Spitting Bits....

The office is wild these days!

It's like Christmas - a geek Christmas! The myriad of multi-sized boxes piled around my desk are calling me... "don't write that blog... open me!" "No! Open me first!" "Hey - I was here first!" Can't you just hear them?

The boxes are filled with products that range from the absolute necessities (such as the USB version of NetScanTools) to the absurd (8-Bit Dynamic Life shirt set - that includes a transmitter for folks who have no friends)!

Why the *(#$*$#@%! do we have all these new products rolling in? Well - it's simple - BitSpitters!

Taking the advice of our buddy Wil and numerous folks who told us to "go viral," we took the leap!

The first four BitSpitters videos are online (see www.wiresharkU.com/bitspitters.html for the links and HTML code to embed on your site, which we'd love!). Alternately you can search YouTube for "bitspitters."

This is what I've learned from my initial foray into the world of viral videomaking:

• I talk too much - YouTube's limitation of 10 minutes for the cheapo freebie account has to be first and foremost in my mind when I start recording. I really only want the videos to be between 1 and 3 minutes long. So far, the closest I've gotten to this lofty goal is 3:44. Maybe I can cut out the title and ending slides!
• People want to be entertained more than educated - the humorous "Look Really Smarterest" is viewed twice as often as the straight-tech talks. That's ok since I think this techie stuff is pretty entertaining anyway - we're going to follow this trend and keep the BitSpitters videos light and lively.
• Watching hit counts is addictive... within minutes of posting the first video I had a hit count of five. Not a big deal in the YouTube world, but fascinating to know some late-night insomiac was already viewing stuff I'd just recorded. (I could only hope they were properly dressed at that hour.)

The upcoming BitSpitters will be shorter (maybe I could cheat and do 'part 1' and 'part 2' videos) and hit some of the more humorous topics, such as:

• How to Keylog Your Kids
• Is Microsoft Unedumacated?
• Secrets of Laura's Lab Kit v9
• Macof Ate My Network!
• Is Nessus Naked?
• Is NetBIOS Ignorance Bliss?
• Aliens and IPv6

If you have ideas for future BitSpitters episodes, send them to me at lchappell@packet-level.com. Watch for the announcement regarding Binary Balloons as well... he he he...

Time to put my headset on and spew!

Laura
www.wiresharkU.com

Sharkfest Swims into History: Vint Cerf, Core Developers and New Products Rock the Show!

[warning - 'spew mode' is on... long blog...]

What an event...!

I'd planned to blog on Tuesday evening after the second day of Sharkfest, but I hit a serious case of brain-drain. In addition, my feet were demanding my attention (see "Ugly Shoe Syndrome" below).

I hate to gush too boldly about the event, but notice I have a bit of Sharkfest afterglow today... that twinkle in my eye, spring in my step (ok, ok... my feet periodically do remind me of the past three days of abuse) - heck, I almost caught myself singing the theme to jaws (one of the few tunes that I can actually muddle through).

I believe the key factors that made Sharkfest such a unique and successful conference were the laid-back campus atmosphere at Foothill College, the 'no suits' image of the attendees and presenters, the refreshing lack of marketing and sales 'pukes' in sight, the sponsoring companies who actually had hot products I want to own, the impressive list of attendees (how do you avoid getting flustered when presenting in front of the creators of Kismet, NMap and WinPcap and the core developers of Wireshark?), the creative and entertaining presenters and the other-worldly oration by luminary Vint Cerf. [My kids would like me to note that the oversized chocolate chip cookies I brought home were better than the tshirts they got from the last few conferences I spoke at...]

An Impressive Launch
Early on the first morning I settled into my seat at the keynote - honestly, I had no preconceived notion of the conference experience we were embarking on. Mike Kershaw (creator of Kismet) had already settled in and was playing around on his Nintendo DS. Gerald was nervously sipping his coffee while John Bruno (co-founder of CACE Technologies) paced about, waiting to start. Loris Degioanni and Gianluca Varenni (co-creators of WinPcap) alternately joked and bickered like an old married couple as they prepared for their moments in the keynote.

