A nice little introduction to network monitoring (provided by my employer – registration required for obtaining the free download). This book does lean slightly towards using Cascade products to provide monitoring, troubleshooting and analytics – BUT I’m happy to say that it does remain a nice little read for anyone who has an interest in network monitoring. Read more…
When a client connects to a server using SMB it sends a “Negotiate Protocol Request”. In response to this, the server replies with a “Negotiate Protocol Response”. This response reveals whether SMB signing is enabled and whether it is required at the client, the server, or both. Read more…
Matching TCP traffic with particular flag combinations can be a useful way of examining TCP conversations. Refer to the TCP State Machine to understand the context of these flags: Read more…
Normal TCP options are Type 0 (End of Option List), 1 (No-Operation), 2 (Maximum Segment Size, len 4), 3 (WSOPT – Window Scale, len 3), 4 (SACK Permitted, len 2), 5 (SACK, len N), and 8 (TSOPT – Time Stamp Option, len 10). Read more…
At a recent Riverbed Technology event in Denver, Colorado, Steve McCanne, Loris Degioanni, and Gerald Combs shared the stage and told the story of the history behind their inventions TCPDUMP, WinPcap, and Wireshark. To view the video: Read more…
By now you may have seen the press release and announcement about the purchase of CACE Technologies by Riverbed Technology (my employer).
Wireshark is more than a protocol analyzer. It is the foundation for relationships between several groups of people: the user community, the developer community, Wireshark University (driven by Laura Chappell), and CACE Technologies. Each one is an important part of Wireshark as a whole. Read more…
A great alternative to SPAN and RSPAN, is to use the actual IOS itself as the packet sniffer! Capture traffic from the CLI and when you need to, export the data as a “.cap” (Wireshark, etc) file. to your PC. Read more…
Remote SPAN Configuration
Remote SPAN allows source ports and destination ports to be located on different switches. It uses a SPAN VLAN to transmit a copy of span data from source across the network to destination. You have to define and allow the SPAN VLAN in all network devices in the path.
Here’s how to do it: Read more…