1
00:00:00,000 --> 00:00:12,776


2
00:00:12,776 --> 00:00:19,172
Alright, so why is protocol analysis important? 

3
00:00:19,196 --> 00:00:23,683
Well specifically, once we start getting into

4
00:00:23,673 --> 00:00:27,824
more detailed, you know, learning environments

5
00:00:27,814 --> 00:00:30,146
and or production networks,

6
00:00:30,147 --> 00:00:32,429
you're going to use Wireshark to

7
00:00:32,427 --> 00:00:34,438
to capture the data and

8
00:00:34,438 --> 00:00:37,730
start looking within it and finding anomalies

9
00:00:37,727 --> 00:00:38,821
and troubleshooting problems.

10
00:00:38,828 --> 00:00:41,767
So, why are these things relevant?

11
00:00:41,767 --> 00:00:44,104
So, specifically when you're,

12
00:00:44,104 --> 00:00:46,093
when you're capturing the data,

13
00:00:46,093 --> 00:00:48,063
you may find some specific stuff

14
00:00:48,066 --> 00:00:50,292
in there that will give you a clue.

15
00:00:50,295 --> 00:00:53,017
This is where you may

16
00:00:53,030 --> 00:00:55,092
not know anything about the problem

17
00:00:55,092 --> 00:00:56,695
and you're trying to figure it out

18
00:00:56,695 --> 00:00:59,438
completely from scratch or

19
00:00:59,445 --> 00:01:03,483
you may know some hints such as

20
00:01:03,483 --> 00:01:05,902
collecting the information from the clients

21
00:01:05,902 --> 00:01:07,967
and or the administrative staff

22
00:01:07,967 --> 00:01:11,066
or the help desk in trying to do some

23
00:01:11,069 --> 00:01:13,191
preliminary analysis of what 

24
00:01:13,191 --> 00:01:14,277
the problem may be.

25
00:01:14,277 --> 00:01:17,464
So, it's a recommendation

26
00:01:17,467 --> 00:01:20,108
that when you're called in to use Wireshark

27
00:01:20,115 --> 00:01:22,919
you put on the detective hat

28
00:01:22,925 --> 00:01:25,380
and you take a complete report

29
00:01:25,405 --> 00:01:27,884
on everything that you can before you even

30
00:01:27,889 --> 00:01:30,882
light Wireshark up and start capturing data.

31
00:01:30,873 --> 00:01:34,814
For example, it's been in the past,

32
00:01:34,820 --> 00:01:38,659
I've seen where desk support or field

33
00:01:38,656 --> 00:01:41,445
 services teams are very savvy in what they do.

34
00:01:41,445 --> 00:01:43,516
They're masterful at knowing 

35
00:01:43,529 --> 00:01:45,008
the client work station

36
00:01:45,008 --> 00:01:47,583
and some of these tools like Wireshark

37
00:01:47,583 --> 00:01:49,329
and they've already ran and 

38
00:01:49,329 --> 00:01:51,318
captured some data for you.

39
00:01:51,318 --> 00:01:53,792
Sometimes, they can give you the data

40
00:01:53,792 --> 00:01:55,161
and it might be your baseline

41
00:01:55,161 --> 00:01:56,832
that you were looking for to know

42
00:01:56,837 --> 00:02:00,503
how this machine operates normally.

43
00:02:00,503 --> 00:02:03,929
When I say, machine, I should drill down on that

44
00:02:03,929 --> 00:02:07,419
how when it's using the network-used

45
00:02:07,418 --> 00:02:10,998
resources, what that view looks like normally.

46
00:02:10,993 --> 00:02:15,020
And let's say, from if it's a 24 by 7 operation

47
00:02:15,024 --> 00:02:16,979
normally all the time, or within

48
00:02:16,994 --> 00:02:19,298
normal production operating hours.

49
00:02:19,309 --> 00:02:24,564
So, that is the first thing that we want to do

50
00:02:24,564 --> 00:02:26,343
is start looking around this and saying

51
00:02:26,343 --> 00:02:28,110
if we're going to start doing this from analysis

52
00:02:28,114 --> 00:02:30,471
where - what's already been captured,

53
00:02:30,471 --> 00:02:31,555
what's already been done?

