Somewhere back in the 2007-2009 timeframe I bought a book about “Wireshark & Ethereal” (see the bottom of this post). I was only a couple years into my post-college career and was either troubleshooting a local network problem or troubleshooting something with the Cisco PIX 501/503’s that I stood up at my job of the time.
I’ve always been truly fascinating with networking, network troubleshooting and packet analysis. In those early days of my career, I was the “jack of all trades, master of none” type. I built and supported the workstations, servers, network equipment, etc. I had some familiarity with packet capturing, but it was (and still is) an area of known weakness for sure. Today, almost 20 years later, I’ve bought another book:
Over the last two three four five weeks I’ve been involved in troubleshooting a pretty big issue. In my last post I’d even talked about remotely capturing packets. But what really bugged me was that while I could capture the packets, I couldn’t really tell the story. Sure, I know technically what resets, retransmits, duplicate ack’s, etc. are, but what I couldn’t definitely tell was whether or not what I saw in those captures were problematic or not.
And so it is, I begin this journey of a thousand packets. I don’t know how long it will take, or where it will take me, but the next time a team asks me to collect some packet capture data I’m determined to be able to make informed, educated hypotheses about what I’m looking at, potentially even spot errors, irregularities or problems. Networking makes everything today work, and I truly believe that those who can really look under the hood and dig deep into the weeds of network/packet analysis are at an extreme advantage. That’ll be me soon…
Oh, that ancient book I bought, that I still have on my shelf (next to books about SysInternals, VMware, TCP/IP Illustrated, and the NT Resource Kit) is:
