I think C|EH would be an excellent 'primer', as you'd called it, for GPEN, OSCP and others.  That said, it's still a good course for BOTH sysadmins and network engineering folks, as much of what it teaches, besides tools, is conceptual thinking, hacker mindset, and other areas which either side needs to understand, if they truly want to be security-minded in their jobs.  Now, if you NEVER intend to go into the sysadmin side, then it might not be where you want to start, as you might find other certs geared more directly toward network engineering (or vice versa,) and so you have to decide where you truly want to focus.

But if you want to be well-rounded, it's a good cert to have.  (Besides, a GOOD network engineer should, IMHO, have at least a grasp of what the sysadmins deal with, etc, to be effective and 'cooperative' in their working environment.)  When I deal with companies and help them interview, etc, I look for rounded individuals, as those that are too focused on the network engineering or sysadmin sides, solely, tend to be difficult to work with when problems and issues arise.  There's not an issue studying and working on one specific area, but I prefer the folks to be at LEAST basically studied in other technical areas.  So in security, it never hurts to understand both sides of the equation.

For instance, suppose a security-based sysadmin comes to you, as a network engineer, and asks for traces or log data from your routers and switches, saying they've been experiencing what they think is a worm, or some other security risk.  It helps you to understand and calm them, as you gather the data, if you have at least a basic understanding of what the worm does, and how it affects end-users, and the rest of the environment.  Consequently, if you're the sysadmin, often times your network engineers don't even want to discuss their environment with you, unless you can give them data that means something in their terminology, so it helps to be open minded and again, at least a little bit cross-trained.

That's where C|EH and other certs benefit you, as they give you much more useful information and understanding of how hacking tools and things work, with relation to the overall picture.  They also help to guide you in methodologies for testing your security, and to do so in a routine manner, by which you're less likely to miss things, and present a much clearer picture to those who need to see / hear it.  So I'd say, it's worth your time, one way or another, if you plan to study security.  As to where you put it in your priority list, that's up to you, based on your time, your other study plans, and resources available to you.

Good luck, and let us know where your studies lead!

Also, if you're looking to do more proactive monitoring / warning for this type of ARP spoofing activity, you can use tools like arpmon and arpwatch to keep an eye on things, and be notified if the arp table entries on the network are changing for the machines on the network.

Additionally, SANS has a good read about ARP and monitoring ARP, at:

http://www.sans.org/reading_room/whitepapers/protocols/monitoring_the_arp_protocol_on_local_area_networks_1304?show=1304.php&cat=protocols

While I never actually setup Tom's lab, 'specifically' per the book (in virtualbox, or otherwise,) assuming you can put the box on a physical (or logical / virtual) network segment which allows ARP injection (which I'm guessing it should,) then this should be perfectly doable in the lab.  I've honestly never used virtualbox, but rather VMWare.  However, from anything I've read quickly tonight, arp spoofing should be perfectly workable with virtualbox.

Case in point, an ARP spoofing tutorial (non-ssl specific) at:

http://hack2live.blogspot.com/2008/07/ip-takeover-attack-with-arping.html

So assumption is that it's perfectly doable in virtualbox.

Nice followup to that thread a few weeks ago, about movies with tech / hacking / security themes.

Thanks for the read, unsupported.

While I work in both, I'm no self-proclaimed 'expert' in either.  Ultimately, Python tends to be my down-n-dirty language, if I need something fast, as I've got more time and experience with it, and can often even find someone else's code and modify / 'hack-it-up' it quickly, if needed.  But that alone is not a differentiator.  If I have more time, I might choose Ruby over Python, for some projects, too.

Honestly, for me, it's just a matter of preference, and which tool I feel I can work with, quickly and efficiently, for the task at hand.  I can't really give you a solid 'This is why I chose this one, today, versus that one', aside of the fact, like I'd said, that it sometimes depends on the tool I'm going to use my code WITH, if any at all (Metasploit, Core, CANVAS, etc...)

As nebu10z mentioned, the community for Python is VERY helpful, if you're starting out, and I tend to find them easier to discuss things with than the folks backing Ruby (in my opinion and from my experiences, not speaking for everyone.)  For me, before I knew either, I found Python to be easier to work into, as if you're already familiar with programming languages like Perl, etc, it's kind of 'more of the same.'  Ruby's 'object-oriented' approach is slightly different  from Python's (although once I got comfortable with it, I find it more 'elegant' and have found my 'objects' / chunks of code more portable and easier to move around, in Ruby, for different things,) and there are both similarities and differences between them.