54
00:02:31,555 --> 00:02:34,123
And what's kind of the problem?

55
00:02:34,122 --> 00:02:38,656
What has been reported and is that actually

56
00:02:38,660 --> 00:02:39,804
something that we can use

57
00:02:39,804 --> 00:02:41,171
Wireshark to troubleshoot?

58
00:02:41,171 --> 00:02:43,551
So as an example,

59
00:02:43,551 --> 00:02:45,281
let's say, you have a problem where

60
00:02:45,281 --> 00:02:49,470
a data base server is, is operating horribly.

61
00:02:49,470 --> 00:02:52,065
And it's causing clients

62
00:02:52,060 --> 00:02:54,575
to have application issues.

63
00:02:54,572 --> 00:02:56,704
So, a lot of times what we'll do is

64
00:02:56,703 --> 00:02:58,939
we, we go to the client machine.

65
00:02:58,938 --> 00:03:00,938
And we may see, well, the internet works great,

66
00:03:00,959 --> 00:03:02,959
their email looks fine.

67
00:03:02,959 --> 00:03:05,948
And we've isolated it to this application.

68
00:03:05,948 --> 00:03:07,946
So what we want to do is we want to 

69
00:03:07,948 --> 00:03:10,494
specifically look down that path, so

70
00:03:10,489 --> 00:03:12,329
you know, you want to run a general capture,

71
00:03:12,329 --> 00:03:14,058
you want to look at things, you know,

72
00:03:14,058 --> 00:03:17,155
you know, everything very quickly.

73
00:03:17,155 --> 00:03:18,122
But you want to say,

74
00:03:18,122 --> 00:03:20,667
"Alright, I want to do some detective work

75
00:03:20,673 --> 00:03:22,586
and I want to start streamlining

76
00:03:22,586 --> 00:03:25,132
my troubleshooting path down into

77
00:03:25,141 --> 00:03:27,900
specifically what is wrong with this application."

78
00:03:27,889 --> 00:03:28,459
Now, you don't know

79
00:03:28,459 --> 00:03:29,557
to deal with this problem yet.

80
00:03:29,557 --> 00:03:31,557
We will find that out.

81
00:03:31,555 --> 00:03:33,516
But you know, at least specifically,

82
00:03:33,516 --> 00:03:35,289
it's this application.

83
00:03:35,289 --> 00:03:37,289
Alright, so let's drill down a little bit further.

84
00:03:37,289 --> 00:03:39,289
Let's say, you're troubleshooting

85
00:03:39,289 --> 00:03:41,289
the application and you find that

86
00:03:41,289 --> 00:03:43,289
everything works pretty well

87
00:03:43,289 --> 00:03:45,289
except for when they log in.

88
00:03:45,289 --> 00:03:47,289
That's the problem, very slow log in.

89
00:03:47,289 --> 00:03:49,596
Or they're using an application

90
00:03:49,586 --> 00:03:52,487
and one of the modules or components

91
00:03:52,499 --> 00:03:55,412
within the application is problematic.

92
00:03:55,415 --> 00:03:57,599
The reason why we mention this

93
00:03:57,599 --> 00:03:59,362
before getting deep, deep, deep

94
00:03:59,358 --> 00:04:01,973
into Wireshark and how it works is because

95
00:04:01,973 --> 00:04:04,432
that's the whole key to using Wireshark.

96
00:04:04,432 --> 00:04:05,966
The key to using wireshark is 

97
00:04:05,966 --> 00:04:07,781
to figure out specifically what 

98
00:04:07,770 --> 00:04:09,609
it is you that you want to drill down to.

99
00:04:09,609 --> 00:04:11,229
Otherwise, you're just collecting

100
00:04:11,229 --> 00:04:12,984
data and sifting through it.

101
00:04:12,984 --> 00:04:15,572
You can do that, too,

102
00:04:15,577 --> 00:04:17,748
but to be masterful with it, you want to 

103
00:04:17,748 --> 00:04:20,185
really, really try to put the detective

104
00:04:20,198 --> 00:04:22,782
hat on and try to figure out a few things first.

