Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Helping us to help you - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Helping us to help you

Readers and Handlers, Handlers and Readers, it’s a fantastic symbiotic relationship that keeps both parties informed, on their toes, looking at another side of the story which, in my humble option, makes us all better security professionals.

Without the support, information, questions, comments, heads-up, jokes, packet captures*, time and energy supplied by you, the readers, the Internet Storm Center (ISC) can’t be the resource it is today. If you attended the Handlers’ talk at SANSfire this year, this was the final comment from the assembled handlers. We need you to help us to help the collective you. Keep writing in with what you’re seeing, what you have to deal with and, heck, if you disagree with what we’ve said.

Being the new kid on the handlers’ team, seeing the information coming makes me want to be better at my day job. I’ve been reading the ISC for a good number of years, but never thought of writing in with what I was seeing on my systems and networks. My mistake. The more we share, discuss and debate, the more we learn. To steal a film quote "The only way to get smarter is by playing a smarter opponent."** Well, there are plenty of smarter, well-funded and co-ordinated opponents out there, so give yourself a helping hand and share what you’re seeing the ISC.

If you agree, we can pass that information on via the diary pages; it may help someone else make sense of what they are seeing and from a collaborative effort provide an answer for you.

So drop us links to stories and events that you think are important, add comments to the diaries, share with us what you are encountering and struggling with. We won’t always have the answer, but at least you’ll have someone else to offer their suggestions.


*We NEVER get bored of looking through packet captures, especially when trying to solve a puzzle posed or determine if something is happening

** Quote from the Guy Ritchie film “Revolver” which appears to have been made up for the film, not the mythical “Fundamentals of Chess -- 1883” unless they were Geezers back in the day. Unlikely, but Johannes Zukertort was a bit of a card [1].

[1] http://en.wikipedia.org/wiki/Johannes_Zukertor

Chris Mohan --- Internet Storm Center Handler on Duty

Chris

105 Posts
ISC Handler
What is the best and/or the easiest tool for "really understanding" a .pcap e.g. Wireshark file?

...sorry for the newbie question.
Anonymous
There is no tool allowing "real understanding", a tool circumvents "real understanding". Tools are useful once you have knowledge of the underlying process.
Pcap, get the study material for CCNA, it'll be a good step in the right direction.
Anonymous
pcap...try these cheatsheets: hxxp://packetlife.net/library/cheat-sheets/

BarefootNick...really? Studying CCNA material is definitely NOT a jumping off point for learning how to read PCAP files.
HackDefendr

65 Posts
There are some very good books on Wireshark. I have one by Orebaugh (although I haven't read it yet).
HackDefendr
28 Posts

Sign Up for Free or Log In to start participating in the conversation!