Figuring Out Where To Slice a Packet Using Wireshark (by Tony Fortunato)

There are many scenarios with packet slicing is helpful and possible necessary.  I covered this in a previous article Network Protocol Analysis Tip: Packet Slicing (http://tinyurl.com/yb38lw9j).

To summarize, here are some examples or scenarios where you should consider packet slicing:

  • The data is not useful or unreadable/encrypted
  • To conserve disk space or reduce your trace file size
  • Legal issues around the payload of captured packets
  • Reduce load on your capture device. Some packet capture tools are less likely to drop packets when packets are sliced.

David K, one of my YouTube subscribers, asked a great question, “… How could one do that? …”. I thought what a great question since there are times when I assume the reader knows how to do this.

In this video I cover how to figure out the packet slicing value for a HTTP GET command and the destination MAC address.  From these two examples, the reader should be able to calculate any other packet slice value.

Please keep in mind that you should always go through this process to determine the packet slice value or offset. This offset may change depending on the network or application so don’t assume the packet slice value will remain the same.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


How Does That Make You Feel? (by Paul W. Smith)

  Psychiatrist couch robot cartoon-02

When someone asks you if robots are taking over our jobs, there are only two possible answers: (1) Yes and (2) I don’t know.  If you chose (2), then your job will probably be one of the first to go. 

If in fact a robot does replace your job, you will not be alone; each robot gaining employment in today’s economy will displace 5.6 workers and reduce overall wages by as much as .5 percent per 1000 employees in the process.  While it’s true that some humans will be employed in designing, building and maintaining these robots, this will not make up for all the lost jobs, or else there’s little reason to do this in the first place.

Ideas abound on how to rejigger the economy and lessen the impact of these changes.  Bill Gates suggests a tax on robots that could fund training and financial support for displaced workers.  Others have proposed laying the burden of care for the jobless on the robotics companies themselves.  Yet another radical idea is to implement a guaranteed basic income, paid for by a robotax. Finally, there is the optimistic view that robots will take over dangerous, menial and degrading work, while generating more higher level, satisfying jobs in the process.   So far, no word on what those jobs might be.

Continue reading "How Does That Make You Feel? (by Paul W. Smith)" »


LMTV LIVE | How to Improve Network Performance (with Keith Bromley and Jim Sullivan)

Keith Bromley from Keysight Technologies (formerly Ixia) and Jim Sullivan from ExtraHop will be talking about how to use network visibility to improve network performance. In short, network visibility is what enables you to quickly isolate and resolve performance issues; ultimately ensuring the best possible end-user experience.

Since tactical data loses 70% of its value after 30 minutes, the speed and accuracy of data analysis is critical. A proper visibility architecture addresses the strategic end-to-end monitoring goals of the network, whether they are physical, virtual, out-of-band, or inline security visibility.

Continue reading "LMTV LIVE | How to Improve Network Performance (with Keith Bromley and Jim Sullivan)" »


[Analysis] Full Duplex Capture in SCADA and Industrial Control Networks (by Thomas Tannhäuser and Alexander Pirogov)

Why SPAN Ports Should Not be Used in Security Solutions

Image-header

The convergence of IT and OT (Operational  Networks) in the context of Industry 4.0 has led to a crowded market of security solutions targeting the shop floor on different levels. While the security of the legacy IT systems was part of the initial planning of those systems, the industry now faces the challenge to integrate security solutions in legacy OT systems.

Continue reading "[Analysis] Full Duplex Capture in SCADA and Industrial Control Networks (by Thomas Tannhäuser and Alexander Pirogov)" »


How TCP Works - MTU vs MSS (by Chris Greer)

Hey packet people! 

There is a big difference between the Maximum Transmission Unit (MTU) on an ethernet connection or IP interface and the Maximum Segment Size in TCP. In this video we will take a look at how and where each is set, how it impacts the encompassed data, and how the network can adjust these settings. 

These core concepts will help when troubleshooting broken or slow connections due to MTU or MSS. 

Hope it helps in troubleshooting with Wireshark! 

Continue reading "How TCP Works - MTU vs MSS (by Chris Greer)" »


How To Improve Network Security and Performance (by Keith Bromley)

How To Improve Network Security and Performance 

As you may have seen, I like to talk a lot about network visibility – what it is and what the benefits are. Therefore, I often get the question, “So, how can I specifically use network visibility to solve my problems?” – sort of a Jerry Maguire “show me the money” type of question. The short answer is that there are lots of use cases available, it simply depends upon what your individual needs are. Let me show you.

Hopefully you have heard of the term “network visibility” by now. It has become commonplace over the last year or so. If not, network visibility is simply the ability to see what your network is doing and how it is performing. You can get a longer narrative of the definition here and free resources on network visibility are available here. While some might think that network visibility is a non-issue these days. It’s actually not. Many networks have had, and continue to have, network problems such as:  downtime, slow running applications, missing data, expensive troubleshooting activities, and security breaches.

Continue reading "How To Improve Network Security and Performance (by Keith Bromley)" »