Overview

Introduction

The Security+ Network Security - Protocol Analyzers module provides you with the instruction and computer hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Investigating the ARP Cache Table
  • Using Wireshark to Capture Packets
  • ARP Problems
  • Using a Port Scanner
  • Using Nmap

Exercise 1 - Investigating the ARP Cache Table

In these exercises, you will investigate ARP and the use of the Wireshark protocol analyser to capture and inspect network traffic.

The ARP cache table contains entries for hosts that have been contacted recently (the cache is cleared every few minutes). This reduces the frequency of ARP broadcasts.

Exercise 2 - Using Wireshark to Capture Packets

Wireshark is an example of a protocol analyzer tool that allows you to view the contents of packets being sent to and from the local machine (and, in some circumstances, other machines).

Exercise 3 - ARP Problems

In this exercise, you will investigate some of the problems that can be caused by an incorrect MAC address.

Exercise 4 - Using a Port Scanner

A port scanner is a software tool used for probing into local or remote systems to find out open TCP/UDP ports and collect system information like operating system type installed on the computer. This is used by system administrators to validate the security policy of firewalls and by hackers to determine the open ports on a computer that can be possibly exploited.

A wide array of port scanning software either free or subscription-based are available for public use. You can use a port scanning tool in a test lab environment. However, pre-caution must be observed when using this tool in a corporate network, as port scans normally trigger an alert when detected by firewall appliances.

In this exercise, you will learn about the following tool:

  • Network Scanner - Advanced IP Scanner

Exercise 5 - Using Nmap

Nmap (Network Mapper) is an open-source security scanner software that probes into a network with the objective of collecting system information about scanned hosts or devices. Nmap provides information about detected hosts by identifying the type of operating system installed, the listening TCP or UDP ports and the network services running on them.

Nmap is widely available for public download from numerous websites. However, before using this tool on a live network, it’s important that you get permission from your system administrator as probing software normally sounds off an alert from network intrusion detection systems.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.