Penetration Testing: Re: TCP/IP skills

["Mark W. Webb" <mark () dolphtech com>]

As someone who is relatively new to this field(~1 year), I would agree.  
I have spent all of my professional life writing java applications, and 
some C apps. 
I have taken a few security courses, and have been using Unix for about 
5 years.  But have never gotten a really good handle on the in-depth 
knowledge of TCP/IP.  Sure, I understand the basics of the 3-way 
handshake, but as far as what goes into a packet, I would say that I do 
not know that information really well.
Could you recommend some sources of information(books, URL..etc) 
concerning this topic.
Thank you.

Don Parker wrote:

> Hello all, I just wanted to comment on what I see as a rather alarming trend in the 
> security industry today. More and more many are becoming reliant upon tools to do their 
> job whilst they ignore core components of their skillset. Specifically in this case an 
> in-depth knowledge of TCP/IP. 
>
> Knowing TCP/IP at a granular level in my opinion is very much a core skill that must be 
> attained by anyone who wishes to have a successful career in the network security 
> industry today. One cannot become adept by simply using tools, and never knowing how to 
> interpret the output by verifying the packets themselves. 
>
> It constantly amazes me when I teach a TCP/IP Analysis course that people who are 
> presently in the industy do not know of such basic TCP/IP concepts as the 3 way 
> handshake and how ICMP works. That or being able to wholly dissect a packet and explain 
> the relationships between various metrics. 
>
> I would be curious to hear of your opinions on this?
>
> Cheers,
>
> Don
>
> -------------------------------------------
> Don Parker, GCIA
> Intrusion Detection Specialist
> Rigel Kent Security & Advisory Services Inc
> www.rigelksecurity.com
> ph :613.233.HACK
> fax:613.233.1788
> toll: 1-877-777-H8CK
> --------------------------------------------
>