Tell me what this is:

If you said, “Hey! That’s a TCP header diagram in Lego(TM)”, or perhaps, “Holy &^%@! That idiot made a TCP header diagram in Lego(TM)!”, then you’re exactly right! This is another one of those wild, wacky ideas that we dreamed up in the middle of one of my SANS classes (note to the SANS staff: shorter breaks might be a good idea). I bet my students never thought I’d actually do it.

Of course, you know I couldn’t stop with just doing the TCP header:

Now why am I wasting all that space on the building plate in each case? Why so you can put them together of course:

The use of color here really highlights certain portions of the packet header. For example, the source and destination addresses and ports really jump out. But there are some other, more subtle color patterns that I worked in here. For example, if you look closely you’ll see that I matched the color of the ACK bit with the blue in the ACK number field. Similarly the colors of the SYN bit and the sequence number match, as do the URG bit and urgent pointer field.

Actually I wish I had a couple of more colors available. Yes, Lego(TM) comes in dozens of colors these days, but they only make 2×8 blocks (aka one “Lego(TM) Byte”) in six colors: White, Black, Red, Yellow, Blue, and Beige.

So while I tried to use Beige exclusively for size fields, Red for reserved bits, Yellow for checksums, and so on, I ultimately ended up having to use these colors for other fields as well– for example, the yellow sequence number fields in the TCP header. Maybe I should have just bought a bunch of “nibbles” (2×4 blocks) in other colors and not been so choosy about using full “Lego(TM) Bytes”.

Serious Fun

Cute idea, but is there any practical value? After a lengthy conversation with my inner child (who is generally more mature than my outer persona), I realized that there was a fun learning game we could make out of all this. So I labelled all the blocks. Yes, that’s right. I. Labelled. Every. Single. Block. I even did the individual bits:

So the game becomes learning where all the fields are in the various packet headers so that you can re-create the packet diagrams from piles that look like this:

Now we can teach students how to decode packet headers by letting them play with Legos(TM). And that means we can all write off our Lego(TM) collections as a business expense! How cool is that?

Admit It. You Can’t Wait To Do It Too!

If you’ve got a hankering to try this out for yourself, it doesn’t take a whole lot. I way overbought on the Lego front: six green base-plates, and 20 2×8 “Lego(TM) Bytes”, 8 “Nibbles” (2×4 blocks), and 16 “Bits” in each color. Total cost for the Lego(TM) was around US$100 delivered.

Labelling was accomplished with my P-Touch(TM) labeller. 3/8″ ribbon is precisely the right height to be placed on the side of a Lego(TM) block. It also helps to have a razor blade type tool to help separate the P-Touch(TM) labels from their backing and apply them to the blocks.

And of course I have to give a shout-out to the late, great Richard Stevens and his biblical tome TCP/IP Illustrated: Vol 1. If you don’t already own this book, buy it. Seriously.

Final Thoughts

Finally, to all of you who think I need a life, all I have to say is:

Baby, I’m living the dream!