SANS Stay Sharp: IP Packet Analysis

I'm happy to say that I'll be teaching SANS' Stay Sharp: IP Packet Analysis course in December at the KU Med Center in Kansas City. If you or anyone you know has to regularly interpret TCP/IP packet captures, you'll benefit from this course.

We'll start off by rolling up our sleeves and breaking IP packets apart by hand, converting hexadecimal values to their binary and decimal equivalents to determine exactly what the packet elements mean. We'll do the same thing for the IP packet's TCP payload and then we'll look at a handful of tools that will do all of this heavy lifting for us, but there's tremendous benefit to knowing how these tools actually work.

I've been working with TCP/IP networks for more than 15 years. I've managed a large deployment of Snort IDS' appliances (60+) on a large enterprise network (20K+ hosts). But when I started studying for this course, I learned a few new things. And the certificate exam is a very good test of one's understanding of TCP/IP.

So if you are interested in this type of material, please checkout the link here, http://www.sans.org/info/17421 and please pass this along to anyone you know who may be interested.