For general differences and comparisons, check out:

http://www.wikivs.com/wiki/Python_vs_Ruby

What I can tell you is that Ruby seems to be the wave, as far as commercial security tools go, these days.  Rails' capabilities, added to it for ease of porting to the web, really are making it a nice language to work with.  I'm only in the beginning stages with Rails, and have a LONG way to go, but so far, I like it a lot, too.

Hope my objective opinion helps, but obviously be sure to get others, as some folks have differing opinions, tastes, preferences and needs.  That's the nice thing about 'community,' as you don't have to choose one or the other, without first getting many folks' sides of the equation, and make a judgement based on what YOU feel comfortable with, in the end.  Additionally, try things out, and see what style you like the best.  I do think, however, that if you're currently working to learn Ruby, then you're investing your time well.

PS - as zeroflaw also pointed out, C/C++ comes in very handy.  But I find that for quick needs, if one of the scripting languages suffices, I use them, before C/C++

As you say, it seems your ambitions are high, so I look forward to seeing what's to come from your endeavors.  Keep us informed as you progress, and hopefully, we'll all be able to help you out, as needed, so that you can progress in IT Security.

Ruby and Python are my tools of choice.  Mainly because I'm comfortable with both, and both are heavily used in many of the newer tools from the security community, so it helps to understand their logic and workings, when I want to integrate my own code with theirs.

welcome j0rDy

Tom, as I've mentioned your book to a few folks on here, already, just let me say thank you for an excellent book - a great resource!  I've already read through it a few times, and have recommended it to a number of folks I deal with.

As for 'downloading/ configuring VM's' the de-ice ones don't take long at all, to get setup and running, so they're at least worth setting up to hack at during your free time, since again, at least those are relatively inexpensive / free.

If you want more of a challenge, you might also sign up for NetWars...  http://www.netwars.info/ as it's been kind of fun, and gives you some immediate things to hack at (when each new round begins... one JUST ended, I believe, today)  I think this one would be your best immediate fun, when a round is in session, so sign up and go for it.

Also, one more...

You might check out group51.org, as well.  They have some little projects going on, and a 'dedicated' test lab setup amongst various members devices and servers.  I haven't checked it out in a while, but they were doing a few cool things in there, last I was in.

Anyway, I understand your 'limited free time,' as I get that a lot, myself, so I wish you luck.

Nothing 'free' that is likely to be as good or deep as OSCP, but there are other 'hackable lab distros' out there, to give you some things to play with.  Check out de-ice.net and some of the other distros out there, as well as Thomas Wilhelm's book (which is relatively inexpensive, compared to many 'paid' resources.  (There's a picture of it on the top of the de-ice site.)

As for others, check out jhaddix's site ( http://www.securityaegis.com/ ) for some links for webapp labs and others you might get some good use out of.  Dig around on there, and you'll find some good links and resources.

I's agree with Ketchup.

I think you might find older versions to be more helpful.  I downloaded, and will look at, the latest version, today, to see what's there.  I know older ones were much more 'beginner-friendly.'

In the meantime, let us know if you find more, as well.  Additionally, if you want to do some learning, get the de-ice labs, etc, and start playing with those, as well.  If you have some extra pocket money, the book Thomas Wilhelm wrote is great, and contains them, as well as some good lesson material, for only about $80 us...  Much cheaper than many of the other possible options you'd have (while obviously still not 'free' as you'd like with the DVL...)

Hmmm... To be honest, I don't think I ever looked for videos for DVL.  Just went to work on it...  A quick Google search turned up a couple on YouTube, so you might start there.

It's excellent... Forgot about that... it's sitting in the bottom of a stack here, alongside a bunch of other reads I still need to get through!

For those of you who have begun asking about the programming / malware analysis side of security lately, here's a good video to give you some starters:

http://securitytube.net/Introduction-to-Malware-Analysis-video.aspx

SecurityTube often has some good vids on there (hint for some of the newer folks around here, who have been looking for tutorials, etc...)