I don't know why people put off getting the packet capture... it's going to work, it's going to solve the problem, it's going to be the best thing you do all day. So why waste time with anything else?
I submit that the people that don't go directly to setting up a capture are either just being lazy, don't know how to do it, or are a combination of the two.
Lazy I can't help.
Not knowing how to do it? Google up "tcpdump", load Wireshark, and get busy.
Just had a case yesterday, lots of finger pointing, everybody blaming everyone else. The arguing had been going on for HOURS. I got parachuted in and asked the question, "What does the packet capture show?"
Silence.
Next thing I said was, "Get the packet capture on the server and it will show if there's any attempt to connect with the remote host."
They got the packet capture.
One hour later, they had the fix in place. :smug:
If they had gone for the capture instead of the political posturing bullcrap, they would have had the fix, less arguing, and no need to make everyone mad with accusatory finger-pointing.
I completely agree. Do you mind if I copy and paste this in an email to my entire department? :)
Quote from: Nerm on May 10, 2018, 09:46:55 AM
I completely agree. Do you mind if I copy and paste this in an email to my entire department? :)
Please share with them. I want to make the world a better place.
:tmyk:
Simliar words could be applied to most any position in any field.
in construction, "permit" could just about replace "capture" or "packet capture"
what does YOUR permit show?
In consulting, you have to hit that Statement of Work pretty hard at times...
Quote from: deanwebb on May 10, 2018, 09:10:09 AM
I don't know why people put off getting the packet capture... it's going to work, it's going to solve the problem, it's going to be the best thing you do all day. So why waste time with anything else?
I submit that the people that don't go directly to setting up a capture are either just being lazy, don't know how to do it, or are a combination of the two.
Lazy I can't help.
Not knowing how to do it? Google up "tcpdump", load Wireshark, and get busy.
Just had a case yesterday, lots of finger pointing, everybody blaming everyone else. The arguing had been going on for HOURS. I got parachuted in and asked the question, "What does the packet capture show?"
Silence.
Next thing I said was, "Get the packet capture on the server and it will show if there's any attempt to connect with the remote host."
They got the packet capture.
One hour later, they had the fix in place. :smug:
If they had gone for the capture instead of the political posturing bullcrap, they would have had the fix, less arguing, and no need to make everyone mad with accusatory finger-pointing.
Evidence based assessment? Blasphemy!!! :)
Quote from: shortstop20 on May 22, 2018, 12:18:24 PM
Evidence based assessment? Blasphemy!!! :)
Hey, welcome back! 8)