|  BlueWolf's Howl   | Comics and Art  | Higher Level  | Photography  | Poetry and Stories  |
|  Chess  |  Letterboxing  |
|  2003 Blogathon Archive  |   2005 Blogathon Archive  | 8th Layer Archive  | Blue702 Archive  |

BlueWolf's Howl

« More Books | Bluewolf's Howl | Plenty of Resources »

January 02, 2006

A Good Start

I've already finished the first book of 2006. Granted, I didn't read all 359 pages in 2006 - I started the book in 2005, but I completed it in 06, so it ends up in those stats. The book I finished is Network Monitoring and Analysis by Ed Wilson. I can tell by the highlighting that I had previously started into the book. But, it was so long ago that I don't remember when and ended up rereading the beginning.

I regret not finishing the book when I first started it. It's not because I had to reread the beginning. But, because the information is a bit dated now. I had hoped (because of the title) that it would complement my CIT reading, but it wasn't about router and switch network monitoring, but LAN network monitoring. Still, some of the information was useful and can be applied (with modifications) to any kind of network troubleshooting. You can tell that it's dated because most of the book refers to Windows NT and barely mentions Win2K. However, many of the ideas regarding packet capture and statistical analysis still hold true.

Since I still have an eye for security... I noted that NetMon on a 95 laptop could sniff a network and gather information - without logging into the network/domain. It once again highlighted the need for physical security of network devices and good port security on access layer switches. You don't want someone to slip into a broom closet or electrical closet in an unoccupied hallway, pull out their laptop and perform packet sniffing. When you look at the packets, some of the protocols send the username and password in clear text. And just because *you* upgraded all your desktops to 2KPro or XPPro doesn't prevent someone from bringing their own laptop with Win95 into your building. Physical security will always be a standard part of network security. Some things just need to be locked and inaccessible to unauthorized personnel.

One of the good things that I gathered from reading the book was the basic premise of troubleshooting. You have to know how the protocols operate to properly troubleshoot them. So many times when I talk to other engineers, they claim that they don't really have to know this theoretical stuff. They consider it something that is necessary for an exam, but not really pertinent in real life. [I hear this sometimes when I'm doing 'tech checks' of job applicants.]

Only the most basic level of troubleshooting can be performed with a rudimentary 'working knowledge' of networking. Ping the loopback. Ping the gateway. Ping a server on the other side/somewhere on the Internet. Perhaps the more advanced engineers know to give a 'show' command. But how many would know what the heck they're looking at when doing a 'debug' of ppp authentication or an ISDN dialer? If given a packet capture, how many would know what to look for to troubleshoot a DHCP problem? If you don't know the process of requests and acknowledgements that go on between devices, how can you figure out what's wrong? [And better yet, how to fix it...??? ]

Perhaps it's my ambition. Or maybe just a thirst for knowledge. But, I know that the more I know about this stuff, the easier it is to come up with workable solutions and confidently 'fix' problems rather than put a bandaid on the symptoms.

The next book I'm cracking open is Network Performance Baselining by Daniel J. Nassar. I've had this book for several years and have tried many times to find some time to read it. Now I'm making the time. Luckily there is some overlap between the material and the CIT exam. I don't expect that it will take very long to get through it - even though it is a pretty thick book. It's a bit easier (and faster) to simply read the book and enjoy an understanding of the material. The other books (exam-related) need to actually be read and studied. That always takes more time and effort.

After that, I plan on reading the SNMP book that has also been collecting dust for many years. [Then I can finally get to the three books on the sidebar.] SNMP is something that will be on the exam, but not to the depth that the SNMP book will cover. Yet, I see it as something I don't know enough about - and should. I've taken a basic and advanced HP Openview course, so I have been exposed to quite a bit about 'pings and polls.' But, I just don't feel that I know the protocol as well as I should (by my own standards).

Then again, maybe I'm just procrastinating... But, you have to admit - I'm working awfully hard at it!

Posted by BlueWolf on January 2, 2006 01:48 AM