Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / As a result of your successful completion of SEC435 and subsequent earning of your Certified Ethical Hacker (CEH) certification, you've decided to offer your services as a penetration tester/consultant
As a result of your successful completion of SEC435 and subsequent earning of your Certified Ethical Hacker (CEH) certification, you've decided to offer your services as a penetration tester/consultant. You are in the process of putting together the "toolkit" you will use during your engagements.
Discuss which sniffing tools you would include in your toolkit, why you would choose these tools, and the capabilities and benefits each will bring to your testing process.
Also discuss how you will address the challenges of sniffing on a switched network in the testing process.
Answer a classmate
Hello Professor Vance and Class,
As a penetration tester, I would choose Wireshark in Linux. I have a smidgen of experience with it but could stand to learn more. I am sure I will use Kali Linux for any penetration testing and Wireshark is built into the system. So as a packet sniffer, Wireshark has convenience, and it has been around since the beginning of packet sniffers. Age is equivalent to experience. Finally, it is free. That speaks volumes in spades. Wireshark captures the data in a network, or it can apply filters to focus on specific packets. Wireshark is known for its analysis features as well. The only drawback is it not user-friendly but with its abilities, it should not be user-friendly in my opinion.
Packet sniffing on a switched network is not hard with Wireshark. Another sweet feature of the Kali Linux distribution is it is equipped with Ettercap which can place you in the middle of the switch and the host using the IP address of the host. This is otherwise known as ARP poisoning. Possibly this is hacking instead of penetration, but the line is so gray here. Ettercap saves all the info into a tcp.dump file which can then be analyzed with Wireshark
PENETRATION TESTING USING NMAP
When performing penetration testing, the tools to include on my toolkit are Nmap, a security auditing and network tool. Nmap is considered one of the powerful tools and open sources for security professionals that perform various functions of network sniffing, such as monitoring service uptime, performing network inventory, and can also help in managing upgrade schedules. I will choose this tool since, due to the vast knowledge and tremendous build-in features and knowledge, it provides a variety of scan types designed to help security professionals evade defenses (Jetty, 2018). Nmap tools are also considered strong as they can help identify particular operating systems. I have knowledge of both Windows and Linux operating systems; Nmap has great features as it can operate with modern Windows such as Windows 7, 8, 8.1, and Windows 10. The latest version can help security professionals to capture traffic without slowing down the network stack. They also come as pre-installed in Kali Linux
In a switched network traffics, switches employ the man-in-the-middle attack where the traffic is forced to a particular host; thus, the traffic is directed only to a given host. Nmap can perform such broadcasts. It uses TCP and UDP scanning mechanisms and ping swipes. Thus for skilled security professionals this can permit a number of sniffing techniques such as using ARP spoofing, ICMAP redirection and port stealing (King, 2002).
PENETRATION TESTING STUDENT RESPONSE
Thank you for your insightful post. Indeed Wireshark is one of the best for penetration testing. Among its advantages is that it has over 600 authors for network analyzers; hence it can be used to capture and interpret networks packets quickly. Given that it is open-source and available in various systems, you can use it on Linux and systems such as Solaris and Windows. Given a chance, I will use Wireshark in my penetration testing since it has used offline and live-capture while allowing you to analyze even the smallest details in the network. Given its ability to intercept communication in a network using Ettercap gives it an added advantage over other tools.
