Get. The. Packet. Capture.

Started by deanwebb, May 10, 2018, 09:10:09 AM

Previous topic - Next topic

deanwebb

I don't know why people put off getting the packet capture... it's going to work, it's going to solve the problem, it's going to be the best thing you do all day. So why waste time with anything else?

I submit that the people that don't go directly to setting up a capture are either just being lazy, don't know how to do it, or are a combination of the two.

Lazy I can't help.

Not knowing how to do it? Google up "tcpdump", load Wireshark, and get busy.

Just had a case yesterday, lots of finger pointing, everybody blaming everyone else. The arguing had been going on for HOURS. I got parachuted in and asked the question, "What does the packet capture show?"

Silence.

Next thing I said was, "Get the packet capture on the server and it will show if there's any attempt to connect with the remote host."

They got the packet capture.

One hour later, they had the fix in place.  :smug:

If they had gone for the capture instead of the political posturing bullcrap, they would have had the fix, less arguing, and no need to make everyone mad with accusatory finger-pointing.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Nerm

I completely agree. Do you mind if I copy and paste this in an email to my entire department? :)

deanwebb

Quote from: Nerm on May 10, 2018, 09:46:55 AM
I completely agree. Do you mind if I copy and paste this in an email to my entire department? :)

Please share with them. I want to make the world a better place.

:tmyk:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Simliar words could be applied to most any position in any field.

in construction, "permit" could just about replace "capture" or "packet capture"

what does YOUR permit show?
:professorcat:

My Moral Fibers have been cut.

deanwebb

In consulting, you have to hit that Statement of Work pretty hard at times...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

shortstop20

Quote from: deanwebb on May 10, 2018, 09:10:09 AM
I don't know why people put off getting the packet capture... it's going to work, it's going to solve the problem, it's going to be the best thing you do all day. So why waste time with anything else?

I submit that the people that don't go directly to setting up a capture are either just being lazy, don't know how to do it, or are a combination of the two.

Lazy I can't help.

Not knowing how to do it? Google up "tcpdump", load Wireshark, and get busy.

Just had a case yesterday, lots of finger pointing, everybody blaming everyone else. The arguing had been going on for HOURS. I got parachuted in and asked the question, "What does the packet capture show?"

Silence.

Next thing I said was, "Get the packet capture on the server and it will show if there's any attempt to connect with the remote host."

They got the packet capture.

One hour later, they had the fix in place.  :smug:

If they had gone for the capture instead of the political posturing bullcrap, they would have had the fix, less arguing, and no need to make everyone mad with accusatory finger-pointing.

Evidence based assessment? Blasphemy!!!  :)

deanwebb

Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.