105
00:04:22,781 --> 00:04:25,186
You want to figure out things I had,

106
00:04:25,186 --> 00:04:26,240
like I had just mentioned.

107
00:04:26,240 --> 00:04:28,135
Is it specific to an application?

108
00:04:28,135 --> 00:04:29,683
Now, alright, so let's say you don't know

109
00:04:29,680 --> 00:04:31,944
to drill into the components of the application

110
00:04:31,951 --> 00:04:33,951
and maybe you didn't know that

111
00:04:33,951 --> 00:04:35,628
you would drill down to the log

112
00:04:35,624 --> 00:04:37,883
and is being an issue, but

113
00:04:37,883 --> 00:04:39,255
you at least knew that it was

114
00:04:39,255 --> 00:04:41,011
that application and why is that important.

115
00:04:41,011 --> 00:04:44,544
Well, the destination from the source, maybe

116
00:04:44,544 --> 00:04:46,189
that application server, and that 

117
00:04:46,189 --> 00:04:48,029
maybe an end to your application.

118
00:04:48,029 --> 00:04:49,733
We have 3 tiers, you have 

119
00:04:49,744 --> 00:04:52,306
the application front end which is on a

120
00:04:52,318 --> 00:04:54,957
load balanced webservers.

121
00:04:54,953 --> 00:04:57,287
It may have a middleware tier,

122
00:04:57,278 --> 00:04:59,278
where a lot of, you know, cam components

123
00:04:59,277 --> 00:05:02,280
flowing around and it may have a database tier.

124
00:05:02,271 --> 00:05:03,973
Each one of those tiers may be

125
00:05:03,973 --> 00:05:05,481
firewalled in ACL.

126
00:05:05,481 --> 00:05:07,481
So it's very important that when you

127
00:05:07,481 --> 00:05:09,481
you're doing analysis work. You're not

128
00:05:09,481 --> 00:05:11,943
just looking at it from the client,

129
00:05:11,943 --> 00:05:13,723
and you're just running a capture

130
00:05:13,723 --> 00:05:15,265
because the client said that they had

131
00:05:15,265 --> 00:05:17,303
bad performance but they actually

132
00:05:17,303 --> 00:05:18,495
kind of drilled down more

133
00:05:18,495 --> 00:05:21,685
into what traffic you're going to try to filter.

134
00:05:21,685 --> 00:05:24,050
Yes, we will learn how to build filters.

135
00:05:24,050 --> 00:05:25,120
Yes, we will learn how to

136
00:05:25,120 --> 00:05:26,428
drill down to the traffic.

137
00:05:26,428 --> 00:05:28,244
Look for specific ports,

138
00:05:28,244 --> 00:05:31,531
Look for specific time to live,

139
00:05:31,541 --> 00:05:33,775
specific offsets, specific everything.

140
00:05:33,776 --> 00:05:35,854
But if you have to understand

141
00:05:35,854 --> 00:05:37,548
what application is the problem,

142
00:05:37,548 --> 00:05:39,548
maybe that gives you a clue as to what

143
00:05:39,548 --> 00:05:42,535
protocol you need to start drilling down into.

144
00:05:42,535 --> 00:05:45,817
And again from earlier, you may want to 

145
00:05:45,817 --> 00:05:47,370
do the other checks as well.

146
00:05:47,370 --> 00:05:48,887
Send some data downstream, 

147
00:05:48,886 --> 00:05:52,800
via ping or traceroute, maybe something is slow.

148
00:05:52,801 --> 00:05:54,563
That may not be the problem with log in

149
00:05:54,563 --> 00:05:56,288
but it may be the problem where it's the

150
00:05:56,285 --> 00:05:59,736
overall application itself has bad performance.

151
00:05:59,736 --> 00:06:02,288
If all the applications have bad performance,

152
00:06:02,288 --> 00:06:03,309
what does that mean?

