Now that I'm 'actively' studying for the Wireshark Certification, I'm reviewing the WSU Courses. About 2 years ago, my company bought the WSU DVDs. We have WSU01 through WSU04. I guess it was a cheap way to shut me up about training and went on an easier to justify/approve accounting list.
I went through all 4 DVDs at the time and the knowledge I gained from them was very useful and practical. I went from bumbling around like everyone else to knowing exactly what I wanted to do and how to do it. Like everyone else, I had a pretty good idea of what I was doing, but there was a lot of time wasted 'trying to find' this and that. After the course, I became somewhat faster at taking and analyzing captures. Now I want to take it to the next level.
So now I find myself going over all 4 DVDs again. Wow. I didn't realize what I missed. Well, it wasn't so much what I missed as the fact that it wasn't pertinent at the time. Since it didn't relate to the task at hand, it was heard, digested and forgotten. Now I'm going back to pick those things up and remember them this time.
I'm already back into WSU02 - which covers protocols in depth and shows examples of unusual traffic. The one thing missing from the course, however, are specific fixes for 'broken' traffic. Granted, at most places, the person performing the trace will be someone who just samples the traffic and tells the server people or desktop people - oh, you have a problem with your such-and-such server or that it's a client issue. And it's up to them to figure out what is wrong and how to fix it. After all, they're supposed to be the 'expert' in that area, right? Well, that isn't *always* true. Sometimes you can tell them that it's a server issue - but they won't believe you. However, packets don't lie. Yet, if they don't understand or believe you, they will 'fiddle with the knobs' and not fix the problem. The problem remains, they can prove they've done everything (especially when they're looking at the wrong end), and of course - you're no help because you obviously don't know what you're talking about... Giving the other teams some very specific advice and recommendations would be much more helpful.
Although some would look at the path I've taken and say that I 'wasted' time by going the MCSE route before going into networking, in cases like this - it's been very helpful. Granted, I've let my Windows skills decay a bit from lack of use - however I do understand a lot more about what's happening on the other end of the wire. I also understand that if you give a recommendation that is not fully comprehended, it's hard to implement. I know they training they've gone through - and it doesn't really go over much more than the basics of networking. The server 'magically' connects to the network cloud. That's all the job of the networking people. And to the networking people - yeah, I know the training they go through too - putting a server on the network is the server team's job. Too much very important stuff falls into that crack between the realms. I'd like to be the person who knows all that in-between stuff. Apparently 'those people' are rare and hard to come by...
Posted by BlueWolf on August 13, 2009 07:17 AM