Our guestcontributor,HeatherHerbert,takesadaytriptoDublintotalkaboutSniffer.

Monday, 4:45 A.M.
Today was a fairly early morning, as I would be flying off to Dublin at 7:35 A.M. to see a series of customers. Luckily for me, the product I would be demonstrating to all of them was my favorite, Sniffer, but I wanted to get a jump start on things as I had received very little input from the reseller as to the specifics of the day. Shower, shave, and sugar-in-my-coffee-please later, I printed out the address of the first place I would be visiting and confirmed that I had my passport, credit card, tickets, and laptop (with correct hard drives), and then my husband drove me to London Heathrow.

It was my great pleasure to realize when I got there that Aer Lingus Premier does indeed mean business class—what luck! I had been worrying about being forced to leave my laptop for hold baggage, and the only way it was going in the hold was if I could cuddle it the whole way. But this was a big plane and had plenty of room in the overheads.

Towards the end of everyone boarding, I looked up to see Steve (one of the Sniffer Product Managers) walking down the aisle with David, one of our salespeople. They had the seats next to me. Why do I always get stuck with the whackos?

8:00 A.M. to 9:10 A.M.
Vrooom. Shake-shake-shake. Drop-drop-drop, spill breakfast. Rinse, repeat. Thud. So this is Dublin.

9:15 A.M.
Easiest time I’ve ever had entering a country. Just for the record, I’m American, living in the UK. This is due to my darling husband being worth giving up a country with good coffee shops and cheap shoe shopping for, but it does make for interesting business trips.

Usually, everyone else in my party strolls through the EU door, while I await my grillings in the “non-citizen” line. Still, no passport control in Dublin makes for a swift exit. I’ve become somewhat blasé about sauntering around strange places on my own where I may or may not speak the lingo. “Taxi” gets you a ride in most languages, but it was nice to find the cash point (read: ATM machine) and get a move on into the city.

9:35 A.M.
First panicked phone call from our resellers. They aren’t terribly technical when it comes to Sniffer and really need me to get to our first appointment ASAP. Unfortunately, it would be about 40 minutes away. I decided to use the time to talk to the reseller and find out more about the environment I’m going into.

Apparently, it’s a switched-to-hub environment instead of switched-to-desktop, but this is all they know. Not to worry—10 minutes after I’m there, I’ll be able to tell them things that they don’t know about their network.

10:10 A.M.
Arrive at first appointment. I’m shown into the office, and they clear enough space for my laptop and provide me with power. To be quite honest, power is somewhat of a luxury. Most people aren’t so considerate.

After grabbing what we think is a live patch, I get my machine booted up and ready to go. But no link light, and I’ve still got the static IP address I set last week at a conference. I change my promiscuous mode card to accept a DHCP-provided address and get ready to reboot. They grab a cable tester and determine that the link I’m using is dead, and search for a live one. A moment later, the printer gives up its purpose in life, and I’m ready to go.

These people have the dullest segment I’ve seen in ages. I’m sniffing away, and only about 10 errors turned up the whole time. Excessive mailslot broadcasts, which are signs of badly written software. A broadcast storm—certainly tied to the mailslot broadcasts. A few ACK Too Longs and Window Frozens—standard errors. This network never goes above 3 percent utilization, and I don’t see anything worth pointing at. It’s a dead segment. No one is home.

This, however, is quite unusual in itself. I inquire as to whether or not there are any servers on this segment and where the switch is, and they’re not able to give me a concrete answer. This is usually a bad sign, as people who understand the importance of switch placement to visibility remember where they’ve put the switches in the first place. I often have to remind people that sniffing a switched network is like overhearing the dull parts of a conversation. You get the broadcasts and anything destined for you, but nothing else. Shame. Still, without knowing what their topology is, I cannot recommend a location to patch me into.

My salespeople have said before that my enthusiasm about the product helps sell it, so I enthusiastically point out about 20 devices that are still running IPX. Most of them are HP JetDirect cards. Boy, could I tell you stories about those little babies. We look at a few other errors, including a device with a duplicate IP address that is convinced it’s a B-node device, and they have a list of things to keep them busy.

