Penetration Testing mailing list archives
re: TCP/IP skills
From: "Scott Schappert 6270, QA" <SSCHAPPERT () balboa-instruments com>
Date: Thu, 08 Jul 2004 10:09:37 -0700
Don, What a surprise to hear this so well articulated. I have learned by self-teaching: TCP/IP theory and fundamentals of the traffic that allow the TCP/IP to function. The "first-principles" that I always assumed anyone involved in even understanding how to launch an IPSEC policy HAD TO KNOW. I know for myself, I would not have progressed to any of the NETSEC tools without having the skills to discriminate activity, and see if your theory is strong enough to meet the reality of what you are seeing as an output from a tool. I strongly recommend to anyone I know who expresses interest to take as much time as is required to gain a "working knowledge" and comfort to have intelligent discourse with another of the same discipline. I wonder if a simple poll was taken with three basic questions of TCP/IP first principles, how many would pass / fail. Many of the tools available freely are well constructed by knowledgeable folks. The first real tool I used was Ethereal. Talk about WOW. To me, actually setting up the cap was a pleasure, and the output actually meant something; the relationship between the data packets, to me it was the theory in practical applications working for me, right in front of me, and, "I got it". However, I could see someone relying on the tool to provide meaningful feedback, but how do you interpret, based on good science, something you cannot really discriminate, e.g. dissection of any given packet, to any degree of plausibility. Some tools are very nice and intelligent, with dedicated purpose. Not understanding the output on a skillset level is somewhat meaningless, less those who live in a controlled world. The tools are quite a different story when you synergistically "bond" with the output, based on a good skill level. It's bloody fun ! In this world, one remains a student of the comm protocols, the masters being few between. Cheers for now ! S.S. This communication is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this communication is not the intended recipient or the employee or agent responsible for delivering the communication to the intended recipient, you are hereby notified that any dissemination, distribution, publication or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by return email or telephone (714-384-0384). Thank you. On Tuesday, July 06, 2004 6:20 PM, Don Parker wrote:
Date: Tue, 6 Jul 2004 21:20:46 -0400 (EDT) From: Don Parker To: pen-test () securityfocus com, vuln-dev () securityfocus com Subject: TCP/IP skills Hello all, I just wanted to comment on what I see as a rather alarming trend in the security industry today. More and more many are becoming reliant upon tools to do their job whilst they ignore core components of their skillset. Specifically in this case an in-depth knowledge of TCP/IP. Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be attained by anyone who wishes to have a successful career in the network security industry today. One cannot become adept by simply using tools, and never knowing how to interpret the output by verifying the packets themselves. It constantly amazes me when I teach a TCP/IP Analysis course that people who are presently in the industy do not know of such basic TCP/IP concepts as the 3 way handshake and how ICMP works. That or being able to wholly dissect a packet and explain the relationships between various metrics. I would be curious to hear of your opinions on this? Cheers, Don ------------------------------------------- Don Parker, GCIA Intrusion Detection Specialist Rigel Kent Security & Advisory Services Inc www.rigelksecurity.com ph :613.233.HACK fax:613.233.1788 toll: 1-877-777-H8CK --------------------------------------------
Current thread:
- Re: TCP/IP skills, (continued)
- Re: TCP/IP skills Vlad (Jul 08)
- Re: TCP/IP skills Jordan Cole (stilist) (Jul 08)
- RE: TCP/IP skills Rocky Heckman (Jul 13)
- Re: TCP/IP skills Chris Byrd (Jul 13)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
- Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)
- Re: TCP/IP skills drbitbucket (Jul 13)
- RE: TCP/IP skills Parish Zachary Z AB 381 IS/SCSS (Jul 13)