Jul 24 2009 6:03PM GMT
Posted by: Troy Tate
wireshark,
ethereal,
network analysis,
bot,
data capture,
tutorial,
education,
Laura Chappell,
information security,
packet analysis,
packet capture,
network security,
Security
My favorite Bitgirl (Laura Chappell) is at it again in this 15 minute presentation. She came across a host on a network that appears to be infected with some bot application. Take a few minutes and watch and learn! Maybe you will see something you can use or better understand some odd behavior on your local network.
Analyze a BOT infected host using Wireshark Tutorial
Beware - there is a trick question in the presentation. Think hard… you probably know the right answer!
Thanks for reading & let’s continue to be good network citizens.
Jul 20 2009 6:36PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
There are more upcoming sessions in the Laura Chappell seminar series called Wireshark 101Jumpstart tutorials. Check out the schedule at Chappell University website. Some of the things you will learn include:
- Wireshark elements and capabilities
- Tapping into the wired or wireless network
- Capturing and filtering basics
- Graphing basics
If you cannot attend the seminar, you can still register and download the seminar notes and gain access to the trace files used in the session. If you manage a network, you should learn this stuff! Be sure to register and attend early. The sessions are limited to 1000 viewers and these fill up FAST!
See my entry
for a how attending one of these seminars helped address an issue I was having with using Wireshark.
Thanks for reading and lets continue to be good network citizens!
May 26 2009 7:34PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
I recently posted an update about Laura Chappell’s Chappell University Online seminars. I attended one of these seminars today. What a great experience! I always try to attend Laura’s events and always pickup a tidbit that makes my life as a network manager easier. She gives you information about tools you can use to fight the battle of “the network is down”. Most of the time the network is behaving as designed. It’s poorly written applications or too high user expectations that create issues. So, if you want be the expert on fighting the network is “bad” syndrome - check out Laura’s presentations - I did and I learned something new… Continued »
May 21 2009 12:57PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis
I’m a huge fan of Laura Chappell. She has a great sense of humor and is a great educator about all things packet oriented. Previous posts about Laura have included:
Is protocol analysis or network management your thing?
ARP as a network auditing tool
Did you see this? - Latest Laura Chappell Newsletter
Did you see this? - the viral bitgirl
She has now started a new online seminar series. Some of the presentation are free and others are accessible for a fee of $99. If you cannot get away for education, then this is an excellent alternative and you can gain a great amount of knowledge from this packet analysis expert. I recommend that you visit Chappell Online University and sign up for the free Wireshark Jumpstart: Master Key Tasks for Network Troubleshooting seminar to get a feel for the seminars.
Thanks for reading and let’s continue to be good network citizens!
Apr 29 2009 12:11PM GMT
Posted by: Troy Tate
packet analysis,
packet capture,
protocol analysis,
tools,
analysis,
analysis tools,
Microsoft,
network analysis,
network,
tcp,
udp,
network monitor
If you do packet capture or analysis in a Microsoft environment, then you are probably already familiar with Microsoft Network Monitor. If not, please read my real-world use of it for PROTOCOL analysis vs protocol analysis (with a small p). Microsoft has updated Network Monitor to v3.3. The announcement of its release can be found on the Technet blog. Some of the new features listed are:
· Ability to capture WWAN (mobile broadband) and Tunnel traffic on Windows 7.
· Full Hyper-V support on Windows Server 2008
· Right-click-add-to-alias: Right-click a frame in the Frame Summary window with an IPv4, IPv6 or MAC address to add that address as a new alias. This is one of those little things that simplifies your work-flow.
· Right-click-go-to-definition: Have you ever wondered where and how the protocols fields you see in the Frame Details are defined in our in-built parsers? Wonder no more. Introducing right-click-go-to-definition: right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
· Autoscroll: Another one of those little, but priceless things … auto-scroll. See the most recent traffic as it comes in. In a live capture, click the AutoScroll button on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Several other new features are described in the Technet blog. If you capture packets on a Microsoft network, then you should get this upgraded version to add to your toolbox.
Thanks for reading and let’s continue to be good network citizens.
Feb 19 2009 1:47PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files
Laura Chappell (the Viral Bitgirl) has announced that Sharkfest 09 registration is open and all registered attendees get a FREE AIRPCAP ADAPTER (US $198)! Sharkfest is the Developer/User Conference for Wireshark and it is sponsored by CACE Technologies and Wireshark University. Laura will be there with new, hot (or cool, if you prefer) topics, trace files, case studies and hands-on labs. Register today at Sharkfest.09 to get your free AirPcap adapter. [Dates: June 16-18, 2009-registration and BBQ on June 15th]
Laura has also announced that Chappell University is open for registration. Subscription-level service will be open soon. Chappell University is an affordable, on-demand, online training system to maintain and enhance IT skills in the area of analysis, troubleshooting and security. Some of the content includes two lab workbooks with over 100 lab exercises using Wireshark to spot network problems, security breaches, and analyze normal and abnormal TCP/IP communications. There are video answers to all the lab exercises. In addition, there’s an extensive trace file respository and additional WLAN, VoIP, bot-infections, application, etc., trace files will be added each quarter. Check out the new YouTube Channel for Chappell University and the video “Ethical Hacking with NetScanTools Pro: Tutorial on ARP Scanning to Discover All Local Hosts” (even those hidden behind firewall applications).
If you have never experienced training presented by Laura, this is your chance to get very in-depth, easy to understand technical training. Sure, some of the stuff may cost a little, but she has tons of free stuff out there also. The paid content is definitely worth it. I have her Master Library (pre-dates the new Chappell University) and I still refer to the content occasionally to refresh my skills in network analysis.
Thanks for reading and let’s continue to be good network citizens!