153
00:06:03,309 --> 00:06:08,358
So again, just in sum, analyzing 101 is not

154
00:06:08,356 --> 00:06:11,308
just lighting up Wireshark, capturing data,

155
00:06:11,305 --> 00:06:14,183
and go, it's let's look at everything.

156
00:06:14,183 --> 00:06:15,982
Let's look, let's put on the detective hat 

157
00:06:15,982 --> 00:06:17,759
and look at everything that we can.

158
00:06:17,759 --> 00:06:21,911
So, what does this mean when we,

159
00:06:21,911 --> 00:06:23,526
when we do this and 

160
00:06:23,526 --> 00:06:25,446
we try this now and start drilling down.

161
00:06:25,446 --> 00:06:27,639
So, let's say you have a problem where

162
00:06:27,640 --> 00:06:31,377
a specific device wasn't registering correctly with

163
00:06:31,377 --> 00:06:33,118
the network monitoring tool.

164
00:06:33,118 --> 00:06:36,166
What could that be? Alright, well, we knew

165
00:06:36,166 --> 00:06:37,098
enough to say,

166
00:06:37,098 --> 00:06:39,071
I am going to start capturing data

167
00:06:39,086 --> 00:06:43,749
to show SNMP traffic from source to destination

168
00:06:43,749 --> 00:06:47,508
and specifically, what, what is going on at that

169
00:06:47,508 --> 00:06:49,508
at that capture point.

170
00:06:49,508 --> 00:06:51,201
What is happening here? 

171
00:06:51,201 --> 00:06:52,666
So a couple of things that we found

172
00:06:52,666 --> 00:06:56,079
is we found the string and in this

173
00:06:56,079 --> 00:06:58,202
particular incident, we were finding that

174
00:06:58,202 --> 00:07:00,365
there were some data, some hosts

175
00:07:00,365 --> 00:07:03,163
that weren't configured correctly via SNMP.

176
00:07:03,163 --> 00:07:05,661
And there was an access control list cofigured,

177
00:07:05,663 --> 00:07:07,826
so, certain things weren't happening.

178
00:07:07,837 --> 00:07:10,257
And we were able to figure that out

179
00:07:10,257 --> 00:07:12,257
with Wireshark. But again,

180
00:07:12,257 --> 00:07:14,257
what's important to remember is that

181
00:07:14,257 --> 00:07:18,078
we wouldn't have known to look for that,

182
00:07:18,078 --> 00:07:21,808
filter down to that, drill down to that

183
00:07:21,801 --> 00:07:23,557
and look for those specific things without

184
00:07:23,560 --> 00:07:26,192
understanding one, the network and 

185
00:07:26,192 --> 00:07:27,800
the fundamentals of it,

186
00:07:27,800 --> 00:07:31,544
two, the protocol - what's being used,

187
00:07:31,533 --> 00:07:33,533
three, doing some detective work

188
00:07:33,533 --> 00:07:35,533
around all these to figure out

189
00:07:35,533 --> 00:07:37,533
that my problem is not email,

190
00:07:37,533 --> 00:07:39,533
it wasn't web browsing and a

191
00:07:39,533 --> 00:07:42,714
you know, it wasn't accessing a file share.

192
00:07:42,714 --> 00:07:45,145
It was specifically, this device

193
00:07:45,145 --> 00:07:46,840
connecting from one to the other

194
00:07:46,840 --> 00:07:50,858
and trying to communicate the SNMP.

195
00:07:50,849 --> 00:07:53,565
This is why it's important to remember

196
00:07:53,565 --> 00:07:55,875
that specifically, you want to have

197
00:07:55,867 --> 00:07:57,997
a lot of knowledge behind you

198
00:07:58,031 --> 00:08:00,031
when you're troubleshooting.

199
00:08:00,031 --> 00:08:02,031
Alright, so next,

200
00:08:02,031 --> 00:08:04,667
when you're doing protocol analysis,

201
00:08:04,664 --> 00:08:07,690
you're capturing data to and from source

202
00:08:07,690 --> 00:08:10,096
to destination, sources to destinations, 

203
00:08:10,096 --> 00:08:12,141
or through hops, you're going to

204
00:08:12,134 --> 00:08:13,881
it's going to reveal some specific things.

