Oct 15 2009 6:44PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 - 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.
Some things you will learn in this webinar:
- Using the Default Capture and Display Filters
- Creating a Few Hot Capture Filters
- Filtering Tips and Tricks for Troubleshooting
- Filtering Tips and Tricks for Security
Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.
Thanks for reading and let’s continue to be good network citizens!
Oct 7 2009 6:38PM GMT
Posted by: Troy Tate
IT,
information technology,
professional,
career,
network analysis,
service level,
support,
information security,
infosec,
trojan,
bot,
botnet,
Security
In America, October is the time when haunting, evil spirits and curses come to mind. Earlier today I posted a blog entry titled Can IT education bring an end to the recession? I used a quote that is attributed to a series of Chinese curses that go in ascending order of severity. After I used it, I pondered on the other two curses and their applicability to IT services.
According to Wikipedia, the three curses are:
- May you live in interesting times.
- May you come to the attention of those in authority (sometimes rendered May the government be aware of you)
- May you find what you are looking for
Continued »
Sep 30 2009 1:36PM GMT
Posted by: Troy Tate
case study,
WAN,
frame relay,
mpls,
vpn,
network management,
industry award,
ipsec,
SSL,
ssl vpn,
information security,
remote access,
Security,
security management
Have you ever wondered if vendor case studies are actually solutions to real life issues or if they are stories about compensated organizations using a particular vendor solution? Well, I am here to tell you that I know of at least one case study that is about an organization addressing real-life issues that was featured in an award winning vendor case study. The organization is the company I work for and the case study is about the challenges we faced with replacing an under-performing legacy Frame Relay network with a more efficient and flexible global solution that delivers high availability, remote access, and integrated security. For the record, no compensation was given for being the subject of this vendor case study.
The case study won the 2009 Best Deployment Scenario - VPN/IPSec/SSL and was featured in the Info Security Products Guide. The winning case study and announcement can be found at Manufacturing Company Achieves Security and Performance Goals with Virtela’s Remote Access Services from the Cloud.
See all 2009 Best Deployment Scenarios and Case Studies. This would be a good time to look at these and see if any of the solutions may meet some of the information security needs of your organization. Consider putting the solutions in your 2010 budgets.
Feel free to leave comments here or contact me through ITKE if you would like more information. Thanks for reading & let’s continue to be good network citizens.
Sep 30 2009 1:06PM GMT
Posted by: Troy Tate
tcp,
udp,
network management,
network performance,
network monitoring,
application performance,
network analysis,
performance analysis,
protocol analysis,
packet capture
I recently came across an excellent article on the topic of TCP resets. TCP is a connection-oriented protocol as opposed to the connectionless nature of UDP. So, if there are TCP resets on your network, this is not a bad thing and is just inherent in the protocol. Without TCP resets, a host could have a lot of partial connections established which are in the wait state awaiting further transmissions. This can exhaust the number of available sockets and cause the host to become unresponsive. This is what happened several years back with the TCP SYN flood and LAND denial of service attacks. Another reset type includes the ACK/RST. This is where a client attempts to connect to a service that is not available on that destination host.
If you manage a network and have taken packet captures to work on a problem and have seen RST packets or if you need to do this at some point in your career, you need to understand the purpose and source of the RST packets. Take a few minutes, read this excellent article that is the best explanation that I have seen on this topic. You will become better informed and better able to understand the nature of the network beast.
Thanks for reading and let’s continue to be good network citizens.
Sep 25 2009 3:15PM GMT
Posted by: Troy Tate
ping,
url ping,
network performance,
application performance,
network management,
application management,
network design,
network diagnosis,
icmp,
web services,
webserver,
performance analysis
In part one of this series, I discussed ping and pathping. These tools are good for some interactive realtime testing. However, what do you do when you want to run these types of tools over an extended period and then do statistical analysis? In cases like this I use the fping tool. I recently completed an analysis task requiring comparison of network ping times against web server response times. The tool I used for measuring webserver response (time to first byte) is called URL ping. Users were reporting slow webserver (Sharepoint) performance. Everyone was saying it is a network issue. Since there are so many “moving” parts between the users and the webserver farm, I wanted to prove to them that the network was not the issue but that something inherent in the way the webserver responds to the requests is the real issue.
Continued »
Sep 14 2009 1:49PM GMT
Posted by: Troy Tate
Microsoft,
information security,
vulnerability,
risk management,
patches,
tcp-ip,
tcp,
tcp/ip,
Windows,
windows 2000,
support,
Microsoft support,
threat,
risk
Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.
One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.
I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.
Thanks for reading & let’s continue to be good network citizens.
Aug 28 2009 4:57PM GMT
Posted by: Troy Tate
ping,
pathping,
network performance,
application performance,
network management,
application management,
network design,
network diagnosis
One of my biggest challenges as a network manager is when users cry “the network is slow”. Some of you may have tools available to you where you can instantly dig in and see what the user might be seeing. There are some vendors out there with application and network monitoring tools. Netscout is one that comes to mind. However, I don’t have tools like that available so I have to work through several layers of data collection methods and tools to get a picture of what might be happening. Maybe you are in the same boat. Getting an answer to “the network is slow” is not a simple or quick activity. How do you deal with this? Following are some ways that I use to try and address the situation.
Continued »
Jul 29 2009 5:51PM GMT
Posted by: Troy Tate
Network Computing,
online publication,
wan optimization,
WAN,
optimization,
online magazine
The Network Computing magazine was always one of my favorite trade publications. It covered a lot of very technical things from basic to advanced levels. I was very disappointed when they stopped publication. So, it is with a lot of excitement that I am sharing with ITKE members that Network Computing magazine is back! It is available online for your perusal. It is now a quarterly publication. The July 2009 issue focuses primarily on WAN optimization technologies.
Take a few minutes look it over. You may gain a better understanding of WAN optimization and how it might help your organization. Go to Network Computing for the July 2009 issue.
Thanks for reading & let’s continue to be good network citizens.
Jul 24 2009 6:03PM GMT
Posted by: Troy Tate
wireshark,
ethereal,
network analysis,
bot,
data capture,
tutorial,
education,
Laura Chappell,
information security,
packet analysis,
packet capture,
network security,
Security
My favorite Bitgirl (Laura Chappell) is at it again in this 15 minute presentation. She came across a host on a network that appears to be infected with some bot application. Take a few minutes and watch and learn! Maybe you will see something you can use or better understand some odd behavior on your local network.
Analyze a BOT infected host using Wireshark Tutorial
Beware - there is a trick question in the presentation. Think hard… you probably know the right answer!
Thanks for reading & let’s continue to be good network citizens.
