Showing results for 
Search instead for 
Did you mean: 
Create Post

THWACK Monthly Mission - January 2018

Level 15

Zoinks! Someone is using up all the bandwidth and causing major slowdowns throughout the whole organization. For this mission, we’re going to need to hop into the whodunit wagon and use Network Performance Monitor (NPM), Network Traffic Analyzer (NTA), and User Device Tracker (UDT) to unmask the inconsiderate bandwidth hog. NPM and NTA combine to form Bandwidth Analyzer Pack, which can detect, diagnose, and resolve network performance issues. UDT allows you to locate users and devices on your network. This groovy trio of network tools will make it easier than ever to stop bandwidth hogs in their tracks.

And they would have gotten away with it, if it weren’t for you meddling THWACKsters!


Use the mission’s resources to complete the tasks and answer the questions for a chance to win!

Correctly answer each question during the week and you'll be entered for a chance to win the weekly prize.

Correctly answer all 20 questions over the course of the month and you'll be entered for a chance to win the grand prize: Nest Cam Indoor Security Camera


Weekly Prizes & Drawing Dates:

January 15: Phillips Smart Bulb Kit

January 22: CORSAIR Gaming Keyboard & Mouse

January 29: Hyper X Gaming Head Set

February 5: Action Back Pack for GoPro

Grand Prize

February 5: Nest Cam Indoor Security Camera

150 points are being awarded for each correctly answered question. There are 20 questions, which means you can earn a maximum of 3,000 points for this mission.


Complete the mission shortcut to earn an additional 1,000 THWACK® points & enter to win a LEGO® Scooby-Doo® the Mystery Machine Building Kit!

The shortcut is simple:
    1. Download Bandwidth Analyzer Pack.
    2. Take a screenshot of the Application Summary Page. (My dashboards> Netflow> Apps)
    3. Submit your screenshot below.

*Bonus round* Earn up to an additional 500 THWACK points for screenshots showing all UDT Nodes - Submit bonus screenshots here


A new question will open every day (Monday - Friday) starting on January 8, 2018. Once a question has opened, it will remain open until February 4, 2018 at 11:59 p.m. CST. Check the schedule below for exact open/close times.

Weekly PrizesMonTueWedThuFriWinners
Week 1: Complete questions 1-5 by January 14 to be entered to win: Phillips Smart Bulb Kit
Week 2: Complete questions 6-10 by January 21 to be entered to win: CORSAIR Gaming Keyboard & Mouse
Week 3: Complete questions 11-15 by January 28 to be entered to win: Hyper X Gaming Head Set
Week 4: Complete questions 16-20 by February 4 to be entered to win: Action Back Pack for GoPro

Correctly answer all 20 questions by February 4 and get entered to win the Grand Prize! Nest Cam Indoor Security Camera

Monthly Mission Terms and Conditions: US, UK, and Canada | Germany | Australia

Mission Shortcut Terms and Conditions: US, UK, and Canada | Germany | Australia


As long as wabbott​ keeps tossing us soft lobs.  I'm waiting for the fast ball down main street!


With the graphics on this mission it's pretty appropriate that my son just gave me this.


Cmon baby... momma needs a new keyboard

See this is the week that I am like Eh, I am holding out for the big prize....  

Level 20

When I finally won a few months back I think I got a good prize... it was the new hammock before everyone else and a 50$ Amazon gift card... I liked the gift card idea a LOT!  I wouldn't mind maybe getting one of those cameras that go on the outside of the house and you can talk to the people out there.  The keyboard and mouse do look good though!

Level 12

I'd do some research on those.  You've got to be careful with them as it turns out quite a few models will set up a P2P connection with a host server which, obviously, exposes your internal network (not to mention the risk of the server owner (or someone who compromises the server) viewing/storing your video).  Apparently they're quite good at poking holes in your firewall all on their lonesome, too.  I have no idea if the prize falls into this category but I firmly believe that any IoT device should be fully vetted (what ports does it require, can I change the local credentials, are there any backdoors, etc) before connecting it to the same network your banking or tax data may traverse.  Worst case?  If your router offers a guest WiFi option connect it to that.  The only issue is that you wouldn't be able to view it at home unless you're on the same SSID - but that's not exactly what they're for.

I plan on setting up some cameras at my next house.  I'm going to use a DVR and wired cameras, though.  Ideally I'll be able to generate email alerts but there won't be any access from the open internet.  If I want to view cameras remotely I'll VPN to the thing.  I'm very lucky in that my boss let me participate in the Meraki demo webinars and let me keep the hardware.  My home network is all Meraki - MX64, MS220-8P and MR33.  It gives me quite a lot of flexibility in my network design ... and it makes me very, very happy to see that my external IP yields zero results when I put it into Shodan or Censys (NMap results are pretty awesome, too ).

