SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsIn using the Internet, one often needs to determine where certain traffic comes from. The traffic might be a scan, a request for a web page, or an email. Since each packet contains a source IP number, by determining that number and who controls it one can obtain a great deal of information about the true meaning of the traffic. Once the 'owner' of the IP address is determined appropriate action can be taken if the situation warrants. A number of command-line tools were developed on UNIX systems during the early days of the Internet to assist in determining the source of Internet traffic. These tools include: whois traceroute finger ping and nslookup. While a number of these have been implemented in the various Windows operating systems the Sam Spade utility provides all these tools and more in a graphical user interface. Sam Spade for Windows is free and available at www.samspade.org/ssw. This paper will examine a number of the more useful tools in Sam Spade.