With all the things going on in the world today, how many plan for all things? How many think about the things to come and wonder, what can I do to protect myself? What about your electronics? You never heard of a solar flare? It has happened before and knocked out all the telegraph lines. Then what? What about a nuclear attack? Chance of that is slim as no one wants to turn the world in to a waist land. What about EMP (Electro Magnetic Pulse)? Many claims Russia has a large one to use as I am sure many other countries do as well.
In that spirit, we are going back to the basics this week. Please join +tony fortunato for a 30 minute interactive session of tips, tricks and general Wireshark usage. Specifically, Tony will cover the following topics:
- Setting up you Preferences
- Merging files
- Leveraging the capture options
- What columns to use and when
- Whats a profile
- IO Graph
- How to decrypt some basic forms of encryption
- Capturing from the command prompt
- File and packet comments…
Plus lots more.
Dealing With the Data Deluge: Accelerating Packet Capture
The digital universe is doubling in size every two years, and digital data volume is projected to reach 44 trillion gigabytes by 2020, according to IDC. Not only is there exponentially more data than ever before, but it’s coming in faster than ever – at network speeds up to 100Gbps. This poses clear challenges for network professionals who need new types of tools to protect the network.
Packet capture (PCAP) is a fundamental tool to help engineers and administrators manage and secure large and small-scale networks alike. A mechanism for intercepting data packets that are traversing a computer network, PCAP is a common capability deployed within an organization to monitor security events and network performance, identify data leaks, troubleshoot issues and even perform forensic analysis to determine the impact of network breaches.
However, current PCAP systems using commodity network interface cards (NICs) are not equipped to deal with the demands of performing precision capture and replay at 10/40/100 Gbps speeds.
A ray of light shines, though, to give hope to network administrators. There are solutions today that have been built to facilitate packet capture at speeds topping 100 Gbps. The use of network acceleration technology, coupled with open source network monitoring and capture solutions, can enable organizations to keep up with the demands of precision packet capture and replay on high-speed networks.
Analyzing with PCAP -
We have blade servers that include switches, VMs chatting via Virtual Switches and the older issue of capturing traffic between two programs running on the same operating system. In this session, we cover the tips and tricks that enable us to get those lovely network packets. We look at what works in an enterprise environment and what you should avoid.
With the ability to capture traces along the path from user to server comes the advantage of narrowing down a problem to a particular area of the network.
Whilst matching identical packets may be fairly straightforward, it gets complicated when the traffic passes through firewalls, load balancers and proxies.
In the first of my SharkFest presentations, we covered tips and tricks to match packets as that flow from PC to server and back again.
In the following presentation I explain four different strategies to match packets so that we can deal with challenges such as:
- NAT and PAT
- SSL especially with load balancers
- Increased traffic volumes seen deeper into a system
- Capture time sync inaccuracies
I illustrate the strategies and various techniques with Wireshark examples.
When we run in to trouble in life, we have a couple options. We can change direction so we do not have to deal with trouble. We can deal with trouble head on and beat it or it beat us. We can find an option that solves the trouble at hand, in a manner that we do not have to fight.