IP Packet Analysis

[Dave Hull]

Some of you may see this as spam and if you do, I hope that you will
forgive the offense. I am a long time member of this list and thought
some on the list may be interested in this information.

On Wednesday evening, December 5, I will be teaching the SANS Stay
Sharp IP Packet Analysis course at the Dykes Library at the KU Med
Center in Kansas City. The course starts out with an in depth look at
IP and TCP packet headers, explaining what each of the header fields
are and how to make sense of the values therein. Sure there are
wonderful tools that can do this for you, but this course will give
you an understanding of how those tools do what they do.

The second part of the course looks at a handful of those tools that
are invaluable for incident response and troubleshooting network
connection and networked application problems.

We'll also have a gentle review of hexadecimal and binary numbering
systems and how to convert between them and decimal; fun stuff that's
good to know if you're serious about networking, incident response,
reverse engineering, etc.

The course comes with a book full of detailed instruction, copies of
the slides, a helpful pocket reference and a CD containing various
open source packet analysis tools.

I want you to know that I'm not a SANS employee. I'm a practicing
security professional and have studied the IP Packet Analysis course
materials myself and have found them to be very good. Even after 15
years of this stuff, I learn new things all the time. I can tell you
from experience that the certificate exam for this material is a
really good test of your knowledge of TCP/IP, that is to say, it's
challenging.

If you'd like to take the course please register at the following URL:

https://www.sans.org/staysharp/details.php?id=8546

And if you know of anyone else who may be interested, please pass
along this message.

Cheers.

-- 
Dave Hull
CISSP, GCIH, CHFI