Level 10

I love the 23 window bus! The most classy of hippie vans.

With the paint job on the model you should hack some RGB LEDs underneath and a bluetooth speaker in there

Level 9

Your Hyper X link is missing a colon and therefore doesn't work.

Level 9

These demos don't work for DoD users.


Level 10

i do not see any of the mac addresses on the list i am wondering if i am looking in the wrong spot

Level 12

Here's the pertinent info:


Level 14

Look at the 5th one down.  I'm not saying it is the correct answer but it is the only one on the list.

Level 9

Yes look at the rouge device list specifically as pictured. I do not have the module and was looking it all over and my eyes locked onto MAC addresses in the "Active Alerts" area filled with rogue MAC's over 16 days old. The question is definitely referring to within the last 7 days.

Level 12

Thank you for letting us know!

Level 14

I'm always surprised when I find rouge access points... usually they're beige or black-ish... 

Level 12

Mine are all a pretty pale white.  A little rouge would do them some good, I think.

Level 20

Wow sounds like a nice setup and hardware you got to keep!

Level 20

I love the US Cyber Command logo.  The AF Cyber Warfare Training logo is neat too:


That's satisfactorily creepy.


Level 12

Yeah, it's pretty awesome ... until I have to license it all again in 3 years.  Then?  Well, it's expensive (cuz I doubt I'll be able to pull in the free gear again). 

If you've got a similarly inclined management team you could always look into it.  Meraki gives stuff away all the time since they're a license-based model.  Listen to a cool webinar for an hour, contact a sales rep and they'll send you some gear.  The AP alone is worth it and has cloud based management, guest capability and a built in firewall (configurable).  I really like Meraki stuff and wish I could use it where I work.  Alas, they say the cost is too high.  Too bad for me - the automated firmware updates and automatic config download on replacement gear is so, so what I really need.  Plus then I could set up SD WAN cuz ... fun (and bandwidth).  Oh well.

Level 12

We recently put in Meraki AP's in some of our locations.  We needed a guest wireless network for customers and wanted to provide our employees with wireless capability for their phones as well.  We have a social media presence for the bank however we restrict access to social media to just the small marketing department for security, bandwidth and productivity issues.  The wireless allows employees to access the sites without impacting our bandwidth and keeping our network secure.  The wireless uses a separate internet connection than our production network.  As for productivity, that is up to the managers to monitor. 

With Software Defined Networking & SaaS on the horizon (and steadily getting closer) we were able to move forward with a pair of resilient Meraki 250's in our two data centers, which will form the basis of retiring our Cisco ASA 5505's (about 80 of them), which will be replaced with Meraki Z3's.

It was the ASA's that tipped the scale in Meraki's favor.  With the ASA's on the EOS list, we have a couple of years to get the last of them off the network.

We'd hoped the ASA 5506's would be a perfect replacement for the 5505's, but that's not the case.  VLAN restrictions, cost increases, no POE, and a LOT more trouble setting them up for our home users' needs means the 5506's are coming out of homes, to be replaced by Z3's.

The 5506's are fine for a small neighborhood or regional site's BGP MPLS WAN connectivity.

But that left us with a large need for home connectivity that's secure and flexible.  The up-front cost of the Meraki 250's isn't free, but the labor saved and their flexibility and portability made all the difference.

One BIG area that Merakis are reducing down time and expense is their ability to create a secure remote connection without requiring a reserved address.  We've experienced MANY occasions where ISP's say they are reserving IP addresses for our ASA's at homes, and then they charge us extra for them, and we discover that if the user goes on vacation and powers off their ASA for a number of days, their "Reserved" Internet address is handed off to a different customer of the ISP.  When they come back home and power up their ASA, it won't establish a VPN tunnel to us, and we have to drive there and reconfigure it or bring it back to troubleshoot it, and possibly replace it.

The Meraki Z3 doesn't care whether it has a static or reserved external address.  It just powers up and connects to our data centers, and the user is online just as if they were at work.

These offer the best part of DM-VPN, and the only problems I have with them are:

  • They are cloud-based, and I don't find the cloud reliable or secure
  • Their management requires a service contract instead of just being a one-time purchase
  • We're at the mercy of Meraki's cloud service for budget needs and availability
  • They have an ongoing support cost, where we could drop SmartNet on ASA if we wished

On the other hand, the Meraki's are:

  • The same price as an ASA 5505 to purchase
  • Ridiculously fast and intuitive to set up
  • Incredibly easy to manage from anywhere with Internet access
  • Very flexible and portable and secure.  Our users can pack up a laptop and VOIP phone and their Z3 and head anywhere to work.  As long as there's Internet access, they are securely connected.
Level 12

One more thing in Meraki's favor: If a unit fails in someone's home you can have Meraki ship a replacement and all the end user needs to do is plug it in.  I really appreciate that aspect as our current hardware replacement model is ... wanting in comparison.  Old gear and remote sites makes that part of the gig pretty unfun.  I just can't justify replacing our old Cisco switches with new Meraki stuff - I ran the numbers myself.  No way they'll buy into it (especially in our current financial state, lol).  I'm just happy I have it for my home and, for now at least, that'll have to do.

