Applications | Experts | Maps | Network Mgmt | OS | Packets | Problem Mgmt | Philosophy | SAN | Seminars


Seminar Descriptions


Visual Class Tour

Packet Capture Mechanics


See it, do it, teach it -- that's how I progress from novice to skilled: until I can teach a topic, I don't really understand it. I specialize in facilitating hands-on seminars in which attendees practice real-world techniques for solving issues in IT operations.

Find me at Cascadia IT Conference, Sharkfest, and LISA.

Seminar Descriptions

Descriptions and slide decks, typically from one-day seminars.

Diagramming Diagramming IT Environments Slides
Measuring Throughput Measuring Throughput Slides
Myth-Busting Myth Busting: The Network Layer Slides
Professional Maturity Communicating Upward Slides
Professional Maturity Why is this Hard Slides
RCA Root Cause Analysis Beginner Slides
RCA Root Cause Analysis Intermediate Slides
RCA Root Cause Analysis Advanced Slides
RCA Root Cause Analysis Process Slides
RPR Definitive Diagnostic Data Slides
Tech Support Effective Use of Tech Support Slides
Traces Fun With Traces Chapter 1 Slides
Traces Fun With Traces Chapter-2 Slides
Traces Fun With Traces Chapter-3 Slides
Wireshark Wireshark: The Supporting Cast Slides


Planning to attend one of these seminars? I recommend:

  1. Read the description, skim the deck, and glance at the homework before registering, to get a feel for how we'll spend the day.
  2. Do the homework for the RCA & Fun With Traces series; give yourself a day or two to walk through this.
  3. Do the homework for the Myth-Busting series; give yourself a day or two to walk through this. The homework includes instructions for installing the Myth-Busting-Toolkit, which you download from this site.
  4. Read the deck carefully a few days prior to remind yourself how this seminar works. (Be aware that I update my decks steadily during the days, weeks, and months prior to a class -- grab the latest version from this page and notice the date in the lower-left hand corner on each slide.)
  5. Arrive 30-60 minutes early to the seminar room, in order to complete the pre-flight checklist which will be displayed on the screen up front.

A Visual Tour of a Class

What do these hands-on classes look like? Typically, you work in groups of two to five, assign roles to each team member, select a particular lab, check-out suitable gear from a side table, develop hypotheses and test them, and discuss the implications of your findings with your teammates. You may bring your own gear in order to develop complex labs: your table gets messy. You'll use open-source toolkits to monitor performance and analyze results; you may choose to visit a virtualized lab environment or check out a commercial tool. Consult with your instructors as needed. Periodically, we come together as a class to hear reports from each team and to highlight larger themes. These photos from Myth-Busting: The Network Layer at LISA 2014 and CasitConf 2015.

Packet Capture Mechanics

During RCAs, I often set long-running packet captures going and later extract key frames from directories full of the capture files, and then merge them together.

To automate stopping a capture based on a triggering event, try Chris Maynard's dumpcap.bat, a batch file wrapper around dumpcap.exe, originally announced on wireshark-users in May 2014.

Here is my Wireshark Preferences, uploaded 2015-01-05, including Profiles. [Produced on a Windows machine: if you're copying to *nix, run the entire directory through dos2unix first. Or, better yet, upgrade to Wireshark 1.12.0+, which handles both flavors of line termination characters automatically.]

When I copy my Wireshark Preferences to a new machine, I run update-ws-profiles to automate the task of changing IP and MAC addresses in filters.

OS Tools

I want to develop a class around using OS-specific tools to trouble-shoot issues. Herein a few notes in that direction.

Transceivers, speed, and negotiation

My notes around how SFP / SFP+ / QSFP+ ports behave.

Last modified: 2017-11-12