Packet crafting recommendation

Viewing 6 reply threads
  • Author
    Posts
    • #6202
      WCNA
      Participant

      Does anyone have any recommendations for packet crafting (manipulating the packets with unusual flag combinations & whatnot) books, courses or videos or know of any certs where it would be part of it?

      I know the GCFW has some tcpdump analysis for null and xmas scans. Any others?

    • #38737
      hell_razor
      Participant

      Judy Novak (packetstan.com) used to offer a scapy class through SANS.

    • #38738
      tturner
      Participant

      Packetstan has some articles and I’ve gotten some great info from

      http://packetstorm.linuxsecurity.com/papers/general/blackmagic.txt

      If Scapy isn’t what you are looking for you may want to check out http://www.hping.org/

    • #38739
      hell_razor
      Participant

      Oh yeah, you might also get some mileage out of nping (comes with NMAP and even works in windows unlike hping).  Very similar usage and flags, though not as flexible as scapy.

    • #38740
      WCNA
      Participant

      I’m using Colasoft’s PacketBuilder now. I like their stuff. It makes manipulation very easy (fields all nicely sorted, etc).

      How useful would you say knowing how to manipulate packets would be for a person looking to move into the security field?

      I’m working on getting the CISSP (Associate) now and want to get everybody’s opinion on areas I can add to the CISSP that would get me hired.. See certs I already have in the sig. Right now security is something I rarely have to deal with at my present job.

      The reason I’m interested in a scapy-type (or other) course is because I had so much fun with the wireshark cert, I wanted to explore it more from the sending side rather than analyzing it after the fact.

      What sort of job would there be in the security field for packet analysis?

      I’m still figuring out what I enjoy doing the most. I really enjoyed the OSCP course too but dissecting packets is just as interesting to me.

      If you guys were starting out all over again, what job would you zero in on and how would you get there?

    • #38741
      hell_razor
      Participant

      Packet crafting skills are not needed in the CISSP (at least it wasn’t when I took it a few years ago).  However, they are very important for security.  You may not use it a lot, but if you can master packet crafting you obviously have a good understanding of TCP/IP.  That goes a long way in recon and identification and in some instances exploitation and covert communication.

      IDS/IPS vendors will require a lot of packet crafting, firewall developers, network hardware vendors, any offensive security company…all of them will have a desire for packet analysis.

      If I could do it all over again, I would have skipped college (BS and MS don’t really contribute to the fun stuff) and the associated costs and really spent more time focusing on technique and studying the soft skills more (social engineering type stuff).

    • #38742
      WCNA
      Participant

      Thank you razor. That’s some good food for thought.

      I’m still trying to decide whether red team or blue team suits me most and which holds the most promise for getting a job once I pass the CISSP exam.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?