Title: Packet Mastering the Monkey Way
Trainer: Dr. Jose Nazario (Senior Software Engineer, Arbor Networks)
Capacity: 24 pax
Seats left: CLASS IS CLOSED
Duration: 2 days
Cost: (per pax) USD1299 (early bird) / USD1499 (non early-bird)

Overview

In this course you will learn how to code in C using libpcap, libdnet, libnids, and drive it all with libevent. The main language will be C, but we will also cover python bindings to these techniques.

Day 1

a) TCP/IP and ethernet networking overview
b) Packet capture with libpcap
c) Packet construction with libdnet
d) Libnids and stream reconstruction techniques

Day 2

a) Recap and questions from day 1
b) Event driven programming (signals, read, write, timers), libevent
c) Common tool classes: scanners, snifers, and tracers
d) Bringing it all together:
e) A simple stream sniffer (illustrating the use of libnids and libevent)
f) A simple port scanner (illustrating libpcap, libevent, libdnet)
g) Questions and other things you can do.

About the trainer:

Dr. Jose Nazario is a worm researcher and senior software engineer at Arbor Networks. Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet events such as DDoS attacks and worms, source code analysis methods and datamining. He routinely writes and speaks on Internet security in forums that include NANOG, USENIX Security, BlackHat Briefings, CanSecWest and SANS. Dr. Nazario holds a Ph.D. in biochemistry from Case Western Reserve University.

Dr. Nazario is also the author of the ground-breaking book entitled “Defense and Detection Strategies against Internet Worms” which offers insight into worm trends and behavior, while providing practical protection techniques. Dr. Nazario was also co-author on the book “Secure Architectures with OpenBSD”