Jon Schipp

This web page is a deliberately simple attempt to document my achievements and work to serve as a reference for myself, family, colleagues, clients, and employers.

Menu: [Bio] [Resume] [Websites] [Contributions] [Presentations] [Television] [Articles] [Awards] [Certificates] [Conferences] [Consulting] [Music] [Contact]


Home lab [jpg] [jpg] [jpg]


Jon Schipp is a Security Engineer for the National Center for Supercomputing Applications, Director of Security at Draconyx, as well as the chair for OpenNSM at the University of Illinois at Urbana-Champaign.
He is the author of ISLET and other tools as well as a contributor to many Free and Open Source Projects including The Netsniff-NG Toolkit, SecurityOnion, and the Bro Project. With a few publications and many talks he has been fortunate enough to have audiences at various conferences including DerbyCon, AIDE, Hack3rCon, BroCon, XSEDE, MOSSCon, and more. He spends his leisure time dabbling in ideas from social theory, philosophy, political science, and economic thought, and is always down for a game of recreational volleyball.


classic version [pdf]

Current Goals:

Websites: - My personal page - IT Consulting business - Southern Indiana Computer Klub (Founder) - Open Network Security Monitoring Group (Founder, Chair) - Linux Users Group at UIUC - (Chair) [archive] [defunct on 08312013] - Dubois County Linux User Group (Founder) [pdf, pdf, pdf, pdf, pdf]

Free and Open Source Contributions:

NSM/TA Video Course - Lead and design a comphrensive, free online video course on NSM, OpenNSM [youtube]
The More You Bro - Official video series for the Bro network security monitor, Bro Project
ContainNSM - Repository of Docker images for many FOSS NSM tools, OpenNSM [youtube]
ISLET - Isolated, Scalable, and Lightweight Environment for Training (Linux container based system)
quiz - A retrieval practice program and quiz builder
nagios-plugins - Collection of Nagios plug-ins I've written
vagrant - Vagrant configurations I've created
bro-scripts - Collection of Bro scripts I've written
pps - Prints PPS, BPS, and percentage of line-rate for a network interface.
mal-dnssearch - A malware host detection and prevention script that handles multiples logs
malcachesnoop - Defensive malware cache snoop shell script
metacapng-test - PCAP-NG Metadata recon tool in python *in progress*
ewhois-query - Shell script to query the ewhois database from the cmd-line
gencfg - A Trafgen configuration generation and syntax testing tool written in bash
netsniff-ng - Documentation and features for a high performance suite of networking tools [html, etc]
securityonion - Enhancements for the popular NSM Ubuntu-based Linux distribution [html, html, html, html, html, html, html, html]


Get in touch with me if you would like me to speak or perform training at your event

OpenNSM, ContainNSM, and Docker -- SecureWV Nov 8, 2015 [pdf, youtube]
ISLET: An Attempt to Improve Linux-based Software Training -- Ohio Linux Fest 2015 October 3, 2015 [pdf]
ISLET: An Attempt to Improve Linux-based Software Training -- Derbycon 2015 September 26, 2015 [pdf]
Bro Integrations: Some Misc. Bro Related Stuff -- BroCon 2015 August 3, 2015 [pdf]
ISLET: An Attempt to Improve Linux-based Software Training -- XSEDE 2015 July 28, 2015 [pdf]
ISLET: An Attempt to Improve Linux-based Software Training -- AIDE 2015 April 23, 2015 [pdf, html]
ISLET: An Attempt to Improve Linux-based Software Training -- REN-ISAC March 26, 2015 [pdf, html]
ISLET: An Attempt to Improve Linux-based Software Training -- Hack3rcon Nov 14, 2014 [pdf, youtube]
ISLET: An Attempt to Improve Linux-based Software Training -- Information Trust Institute, UIUC Nov 13, 2014 [pdf]
BroLive!: Training for the Future -- BroCon 14 Aug 18, 2014 [pdf]
Intrusion Detection and Packet Analysis: Using Bro to Gain Network Visibility -- ITT-Tech, Newburgh, IN Oct 31, 2013 [pdf, txt, jpg]
Netsniff-NG Toolkit -- Hack3rcon^4 Oct 20, 2013 [youtube, mp4, ogv, pdf]
Netsniff-NG Toolkit -- Derbycon 2013 Sept 29, 2013 [youtube, pdf]
A Look at the Netsniff-NG Toolkit: A High Performance Suite of Networking Tools -- Midwest Open Source Software Conference, University of Louisville May 18, 2013
[html, pdf, png]
Intro to Network Traffic Analysis -- Hacker Hotshots, Concise Courses Feb 12, 2013 [html, youtube]
A PCAP Workshop -- Hack3rcon^3 Workshop Oct. 19-21, 2012 [html, [pt1:youtube, avi, mp4, ogv | pt2:youtube, avi, mp4, ogv], txt, odp, pdf] [video mirror] \
- (Slides used in course, "Hacking Techniques and Intrusion Detection", Ali Al-Shemery, Assoc. Prof., Princess Sumaya University for Technology (PSUT))
An Introduction to Traffic Analysis: A Pragmatic Approach -- Marshall University, AIDE Conference May 21-25, 2012 [html, youtube, avi, mp4, ogv, odp, pdf] [video mirror]
FOSS for Unix Administrators -- Vincennes University, Jasper Campus 2011
What's Under Your Hood: Implementing A Network Monitoring System -- Hack3rcon 2 Oct. 21-23, 2011 [youtube, avi, mp4, ogv, ppt, pdf] [video mirror]

