My next class:
LINUX Incident Response and Threat HuntingOnline | US EasternJan 29th - Feb 3rd 2025

Check out a couple of my older posts

Published: 2023-02-02. Last Updated: 2023-02-03 00:09:32 UTC
by Jim Clausing (Version: 1)
1 comment(s)

I don't get nearly as much opportunity to play with packets these days as I did in the first 5-10 years I was a handler and I miss it. I was looking back through some of my old diaries and realized that in the years since I wrote some of them, we have at least a generation of folks who have entered the field. So I thought that on (the day after) Groundhog Day, it might be time to point folks back to some stuff I wrote earlier. Note, some of the tools have changed/evolved, so ethereal is now wireshark and instead of hping3 I would probably use scapy, but here are 2 of my favorite diaries from the past. Check them out, [1] is from 2006 and [2] is from 2009.

[1] A TCP/IP mystery (solved)

[2] A packet challenge and how I solved it

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords:
1 comment(s)
My next class:
LINUX Incident Response and Threat HuntingOnline | US EasternJan 29th - Feb 3rd 2025

Comments

The funny thing about that second article (as is explicitly acknowledged in the original blog) is that ANY attempt to interpret the IP headers is overthinking this particular challenge. Just copy and paste the data into any of a dozen HEX-to-ASCII converters freely available on the web and you have satisfied its requirements.

Diary Archives