I'd posted a few sites where you could download packet captures to study network traffic and practice your analysis skills, especially if you're new to network security or if investigating alerts is only one of many things that you do (that's more common, especially in smaller shops, than you may realize.) One of the security listserv's I subscribe to had someone post a question on where to find packet captures and the aggregate experience on that list came up with a nice list of additional sites.
Back in March, I posted the packet repositories found on pcapr.net, the HoneyNet Challenges and the Inter-Service Academy Cyber Warfare Competition (http://jeffsoh.blogspot.com/2011/03/practice-makes-perfect.html) . Add to that list these sites from that post..
4. http://forensicscontest.com/ (Excellent place to practice, as this is a scenario you must solve, like the Honeynet challenges..)
A list of pcap sites can be found here
It can be tough after working all day to then sit at home and look at MORE packets, but the more you work with captures, you more familiar you'll become with the both the data and the tools and methods you'll learn to work through huge amounts of data to find that one packet that confirms or denies your investigations theory.
If you're a programmer as well, you'll soon write up all sort of nifty scripts to automate things. If you're not, others have written tons of them, and reinventing the wheel isn't really necessary anyways. Enjoy.
- ► 2017 (9)
- ► 2016 (14)
- ► 2015 (12)
- ► 2014 (26)
- ► 2013 (29)
- ► 2012 (23)
- ▼ 2011 (40)
- ► 2010 (35)
- ► 2009 (62)
- ► 2008 (16)