Scan Of The Month Archives

2000 Scan 0: Packets crafted by Libnet Scan 1: Potential hping2 scan Scan 2: Mail Relay scans Scan 3: nmap scanning for IP types Scan 4: Large ICMP echo requests Scan 5: Queso Scan 6: Telnet negotiation Scan 7: Microsoft Windows worms Scan 8: FTP Frontpage scan Scan 9: Cart32 Webserver scan Scan 10: 2 Remote Exploits

2001 Scan 11: Unique NT IIS probe Scan 12: NT IIS Unicode attack Scan 13: auto rooter Scan 14: Successful NT attack Scan 15: Recover a deleted rootkit Scan 16: Decrypt and an analyze a security toolkit Scan 17: Analyze a month of captured data Scan 18: Determine the attackers' tactics Scan 19: Analyze two Snort binary captures

All binary network captures are in tcpdump format. The Honeynet Project recommend you use either Snort or Ethereal to read and analyze the these files. To help you decode the signatures, the following RFC's are provided. If you want to learn more about decoding TCP/IP, we highly recommend the book TCP/IP Illustrated, Volume 1, by Richard Stevens.

IP - RFC 791
ICMP - RFC 777
TCP - RFC 793
UDP - RFC 768