Notes for TCP/IP Weapons School Part 1 Students
This note is intended for students in days one and two of TCP/IP Weapons School on 3-4 December 2006 at USENIX LISA in Washington, DC.
These are the tools that will be discussed. Remember, this is a class on TCP/IP -- tools are not the primary focus. However, I needed something to generate interesting traffic.
The traces we will analyze are available at www.taosecurity.com/taosecurity_tws_v1_traces.zip. You will need to have Ethereal, Wireshark, or a similar protocol analyzer installed to review the traces. Tcpdump might be somewhat limited for this class but you can at least inspect packets with it.
There are still a few seats available for TCP/IP Weapons School Part 2, which covers a little more on layer 3 and then covers layers 4,5,6 and probably 7. I will post a summary of that class' contents soon. If you want to register for Part 2, please visit my training page for details, or just email me: training [at] taosecurity [dot] com. Thank you.
These are the tools that will be discussed. Remember, this is a class on TCP/IP -- tools are not the primary focus. However, I needed something to generate interesting traffic.
- Nemesis
- Arping
- Arpdig
- Arpwatch
- Arp-sk
- Dsniff suite
- Ettercap
- Yersinia
- Fragroute
- Sing
- Gnetcat
- Packit
- Gont attacks
- ICMPshell
The traces we will analyze are available at www.taosecurity.com/taosecurity_tws_v1_traces.zip. You will need to have Ethereal, Wireshark, or a similar protocol analyzer installed to review the traces. Tcpdump might be somewhat limited for this class but you can at least inspect packets with it.
There are still a few seats available for TCP/IP Weapons School Part 2, which covers a little more on layer 3 and then covers layers 4,5,6 and probably 7. I will post a summary of that class' contents soon. If you want to register for Part 2, please visit my training page for details, or just email me: training [at] taosecurity [dot] com. Thank you.
Comments