Homework answers / question archive / As a result of your successful completion of SEC435 and subsequent earning of your Certified Ethical Hacker (CEH) certification, you've decided to offer your services as a penetration tester/consultant

As a result of your successful completion of SEC435 and subsequent earning of your Certified Ethical Hacker (CEH) certification, you've decided to offer your services as a penetration tester/consultant

Computer Science

Share With

As a result of your successful completion of SEC435 and subsequent earning of your Certified Ethical Hacker (CEH) certification, you've decided to offer your services as a penetration tester/consultant. You are in the process of putting together the "toolkit" you will use during your engagements.

Discuss which sniffing tools you would include in your toolkit, why you would choose these tools, and the capabilities and benefits each will bring to your testing process.

Also discuss how you will address the challenges of sniffing on a switched network in the testing process.

Answer a classmate

Hello Professor Vance and Class,

As a penetration tester, I would choose Wireshark in Linux. I have a smidgen of experience with it but could stand to learn more. I am sure I will use Kali Linux for any penetration testing and Wireshark is built into the system. So as a packet sniffer, Wireshark has convenience, and it has been around since the beginning of packet sniffers. Age is equivalent to experience. Finally, it is free. That speaks volumes in spades. Wireshark captures the data in a network, or it can apply filters to focus on specific packets. Wireshark is known for its analysis features as well. The only drawback is it not user-friendly but with its abilities, it should not be user-friendly in my opinion.

Packet sniffing on a switched network is not hard with Wireshark. Another sweet feature of the Kali Linux distribution is it is equipped with Ettercap which can place you in the middle of the switch and the host using the IP address of the host. This is otherwise known as ARP poisoning. Possibly this is hacking instead of penetration, but the line is so gray here. Ettercap saves all the info into a tcp.dump file which can then be analyzed with Wireshark