Chris Sanders

Enjoyed your packet school 101 series. I would like to see more analytical techniques relating to information security threats. Hidden payloads, unusal activity on UDP ports, and rootkits. I’ve seen a few articles on NIDS for rootkits, but nothing concrete.

Thanks!

Hi Chris,

Great series on packet analysis. I second Melissa’s thought on having more coverage on network security and forensics using packet analysis.

Look forward. Thanks.

Hi Chris,
As everyone else I must say the packet school 101 was very educational. I am looking forward to the book. I also agree with Melissa’s request for the forensic aspect. But I would also like to see some indepth information on what the protocols really mean. Not the usuall MSBS “Q:What is the protocol TCP?” “Microsoft type Answer: The TCP ip protocol is the Transmission Control Protocol” but rather the real world laymens reason as to why we see it and its significance.

Thanks,
Phil

Hi Chris,
Season’s greetings.

I am going through packet school 101, and find practical examples with trace files useful. So how about trace examples of runts and giants? Maybe discussion on whys and how does runt/giant happen in a network?

Also how to sniff Layer 2/VLAN segments, which much more common in enterprises? You mention in your podcast either to use ARP poisioning or port mirroring – examples of ARP poisioning would be useful.

What I would really apperciate is why and how to set up filters – a step-by-step procedure to look at either telnet or ftp connections between 2 end points with other trafic filtered and or not captured in trace?

Thanks.
Regards,
Raj

I’ve only read one of your “101′s” but I enjoyed it. Thanks for taking the time to offer your knowledge.

Could you include not just the cowboy/Indian (network admin/hacker) scenarios, but also less suspicious topics such as how to analyze and resolve slow networks.

I am quite the n00b with packet analysis but want to learn more.

Thanks,