I do really like it, though.  That said, I find myself thirsting for some CLI action every now and again.  Just feels better (and faster).  The cloud model has some real advantages but it doesn't win the fight on all fronts.

I hear you there.  In-person CLI management, whether remote via SSH, or local via USB console cable, takes others out of the Management equation.  I seriously don't feel comfortable with invisible third parties approving & connecting my remote users.

Level 9

ugh... again with the demo questions...


Level 12

For our DoD friends:



Just a note...todays hint says to use the top 20 applications module and the referred to page only has a top 10 applications module.

The correct answer was obtained using the top 10 application module so the module name was probably a typo....


Mostly love Meraki except for one really quite large thing to watch out for - never ( really, NEVER EVER) let your subscription expire.

If a single, solitary device subscription drops, Meraki will kill every single device in your management cloud.

I've seen an entire site cease to work when all the Meraki switches, security devices and AP's all drop dead when that happens

Level 12

forward the link to your phone and open it there

One would think our DoD friends wouldn't see this type of graph in their normal workday, but who knows?

Level 12

There's a ton of training on YouTube these days (it's why we have a Sophos policy specifically for it) so I imagine they may see one or two of those.  That said, I wouldn't be surprised at all to find they saw none. 

Level 11

No winner chosen for last weeks prize?

And I really need this system for my network. But I cant have it dang pre-chosen systems.

Level 12

Winner has been posted!


Congrats datsde

Be very, VERY careful with Q13!  "Exactness" is the key word for today.  And, you have to do some digging.  Told you wabbott​ would be sending a heater down the middle of the plate!  Well played, Ms. Abbott! 😉

Level 9

lol. This has never happened to any of us...(read in sarcastic tone)

Level 10

So yeah, I selected the ones that specifically say they include the dashboard and got it wrong.

Level 9

Active heat map sounds good, by you forgot to say that it's only for Cisco. My Aruba WLAN is out of Solarwinds scope of monitoring (((

Level 13

I found these active maps don't take into account signal strength from APs on other floors either.  Manual measurement of signal strength on a middle floor was always way different than these maps would show.  The client location wasn't accurate for us either as it was only updated on intervals.  In our case, we had to slow that down so as not to drag down our smaller NPM instance at my last job.

Level 11

Link to Amazon site for Hyper X gaming head set is broken. Missing a ":" in URL.


Level 20

Netpath really is some awesome stuff cobrien​!

Question 15, January 26:  The embedded video in the Clue seems to have problems--I'm not able to get it to play:



Level 12

Worked for me on:


Level 15

Glad you like it!

Level 10

yup, it was blocked for me so I had to guess, got it wrong... there goes my perfect streak 😕

Level 8

I'm working on question 11

Rogue Devices.jpg

I included the list of Rogue devices that I'm seeing. I can't roll the clock back to the 22nd.

Any suggestions for filtering back to that day? I'm not asking for the answer, but I know when you look at the time-sensitive questions you have to modify the date range.

Level 20

ScreenHunter_02 Jan. 29 05.31.gif

For my fellow DoD friends like cabarnes

Today's question #16 (January 29, 2018) highlights a shortcoming in Solarwinds' ability to tell us quickly and easily which ports have not been used in X Days, Weeks, Months, or Years.

The example test lab's open ports may have been down for a few minutes, or a few years.  That's not so critical to know in a test lab, but in the real world, how long each specific port has been down IS important.

My switch port count exceeds 50,000 physical Ethernet ports, and my IT Department has over 400 members.  Some of them do a great job unpatching unused network cables when a client moves cubes, and frees up an unused switch port.

Some Techs do NOT do a good job at this.

The result is no ports are open when a tech needs to patch a new computer into a switch.  They call the Network Team and we can quickly and easily tell them which, if any, ports have not been used in the preceding weeks and months--up to the point where the switch last rebooted--by following this procedure:

How to create a report displaying the Last Time Data was Transmitted or Received on a Switch Port

Solarwinds, I have UDT, and it does show unused ports.  But not in this detailed and granular manner.  Here's hoping you can add the details of this report into UDT--and better yet, into NCM or NPM, for folks who don't own UDT.