Penetration Testing mailing list archives

Re: TCP/IP skills

From: vulnerable <vulnerable () gmail com>
Date: Thu, 8 Jul 2004 19:33:37 -0400

I'm more interested in what should be classified as 'in-depth
knowledge' of TCP/IP.  You mentioned 3way handshake which seems as an
intermediate level at best.

IMO, advanced would be knowing what information belongs at what offset
in a particular packet or knowing that a certain hex value represents
a certain combination of flags.  I myself have a hard time just
remembering that TCP is protocol 6.

But not to get sidetracked (long day, sorry) I think its a given that
you should at the very least understand the functionality of TCP/IP. 
Things such as threeway handshakes, tcp vs udp, addresses, ports, NAT
etc.  Without this foundation your simply checking boxes in a program
over and over until you get the results your hoping for..

And to be longwinded, a few people asked where to find tutorials or
books.  Too at least get a basic foundation I'd recommend looking at
material regarding the cisco CCNA exam (a free one was recently
released as .doc by a professor), googling and following .edu links,
or picking up any security book- the majority of them tend to touch on
such things.  Or if your hardcore, pick up Stevens book "TCP/IP
Illustrated, VOL 1".

On Tue, 6 Jul 2004 21:20:46 -0400 (EDT), Don Parker
<dparker () rigelksecurity com> wrote:

Hello all, I just wanted to comment on what I see as a rather alarming trend in the
security industry today. More and more many are becoming reliant upon tools to do their
job whilst they ignore core components of their skillset. Specifically in this case an
in-depth knowledge of TCP/IP.

Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be
attained by anyone who wishes to have a successful career in the network security
industry today. One cannot become adept by simply using tools, and never knowing how to
interpret the output by verifying the packets themselves.

It constantly amazes me when I teach a TCP/IP Analysis course that people who are
presently in the industy do not know of such basic TCP/IP concepts as the 3 way
handshake and how ICMP works. That or being able to wholly dissect a packet and explain
the relationships between various metrics.

I would be curious to hear of your opinions on this?

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

Current thread:

TCP/IP skills Don Parker (Jul 07)
- Re: TCP/IP skills Nigel Stepp (Jul 08)
- Re: TCP/IP skills Nelson Santos (Jul 08)
- RE: TCP/IP skills Naveed (Jul 08)
- Re: TCP/IP skills Mark W. Webb (Jul 08)
- Re: TCP/IP skills Vlad (Jul 08)
- Re: TCP/IP skills Jordan Cole (stilist) (Jul 08)
  - RE: TCP/IP skills Rocky Heckman (Jul 13)
  - Re: TCP/IP skills Chris Byrd (Jul 13)
- Re: TCP/IP skills vulnerable (Jul 13)
- RE: TCP/IP skills Dave Dyer (Jul 13)
- <Possible follow-ups>
- FW: TCP/IP skills drbitbucket (Jul 08)
- Re: TCP/IP skills captgoodnight (Jul 08)
  - Re: TCP/IP skills R. DuFresne (Jul 13)
- Re: TCP/IP skills Allan (Jul 08)
- re: TCP/IP skills Scott Schappert 6270, QA (Jul 08)
- Re: TCP/IP skills M. D. (Jul 09)
- RE: TCP/IP skills Vaccare, Anthony (Jul 13)
- RE: TCP/IP skills Strand, John (Jul 13)
- RE: TCP/IP skills Eric McCarty (Jul 13)

(Thread continues...)