If thats the way you think you can learn best then go ahead - personnally I agree and I'm trying to go down the same track (or as I say moving up the stack). May I recommend several tools to assist in following the process and books you may find useful:
(some of these may be viewed as more windows related)

tcpview - open ports and processes
process explorer - super task manager
ollydbg - assembly level debugger
windbg - debugger (obviously best for windows apps and dump reads)
tdimon - ports and packet activity
regmon - register calls and changes
filemon - file calls and changes
Ethereal - tcp/ip packet capture
Nessus (or similar vulnerability scanner)
Nmap - port scanner
snort - intrusion detection
Visual Compare - compare two files, captures etc
dependency walker - module calls

Books - The Shellcoders handbook, Reversing - secrets of reverse engineering and Malware - fighting malicious code (my apologizes for not naming the authors or ISBN numbers)

"freecommandlinetools" - Borland C++ compiler (or something similar for whatever programming language you prefer)

I think these tools cover all the layers and the paths an exploit can travel to the final destination - agreeing with catch's methodology (don't just look at the end result). You can see the IDS alert, read the raw packet trace, see the port activity and move up from there.

May I suggest when beginning to debug that you use a simple app and simply capture and compare a good login vs. a bad login.


Alot of work but it is alot of fun