As I pack up, they casually slip in that their frame relay links are really what’s troubling them. They’re not sure if they are getting their CIR, and they know they’re having problems with congestion. D’oh! If only the reseller had twigged that info earlier, I could have brought up a WAN book to look at their frame relay. Still, we know how to target their site now, and I’m sure we can get some WAN product in for them to look at and fall in love with. But no time to discuss it, as we need to run off and go to the next meeting.

11:45 A.M.
A different salesperson and I (there was a handover at the door—I feel like a baton) rush off through the streets of Dublin to the next appointment. We’re due there, um, earlier, but he knows where the site is so we’re there right away. The man who mumbles through the security speaker denies that visitors’ parking exists, but our salesman bluffs him by asking if he can drop off his computer equipment. Security has fallen for it, and we’re in and parked. Turns out I’m to be the computer equipment if anyone asks.

I’ve been rained on again and look like hell. My hair proves I’m being punished for something I did in a past life anyway, but today is special. In keeping with the rules of the road warrior, I find the loos (never miss a chance to go) and try to sort things out.

Having spent a girly amount of time brushing and using that hand dryer thing, I emerge (hair’s no better, thanks for asking) to find that our salesperson is still waiting by himself in the lobby. We wait for another five to 10 minutes, and then our appointment comes downstairs and ushers us into the lifts. He states that he’s very busy and has some questions we can answer, and rushes us to some seats where he stares rather accusingly at my laptop.

It turns out that this customer is quite security conscious and will not allow my laptop to be connected to his LAN. Fair enough, but he wants me to give him a copy of the software instead for him to play with. Noble as his purpose may be, this doesn’t make me happy. So, I’m delighted when for some reason he finds that he cannot connect his PC to my laptop with his hub. I offer mine, but he ignores me, preferring to dive under his desk to inspect cables and then dash off to the comms room repeatedly. Nothing gives him a link light, so despite my being ready to go, it appears to be a waste of time.

Still, he’s good enough to take us to the canteen where we have water and discuss his options. I explain that there is a distributed Sniffer product that he can use, and describe the differences: a proactive tool as opposed to reactive, full Sniffer functionality with RMON I and II abilities, as opposed to just Sniffer without RMON. The ability to use the devices as a probe to integrate directly with his HP Openview console, but with more intelligence in the agents and less cost.

This interests him, and we determine that I’ll come back again next week with, goodness help me, a distributed Sniffer. These are full-size boxes, and I do not relish having to take one on the plane. I’ll try to remember to ship it to Ireland instead.

Still, I’m bemused. I can see no reason why he could not get his hub to work, unless it was a faulty piece of hardware or he was using crossover cables. Unfortunately, tact requires me to not force the issue and make him use my hub. What a waste.

1:10 P.M.
Our customer is out of time, and we take our leave. The salesman and I travel into Dublin’s shopping district to grab lunch, where we will be met by the salesman I did my original call with. On the way, I wonder about the last fellow’s behavior: did he not trust me to look at his LAN because of what I might find? Because I might disrupt it? Because (and this is an unworthy thought, but one that’s proved true previously) I’m female?

I experience a degree of skepticism on a daily basis regarding my technical ability but I would hate to think that a customer ever didn’t give me a chance at all because of my sex. That would be unforgivable. Because of bad hair I could understand, but my sex?

We arrive in Dublin and find a sandwich shop. My musing is cut short, as Dublin does a damn fine tomato, mozzarella, and pesto ciabatta. But I resolve to ensure that my MCSE laptop case is in full display at the next appointment.

1:30 P.M.
Lunch is over, and I’m back with the original salesperson. We head for the industrial part of town, which to me is a good sign. It’s a sweeping generalization, but heavy industrial companies seem to have a great respect for tools that do good work, a category I think Sniffer fits into.

We arrive a few minutes early and find that reception is shut until 2:00 P.M. Union shop. We wait in the car, and I ask about the environment we’re going into. 10/100 switched Ethernet, says the salesperson.

1:59 P.M.
Another salesperson from the same reseller pulls up and joins us. He’s here to see Sniffer in action on a customer’s site for the first time, so I don’t want to disappoint. Reception opens, and we file in. The gentleman with whom we have our appointment is paged, announcement echoing through the building.

2:05 P.M.
The customer is here, and we’re climbing stairs to get to the meeting room. I know stairs are good for me, but I’d rather a customer look at what I’m carrying sometime and decide that the lift is a good idea. After all, they aren’t the ones carrying 40-lbs. worth of laptop, cables, documentation, and hub.

We get to our meeting room, and I begin to unpack. I get a live port and plug in, and begin to boot. To kill time, I ask the customer about his environment. Half listening, I hear him outline his LAN and WAN structure, and then a phrase hits me. I ask him if all of his LAN is Token Ring, and he confirms that it is. Ouch. I’ve been booting up an Ethernet card on this poor fellow’s LAN. It never would have gotten a connection, but it’s still so uncool that it even happened. Very unprofessional of me.

Luckily, I’ve got a token ring card in my bag, so I swap out my promiscuous mode 10/100 Ethernet cardbus card for my 16/4 promiscuous token ring darling. Then it’s into Control Panel, Devices to tweak my profile: disable Cardbus, enable PCMCIA, force to a 16-MB connection, confirm there is a DHCP server on site, and reboot. Works first time, and we’re away.

This gentleman’s network is fascinating. I can see that it’s grown with the company, but it has obviously been well-planned and rationalized. They have problems—you’d better believe it—but they’re not just the run-of-the-mill.

First, they’re having broadcast storms—about 45 in the one-hour period I’m there. Plus, they’re having typical windowing protocol issues, including retransmissions, ACK Too Longs again, Window Frozens, devices leaving and re-entering the ring. But then up pops an error stating that the PDC is shutting down. Our customer gets right on the horn and calls his department, asking if someone has shut down the PDC. He displays a remarkable amount of self-control about it, and then tells me that they’ve said it has been up for days.

This is not entirely impossible, and as I can think of several reasons why this might be true, I decide to investigate further by switching to the packet decodes and looking at the traffic around the error. This turns up a winner as a device does a query for the PDC and is answered by two devices, both claiming to be it! They’re both local, and they’ve both got a device flag of <0C> so one or both of them are terribly confused.

Our customer suddenly laughs loudly and gets back on the mobile phone to tell his team that the new server needs to be set up as a BDC, not a PDC. Appears that the team, slightly unfamiliar with NT, has made a small mistake. Easily enough understood when you realize that this place was a NetWare shop less than two weeks ago.

That problem resolved, we look at several devices that have been given addresses not in keeping with the naming scheme, and then look at Web traffic, which is of sudden interest to our customer. It appears that Web access is very tightly controlled on this site, but the control is without teeth. An honor system doesn’t prevent one person from looking at Premiership League Football results (soccer, for those of you in the U.S.) and another from trying to book a holiday at Lastminute.Com. IP addresses are duly noted, and I make him promise not to discipline anyone until after I leave. No sense in them seeing my face.

3:15 P.M.
Our salespeople are beginning to show signs of incipient coma. Eyes are glazing over, breathing slowed. I determine that they are totally bemused by the hex decodes that the client and I are going over, and throw them a bone, suggesting that I should get back to the airport. They can sure move fast when they try.

3:16 P.M.
Out the door. See? I told you they moved fast. Well, not quite that fast. More like 3:25 P.M., but you get the idea. The new guy draws the short straw and takes me to the airport. This gets him home early, as he lives one exit away, so he’s not too unhappy. And I’m happy because I’m now an hour early, and can get myself on an earlier flight. I ask to be seated next to my colleagues, which should just frost their cookies. They’re expecting me to be on the later flight. Suckers. 😉

5:00 P.M.
Heavy thunderstorms over London are significantly delaying our flight. We end up leaving around 6:00 P.M., an hour late. Still, the plane I would have been on is now an hour later itself, so I’m pleased. My poor colleague Steve is still reeling, though. He has to sit next to me again, and I’m so tired I know I’ll fall asleep. And I drool when I sleep upright, which I ensure he knows. A great way to end the day, and I get to do it again on Thursday. Well, minus the drooling, I hope.
To comment on this diary entry, please post a comment below or follow this link to write to Heather .

Heather Herbert is employed by Network Associates as a Systems Engineer working with their Sniffer Technologies and Magic Solutions product lines. She is MCSE-, MCP+I-, and CAN-certified, and working on her Cisco certifications. Born in New York and transplanted to the UK after meeting her husband online, she lives in a true geek household where Nirvana will be achieved as soon as the coffee pot is fully networked.