Wireshark Webinars

I have attended multiple Wireshark webinars presented by Riverbed and leaders in the field. They title this series "Return to the Packet Trenches" with some sort of variation or subtitle for the different sessions. I always walk away with something new. This latest webinar was no exception. It reviewed several CLI options for creating, analyzing, and editing packet captures. I highly recommend attending these webinars if you have any interest in Wireshark and staring at packets. For more resources I recommend or to see the tools I've created, please look at my "Network Performance" drop-down menu at the top of this page. Here are links to their resources as sent to me in their follow-up email: Wireshark CLI tools & scripting (by Sake Blok) https://sharkfestus.wireshark.org/assets/presentations18/33.zip Presentation Video https://youtu.be/IZ439VNvJqo (1:11:14) TShark Command Line using PowerShell (by Graham Bloice) https://sharkfesteurope.wireshark.org/assets/presentations17eu/33.7z Custom LUA dissectors to the rescue in root cause analysis (by Sake Blok) https://sharkfesteurope.wireshark.org/assets/presentations17eu/21.pdf Review the SharkFest’18 EUROPE agenda and other information, For more "Packet Trenches"  resources, check out these links. Watch the replay...
Read More
Book Recomendation: “The Phoenix Project”

Book Recomendation: “The Phoenix Project”

Other than the main character being a manager, it is amazing how close this book mirrors my career path so far. This is fiction, but does a good job introducing business and cloud concepts. I would definitely recommend this for anyone in IT. The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by Gene Kim My rating: 3 of 5 stars A story that anyone from an IT operations background can relate to. The various character personalities keep it interesting and even relatable still! It helps provide motivation to use ITIL methodologies, Kanban process, cloud computing, and more. My only critique is that it's a slow start with an abrupt end. I'm interested to read "The DevOps Handbook" now to see the real world advice and stories. View all my reviews...
Read More
Log AWS VPC Flows

Log AWS VPC Flows

As I transition to working in “the cloud” more I am embracing the new technologies and methodologies. However, I’m also trying to replicate what I do in on-prem environments when it makes sense. One way I like to collect and analyze data is using NetFlow. NetFlow provides network conversation details at a higher and summarized level. This has led to quicker recovery time on numerous occasions, or avoided issues entirely. It isn’t exactly the same, but I have figured out how to log AWS VPC flows to provide the data. Here’s a brief walk through of the setup.   Create Flow Logs The first step is to select the VPC and then the “Create Flow Log” menu item from the “Actions” drop down.   See them attached to VPC After confirming its creation I saw the log ID listed in the “Flow Logs” tab.   View Configured Flow Logs Hopping over to the CloudWatch logs I could see my newly created log group.   Log View After selecting the log, I could...
Read More
Diagram Your Service

Diagram Your Service

 I love packets and tracing issues at a micro level. However, like I stated in Preparing for the Capture you need to know where to capture before you can dig into the bits an bytes. In order to know where to capture you must understand your service/app/network. The best way to do that is to diagram your service. The Diagram The featured image on the post and the same one included below is a high level example of an architecture diagram of this blog. I use CloudFlare and AWS services currently to host it. The diagram shows this flow along with the purpose of these services and a little more detail outlining the layout of AWS. In a more detailed and private diagram I could also include breakouts showing the actual services running such as Wordpress, Apache, and MariaDB. I could also include external services that provide MFA, email, monitoring, and notifications.   Created with draw.io The Purpose An architecture diagram does more than highlight good capture points....
Read More

Command For Dozing

I generally avoid creating posts that are specific to my employer, but this is already public knowledge and it was fun to be involved even in a small way. So often us "packet junkies" only get to see the results of our work through the lens of smoothly flowing packets. If we're lucky we might hear the delight in our customer's voice over the phone or get a nice email sharing the results. Once in awhile though, we get to be a part of something a little bigger with real-world application. This was one such case. A technology called "Command for Dozing" was on display in Malaga, Spain. In simpler terms, customers were able to play with a real-life Cat bulldozer over 5000 miles away in Arizona. I will not go into specifics, but this is a perfect place to ask fellow sharks how you would help ensure smooth delivery of video and control packets across a worldwide network. You can...
Read More
AWS Monitoring with IFTTT

AWS Monitoring with IFTTT

Performance monitoring is two-fold. There is proactive performance monitoring and reactive investigation. The majority of my posts and case studies reflect the latter. This post is more related to the former. Services on premise typically rely on SLAs, NetFlow, scripts, synthetic transactions and more to provide monitoring and alerting. While some of this is possible in the cloud to keep track of specific pieces, you first need a good foundation by knowing if the underlying technology by your cloud provider is operating as expected. In this example, I will walk through setting up an alert to monitor individual Amazon Web Services and send a notification using an IFTTT applet. Create the Applet Before creating an applet/recipe, you might want to see if one is already available with the functionality you need in IFTTT's discover section. If one isn't available, you can create one following their instructions here. I will skip the step by step that they provided, and demonstrate how you might...
Read More

Case of an FQDN Issue

The phrase, "I can't access my shared drive" was intermittent, but becoming common for a remote location connected via an MPLS circuit. Without hesitation the finger was pointed at the network and my phone rang. People connect to shared drives everyday, but it is one of those things they take for granted. Behind the scenes there are many layers of technology, protocols, and devices working together to make those connections happen. I can’t count the number of ways to hinder performance of a network share or prevent it from working altogether. *SPOILER* If you’re like me and you like to know the big picture first, the problem in this case was DNS. Read on for the details, or just know a great test is to place a ‘.’ at the end of your DNS path. To kick things off I asked for a screen shot of the error. This is what I received: Obviously, this was not very helpful (are error messages ever?)....
Read More
AWS Cloud Practitioner

AWS Cloud Practitioner

My career has recently shifted directions. While I still have a passion for network performance and the apps that run on the network, my focus will be directed towards the cloud and the future of application performance. More specifically, I will be specializing in AWS technologies. To start that journey, I achieved the AWS Cloud Practitioner certification. I felt this certification was another test that was well done. It was a good entry level test, but still reinforced the knowledge Amazon feels you need. It has a good blend of introductory content and challenging material. I was able to achieve it with two weeks of evening study. If you'd like to pursue it as well, here are the resources I recommend: Amazon's training Amazon Whitepapers A Cloud Guru ...
Read More

Synchronize Wireshark Profiles

As mentioned in this post, you can create and share custom profiles. However, that is not the extent of profile management. Another great way to utilize these files is to synchronize Wireshark profiles between systems. In this day and age you probably have more than one computer (laptop, VM, home desktop??). Also, if you’re like me you probably have Wireshark installed on anything you can get your hands on! It can be a bit of a pain to keep your favorite Wireshark settings such as protocol options, coloring rules, and saved display filters up to date with each Wireshark installation. Using Dropbox (or a similar service) you can easily keep your Wireshark profiles in sync on all computers. All that is required is another quick and easy modification and a shared storage location; whether it be a local storage drive or cloud storage. The pertinent folders are shared in the previously linked post as well as in the Wireshark documentation....
Read More