth a book, the entire book is formulating in your head – the table of
contents is taking shape, the tone and depth is coming into focus until… plop!
There it is! You just need to get it out of your head in a clear and concise manner,
get it formatted, proofread and bundled in a warm blanket to show to the world.
The "Wireshark Network Analysis" book has been written by the "birthing"
method.

In essence, I was in labor for 20 years – and yes, damn it, I’d
like a bit of sympathy!

Twenty years ago I presented a session on ARCnet communications to a group
of peer instructors. I delved into the idea of packet structure and the mythical
belief at that time that everyone cared. Somehow though, I related the ARCnet
networking rules and limitations to Sister Gerald, the militant no-nonsense head
of discipline at my Catholic boarding school… and I got a few laughs.

Imagine that… networking can be funny!

(BTW... my spell checker is freaking out over the word "ARCnet"! Ha ha...)

Now – before you think I’m going to mention any of the nuns, my techno-
challenged father, my WoW-addicted son (go Alliance!), my iPhone toting
daughter (who I hope will grow up and make iTunes a less pathetic application)
and my Pavlovian response to a trace file filled with hideous communications
issues and delicious security flaws – this book is not a breezy stroll through the
world of packets.

This book is packed with basic through advanced techniques, tips and tricks to
analyze a variety of network types. It is designed to get you from point A to point Z
(or perhaps I should say point 0x00 to point 0xFF) as fast as possible with a
solid understanding of the processes, protocols, and putrid things that occur
under our noses (or under our feet).

If you don’t have Wireshark loaded on every computer within reach, stop now!

Wireshark is the best girlfriend/boyfriend, wife/husband, mother/father,
sister/brother, dog/cat or lover you have ever had.

* Who is always there to listen to you with a patient and understanding
silence when you are crying in your latte because the users keep
complaining about network performance? Wireshark.


* Who never threatens to fire you if you don’t get those file transfers to occur
at ‘acceptable speeds’ before lunch today? Wireshark.


* Who smiles and sits around all day long just waiting for the moment you
say “I need help”? Wireshark.


That’s right.

So… it’s time to elevate Wireshark from “network wallflower” to network
powerhouse. It’s time to roll up your sleeves(1), get rid of the training wheels, put
on your helmet and reflective gear, tell everyone to get the hell out of your way, get
on that bike – and ride!

By the way – you have no idea how difficult it was to refrain from adding humor
(or at least what I call humor) to this book. It crept in at various points – some I
left in (nestled inside tips throughout the book). Most humorous comments I
simply moved aside for a later book that might focus on the funny side of packet
analysis. I’ll have to wait – that one isn’t even in the early gestational period yet.

Happy New Year to all.

Enjoy life one bit at a time!
Laura

(1) I recently heard a talk show host state that "In difficult times, there are those
who throw up their hands and others who roll up their sleeves"... I am likely the
latter.