on 30 March 2002
This book works as a good companion to "Network Intrusion Detection" also by Northcutt, et al.
It mainly consists of attack trace examples picked up by tcpdump, syslog and the like with a running commentary as to their analysis. Once you've gone through this book you will gain an intuitive eye in examining output from Intrusion Detection Systems and Packet Sniffer output.
Beware though, this book, unlike "Network Intrusion Detection, An Analyst's Handbook" it is not really tutorial based. It is however an exelent companion to the aforementioned book.