-
Packet Forensics
I found these threads a couple days ago, and I thought they were very interesting.
http://www.antionline.com/showthread...hreadid=239003
http://www.antionline.com/showthread...hreadid=238314
Since I didn't understand anything at all, and these threads fell into my area of interest, I did some hunting around and found these links...
http://www.networkuptime.com/tutoria...tcp/index.html
http://www.networkuptime.com/tutorials/arp/index.html
Does anybody have any other helpful links to help to learn to "decode" packet contents? These two are a good start, but Google isn't finding what I want.
Thanks
-
You want to look into intrusion detection. I'd recommend picking up snort, windump/tcpdump, etc and related tutorials and materials. I'd also recommend you go check out the http://www.sans.org reading room ... more specifically the intrusion detection materials. Finally a good book on tcp/ip such as tcp/ip illustrated would be a nice thing to pick up.
-
Don't forget the honeynet project.. http://www.honeynet.org/
Not the best site, but it does have some good info.