Packet Forensics

I found these threads a couple days ago, and I thought they were very interesting.

http://www.antionline.com/showthread...hreadid=239003

http://www.antionline.com/showthread...hreadid=238314

Since I didn't understand anything at all, and these threads fell into my area of interest, I did some hunting around and found these links...

http://www.networkuptime.com/tutoria...tcp/index.html

http://www.networkuptime.com/tutorials/arp/index.html

Does anybody have any other helpful links to help to learn to "decode" packet contents? These two are a good start, but Google isn't finding what I want.

Thanks

You want to look into intrusion detection. I'd recommend picking up snort, windump/tcpdump, etc and related tutorials and materials. I'd also recommend you go check out the http://www.sans.org reading room ... more specifically the intrusion detection materials. Finally a good book on tcp/ip such as tcp/ip illustrated would be a nice thing to pick up.

Don't forget the honeynet project.. http://www.honeynet.org/
Not the best site, but it does have some good info.