Open Network Security Monitoring Group Presentations:

Rsyslog Logging Infrastructure -- 02-02-2015 [youtube] ISLET -- 10-20-2014
Tcpdump -- 09-29-2014
Implementing a Network Monitoring System -- 09-22-2014
Bro -- 09-15-2014
Trafgen -- 09-08-2014

UIUC ACM Linux User Group Presentations:

GNUplot, InfluxDB, Grafana -- 04-16-2015 [youtube]
Gitlab, Puppet -- 03-09-2015 [youtube]
Linux Kernel Capabilities -- 02-23-2015 [youtube]
strace -- 02-16-2015 [youtube]
Nmap -- 02-09-2015 [youtube]
PXE Boot, Vagrant -- 02-09-2015 [youtube]
Docker, Quiz, Sudo -- 01-26-2015 [youtube]
Docker -- September 2014
Linux From Scratch series -- March - May 2014
Creating Vagrant Environments -- March 2014
Introduction to Linux Networking -- February 2014
Awk Primer -- February 2014

Dubois County Linux User Group Presentations:

Huntingburg group turning Fourth Street into a WiFi hotspot -- html
Automated Distributed IDS w/ SecurityOnion -- DCLUG May 9, 2013
X11 forwarding w/ SSH -- Ibid.
XQuartz (X11 replacement) on OSX -- Ibid.
MacTex Distribution on OSX -- Ibid.
GeoIP w/ Wireshark -- Ibid.
Rpcapd (Windows) -- Ibid.
Intro. to Github -- Ibid.
Ewhois-query script -- Ibid.
Ninite application updater (Windows) -- Ibid.
Mandiant's Redline (Windows forensics) -- Ibid.
Cisco - Configure SPAN ports -- Ibid.
Wireless Hacking -- DCLUG Feb 3, 2013
Messing with PCAP's Containing Raw Wireless Traffic -- Ibid.
A look at LaTeX -- Ibid.
Writing Security Tools with Bash -- Ibid.
A Brief Look at the Linux Network Stack -- DCLUG November 4, 2012
A Detailed, High-Throughput /etc/network/interfaces configuration on Ubuntu Server -- Ibid.
Getting Things Done with awk/gawk -- DCLUG August 5, 2012
Netsniff-NG - a Performant Sniffer -- Ibid.
ifpps - Network Stats -- Ibid.
vnstat - A Console Based Traffic Monitor -- Ibid.
CPU Affinity and Interrupt Binding on SMP systems -- Ibid.
Primer on Shell programming with sh/bash -- Ibid.
A Look at a Production Sensor/NMS -- Ibid.
Interface/Network Stats on Linux ( ifpps, tcpstat, atsar ) -- DCLUG June 3, 2013
Network Stress Testing on Linux ( hping3, trafgen, iperf ) -- Ibid.
sed primer -- DCLUG April 8, 2012
Bash Editing Modes: vi and emacs -- Ibid.
Bash Globbing (expansion) -- Ibid.
htop - a better top -- Ibid.
A Brief Look at BPF Assembler -- Ibid.
Networking with Linux -- DCLUG December 4, 2011
Introduction to Moving Text Files Between Windows and the Unices: newlines, carriage returns, tr, sed, od, hexdump -- DCLUG November 16, 2013 [txt]
FreeBSD: sockstat -- Ibid.
Network Throughput Testing with iperf -- DCLUG October 2, 2011
An Introduction to PF -- DCLUG September 4, 2011
Remote Logging with syslogd -- Ibid.
Host Intrusion Detection with OSSEC -- Ibid. [odp]
Keeping Time with ntpd -- DCLUG August 7, 2011 [odp]
Remote Logging with syslogd -- Ibid.
(DNS) Transaction Signatures in BIND -- Ibid.
Using netstat - A Look into the Networking Subsystem -- Ibid. [txt]
Intro to GPG -- DCLUG April 3, 2013 [txt]
OpenSSH with Pub-Key Authentication -- Ibid. [odp]
Passwords in Depth: Hashing, Salting, Storage, and Attacks -- DCLUG February 6, 2011 [odp]
/home files -- DCLUG November 7, 2010 [odp]
smbclient/mount.cifs -- Ibid. [zip]
netcat -- Ibid.
Network Tools -- DCLUG October 3, 2010 [zip]


