Oct 15 2009   6:44PM GMT

Free Training - Laura Chappell presents: Wireshark 201 Jumpstart - Filtering on the Good, the Bad, the Ugly

Posted by: Troy Tate
network analysis, protocol analysis, packet analysis, packet capture, training, education, wireshark, ethereal, tcp/ip, trace files, Networking, tools, Monitoring, reporting, IT education, performance monitoring, troubleshooting, howto, Metrics, analysis, Laura Chappell

Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 - 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.

Some things you will learn in this webinar:

• Using the Default Capture and Display Filters
• Creating a Few Hot Capture Filters
• Filtering Tips and Tricks for Troubleshooting
• Filtering Tips and Tricks for Security

Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.

Thanks for reading and let’s continue to be good network citizens!

Jul 20 2009   6:36PM GMT

Wireshark quickstart tutorial - learn to capture network traffic

Posted by: Troy Tate
network analysis, protocol analysis, packet analysis, packet capture, training, education, wireshark, ethereal, tcp/ip, trace files, Networking, tools, Monitoring, reporting, IT education, performance monitoring, troubleshooting, howto, Metrics, analysis, Laura Chappell

There are more upcoming sessions in the Laura Chappell seminar series called Wireshark 101Jumpstart tutorials. Check out the schedule at Chappell University website. Some of the things you will learn include:

• Wireshark elements and capabilities
  
• Tapping into the wired or wireless network
  
• Capturing and filtering basics
  
• Graphing basics

If you cannot attend the seminar, you can still register and download the seminar notes and gain access to the trace files used in the session. If you manage a network, you should learn this stuff! Be sure to register and attend early. The sessions are limited to 1000 viewers and these fill up FAST!

See my entry

Repetition is one of the keys of learning

for a how attending one of these seminars helped address an issue I was having with using Wireshark.

Thanks for reading and lets continue to be good network citizens!

May 26 2009   7:34PM GMT

Repetition is one of the keys of learning

Posted by: Troy Tate
network analysis, protocol analysis, packet analysis, packet capture, training, education, wireshark, ethereal, tcp/ip, trace files, Networking, tools, Monitoring, reporting, IT education, performance monitoring, troubleshooting, howto, Metrics, analysis, Laura Chappell

I recently posted an update about Laura Chappell’s Chappell University Online seminars. I attended one of these seminars today. What a great experience! I always try to attend Laura’s events and always pickup a tidbit that makes my life as a network manager easier. She gives you information about tools you can use to fight the battle of “the network is down”. Most of the time the network is behaving as designed. It’s poorly written applications or too high user expectations that create issues. So, if you want be the expert on fighting the network is “bad” syndrome - check out Laura’s presentations - I did and I learned something new… Continued »

May 21 2009   12:57PM GMT

Master key tasks for network troubleshooting - Chappell University Online Seminars

Posted by: Troy Tate
network analysis, protocol analysis, packet analysis, packet capture, training, education, wireshark, ethereal, tcp/ip, trace files, Networking, tools, Monitoring, reporting, IT education, performance monitoring, troubleshooting, howto, Metrics, analysis

I’m a huge fan of Laura Chappell. She has a great sense of humor and is a great educator about all things packet oriented. Previous posts about Laura have included:

Is protocol analysis or network management your thing?

ARP as a network auditing tool

Did you see this? - Latest Laura Chappell Newsletter

Did you see this? - the viral bitgirl

She has now started a new online seminar series. Some of the presentation are free and others are accessible for a fee of $99. If you cannot get away for education, then this is an excellent alternative and you can gain a great amount of knowledge from this packet analysis expert. I recommend that you visit Chappell Online University and sign up for the free Wireshark Jumpstart: Master Key Tasks for Network Troubleshooting seminar to get a feel for the seminars.

Thanks for reading and let’s continue to be good network citizens!

Feb 11 2009   8:08PM GMT

Tracking down that user/computer that locks AD accounts

Posted by: Troy Tate
Data security, administration, analysis, antivirus, anti-virus, diagnostics, howto, information security, malicious activity, malware, Microsoft, Microsoft Windows, Active Directory, AD, network security, Password, policy enforcement, reporting, risk, risks, scanning, search, Security, security notification, tools, troubleshooting, Windows, password management, account management

With an environment spanning 18+ sites and more than 3000 computers around the globe, you could understand how challenging it would be to track down what device/user might be locking user accounts. There are tools out there that you can pay for that can help do this. However, Microsoft has some free tools that with a little testing and use will permit you to quickly track down where the account is being locked and address the situation.

