Our goal in writing Network Intrusion Detection, Third Edition has been to empower you as an analyst. We believe that if you read this book cover to cover, and put the material into practice as you go, you will be ready to enter the world of intrusion analysis. Many people have read our books, or attended our live class offered by SANS, and the lights have gone on; then, they are off to the races. We will cover the technical material, the workings of TCP/IP, and also make every effort to help you understand how an analyst thinks through dozens of examples.

Network Intrusion Detection, Third Edition is offered in five parts. Part I, “TCP/IP,” begins with Chapter 1, ranging from an introduction to the fundamental concepts of the Internet ...