205
00:08:13,881 --> 00:08:15,892
Just to recap, you may have 

206
00:08:15,892 --> 00:08:17,402
some bandwidth issues,

207
00:08:17,402 --> 00:08:19,402
data may be corrupted.

208
00:08:19,402 --> 00:08:22,540
In a, things may be configured incorrectly.

209
00:08:22,540 --> 00:08:26,098
You may have some in, latency issues.

210
00:08:26,098 --> 00:08:29,464
The client itself, or the destination

211
00:08:29,464 --> 00:08:30,880
may have some I/O issues.

212
00:08:30,880 --> 00:08:34,553
The database need, may need to be re-indexed.

213
00:08:34,553 --> 00:08:37,010
There may be an asynchronous route.

214
00:08:37,010 --> 00:08:39,543
The firewall may be blocking it.

215
00:08:39,533 --> 00:08:43,057
There may be some proxy server

216
00:08:43,065 --> 00:08:45,748
issue where it's not allowed,

217
00:08:45,765 --> 00:08:47,129
allowing something and it's 

218
00:08:47,143 --> 00:08:49,252
manifesting as a different issue.

219
00:08:49,264 --> 00:08:51,873
You may have a routing issue.

220
00:08:51,874 --> 00:08:54,502
You may have a storm-causing performance.

221
00:08:54,511 --> 00:08:58,338
So just remember, when you're doing analysis

222
00:08:58,337 --> 00:09:01,555
this data captured is going to reveal,

223
00:09:01,563 --> 00:09:04,653
reveal what those issues are but you may need

224
00:09:04,661 --> 00:09:07,269
to really figure out and drill down to

225
00:09:07,275 --> 00:09:09,030
essentially what it is you're looking for.

226
00:09:09,030 --> 00:09:12,820
Which again, forces you, and I,

227
00:09:12,820 --> 00:09:14,711
and I wholeheartedly say, forces you

228
00:09:14,711 --> 00:09:16,238
because if you really want to learn and 

229
00:09:16,238 --> 00:09:17,606
dig deep into this tool,

230
00:09:17,606 --> 00:09:20,352
you're going to have to really start looking

231
00:09:20,350 --> 00:09:23,693
at how does TCP operate particularly.

232
00:09:23,693 --> 00:09:27,687
Most, if not all of you, may know the handshake.

233
00:09:27,693 --> 00:09:29,663
We'll cover it in a later module for those

234
00:09:29,653 --> 00:09:32,999
that may not know it, but that is 

235
00:09:32,997 --> 00:09:35,139
going to be the predominant thing

236
00:09:35,144 --> 00:09:36,620
that when we do a flow graph, 

237
00:09:36,614 --> 00:09:39,153
when we pull flow graph to Wireshark,

238
00:09:39,153 --> 00:09:39,922
those are the things that

239
00:09:39,922 --> 00:09:41,141
you're going to need to look for.

240
00:09:41,141 --> 00:09:43,009
You're going to need to see, ok well,

241
00:09:43,006 --> 00:09:45,158
I've had duplicate ACK's.

242
00:09:45,166 --> 00:09:45,898
So what does that mean? 

243
00:09:45,898 --> 00:09:47,177
What is an ACK, right?

244
00:09:47,177 --> 00:09:49,177
So those are the things that

245
00:09:49,177 --> 00:09:51,035
will require you to dig deeper

246
00:09:51,035 --> 00:09:53,439
into understanding the protocols. And again,

247
00:09:53,443 --> 00:09:56,258
the different layers of the OSI model.

248
00:09:56,269 --> 00:09:59,283
So, we're just going to briefly talk about

249
00:09:59,283 --> 00:10:01,172
some of the analysis tools.

250
00:10:01,172 --> 00:10:03,934
One of the key things with analysis tools

251
00:10:03,930 --> 00:10:05,909
is that there are many tools

252
00:10:05,909 --> 00:10:07,658
within Wireshark itself.

253
00:10:07,658 --> 00:10:11,491
Wireshark itself has analysis tools within it.

254
00:10:11,491 --> 00:10:14,974
There are analysis tools outside of Wireshark.

