tcpdump

lakshminarayan · 07-18-2006, 03:23 AM

hi geeks...
please give details about tcpdump ... also give some good examples..
please give some good links to study tcpdump thoroughly..

thanx in advance...lakshminarayanan

unSpawn · 07-18-2006, 04:43 AM

Here's some docs I think might come in handy. I guess they rate beginner to intermediate level, keeping your tcpdump manual handy wouldn't hurt.

TCP/IP Skills Required for Security Analysts part 1: http://www.securityfocus.com/print/infocus/1779
TCP/IP Skills Required for Security Analysts part 2: http://www.securityfocus.com/print/infocus/1784
Making a Connection with tcpdump part 1: http://www.linuxjournal.com/article/6446
Making a Connection with tcpdump part 2: http://www.linuxjournal.com/article/6447
Passive Network Traffic Analysis: http://www.securityfocus.com/print/infocus/1696
Packet forensics using TCP: http://www.securityfocus.com/print/infocus/1845
Studying Normal Network Traffic part 1: http://www.securityfocus.com/print/infocus/1221
Studying Normal Network Traffic part 2: http://www.securityfocus.com/print/infocus/1222
Studying Normal Network Traffic part 3: http://www.securityfocus.com/print/infocus/1223

If you want to see more of tcpdump traffic analysis in action then check out various SANS ISC alerts, the SANS Intrusion Detection FAQ: http://www.sans.org/resources/idfaq/index.php?portal= or for instance the Snort sigs mailinglist.

lakshminarayan · 07-21-2006, 03:50 AM

Quote:

Originally Posted by unSpawn

Here's some docs I think might come in handy. I guess they rate beginner to intermediate level, keeping your tcpdump manual handy wouldn't hurt.

TCP/IP Skills Required for Security Analysts part 1: http://www.securityfocus.com/print/infocus/1779
TCP/IP Skills Required for Security Analysts part 2: http://www.securityfocus.com/print/infocus/1784
Making a Connection with tcpdump part 1: http://www.linuxjournal.com/article/6446
Making a Connection with tcpdump part 2: http://www.linuxjournal.com/article/6447
Passive Network Traffic Analysis: http://www.securityfocus.com/print/infocus/1696
Packet forensics using TCP: http://www.securityfocus.com/print/infocus/1845
Studying Normal Network Traffic part 1: http://www.securityfocus.com/print/infocus/1221
Studying Normal Network Traffic part 2: http://www.securityfocus.com/print/infocus/1222
Studying Normal Network Traffic part 3: http://www.securityfocus.com/print/infocus/1223

If you want to see more of tcpdump traffic analysis in action then check out various SANS ISC alerts, the SANS Intrusion Detection FAQ: http://www.sans.org/resources/idfaq/index.php?portal= or for instance the Snort sigs mailinglist.

thank you...very much.....