Notes for TCP/IP Weapons School Students

This note is intended for students in my TCP/IP Weapons School class at USENIX Security 2006.

These are the tools that will be discussed. Remember, this is a class on TCP/IP -- tools are not the primary focus. However, I needed something to generate interesting traffic.

The traces we will analyze are available at www.taosecurity.com/taosecurity_tws_v1_traces.zip. You will need to have Ethereal, Wireshark, or a similar protocol analyzer installed to review the traces. Tcpdump might be somewhat limited for this class but you can at least inspect packets with it.

Comments

C.S.Lee said…
Richard,

Surprisingly Scapy is not in the list, it should be one of the best tools to generate any kind of interesting traffics.
geek00l,

Like I said, this is not a tools class. I needed traffic of certain types, and these tools delivered. I also only cover layers 1-3 in these two days, so I expect I may need something like Scapy for 4-7 in the future.
Anonymous said…
I think that geek00l was trying to say that you could have used Scrapy to generate all the traffic you needed without using any of those tools.

For those interested, Scapy is found here: http://www.secdev.org/projects/scapy/
It's not just traffic generation. Scapy cannot run the attacks that some of these tools implement. It's not just about packet generation.
Anonymous said…
Richard,

I forgot to ask for the account information on the vmplayer. Could you email me at my Cisco account?

Thanks,

John Barnes

P.S. Very good class.
Anonymous said…
Richard...

Are you planning to release this class on TCP/IP to your internet fans?

For some $$ or Euros?...

Not everybody can travel to America to attend your classes unfortunately. :(

Cheers,

Broeisi
Hi Broeisi,

I hope to move to the UK next fall. In that case, I plan to teach my classes in the UK and on the Continent for the next few years after that.
Anonymous said…
Richard,

That's good news...
will you attend holland also? :)

But even then...wouldn't releasing some of this information on a paper as a reference be an option?

As I read from the topics..this is a great course with real tools to learn TCP/IP.

Cheers,

Broeisi
Broeisi,

If my publisher agrees, you will see this material in a new book next year.
Anonymous said…
Yeah!!!!!!!!

Finally some usable TCP/IP book...

Rich.... Could you give some hinting about the table of content? :D
Broeisi,

When I can more I will post it as a blog entry.
Anonymous said…
Richard,

did your publisher agree with this new book?

Broeisi
Broeisi,

I may be working on such a book for a different publisher with a co-author. Whatever happens I will post word as a new story at this blog.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics