March 17, 2011 at 4:47 pm #6202
Does anyone have any recommendations for packet crafting (manipulating the packets with unusual flag combinations & whatnot) books, courses or videos or know of any certs where it would be part of it?
I know the GCFW has some tcpdump analysis for null and xmas scans. Any others?
March 17, 2011 at 6:26 pm #38737
Judy Novak (packetstan.com) used to offer a scapy class through SANS.
March 17, 2011 at 6:34 pm #38738tturnerParticipant
Packetstan has some articles and I’ve gotten some great info from
If Scapy isn’t what you are looking for you may want to check out http://www.hping.org/
March 17, 2011 at 7:14 pm #38739
Oh yeah, you might also get some mileage out of nping (comes with NMAP and even works in windows unlike hping). Very similar usage and flags, though not as flexible as scapy.
March 17, 2011 at 10:38 pm #38740
I’m using Colasoft’s PacketBuilder now. I like their stuff. It makes manipulation very easy (fields all nicely sorted, etc).
How useful would you say knowing how to manipulate packets would be for a person looking to move into the security field?
I’m working on getting the CISSP (Associate) now and want to get everybody’s opinion on areas I can add to the CISSP that would get me hired.. See certs I already have in the sig. Right now security is something I rarely have to deal with at my present job.
The reason I’m interested in a scapy-type (or other) course is because I had so much fun with the wireshark cert, I wanted to explore it more from the sending side rather than analyzing it after the fact.
What sort of job would there be in the security field for packet analysis?
I’m still figuring out what I enjoy doing the most. I really enjoyed the OSCP course too but dissecting packets is just as interesting to me.
If you guys were starting out all over again, what job would you zero in on and how would you get there?
March 18, 2011 at 2:17 pm #38741
Packet crafting skills are not needed in the CISSP (at least it wasn’t when I took it a few years ago). However, they are very important for security. You may not use it a lot, but if you can master packet crafting you obviously have a good understanding of TCP/IP. That goes a long way in recon and identification and in some instances exploitation and covert communication.
IDS/IPS vendors will require a lot of packet crafting, firewall developers, network hardware vendors, any offensive security company…all of them will have a desire for packet analysis.
If I could do it all over again, I would have skipped college (BS and MS don’t really contribute to the fun stuff) and the associated costs and really spent more time focusing on technique and studying the soft skills more (social engineering type stuff).
March 18, 2011 at 3:11 pm #38742
Thank you razor. That’s some good food for thought.
I’m still trying to decide whether red team or blue team suits me most and which holds the most promise for getting a job once I pass the CISSP exam.
- You must be logged in to reply to this topic.