255
00:10:14,974 --> 00:10:17,584
There are analysis tools that are handheld

256
00:10:17,584 --> 00:10:19,584
that you can plug in to your network.

257
00:10:19,584 --> 00:10:21,584
There's analysis tools that are

258
00:10:21,584 --> 00:10:24,838
enterprise-wide that require probes

259
00:10:24,838 --> 00:10:27,928
and all the types of devices.

260
00:10:27,928 --> 00:10:30,122
Whatever those devices are, just remember

261
00:10:30,122 --> 00:10:33,748
these tools are, are simply for the form

262
00:10:33,745 --> 00:10:35,989
to help you analyze

263
00:10:35,989 --> 00:10:37,989
what a potential problem can be.

264
00:10:37,989 --> 00:10:40,304
And the reason I put the Expert up here,

265
00:10:40,304 --> 00:10:41,746
which is a tool within Wireshark

266
00:10:41,746 --> 00:10:43,115
and we will have a whole module

267
00:10:43,115 --> 00:10:44,914
dedicated directly to it.

268
00:10:44,914 --> 00:10:48,262
This tool will give you some specific

269
00:10:48,256 --> 00:10:52,014
information, but it will not in particularly

270
00:10:52,014 --> 00:10:54,734
tell you exactly what the problem is,

271
00:10:54,734 --> 00:10:58,146
and, and that's, that's been a concern

272
00:10:58,136 --> 00:10:59,841
for many in the past is 

273
00:10:59,841 --> 00:11:02,663
will this really tell me what the problem is.

274
00:11:02,650 --> 00:11:04,511
When I install Wireshark,

275
00:11:04,511 --> 00:11:07,409
well, it'll immediately say -bing-bing-bing.

276
00:11:07,409 --> 00:11:09,110
Here's the problem, you need to do this,

277
00:11:09,110 --> 00:11:10,353
you need to do that. No.

278
00:11:10,353 --> 00:11:12,959
And that's why to start off this 

279
00:11:12,948 --> 00:11:15,019
foundation's course, I really wanted to drill

280
00:11:15,025 --> 00:11:18,589
into and get, get some awareness around

281
00:11:18,589 --> 00:11:20,554
the fundamentals of how these tools

282
00:11:20,554 --> 00:11:24,248
are really used and what, what information

283
00:11:24,255 --> 00:11:26,149
you will need to be successful with it.

284
00:11:26,138 --> 00:11:27,946
This tool is going to tell you that a

285
00:11:27,946 --> 00:11:29,380
retransmission is suspected,

286
00:11:29,362 --> 00:11:31,083
and if you really think about it,

287
00:11:31,083 --> 00:11:32,576
what does that really mean to you?

288
00:11:32,576 --> 00:11:37,001
And worst, it's telling you it's suspected, so

289
00:11:37,001 --> 00:11:38,374
that's what the Expert and 

290
00:11:38,374 --> 00:11:40,038
other analysis tools do.

291
00:11:40,038 --> 00:11:43,052
They allow you to view things and 

292
00:11:43,055 --> 00:11:45,217
do some deeper diving into them.

293
00:11:45,210 --> 00:11:47,210
So what will we find?

294
00:11:47,210 --> 00:11:50,773
We're going to do some deep packet inspection.

295
00:11:50,773 --> 00:11:52,773
We're going to review the data packets.

296
00:11:52,773 --> 00:11:54,773
We're going to look at timestamps.

297
00:11:54,763 --> 00:11:57,098
We're going to look at communications patterns.

298
00:11:57,099 --> 00:11:58,788
We're going to look at a whole bunch of stuff

299
00:11:58,790 --> 00:12:02,042
in the next 2 days, 2 to 3 days,

300
00:12:02,045 --> 00:12:04,495
and really dig deep into this data

301
00:12:04,485 --> 00:12:06,593
and start seeing some specific stuff.

302
00:12:06,603 --> 00:12:08,766
And that should be interesting

303
00:12:08,766 --> 00:12:10,003
to everybody, and exciting.