Mike leaned over just before the keynote started... pushing his DS under my nose pointing at the screen with a wicked gleam in his eye. (Oh geez... I am not a big video game fan... I won't know anything about the games except what I've learned of the Legend of Zelda from my kids....sigh)... but when I looked at the screen the only characters running around were related to the WiFi signals he was picking up with his ported version of Kismet! Now THAT I understand! Very cool!

I knew this wasn't going to be your typical conference...

As John Bruno acknowledged the many sponsors and Tim O'Neill who was instrumental in making Sharkfest happen by getting us some visibility and bringing in Vint Cerf for the Tuesday morning keynote, we all wished Tim could have been there to hear the applause (I know at least one person, Betty DuBois, called him during the keynote to fill him in on our sincere appreciation of his efforts!). Thanks so very much, Tim! You are a star!

The keynote took a unique turn as John set the framework for the next section - "Gerald, This is Your Life" - a story tying together the elements that would become a cohesive group of Wireshark, WinPcap, CACE Technologies and Wireshark University.

Gerald sprung up to the stage to begin... only to find that John had taken all Gerald's notes from the podium. Being a bit scattered with a diabolical sense of humor, one has to ponder whether this was an intentional ploy - it garnered laughs through the audience as John rapidly riffled through his papers to see if he could find Gerald's notes... forcing Gerald to hold is breath and sweat it out while praying the notes would be found soon. A collective sigh of relief could be heard when the notes were handed over - you could tell this audience respected Gerald and felt his pain for those few brief moments.

Gerald thanked the people who encouraged (and in some cases pushed) him to focus on Ethereal in the early days. He gave us all an inside view of his initial foray into creating Ethereal (and the importance of that barn in the early days - I, for one, am glad he fully explained that line item on his slide!) and segued into the current stats on Wireshark:

• 9+ years in development
• 600+ developers
• 6 hosting providers
• 3 domains
• 2 names
• 1 barn with livestock (it's a long story)
• 1.5 million lines of code
• 300,000 downloads per month
• 900+ protocols
• 1.0 revision released this week

Gerald brought up Loris Degioanni and Gianluca Varenni to the stage to give us the inside view on the development of WinPcap and their unique style of relating to each other. If they ever decide to give up the programming someday, they should consider stand-up comedy. What a pair! Gianluca's ever-present grin reminds you of that little boy who is always in trouble at school, but he's so darn endearing that you just can't send him off to juvenile hall... at least not yet. Loris' self-deprecating humor and quick wit balanced out the pair's ability to come across as two rabble-rousing kids from Italy who are having way too much fun and have inside jokes we'll never be privy to.

I had a few moments to recognize the phenomenal Wireshark University instructors and pester Gerald to tell the audience about one of the alternate names that were considered before "Wireshark" was chosen. EtherWeasel! Thankfully, Gerald followed the level-headed advice of his wife, Karen, and went with the Wireshark name. Thanks Karen! We all owe you one!

It was time to look to the future... Gerald brought Loris back up on stage to announce and demonstrate Pilot - CACE Technologies' graphing and reporting tool built around Wireshark! [Insert drooling images here, please...] Loris deftly manipulated a 100MB file - displaying throughput graphs and pulling out sections to send to Wireshark for further analysis. Control-clicking on multiple graphed elements and drilling down for more comparative detail, I could hardly contain myself. There are so many features in Pilot that I have dreamt about for many years. Finally, Loris entered some comments on one of the graphs, selected to export the graph and comments to PDF format and BING! Up came a report containing all the supporting graphs and verbiage depicting the findings in a clear, colorful manner that even a CEO could understand! All attendees received a DVD containing videos showing Pilot in action. [No price was stated, but the release date is just a few weeks away. Check http://www.cacetech.com/ for more details.]

The keynote concluded right on time (an unheard of feat these days) and we were off... ready to hit the sessions and charged up (with lots of coffee, sodas and candy bars) for the three days ahead.

