Our goal in writing Network Intrusion Detection, Third Edition has been to empower you as an analyst. We believe that if you read this book cover to cover, and put the material into practice as you go, you will be ready to enter the world of intrusion analysis. Many people have read our books, or attended our live class offered by SANS, and the lights have gone on; then, they are off to the races. We will cover the technical material, the workings of TCP/IP, and also make every effort to help you understand how an analyst thinks through dozens of examples | Network Intrusion Detection Third Edition By Stephen Northcutt Judy Novak iKfcctliJfl Publisher Pub Date ISBN Pages New Riders Publishing August 28 2002 0-73571-265-4 512 Table of Contents The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory they focus their attention on providing practical information. The authors are literally the most recognized names in this specialized field with unparalleled experience in defending our country s government and military computer networks. New to this edition is coverage of packet dissection IP datagram fields forensics and snort filters. Table of Contents Copyright About the Authors About the Technical Reviewers Acknowledgments Tell Us What You Think Introduction Part I TCP IP Chapter 1. IP Concepts The TCP IP Internet Model Packaging Beyond Paper or Plastic Addresses Service Ports IP Protocols Domain Name System Routing How You Get There from Here Summary Chapter 2. Introduction to TCPdump and TCP TCPdump Introduction to TCP TCP Gone Awry Summary Chapter 3. Fragmentation Theory of Fragmentation Malicious Fragmentation Summary Chapter 4. ICMP ICMP Theory Mapping Techniques Normal ICMP Activity Malicious ICMP Activity To Block or Not to Block Summary Chapter 5. Stimulus and Response The Expected Protocol Benders Abnormal Stimuli Summary Chapter 6. DNS Back to Basics DNS Theory Using DNS for Reconnaissance Tainting DNS Responses Summary Part II Traffic Analysis Chapter 7. Packet Dissection Using TCPdump Why Learn to Do Packet Dissection Sidestep DNS Queries Introduction to Packet Dissection Using .