Packet Mastery the Monkey Way - by Jose Nazario and Marius Eriksen

Learn how to write scanners, sniffers and packet flooders using libpcap, libdnet, and libevent.

Instructor: Jose Nazario and Marius Eriksen
Dates: 14-15 June 2006
Price: 1700$ + taxes
Availability: CANCELLED

Day 1 - Introduction to network programming

Students will learn a basic overview of TCP/IP and ethernet networking and how it relates to the libraries we're using. We will then begin to capture and examine packets using libpcap, and then learn how to craft them with libdnet. By the end of day 1 students will have created a basic sniffer and high performance packet flooder tool.

Day 2 -

Students will learn how to use libnids for stream reassembly, and libevent to tie these tools together for high performance. they will improve their tools and create a high performance scanner, a password sniffer, and learn how to parse packets for data using flexible techniques.

The primary language of the course will be C and some python examples will be covered. students will get to keep their code and the example code from the course.

Class Requirements

students are expected to bring a laptop with SSH access, the instructors will supply a standard development system for use as a shared resource.


Dr. Jose Nazario is a worm researcher and senior software engineer at Arbor Networks. Dr. Nazario.s research interests include large-scale Internet trends such as reachability and topology measurement, Internet events such as DDoS attacks and worms, source code analysis methods and datamining. He routinely writes and speaks on Internet security in forums that include NANOG, USENIX Security, BlackHat Briefings, CanSecWest and SANS. Dr. Nazario holds a Ph.D. in biochemistry from Case Western Reserve University.

Marius Eriksen is a software engineer at Google, Inc. and is an OpenBSD developer. He has developed and maintained many open source projects and has failed to release many more. Marius has mostly been involved with systems security, distributed filesystems, networking middleware and security and general operating systems kernel development. Recent open source work include work on transparent end-to-end networking portability and contextual user interfaces.