A 'Who's Who" of Attendees
On Monday morning we arrived at campus at 6:00am to blow up Sharkfest balloons, hang banners, prepare the registration desk and open the speaker lounge (a room that was never used by speakers - all speakers hung out in the Campus Center - there was no separation between speakers and attendees - we were all there a collaborators, colleagues and partners).

During the registration process (which was, in itself, a unique process given the 'register by first name' process - ok, ok... last names next time), I caught myself staring at the folks coming up to the table - check out this impressive list of folks who strolled the campus this week:

• Joe Bardwell (packet guru; Connect 802)


• Gerald Combs (creator of Ethereal/Wireshark)


• Loris Degioanni (creator of WinPcap; creator of Pilot)


• Thomas D'Otreppe (creator of the Aircrack-NG suite)


• Jonathan Fairtlough (LA District Attorney's office)


• Scott Haugdahl (BitCricket; creator of PacketScrubber; former CTO WildPackets)


• Mike Kershaw (creator of Kismet)


• Fyodor, aka Gordon Lynn (creator of NMap)


• Mike Pennacchi (packet guru; Network Protocol Specialists)


• Gianluca Varenni (creator of WinPcap; creator of TurboCap)

and many more... all there for one reason - to support, enhance and share knowledge on Wireshark features, future and related technologies and products.

Wireshark University Instructors and ExecuTrain Group
This was the first time I've been in the same room with four of my five Wireshark Instructors as well as my ExecuTrain team that deals with the Wireshark bootcamp course. I know why I selected these folks to work with - the instructors are the best in the industry! Some were my competitors for years - they became my colleagues over the years and now I am fortunate to have them as my partners in the Wireshark University adventure!

• Betty DuBois (Certified Wireshark University Instructor)


• Tony Fortunato (Certified Wireshark University Instructor)


• Priscilla Oppenheimer (Certified Wireshark University Instructor)


• Phill Shade (Certified Wireshark University Instructor)


• Chris Bell (Certified Wireshark University Instructor) - absent sadly... someone's got to work!


• Tom Robinson (ExecuTrain/Next Step Learning Managing Director - Wireshark University)


• Dave Raab (ExecuTrain/Next Step Learning VP Sales - Wireshark University)

Every attendee got the latest version of the Laura's Lab Kit (v9) in their bags - if you didn't attend, download the ISO image (3.3GB) from www.novell.com/connectionmagazine/laurachappell.html when you have a lot of spare time.

Campus Center Hang-Out
The Campus Center was definitely the place to collaborate. At times you'd see a table of the impressive Wireshark core developers dotted with attendees who were soaking up the brilliance emitted from the creative minds surrounding them. Conversations would wander from war stories of beleaguered networks overloaded with BitTorrent traffic to newer functions added to Wireshark over the past several revs to "I have a dumber network user than you do" competitions.

Ugly Shoe Syndrome
On the first day I wore my conference-ready Aerosole heels... they look good and give me another couple inches in height. By the end of the first day I was hobbling around as my feet screamed at me to sit down. I couldn't - it just wasn't that type of atmosphere. There were too many people to locate for a chance to talk and several presentations to make (sans chair to rest upon). By day two, I'd switched into my loafers... I was noticeably shorter, but much happier... until the end of the day when my feet again reared their ugly little (actually big) soles and screamed bloody murder. On day three I could have been mistaken for one of the many gardeners working the grounds at Foothill. My heels and loafers had been replaced with my backyard shoes - the ones that have been left outside in the pouring rain and pounding sun. Ugly a sin, but comfy as... well almost as comfy as slippers.

Still in pedagony, I hobbled home at the end of Wireshark - thankful that it was a three-day conference. If it had gone on one more day I would have had to bring out the SpongeBob slippers (it's difficult to hide bright yellow sponges hanging off your feet). A fifth day at the conference would have required an extra power strip behind the podium as I would have stood in a foot spa at the front of the room.