ITT-Tech Commercial -- Nationwide March 2014 [mov, wmv]


Schipp, J., Dopheide, J., and Slagell, A., "ISLET: An Isolated, Scalable & Lightweight Environment for Training", in the proceedings of XSEDE 2015, St. Louis, MO, Jul., 15. [pdf]
Linux Containers for Event Training - 2600: The Hacker Quarterly, volume 32.1 [jpg, jpg, html]
Intelligence Data and Bro - Bro Blog [html]

Blog Articles:

Build a dynamically linked Docker [html]
NET_DROP_MONITOR: Monitoring packet loss in the Linux kernel [html]
Nagios and DNS Resiliency with Unbound [html]
Log Storage and Analysis Infrastructure: Reliable Logging and Analysis with Rsyslog and RELP [html]
Mausezahn: As a Protocol-Aware Packet Crafting Server [html]
Creating a Personal Privoxy/Tor/Proxy EC2 Instance [html]
CHECK_NRPE: ERROR - Could Not Complete SSL Handshake [html]
SecurityOnion - Connecting to Sguild [html]
Nagios Configuration Tips and Tricks: Shell Edition [html]
SecurityOnion - Moving the MySQL databases [html]
Tuning Snort Rulesets with Bro Data [html]
Nagios Deployment Automation Tips and Tricks [html]
Automate Patch E-mails with Git Hooks [html]
Working with Bro Logs: Queries by Example [html]
Creating a Minimal Bro Cluster [html]
NSM Sensor Perspectives - Examples of a Topology Map [html]
Snorby's Asset Manager - Convert and Upload /etc/hosts [html]
Packet Loss Under Light Load: Invalid Packets or Line Noise? [html]
OSX Live Memory Forensics with Volatility and MacMemoryze [html]
The Trafgen Expression Language [html]
ARGUS - Detecting Protocols on Non-Standard Ports with Flows [html]
Netsniff-NG (Ubuntu Community & Fedora Wiki) [html, html]
Extract an Attachment from a Phishing E-mail (eml) w/ base64 and sed [html]
Reading Multiple PCAPs - Header Dissection and a Little Cmd-Fu [html]
Extracting SSIDs from PCAPs - Multiple Methods [html]
TCPTrack - Simple TCP Connection Monitor [html]
Hack3rcon^3, The XRG - CTF Challenge #4 Solution - Decrypt PCAP (WEP), Extract file [html]
Case Study #1: Using Traffic Analysis to Investigate an IDS Alert [html]
The Pig Doktah - A Snort Performance Metric Tool [html]
Hack3rcon^3, The XRG - CTF Challenge #1 Solution - Analyze PCAP [html]
tcpdstat - a statistical data program and a compilation fix [html]
Query Interface Bandwidth via SNMP on Cisco Routers [html]
httpry - HTTP logging and information retrieval tool [html]
Mining networks for PII with ngrep [html]
PassiveDNS - Logging DNS requests [html]
APR (ARP Poison Routing) Detection [html]
Configuring a Network Monitoring System (Sensor) Ubuntu Server 12.04 ( Part 1. Interface Configuration ) [html]
netsniff-ng - a high performant packet sniffer [html]
tcpick - tcp stream sniffer and connection tracker [html]
tcpflow - a tcp/ip session reassembler [html]
iftop - finding traffic hogs [html]
tcpstat - Network Statistics [html]
Speedometer - A Graphic Network Throughput Tool [html]
Snort - Offline Analysis [html]
Interface down? - Alerts with ifpps [html]
ifpps - top-like network statistic tool [html]
Automated backups of a SonicWall NSA (or other device) w/ Expect [html]
Nipper - Firewall & Router Configuration Parser [html]
OSX Server - Automated backups of Open Directory [html]
OSX - Remote Logging /Library/Logs [html]
Introduction to Auditing on AIX [html]
OSX Keychain - Administration and Psuedo SSO [html]
Keeping Up With News: An Efficient Approach [html]
Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs [html]
Creating an Anonymization Gateway (Middlebox) with Tor and OpenBSD 4.9 [html]
Creating a Hidden Management Network with IP Aliasing using Linux, FreeBSD, and OSX [html]
Log Query Examples w/ Splunk: [html]
Bash Defensive Measures - Shell History & Logging [html]
Nmap & Ndiff: Detecting Compromised Hosts [html]
OSX 10.5-10.7 - Basic Security Settings [html]
SonicWall NSA - Log Reviews with grep [html]
Understanding Passwords Part 1: Theory, Hashing, and Salting [txt]
Understanding Passwords Part 2: Attacks by Example [txt]
IP Options: RR, SSRR, LSRR [txt]
Notes on Network Scanning [txt]


