Security for a day

The last few weeks have been all about the packets, it seems. We’ve found and fixed a couple of wacky problems at work by looking at packet captures, Netmon 3.4 beta is out, I’ve devoured Laura Chappell’s new wireshark book, started playing with scapy, read the new Honeynet challenges and now I discover my 502 teacher, Chris Brenton, has a web site and iPhone app on showing love to the packets!

While stuck on a bus, I was idly sifting through Apple’s app store when I found Packet Decode. Some what intrigued, I have a look at it and noticed it was made by my old SANS instructor. Hoping this wasn’t some wacky joke by Chris, I bought the app and had a play. The simple description is that is it a IP/ICMP/TCP & UDP (v4 and v6) cheetsheet on steroids.

This is pretty darn helpful as Chris has written clear description of each field within the packet and has some nifty filters for wireshark and TCPdump. Some though on how the info is displayed means this isn’t cumbersome to navigate, making it a function and useful portable reference. Now if only he added DNS section and my paper SANS TCP/IP cheetsheet could rest happy.

Great as a quick reference, memory jogger or, as I intend to unleash at the next geek pub crawl, away to torture those around me with random facts and demands to know the tcpdump filter syntax for detecting tcp packets with windows size of less than 100. Hours of fun!

Mr Brenton’s web site http://www.chrisbrenton.org/ has some great articles and a number of packet challenges well worth taking the time to work through.