We had a situation recently where malicious software got onto a couple of machines and attempted to use the Administrator account to login. We have account lockout on our Windows 2003 AD domain, so after the appropriate number of invalid tries the Administrator account was locked out in the domain. This is because the machines were members of the domain and the malware did not distinguish the local administrator account from the domain administrator when attempting to elevate authority. Note that we use least user authority in our environment so the malware was not able to spread beyond these two machines. We suspect the machines became infected due to out of date antivirus signatures.

Unfortunately, the antivirus we use did not alert us to the situation. The way we were alerted was by our Microsoft Systems Center Operations Manager (SCOM) implementation. It notified the SCOM admin that the domain Administrator account was locked. The operations team was then tasked with tracking down what or who was locking this account. This is where the Microsoft Account Lockout and Management Tools came in use and helped isolate the cause. Continued »

Dec 22 2008   7:20PM GMT

Improving yourself in 2009 - part 2

Posted by: Troy Tate
administration, planning, tools, reporting, CIO, performance monitoring, Performance, howto, Metrics, blog, education, toolkit, professional

Maybe Bubbletimer mentioned in part 1 is not something that will help improve your professional value in 2009. How about the Printable CEO series then? The tools David Seah offers on his blog seem like great resources to track your goals, tasks and time. Sometimes those we work for wonder what all we do in our positions. We sometimes have to prove our worth to the organizations who pay us. The When is something worth doing? tool that David outlines may help you improve your decision making and therefore your professional value.

What other professional development and/or tracking tools do you use in your job?  Please leave some feedback and let me know what you use or if this Printable CEO made a difference in your job.

Dec 10 2008   2:41PM GMT

Did you see this? - Microsoft Infrastructure Planning & Design Guides

Posted by: Troy Tate
administration, planning, tools, Microsoft Windows, documentation, IT education, design, Microsoft, howto, awareness, education, toolkit

Microsoft has become much better offering documentation beyond just marketing materials about their products and systems. The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.

The guides available include:

• Exchange Online—Evaluating Software-plus-Services
• Microsoft System Center Configuration Manager 2007 SP1 with R2
• Microsoft Application Virtualization 4.5
• Windows Server 2008 File Services
• Windows Server 2008 Print Services
• Infrastructure Planning and Design Series Introduction
• Internet Information Services 7.0
• Selecting the Right NAP Architecture
• Selecting the Right Virtualization Technology
• System Center Operations Manager 2007
• System Center Virtual Machine Manager 2008
• Windows Deployment Services
• Windows Server 2008 Active Directory Domain Services
• Windows Server 2008 Terminal Services
• Windows Server Virtualization (for Windows Server 2008 Hyper-V and Virtual Server 2005 R2 SP1)

As you see, there is a lot of information here to absorb and make use of in your environment. I’m going to be checking out the Systems Center Operations Manager 2007 implementation guide. It’s gonna be an interesting ride but at least Microsoft is offering some free support assistance in the planning and design phase.

Try some of these guides out. Share with us your thoughts and how effective the guides were in helping your organization meet operational demands.

Dec 10 2008   1:33PM GMT

Did you see this? - Latest Laura Chappell Newsletter

Posted by: Troy Tate
Networking, tools, Monitoring, reporting, IT education, performance monitoring, troubleshooting, howto, network analysis, Metrics, wireshark, packet capture, education, analysis

Newsletter 120908

Discount Codes - Nmap Book – Wireshark Certification Status – Global Knowledge – Movie Update - Virtual Conference Survey

 

Holiday/End-of-Year Specials at www.wiresharkU.com

• 25% off on Wireshark University Self-Paced Courseware (code WSU1208)
• $500 off already discounted price on Laura Chappell Master Library (code LCML1208)

Hot Links

• Summit 09 Notification
• Wireshark University Discounts - See above
• Fyodor Releases Nmap Network Scanning Book!
• Virtual Conference Survey - Should we or shouldn’t we?
• Pesky Pike: Dead Rocker - D’Ambrosia/Teves, see “Hollywood” item below
• Wireshark Training Video: Customized Columns (YouTube)

 

Fyodor Releases Nmap Book

Gordon “Fyodor” Lyon, the creator of the must-have tool, Nmap, has released the long-awaited title “Nmap Network Scanning”. This 468-page book  nmap.org) is a required reading for anyone securing a network. I was thankful that Fyodor sent me a pre-release copy of the book, which was a blessing since the content was more in-depth than I’d hoped for. Chapters define scan variations, OS fingerprinting techniques, tips and tricks and the newly-developed ZenMap, the graphic front end for Nmap. “Nmap Network Scanning” should be front and center on your desk for months and years to come! Thanks, Fyodor!

Wireshark Certification Status

Final beta tests are underway for a planned January 2009 release of the long-awaited Wireshark Certification test. The Wireshark Certification Information Packet (WCIP) should be out at the beginning of the year (sign up to receive the document at www.wiresharktraining.com/certification).I know you’ve waited a long time for the certification and I appreciate your patience - it took me a lot longer to get the questions together and ensure we could deliver via the Internet.

