Sunday, July 30, 2006

Notes for TCP/IP Weapons School Students

This note is intended for students in my TCP/IP Weapons School class at USENIX Security 2006.

These are the tools that will be discussed. Remember, this is a class on TCP/IP -- tools are not the primary focus. However, I needed something to generate interesting traffic.

The traces we will analyze are available at www.taosecurity.com/taosecurity_tws_v1_traces.zip. You will need to have Ethereal, Wireshark, or a similar protocol analyzer installed to review the traces. Tcpdump might be somewhat limited for this class but you can at least inspect packets with it.

13 comments:

geek00L said...

Richard,

Surprisingly Scapy is not in the list, it should be one of the best tools to generate any kind of interesting traffics.

Richard Bejtlich said...

geek00l,

Like I said, this is not a tools class. I needed traffic of certain types, and these tools delivered. I also only cover layers 1-3 in these two days, so I expect I may need something like Scapy for 4-7 in the future.

Anonymous said...

I think that geek00l was trying to say that you could have used Scrapy to generate all the traffic you needed without using any of those tools.

For those interested, Scapy is found here: http://www.secdev.org/projects/scapy/

Richard Bejtlich said...

It's not just traffic generation. Scapy cannot run the attacks that some of these tools implement. It's not just about packet generation.

Anonymous said...

Richard,

I forgot to ask for the account information on the vmplayer. Could you email me at my Cisco account?

Thanks,

John Barnes

P.S. Very good class.

Broeisi said...

Richard...

Are you planning to release this class on TCP/IP to your internet fans?

For some $$ or Euros?...

Not everybody can travel to America to attend your classes unfortunately. :(

Cheers,

Broeisi

Richard Bejtlich said...

Hi Broeisi,

I hope to move to the UK next fall. In that case, I plan to teach my classes in the UK and on the Continent for the next few years after that.

Broeisi said...

Richard,

That's good news...
will you attend holland also? :)

But even then...wouldn't releasing some of this information on a paper as a reference be an option?

As I read from the topics..this is a great course with real tools to learn TCP/IP.

Cheers,

Broeisi

Richard Bejtlich said...

Broeisi,

If my publisher agrees, you will see this material in a new book next year.

Broeisi said...

Yeah!!!!!!!!

Finally some usable TCP/IP book...

Rich.... Could you give some hinting about the table of content? :D

Richard Bejtlich said...

Broeisi,

When I can more I will post it as a blog entry.

Broeisi said...

Richard,

did your publisher agree with this new book?

Broeisi

Richard Bejtlich said...

Broeisi,

I may be working on such a book for a different publisher with a co-author. Whatever happens I will post word as a new story at this blog.