+ Reply to Thread
Results 1 to 3 of 3
  1. October 9th, 2003 12:12 AM #1
    groovicus
    groovicus is offline
    Senior Member groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute groovicus has a reputation beyond repute
    Join Date
    Aug 2003
    Posts
    1,019

    Packet Forensics

    I found these threads a couple days ago, and I thought they were very interesting.

    http://www.antionline.com/showthread...hreadid=239003

    http://www.antionline.com/showthread...hreadid=238314

    Since I didn't understand anything at all, and these threads fell into my area of interest, I did some hunting around and found these links...

    http://www.networkuptime.com/tutoria...tcp/index.html

    http://www.networkuptime.com/tutorials/arp/index.html

    Does anybody have any other helpful links to help to learn to "decode" packet contents? These two are a good start, but Google isn't finding what I want.

    Thanks
    HijackThis Team
    Reply With Quote Reply With Quote
  2. October 9th, 2003 12:18 AM #2
    Juridian
    Juridian is offline
    Ninja Code Monkey Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute Juridian has a reputation beyond repute
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    You want to look into intrusion detection. I'd recommend picking up snort, windump/tcpdump, etc and related tutorials and materials. I'd also recommend you go check out the http://www.sans.org reading room ... more specifically the intrusion detection materials. Finally a good book on tcp/ip such as tcp/ip illustrated would be a nice thing to pick up.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X
    Reply With Quote Reply With Quote
  3. October 9th, 2003 02:50 PM #3
    souleman
    souleman is offline
    AntiOnline Senior Member souleman souleman souleman souleman souleman souleman souleman souleman souleman souleman souleman souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Don't forget the honeynet project.. http://www.honeynet.org/
    Not the best site, but it does have some good info.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides