Saturday, 10 March 2012

TRaffic talk

onday, March 08, 2010


Traffic Talk 10 Posted

I just noticed that my tenth edition of Traffic Talk, titled Pcapr.net -- where Web 2.0 meets network packet analysis, has been posted. From the article:

Solution provider takeaway: Pcapr.net is a free packet collaboration site hosted by Mu Dynamics. Solution providers can participate in the community to exchange, analyze and gather traces for testing products or processes for their customers, including network packet analysis.

Not many networking solution providers are happy with the apparently limited number of network traces available for testing their products or processes. Hardly a day goes by on a network-focused mailing list without a participant asking, "Where can I download network traffic to test X?" Fortunately for anyone who wants to take network traffic exchange to a new level, Mu Dynamics has answered the call. Its Pcapr.net site is the self-proclaimed "Web 2.0 for packets." In this edition of Traffic Talk, we'll take a tour of Pcapr.net to see what features it offers networking solution providers, including network packet analysis.

Tuesday, February 02, 2010


Traffic Talk 9 Posted

I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:

Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.

Saturday, November 21, 2009


Traffic Talk 8 Posted

I just noticed that my 8th edition of Traffic Talk, titled How to use user-agent strings as a network monitoring tool, was posted this week. It's a simple concept that plenty of NSM practitioners implement, and I highly recommend it.

Friday, October 02, 2009


Traffic Talk 7 Posted

I just noticed that my 7th edition of Traffic Talk, titled How to deploy NetFlow v5 and v9 probes and analyzers, was posted on 28 September. I submitted it back in mid-August but it's on the Web now.

On a related note, I am tech editing a forthcoming book on NetFlow by Michael Lucas titled Network Flow Analysis. Michael is probably my favorite technical author, so keep an eye open for his book in May 2010.

Thursday, July 02, 2009


Traffic Talk 6 Posted

My 6th edition of Traffic Talk, titled Wireshark 1.2 tutorial: Open source network analyzer's new features has been posted. From the article:

Wireshark is a staple of any network administrator's toolkit, and it can be equally useful for any network solution providers or consultants who troubleshoot business networks. Most of the readers of this tutorial have probably used Gerald Combs' open source protocol analyzer for years. In this edition of Traffic Talk, I'd like to discuss a few new features of Wireshark as present in the 1.2 version released on June 15, 2009. I use Windows XP SP3 as my test platform.

If you have any questions on the article, please post them here. Thank you.

Sunday, April 26, 2009


Traffic Talk 5 Posted

My fifth edition of Traffic Talk, titled Network security monitoring using transaction data, has been posted. From the article:

Welcome back to Traffic Talk, a regular SearchNetworkingChannel.com series for network solution providers and consultants who troubleshoot business networks. We took a break, but we're back with more articles on using network traffic to make your business more productive and secure.

In this article, I discuss network security monitoring (NSM) and introduce one specific form of NSM data -- transaction data.

If you have any questions on the article, please post them here.

I should be writing new Traffic Talk articles every other month. Snort Report seems to be on hold for the time being, but if that changes I will post word here. If you'd like to see the Snort Report return to SearchSecurityChannel.com, post a comment here. Thank you.

mber 20, 2008

Traffic Talk 4 Posted

My fourth edition of Traffic Talk, titled Daemonlogger for Packet Capture and Redirection, has been posted. From the article:

Welcome to the 4th edition of Traffic Talk, a regular SearchNetworkingChannel.com series for network solution providers and consultants who troubleshoot business networks.

In this article I'll demonstrate two novel features of Marty Roesch's Daemonlogger tool.

I compare Daemonlogger's ring buffer to Tcpdump's ring buffer, and then show how to use the Daemonlogger soft tap function.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.

Wednesday, December 17, 2008


Traffic Talk 3 Posted

My third edition of Traffic Talk, titled Network Security Monitoring: Knowing Your Network has been posted. From the article:

Recently I read an interview with network security pioneer Marcus Ranum, who was asked the following question about network security monitoring: "In your opinion, what is the current weakest link in the network security chain that will need to be dealt with next year and beyond?"

Read my article to see what Marcus wrote and how I responded.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
10, 2008

Traffic Talk 2 Posted

My second edition of Traffic Talk, titled Using Wireshark and Tshark display filters for troubleshooting, has been posted. From the article:

Welcome to the second installment of Traffic Talk, a regular SearchNetworkingChannel.com series for network solution providers and consultants who troubleshoot business networks. In these articles we examine a variety of open source network analysis tools. In this edition we explore Wireshark and Tshark display filters. Display filters are one of the most powerful, and sometimes misunderstood, features of the amazing Wireshark open source protocol analyzer. After reading this tip you'll understand how to use display filters for security and network troubleshooting.

Monday, August 04, 2008


Traffic Talk 1 Posted

I've started writing a new series for TechTarget SearchNetworkingChannel.com called Traffic Talk. The first edition is called DNS troubleshooting and analysis. I wrote it in early June, way before Dan Kaminsky's DNS revelations, so it has nothing to do with that affair. From the start of the article:

Welcome to the first edition of Traffic Talk, a regular SearchNetworkingChannel.com series for junior to intermediate networkers who troubleshoot business networks. In these articles we examine a variety of open source tools that expose and analyze different types of network traffic. In this edition we explore the Domain Name System (DNS), the mechanism that translates IP addresses to hostnames and back, plus a slew of other functions.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)