Global Knowledge Signed as Wireshark Authorized Training Partner

We are thrilled to sign on Global Knowledge as our North American Wireshark University Authorized Training Partner. In Q1 2009, two new Wireshark courses release – the first course focuses on Wireshark basic through advanced functionality and in-depth review of TCP/IP communication patterns (CORE 1). The second course delves into troubleshooting and network forensics with the Wireshark Certification Vouchers included in the course price (CORE 2). More course information will be put on www.wiresharkU.com before end of year.Read the press release.

The Only Thing Slower than This Network is Hollywood!

Well, folks… after hearing about the ‘movie’ project for a few years now, you’re probably thinking the darn thing isn’t going to make it out there. You’re probably right, but one more step was checked off last week – the script was finalized. The writers, Joe D’Ambrosia and Tom Teves (Murray Hill 5 Productions) gave me the near-shocking news on Friday. If you don’t know these guys, check out the “Dead Rocker” (appropriate for kids) at www.youtube.com/watch?v=I5aD00UeE9g. I kinda figured out who the murderer was (at least I knew what the main clue was) after watching a second time. Can you/your kids figure it out?

Happy Holidays to All! [Oh... and if you checked out the movie link...no, I'm not a spy and no, my kids don't play soccer.]

Laura Chappell

Dec 10 2008   1:19PM GMT

The larger world of free technical support - Craigslist computer forum

Posted by: Troy Tate
Networking, tools, documentation, patching, web, IT education, malware, website, anti-virus, troubleshooting, howto, online identity, risk, awareness, education, professional

I recently came across the computer forums on Craigslist. I had heard of Craigslist previously but was not aware of the significant scope of what it offers besides classified ads. I’m not suggesting that folks leave ITKE to the Craigslist computer forums for support - far from that.

I have been watching some of the exchanges between posters on the forums. It amazes me what people will post when the environment provides seeming anonymity. ITKE does offer this also, but the moderators do a great job of keeping the Trolls away. The Craigslist posters do not behave in the same professional manner that ITKE users do. There are many writers on Craigslist that belittle computer user skills for those asking “noob” questions. There are also those who attempt to discredit or otherwise tear down answers from those who have real computer skills and knowledge.

For example, there was a recent posting thread reminding people that the Microsoft Tuesday patches had been released. One feature that Craigslist offers similar to ITKE is the ability to rate postings. Someone rated the patch Tuesday reminder as a “thumbs down” posting. This is really unprofessional behavior. The thread went on to describe that exploits were sure to follow the patches since hackers use the patches to reverse-engineer the vulnerability. Someone asked if the exploits could already exist. Of course they might, but the exploits would become more likely after the patches are released.

The thread also described how the patches are to protect users from themselves. Most users are tempted into doing something (downloading software, answering yes to some popup window, visiting that interesting website) that causes malicious software to do something on their system that is totally unintended by the users… so the patch is there to fix some things that might be otherwise used by these malware writers. Really patching is the only preventive mechanism. Antivirus is a detective method that detects when something is trying to do something it shouldn’t. Patching won’t let those things happen - unless the user makes a poor judgement call… we all do! I have even opened an infected PDF file thinking it was a legitimate document. Fortunately, AV was able to clean up after my mistake.

For some reason, some troll thought they would say that these postings were by a “know-it-all n00b”. It seems like this Craigslist forum user may be one of those miscreants who want people to remain ignorant and cannot handle someone else teaching others about safe computing and answering other users’ questions.

I would like to encourage ITKE readers and IT professionals to help make IT support forums professional and user-friendly. If you have time, watch the Craigslist computer forums, offer support to the users  who don’t have the same professional support available we have on ITKE. Make the trolls look even worse by treating the users with some respect. By sharing our knowledge and skills, we can help users use the computer in a productive manner. Thanks for reading this and hope you join me in sharing knowledge either here on ITKE and/or Craigslist.

Dec 1 2008   7:40PM GMT

Did you see this? - FREE TRAINING: Technet Virtual Lab: Managing Bandwidth Using Windows QOS

Posted by: Troy Tate
administration, Networking, Microsoft Windows, Monitoring, IT education, Policy, design, server, troubleshooting, Performance, howto, education, analysis

For those of you considering using Microsoft Windows Server 2008, you might want to check out this TechNet Virtual Lab: Managing Network Bandwidth Using Windows Quality of Service (QOS) You will learn about using Windows Server 2008 to control bandwidth usage using protocol definitions as well as control bandwidth for particular applications. In case you have not done any of these Virtual labs, they are an excellent FREE! training resource.