Several years ago the CEH examine was also filled with snort signatures and what tool does what kind of thing. Make sure you know what all the most common tools do. The more common tools like nmap and netcat you should know the options. As far as packet read out, make sure you can read some hex. What they will do is blank out some of the letter equivalents and then you need to make sense of it. If you haven't memorized your hex that still is not a biggy because there is usually enough info available to put it together. That is, if you see what letter repeats you can figure out what the hex value is and then hopefully translate the appropriate hex line with the missing ascii into something readable and then pick the correct answer.
Last edited by Kev
on Mon Feb 04, 2008 6:31 pm, edited 1 time in total.