Sharkfest
This years Wireshark Conference was held at the Computer History Museum in Mountain View CA.
Wireshark is the worlds foremost network protocol analyzer. It is an open source product and one of the best around for the price… free. Sharkfest is an annual educational conference focused on sharing knowledge, experience and best practices among members of the Wireshark global developer and user communities.
Wireshark is a very useful tool and is well worth your attention. There are a lot of programs out there that take a packet trace file and parse the data and present it in many different formats using color charts and graphs. Wireshark is where all of these programs start, at the data capture level.
Many packet analysts start a troubleshoot with Wireshark to get a feel for the issue then export the appropriate data into various other programs to drill down. Wireshark doesn’t do everything but it is an excellent place to start. Download a free copy from the link below and start your newest obsession.
Computer History Museum
The Silicon Graphics HQ building in Mountain View CA. has been converted into a modern museum of the accomplishments in computing. A sign at the entryway says “The first 2000 years of computing”. Step inside and you can see just how far computing has come in a relatively small chunk of that time.
This year Moore’s Law turns 50. Dr. Gordon Moore, a co-founder of both Fairchild Semiconductor and Intel stated 50 years ago that the number of transistors per square inch on an integrated circuit would double while relative cost will halve every 12-18 months for the foreseeable future. While it is impossible that this will continue forever, experts say that it will probably remain true for the next 5 – 10 years. An interesting fact, the number of transistors manufactured annually is roughly equal to the number of grains of sand on the planet Earth. It is projected that by 2025 the total number of transistors ever shipped will equal the number of human cells on the planet.
While nobody has a crystal ball, when it comes to tech Moore’s Law is just about the next best thing. It allows projects to be considered that are impossible with current technology (cost and speed prohibitive) knowing that the tech will be there when it is needed. Anyone able to leverage this can be incredibly successful.
The museum has exhibits on early calculators, punch card machines, the progress of memory and storage technology, super computers, personal computers, software, and video games. The Computer History Museum is a great place to visit if you are a current or budding computer geek, some of the exhibits are completely amazing. You will not be disappointed.
A Brief Look at Packet Analysis
Packet analysis is the art and science of collecting and identifying exactly what is happening on a network by observing the information that is actually being transmitted across that network. A lot of times we in the IT field think we know what is happening because we “know how it works” and have preconceived ideas of how the network should and should not behave. This leads us to come up with “solutions” to issues that may or may not have anything to do with what is actually happening. Packet analysis removes the “should” from the equation.
There is a saying in the packet analysis world – the packets don’t lie. This is so true, when something is not working as you expect it should, you can find out why by correctly analyzing packet traffic.
Collecting Packets
Packet analyzer Also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer; is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.
Network Tap - A network tap is a device that connects directly to a wired network to provide a duplicate Ethernet port. A packet analyzer can be connected to collect and analyze packet traffic. These devices need to be connected in the proper location on the network topology in order to collect the most accurate network traffic for troubleshooting.
Switch Port Span / Mirror - Some switches can be configured to mirror data from one or more “live” ports to a different port to allow a packet analyzer to be connected
AirPcap Adapter - A wireless adapter, usually an external USB form factor, is used to collect packets transmitted on a wireless network. These devices will collect data from either 2.4 or 5 GHz and from only one channel at a time. Multiple adapters are required for monitoring more than one channel simultaneously.
Packet Analysis as it Applies to WiFi
Everything that applies to analyzing packets on a wired network will apply to packets captured on a wireless network, however there is additional information available when working with WiFi. This is the PPI (per packet information) or radiotap header. This additional header information is appended by wireless radios in order to facilitate communication between devices. Information such as data rate, channel frequency, radio transmit power, etc.
A wireless network card that is capable of interpreting the radiotap header is required to collect this data. Standard wireless NICs will strip this data off before it can be collected. An AirPcap adapter is required to pull this additional information into a capture file.
Recommended Applications & Links