Worshipping at the Church of Vint Cerf
Shortly after Vint Cerf took the stage, Gerald came over to me practically shaking with excitement - "Isn't this COOL!" He was bubbling over with the excitement of a 5-year old at Christmas. My mind immediately flashed on an image of Gerald as a 5-year old kid diving at the presents under the Christmas tree... a strange vision because the ecstatic kid was wearing his "Vint Cerf jammies" and hoping for a new compiler tool... oh, well... I digress...

Vint Cerf is a cross between Santa Claus and Arthur C. Clarke. With a brilliant, luminary mind that sees things others cannot fathom and a kind, humble manner, he would be the ideal grandfather! Many people may have grandfathers that twitter about imaginary concepts brought on by some form of dementia, but in this case those concepts have become or are becoming reality. Interplanetary communications? Geez... I'm still trying to figure out how to get rid of Vista's 'donut from hell' half the time. (See http://www.ipnsig.org/.)

Quick thinking on the part of the guys from LOVEMYTOOL - Tim O'Neill and Denny Miu - they videotaped Vint's speech - visit www.lovemytool.com/ to watch and feel inadequate, inconsequential, but inspired by this most eloquent, humble and visionary man! He gave us all the best Christmas present we could have - a globalized communication system.

One of the most heart-warming moments at the conference was when we watched Steve Karg's son approach Vint Cerf to say hello ("Mr. Cerf") and ask Vint shyly if Vint would sign his Strategy Guide. When Angela (from Wireshark University and a key player in coordinating the conference) asked the boy, "Do you know who Vint Cerf is?" he gave her an incredulous look and replied, "Of course! He's the Father of the Internet - didn't you Wikipedia him?" What a hoot! Perhaps Vint is the Grandfather of the Internet to him...

Mingling with the Core Developers
At several points during the conference I wandered over to the Developer Track training room... almost sneaking up on them as they mingled outside the room. Feeling like a kid trying to get close to a sports-star, I tried to just 'melt in' with the group - be one of them... but I wasn't. These folks have a bond that goes back many years - they are bound by their dedication to Wireshark and the open source vision. I must admit... in my head I'd pictured a few of them as unshaven, scraggly-looking misfits who were unaccustomed to natural sunlight. I was pleasantly surprised to find that they not only knew all about modern shower systems, but they had an effusive sense of humor that was exponentially amplified when you get a group of them together!

After all these years of reading the patient and insightful answers posted religiously by these folks, I finally got to catch them in person. Honestly, they are the reason we were all gathered there at Sharkfest - they took up the challenge to continue Gerald's quest.

• Sake Blok


• Anders Broman


• Stig Bjorlykke


• Mike Duigou


• Andrew Feren


• Stephen Fisher


• Guy Harris


• Steve Karg


• Jaap Keuter


• Tomas Kukosa


• Ulf Lamping


• Graeme Lunt


• Martin Mathieson


• Christopher Maynard


• Bill Meier


• Greg Morris


• Richard Sharpe


• Sebastien Tandel


• Michael Tuexen

There were many core developers who could not attend, but should be recognized. In Wireshark, select Help > About Wireshark > Authors to see how many folks have contributed to the resounding success of Wireshark over the years.

Back to Work...
I returned from Sharkfest energized with the contacts I made and excited about the future of Wireshark and Wireshark University. I returned from Sharkfest energized with the contacts I made and excited about the future of Wireshark and Wireshark University.

The past months have offered grueling work for Janice Spampinato, Nicole Martin and Angela Sherman - the three amigas who coordinated everything - balloons, banners, hotels, registration, food, on-campus services, track topics, presenters, welcome packs for presenters, show bags, sponsorships, and much, much more. With their angel, Tim O'Neill, providing encouragement, I think they pulled off one hell of a conference! Thank you so much for your perseverance!

As I sit here with my SpongeBob slippers soothing my feet through the recovery process, I find myself looking forward to future Sharkfest conferences. The future is bright... the sun is shining, the latency on my network is low and I haven't seen a single lost packet or duplicate ACK in over two minutes - ahhh.... life is good.

"Da dum... Da dum..."

