Notes for TCP/IP Weapons School Students

This note is intended for students in my TCP/IP Weapons School class at USENIX Security 2006.

These are the tools that will be discussed. Remember, this is a class on TCP/IP -- tools are not the primary focus. However, I needed something to generate interesting traffic.

The traces we will analyze are available at www.taosecurity.com/taosecurity_tws_v1_traces.zip. You will need to have Ethereal, Wireshark, or a similar protocol analyzer installed to review the traces. Tcpdump might be somewhat limited for this class but you can at least inspect packets with it.

Comments

C.S.Lee said…
Richard,

Surprisingly Scapy is not in the list, it should be one of the best tools to generate any kind of interesting traffics.
8:29 PM
Richard Bejtlich said…
geek00l,

Like I said, this is not a tools class. I needed traffic of certain types, and these tools delivered. I also only cover layers 1-3 in these two days, so I expect I may need something like Scapy for 4-7 in the future.
9:05 PM
Anonymous said…
I think that geek00l was trying to say that you could have used Scrapy to generate all the traffic you needed without using any of those tools.

For those interested, Scapy is found here: http://www.secdev.org/projects/scapy/
11:36 AM
Richard Bejtlich said…
It's not just traffic generation. Scapy cannot run the attacks that some of these tools implement. It's not just about packet generation.
4:27 PM
Anonymous said…
Richard,

I forgot to ask for the account information on the vmplayer. Could you email me at my Cisco account?

Thanks,

John Barnes

P.S. Very good class.
9:50 PM
Anonymous said…
Richard...

Are you planning to release this class on TCP/IP to your internet fans?

For some $$ or Euros?...

Not everybody can travel to America to attend your classes unfortunately. :(

Cheers,

Broeisi
11:58 AM
Richard Bejtlich said…
Hi Broeisi,

I hope to move to the UK next fall. In that case, I plan to teach my classes in the UK and on the Continent for the next few years after that.
12:01 PM
Anonymous said…
Richard,

That's good news...
will you attend holland also? :)

But even then...wouldn't releasing some of this information on a paper as a reference be an option?

As I read from the topics..this is a great course with real tools to learn TCP/IP.

Cheers,

Broeisi
12:46 PM
Richard Bejtlich said…
Broeisi,

If my publisher agrees, you will see this material in a new book next year.
1:02 PM
Anonymous said…
Yeah!!!!!!!!

Finally some usable TCP/IP book...

Rich.... Could you give some hinting about the table of content? :D
1:06 PM
Richard Bejtlich said…
Broeisi,

When I can more I will post it as a blog entry.
1:12 PM
Anonymous said…
Richard,

did your publisher agree with this new book?

Broeisi
8:52 AM
Richard Bejtlich said…
Broeisi,

I may be working on such a book for a different publisher with a co-author. Whatever happens I will post word as a new story at this blog.
9:46 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more