- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Packet Level Normalisation
- Abstract
- This paper proposes that any Signature Based Passive Network Intrusion Detection (NID) deployment is incomplete without an 'In-line' 'Packet Level Normaliser' [1]. A number of published papers will be selectively reviewed, assessing their contribution to the development of this field. Focusing on the Network Layer, a 'walkthrough' of the IP protocol will be followed by a Lab where the Normaliser 'norm' [2] will be employed to illustrate core concepts. Packets will be manufactured using 'NetDuDe' [3] and 'Fragroute' [4]. The output will be in 'tcpdump' [5] format. The paper culminates with a brief review of current normaliser technology.