[Dshield] NMAP/Ethereal primer

Margles Singleton MarglesSingleton at firsthealth.com
Wed Sep 24 13:39:29 GMT 2003

FWIW I found Ethereal to be a fantastic means of increasing my
understanding about "...the deeper layers...." - nmap was nice for
guiding me on what I needed to investigate, but it didn't open my eyes
in the same way as Ethereal.  ....then it was a matter of not being
afraid to ask questions about what I saw and didn't understand.  

>>> mark.rowlands at mypost.se 09/23/03 04:03PM >>>
> With all of this said, I'm trying to gain a better 
> understanding about the deeper layers of my network and have 
> installed NMAP and Ethereal (WIndows versions).  Now I want 
> to better understand how to use these tools most effectively. 

I am not sure nmap is that helpful in those terms, its more of a tool
to use when you know what you want to do.

>  Can anybody point me to some good, laymen's terms documents?
> I've looked at HELP in both cases, but I want to hear from 
> the perspective of the experts out there and particularly 
> would like to hear about the features I should focus on that 
> will help me best understand...

In terms of primers.....

1) goal orientated....  What is it you need/want to know? Try the sans
reading room http://www.sans.org/rr/ 

2) Knowledge orientated.... Want to know about fundamental networking
Begin with Tanenbaum's Computer Networks (isbn 0-13-394248-1) 

An interesting exercise is to install a small test network
(on  a hub not a switch)

Client - monitor (ethereal and snort) - target 

Where target was various boxes (win2k xp redhat freebsd)

Then start running some scans/exploits nessus, nmap, nikto, 
http://neworder.box.sk/ usually  has some pointers ;-) to abuse the
and use snort / ethereal to examine the results. 

> Thanks

You're welcome

list mailing list
list at dshield.org 
To change your subscription options (or unsubscribe), see:

More information about the list mailing list