So my most recent method of procrastination happens to be viewing the Wireshark University course videos. I got lucky enough (read:whined enough) that my supervisor kicked in for the 4 DVD set of Wireshark U course materials. Of course, he figured I'd never look at them, but having them would at least shut me up...
I just finished the first DVD. It took hours, but the material was good and was presented in an interesting manner. We all have to admit - this is dry stuff. You're taking captures of network traffic and then looking at them under a microscope to figure out which one of the million possible things could be pissing on your connectivity parade. Okay, so there's really no microscope. That's an analogy. But when you look that closely, it can be tedious and the material can get very detailed. These videos help to keep you interested and capture your attention. And it's pretty much like actually being in a classroom course.
The first video basically focuses on how to use Wireshark. I had a little head start in that area, having already read the Ethereal book. And the Wireshark interface/GUI is somewhat intuitive. Basically, your average network admin can stumble their way through it and find the obvious problems. But, naturally, that's not good enough for me. I want to be able to go a step beyond that. These videos definitely help in that area.
Just within the first DVD, I've already learned how to do some customizations. These are the little things that will make an average person look more polished. And it will definitely help the captures and analysis go much faster. On top of that, Laura Chappell also lends us some of her tricks and tips. She shows us not only how to use this, but how *she* uses it. The section on graphing the data and displaying it professionally will definitely 'up' your game. You will not only know what you're doing, but you'll also *look like* you know what you're doing. Professionalism usually lends points to credibility.
I'm up to the second chapter of the second DVD (went through that tonight). The second DVD is exploring the protocols in depth and relating it to what you see in a capture. Yeah, you probably already know how DNS works. But don't skip that part. You've probably learned enough to fill a book about DNS. This focuses that knowledge so that you look at the key areas and it relates specific parts of the packets to the tools that will help you look at the protocol from a trace analysis viewpoint (versus your install, configure, maintain viewpoint). It's a little less overwhelming that way. You don't have to look at every line of every packet in a 546,000 packet capture. She shows you how to build filters to make the capture 'speak' to you and tell you its story.
This is some good stuff. And it comes from a name that should already be familiar. If you've read the ICRC or ACRC or CIT books, you've seen the name before. She knows her stuff - and knows how to teach it too. That's something that isn't found very often in this field. The 'experts' put you in a coma with their stuff. The good teachers often don't give you enough 'meat' in their classes. This set of videos has both. Get them if you can.
Posted by BlueWolf on April 24, 2008 10:16 PM