Laura
http://www.wiresharku.com/

The "HackTool Virus" is Re-Released

Ah... it must be March. The frantic and outwardly snickering emails are flooding in - "did you know..." The excited caller exclaims, "Your Laura's Lab Kit has a virus on it! Really! I just put it in my drive and my virus detection software came up with a warning about the HackTool Virus! Another virus detection package says the DVD has a Hacker Tool virus as well. One of the applications, Cain and Abel, is infected!"




Note: The new Laura's Lab Kit v9 ISO image can be downloaded from:
http://www.novell.com/connectionmagazine/laurachappell.html

Ok, ok... before you get your iPod cables in a bunch, one vendor blew it by calling this the HackTool virus when they should have simply said you've got a hacker tool there, bubba. Let's quickly look at a description of the "Hacker Tool" designation from one of the VD (virus detection) vendors:

F-Secure's Description of "HackerTool"

Hacker Tool (generic description)
Hacker Tool is usually a standalone file. In many cases such tools are used by hackers to perform certain actions on a compromised computer, for example to crack passwords or to scan for vulnerable computers. It should be noted that such tools are sometimes used by system administrators.

Our corporate customers prefer hacker tools to be detected by F-Secure Anti-Virus. If a system administrator still wants to use a hacker tool, he can exclude the tool's file from scanning. For ordinary users running such tools should be prohibited.

Here's the scoop... the HackTool or Hacker Tools designation does indicate that there is a potentially unwanted program on your computer or on connected media. You do want to know about that, don't you? The Laura's Lab Kit always contains some programs that could potentially be nasty if used in the wrong hands -- Cain and Abel always makes VDs spew forth complaints. Even sweet little Wireshark can cause VDs to scream bloody murder.



Don't get me wrong, you probably do want to know when there's a HackTool issue on your system - a message that your system is infected with the HackTool.rootkit virus should make your skin crawl. But before you freak out about Laura's Lab Kit, check out which tools are associated with the HackTools warning - they may become your favorite secuirty research tools and replace your lost hours on World of Warcraft with the thrill of idle scanning or redirecting traffic usinig ICMP (instead of plain old ARP).



Oh... and one more thing... The fact that we release Laura's Lab Kit on the ides of March is purely coincidence! Now get back to work!

Laura

BrainShare Highlights

It’s Wednesday and we’re exhausted from the non-stop activity this year at BrainShare. The sponsor party last night seemed to fit the audience - the theme was World of Warcraft, but there were Halo characters (Master Sergeant) and many Wii systems set up in the various booths. Only a few more months until WiiFit comes out - wonder if that would be welcomed as warmly as Wii bowling...?

After the vendor party, we joined NetVision upstairs in the Port o’ Call to "bust a move"! Only one person fell on the dance floor (and it wasn’t me!) - a definite improvement over past years. Amazing how much my feet hurt early in the evening, but as the evening unfolded I couldn’t even feel my feet.

This afternoon we hit the OpenAudio booth to record a conversation recapping some of my sessions and talking a bit about Thursday’s scheduled videocast at the Meet the Experts event. I will be giving away the hidden secrets in the Laura’s Lab Kit during that session and talk about other cool tools related to troubleshooting and security. The OpenAudio booth was swelteringly hot inside, but the recording was (as always) a hoot! This time Brenda joined us for the taping - tomorrow she will be recording on her own... next thing you know, she’ll be taking over my sessions. See http://www.novell.com/openaudio for more information.

Speaking of sessions - head over to the FIN BIT page at http://www.wiresharku.com/ to get the slides from the four BrainShare presentations.

Again, Novell gave me access to the double conference room and had tables and power strips setup up for the BYOL (Bring Your Own Laptop) sessions. It is a great configuration for conferences.

For those of you who are not at the show, don’t forget to download the new Laura’s Lab Kit v9 from http://www.novell.com/connectionmagazine/laurachappell.html. The ISO image is 3.3 GB, so start the download and go have a good lunch or dinner... That is also where you will find the latest animated articles.

Now it’s time to catch up with a few hundred emails that are overflowing my inbox! Must... hang... in... there... must... stay... awake...

Laura