Fri Apr 18 23:14:12 CDT 2008

Lost a good one.

Just got home from a friend and coworker's going away party. He was here with his wife for almost 8 years and together they managed to have 2 children in that time period. He was one of the best admins we had, a very hard worker, and as nice a guy as you will ever meet. I'll miss you Bogdan Czyz. I wish you the best of luck at $bigco's Polish establishment. I'm sure they will come to appreciate you as much as I do.

Posted by arreyder | Permalink

Tue Apr 15 07:27:59 CDT 2008

TCP Stuff you should know.

I've been a bit taken back recently with a discovery that many network professionals that I know never seem to look on the wire much, and when they do, have not the first idea of how to make some sense of what they see. So here is the bottom line basics of what you should know: Duplicate ACKs. Three and then a retransmitted packet is a normal thing. A long stream of them means your network has some latency issues. Zero Windows. Ok if the packet has FIN or RST set, closing a connection. Not OK in *ANY* other situation. The good news, ITS NOT THE NETWORK! This means that someones receive buffer is full, and the sender needs to stop sending stuff until the client sends a window update (Ok I'm caught up, proceed with pummeling me wiht packets again). Usually this means the receiver is burdended in some way and cannot accept the packets from the buffer quick enough. Those two right there will get you a long way. More to come.

Posted by arreyder | Permalink

Mon Apr 7 16:28:08 CDT 2008


This last week I attended Sharkfest (bunch of wireshark nerds) in Mountain View, CA at Foot Hills College. My decision to attend was a last minute thing and a bit rushed but I am very happy to have made the choice to go. It was only three days but as far as conferences go it was one of the better ones I have ever attended. If you are into packet captures, network troubleshooting, or forensics as it relates to stuff on the wire, be sure not to miss this thing the next time it comes around. I'll be there for sure if at all possible.

Posted by arreyder | Permalink