Some of you may see this as spam and if you do, I hope that you will forgive the offense. I am a long time member of this list and thought some on the list may be interested in this information.

On Wednesday evening, December 5, I will be teaching the SANS Stay Sharp IP Packet Analysis course at the Dykes Library at the KU Med Center in Kansas City. The course starts out with an in depth look at IP and TCP packet headers, explaining what each of the header fields are and how to make sense of the values therein. Sure there are wonderful tools that can do this for you, but this course will give you an understanding of how those tools do what they do.

The second part of the course looks at a handful of those tools that are invaluable for incident response and troubleshooting network connection and networked application problems.

We'll also have a gentle review of hexadecimal and binary numbering systems and how to convert between them and decimal; fun stuff that's good to know if you're serious about networking, incident response, reverse engineering, etc.

The course comes with a book full of detailed instruction, copies of the slides, a helpful pocket reference and a CD containing various open source packet analysis tools.

I want you to know that I'm not a SANS employee. I'm a practicing security professional and have studied the IP Packet Analysis course materials myself and have found them to be very good. Even after 15 years of this stuff, I learn new things all the time. I can tell you from experience that the certificate exam for this material is a really good test of your knowledge of TCP/IP, that is to say, it's challenging.

If you'd like to take the course please register at the following URL:

https://www.sans.org/staysharp/details.php?id=8546

And if you know of anyone else who may be interested, please pass along this message.

Cheers.