If you understand TCP/IP and how your network communications work, you understand where to look when things go wrong. You also understand how many of the security tools do what the vendor says they do (or don't do what the vendor advertises). This is useful when comparing products to purchase and implement.
Another tremendous benefit of understanding your network's underlying nuts and bolts is the ability to branch off in different directions, whether it be troubleshooting, security, optimization, application analysis, or anything else.
When a new protocol or protocol enhancement comes along, your learning curve is like a smooth turn on the autobahn rather than a sharp white-knuckler on San Francisco's Lombard Street.
Start by capturing your own traffic with Wireshark. Filter on a single TCP conversation and study it. Look at the connection establishment process. Check out what happens if a packet is dropped. Look at the pattern of traffic to and from your host. Examine who terminated the connection.
I've been teaching not just Wireshark functionality, but also the essentials of network communications for over 30 years now. One common thread I see in the end-of-course feedback forms is "I wish I'd learned this years ago."
I believe everyone who works in IT - whether they focus on the clients, infrastructure, servers, troubleshooting, optimization, capacity planning, security, or other network elements - should learn to interpret TCP/IP communications.
You've probably heard the phrase, "The packets never lie." That's true. By listening to the network, you can clearly hear which device or application is complaining or running rogue on the network.
You just need to listen and understand the language of the network.
Enjoy!
Comments