Ping is a tool used to check the connectivity of a certain host, using ICMP (Internet Control Message Protocol).  At the command line you can ping an IP address or domain name and see how long the target takes to respond.  When this happens, ARP (Address Resolution Protocol) resolves the domain name or IP address to the target’s MAC (Media Access Control) address.  Displayed below is an example of how this works.  Once an address is pinged, it’s resolved MAC address is written to the ARP cache, which can be displayed using the “arp -a” command.

The tricky part comes in figuring out if that is really the correct MAC address for the target computer.  If you’re trying to identify someone who has tried to access your network illegally, they most likely used ARP spoofing.  More on this later…

The following are a few tools of which I am currently aware.  I’ve used some, and plan to dive deeper into each of them, and hopefully discover others along the way.  I’ll republish this list as I get further along.

1. Backtrack – live CD, combination of Auditor and WHAX, tons of security/forensics tools
2. Helix – live CD, can also run as an application in Windows, forensic tools
3. SecurityDistro – more live CD’s with loads of security tools
4. WebGoat – a tutorial on web security
5. p0f – OS fingerprinting tool, for profiling your targets
6. MetaSploit – ” useful information to people who perform penetration testing, IDS signature development, and exploit research”
7. KeePass – “a free open source password manager, which helps you to manage your passwords in a secure way”
8. Wigle.net – Wireless Geographic Logging Engine

I’d like to keep track of my experiences and record the knowledge I gain as I start exploring the world of IT security more in depth.  I do not claim to be an expert on any of the topics I introduce here; but welcome any further insights or questions from anyone who takes the time to visit El Blog de Seguridad.

I hope this can become some sort of a digital resume to help display the experience I gain working with and researching IT security.  I’d like to set a public goal of publishing here at least once a week (so bug me if you don’t see anything newer than a week).