304
00:12:10,003 --> 00:12:12,003
Because a lot of times, you get

305
00:12:12,003 --> 00:12:14,003
really good at configuring devices,

306
00:12:14,003 --> 00:12:16,003
you get really good at designing devices,

307
00:12:16,003 --> 00:12:18,945
but what's really good is when you know

308
00:12:18,943 --> 00:12:20,907
how to solve problems with them.

309
00:12:20,903 --> 00:12:24,320
Because what we will find is, and, and I

310
00:12:24,322 --> 00:12:27,041
I've seen this many times in the past.

311
00:12:27,038 --> 00:12:30,642
We spend a lot of time, put a lot of effort

312
00:12:30,642 --> 00:12:32,374
into designing a perfect network,

313
00:12:32,374 --> 00:12:35,562
or augmenting it perfectly.

314
00:12:35,562 --> 00:12:39,663
We spend a ton of time looking to engineer 

315
00:12:39,674 --> 00:12:42,271
the best solution, the most secure,

316
00:12:42,290 --> 00:12:46,172
the most flexible, one with the most a

317
00:12:46,172 --> 00:12:49,246
and a bandwidth, and one that's

318
00:12:49,246 --> 00:12:51,157
to deliver optimal results.

319
00:12:51,157 --> 00:12:53,311
And you know what winds up happening,

320
00:12:53,311 --> 00:12:54,940
this is what we've seen.

321
00:12:54,940 --> 00:12:57,867
Networks are augmented

322
00:12:57,867 --> 00:13:00,784
and a lot of times the staff turns over

323
00:13:00,784 --> 00:13:02,126
and new people come in.

324
00:13:02,126 --> 00:13:03,589
Maybe it wasn't documented well.

325
00:13:03,589 --> 00:13:06,070
Mistakes are made. And this is no fault

326
00:13:06,070 --> 00:13:09,527
to anybody. This is just how we live our lives

327
00:13:09,526 --> 00:13:11,328
in an enterprise networking world.

328
00:13:11,317 --> 00:13:14,648
Things change. New solutions are put in place.

329
00:13:14,648 --> 00:13:16,482
Sometimes they don't the time to lab them up

330
00:13:16,478 --> 00:13:21,297
correctly or staff with a, they don't have the exact

331
00:13:21,282 --> 00:13:23,559
skill sets needed but they give it the best try.

332
00:13:23,564 --> 00:13:25,134
Sometimes things just go in.

333
00:13:25,134 --> 00:13:26,196
You have other groups.

334
00:13:26,196 --> 00:13:27,835
So, their servers are getting added.

335
00:13:27,838 --> 00:13:31,241
Maybe they didn't turn things off like, you know.

336
00:13:31,246 --> 00:13:33,852
Zero config on printers and 

337
00:13:33,852 --> 00:13:35,272
and what ends up happening is

338
00:13:35,272 --> 00:13:37,884
there's just so much stuff in a big network

339
00:13:37,884 --> 00:13:41,419
that the more we lab up, and the more 

340
00:13:41,427 --> 00:13:43,745
we learn about the design-build-run

341
00:13:43,737 --> 00:13:45,737
and the more that we learn about Wireshark

342
00:13:45,737 --> 00:13:47,249
and how to troubleshoot and dig 

343
00:13:47,249 --> 00:13:48,440
deep into the networks,

344
00:13:48,440 --> 00:13:51,663
the better off we will be to solve problems.

345
00:13:51,664 --> 00:13:54,391
And that is the key to solve issues.

346
00:13:54,391 --> 00:13:57,040
The fire alarm goes off, things are broken,

347
00:13:57,040 --> 00:13:58,328
the application's down.

348
00:13:58,328 --> 00:14:01,585
It's a critical application. People are panicking.

349
00:14:01,585 --> 00:14:04,127
And you come in, very calm, cool and

350
00:14:04,130 --> 00:14:06,314
collected and you strategize

351
00:14:06,327 --> 00:14:10,106
the exact way to solve or fix this issue 

352
00:14:10,107 --> 00:14:12,107
and that's what we're striving for.

353
00:14:12,107 --> 00:14:18,390