HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 31 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Packet crafting recommendation
EH-Net
May 19, 2013, 06:40:34 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Packet crafting recommendation  (Read 4224 times)
0 Members and 1 Guest are viewing this topic.
WCNA
Full Member
***
Offline Offline

Posts: 187



View Profile
« on: March 17, 2011, 11:47:30 AM »
Does anyone have any recommendations for packet crafting (manipulating the packets with unusual flag combinations & whatnot) books, courses or videos or know of any certs where it would be part of it?

I know the GCFW has some tcpdump analysis for null and xmas scans. Any others?
Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
hell_razor
Jr. Member
**
Offline Offline

Posts: 90


View Profile
« Reply #1 on: March 17, 2011, 01:26:45 PM »
Judy Novak (packetstan.com) used to offer a scapy class through SANS.
Logged
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #2 on: March 17, 2011, 01:34:48 PM »
Packetstan has some articles and I've gotten some great info from

http://packetstorm.linuxsecurity.com/papers/general/blackmagic.txt

If Scapy isn't what you are looking for you may want to check out http://www.hping.org/
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
hell_razor
Jr. Member
**
Offline Offline

Posts: 90


View Profile
« Reply #3 on: March 17, 2011, 02:14:34 PM »
Oh yeah, you might also get some mileage out of nping (comes with NMAP and even works in windows unlike hping).  Very similar usage and flags, though not as flexible as scapy.
Logged
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
WCNA
Full Member
***
Offline Offline

Posts: 187



View Profile
« Reply #4 on: March 17, 2011, 05:38:50 PM »
I'm using Colasoft's PacketBuilder now. I like their stuff. It makes manipulation very easy (fields all nicely sorted, etc).

How useful would you say knowing how to manipulate packets would be for a person looking to move into the security field?

 I'm working on getting the CISSP (Associate) now and want to get everybody's opinion on areas I can add to the CISSP that would get me hired.. See certs I already have in the sig. Right now security is something I rarely have to deal with at my present job.

 The reason I'm interested in a scapy-type (or other) course is because I had so much fun with the wireshark cert, I wanted to explore it more from the sending side rather than analyzing it after the fact.

 What sort of job would there be in the security field for packet analysis?

 I'm still figuring out what I enjoy doing the most. I really enjoyed the OSCP course too but dissecting packets is just as interesting to me.

If you guys were starting out all over again, what job would you zero in on and how would you get there?
Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
hell_razor
Jr. Member
**
Offline Offline

Posts: 90


View Profile
« Reply #5 on: March 18, 2011, 09:17:55 AM »
Packet crafting skills are not needed in the CISSP (at least it wasn't when I took it a few years ago).  However, they are very important for security.  You may not use it a lot, but if you can master packet crafting you obviously have a good understanding of TCP/IP.  That goes a long way in recon and identification and in some instances exploitation and covert communication.

IDS/IPS vendors will require a lot of packet crafting, firewall developers, network hardware vendors, any offensive security company...all of them will have a desire for packet analysis.

If I could do it all over again, I would have skipped college (BS and MS don't really contribute to the fun stuff) and the associated costs and really spent more time focusing on technique and studying the soft skills more (social engineering type stuff).
Logged
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
WCNA
Full Member
***
Offline Offline

Posts: 187



View Profile
« Reply #6 on: March 18, 2011, 10:11:33 AM »
Thank you razor. That's some good food for thought.

I'm still trying to decide whether red team or blue team suits me most and which holds the most promise for getting a job once I pass the CISSP exam.
« Last Edit: March 18, 2011, 10:19:30 AM by WCNA » Logged
ISC2 Associate, WCNA, CWNA, OSCP, Network+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.