NCSA -- HIGH5 - ISLET - 2014 [jpg]
NCSA -- Technical Excellence Award - 2014
Hack3rcon -- Capture the Flag Winner -- Black Badge Recipient 2010 [jpg]


Learn to Program: The Fundamentals - 2013 - CourseEra, University of Toronto [pdf]
CompTIA A+ Certification - 2007 [pdf]
CompTIA Network+ Certification - 2009 [pdf]
CompTIA Linux+ Certification - 2009 [pdf]
CompTIA Security+ Certification - 2010 [pdf]
FCC Technician Class License - 2010 [html]
Wireshark Certified Network Analyst (WCNA) - 2013 [png]
GIAC Intrusion Analyst Certification (GCIA) - 2014 [tif, html]
GIAC Reverse Engineering Malware (GREM) - 2014 [pdf, html]
Linux Professional Institute Certification Level-1 (LPIC-1) - 2014 [ [ "LPI000294361", "xtceychwg9", html ]
Novell Certified Linux Administrator (CLA) - 2014
BSD Associate (BSDA) - 2014
Linux Foundation Certified System Administrator (LFCS) - 2015 [ "LFCS-1500-0540-0100", pdf]


Sagan - "Contributor" [html]
CrossChop - "Bob Talks Shop #2 - Lord Bael's CD Collection & T-shirts!" [youtube]
Cameron Maerz - "wifu^2" [youtube]
Netsniff-NG - "Major Contributor" [html]
SecurityOnion - "Documentation Team" [html]
Chad Robertson - Volatility Documentation Project [html]
Daniel Borkmann - "Linux' packet mmap(), BPF, and the netsniff-ng toolkit", Dev Conf, Czech Republic [youtube]

Conferences & Workshops Attended:

HamVention 2015
AIDE 2015
Hack3rcon 5 2014
Ohio Linux Fest 2014
Derbycon 2014
Archc0n 2014
LinuxCon 2014
BroCon 2014
Linux Cluster Institute (LCI) Workshop 2014
MacAdmins Conference 2014
B-Sides Cincinatti 2014
HamVention 2014
Pittsburgh Supercomputing Center's OpenACC GPU Programming Workshop 2014
The International Conference for High Performance Computing, Networking, Storage, and Analysis 2013
Hack3rcon 4
2013 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities
Derbycon 2013
Bro Exchange 2013
Midwest Open Source Software Conference 2013
HamVention 2013 Louisville Information Security Commonwealth Conference 2013 [html]
Appalachian Institute of Digital Evidence Conference 2013 [html]
Appalachian Institute of Digital Evidence Conference 2012
Appalachian Institute of Digital Evidence Conference 2011
ISSA Password Exploitation Class (Louisville)
Louisville Metro InfoSec Conference 2008
Louisville Metro InfoSec Conference 2009
HFC Metasploit Workshop (Lousiville)
HFC Metasploit Workshop (Cincinnati)
Ohio Linux Fest 2009
Ohio Linux Fest 2010
Derbycon 2012
PhreakNIC 14
Hack3rcon 1
Hack3rcon 2
Notacon 6
Notacon 7

Need Help?:

I'm part of owner of a full-service IT consulting business. If you need work completed make a request.

I can also do work on the side, I'm specifically interested in consulting and part-time contracting opportunities in the following areas:



Promo pics: [jpg] [jpg]

I played guitar in part-time touring metal band called The Win System in late high school through early college.
All our music is freely available below.

30 Seconds or Less E.P. - 11-2006 [zip (m4a) , zip (mp3)]

Vocals - Jeremiah Daniels
Guitar - Dustin Biggs
Guitar - Jon Schipp
Bass - Jared Miller
Drums - Jason Hitt
Steaksauce Meltdown E.P. - 07-2007 [zip (m4a), zip (mp3)]

Vocals - Matthew LeClere
Guitar - Dustin Biggs
Guitar - Jon Schipp
Bass - Justin Beard / Justin Ambrose
Drums - Jason Hitt
Demos - Assorted

Vocals - Matthew LeClere
Guitar - Dustin Biggs
Guitar - Jon Schipp
Bass - Justin Ambrose/Jared Miller
Drums - Jason Hitt
Contact, Misc:

jonschipp [(at)] gmail dot com (main) public key #sickbit @JonSchipp