Software Tools

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 49 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Earlier we had talked about troubleshooting from
00:00
either the bottom-up or the top-down.
00:00
In the last section,
00:00
we looked at hardware-based tools,
00:00
and that's really troubleshooting from the bottom-up.
00:00
When we use those tools like
00:00
the hardware loopback adapter
00:00
or a time-domain reflecting meter,
00:00
we're looking at cable,
00:00
we're looking at the physical layer,
00:00
and at the very least,
00:00
maybe looking into data link layer.
00:00
But we're definitely working with the services
00:00
that are the low layer of the OSI.
00:00
Now, we're going to look at
00:00
some of the software tools that we can
00:00
use to verify applications and network traffic,
00:00
so troubleshooting from the top down.
00:00
One of the first tools that you're going to
00:00
look at is a packet sniffer,
00:00
and this can go by a lot of different names.
00:00
You can hear it referred to as a packet sniffer,
00:00
a protocol analyzer, a network analyzer,
00:00
the packet analyzer,
00:00
all of those terms really speak to the same thing,
00:00
and that's going to have a device
00:00
attached to your network that has an interface.
00:00
That interface is operating in
00:00
a mode called a promiscuous mode.
00:00
Promiscuous mode means that the interface will capture
00:00
all traffic regardless of the destination address.
00:00
That's what allows a sniffer to
00:00
capture all this traffic in the network,
00:00
it's just the configuration settings on
00:00
its interface or its network card.
00:00
If it's just a regular laptop or so,
00:00
I need a management utility so I can view
00:00
the traffic and I can interpret the results.
00:00
When you've got Wireshark or
00:00
tcpdump or any of those that really helps you analyze,
00:00
view, and make sense of the material.
00:00
Certainly, sniffers are used by
00:00
attackers to capture traffic
00:00
and anything going across the network in
00:00
plain text an attacker can see.
00:00
If you're sending plain text passwords or you're
00:00
using one of these protocols that
00:00
sends plain text passwords,
00:00
there'll be therefor an attacker to view in plain text.
00:00
But it's also really helpful for a network administrator.
00:00
I want to know what type of
00:00
traffic is going across the network?
00:00
How much broadcast traffic do we have?
00:00
Sometimes we talk about top talkers and low talkers.
00:00
This is just one of those tools that I can use to
00:00
analyze what's going on
00:00
in the ways of traffic on my network.
00:00
Essentially, with your packet sniffer,
00:00
it's a device that has a network interface
00:00
in promiscuous mode,
00:00
and it has some management utility
00:00
to help you make sense of the data.
00:00
[NOISE] We also have port scanners.
00:00
Port scanners are often done in
00:00
vulnerability assessments.
00:00
I'm trying to find out what ports are open
00:00
because often a port can be exploited.
00:00
If a port is open it's said to be
00:00
listening for traffic coming in on that port.
00:00
There are certain ports associated
00:00
with certain services,
00:00
we've talked about that throughout the course.
00:00
Make sure you know your ports.
00:00
In addition to me finding out your ports that
00:00
are open from a vulnerability perspective,
00:00
I also might be trying to figure out by
00:00
sending certain types of messages to your system,
00:00
what your operating system is.
00:00
The reason for that is every host response to
00:00
the TCP IP suite a little bit differently.
00:00
How your system handles
00:00
the SYN packet being sent to a port that's
00:00
closed might be an indication to me
00:00
that you're running a specific operating system.
00:00
What happens when I send you
00:00
a TCP packet that has every flag set to one?
00:00
There are different ways to scan networks
00:00
that gives us different information.
00:00
So it might be used to look for
00:00
vulnerabilities and could conceivably
00:00
be used to determine if you might be
00:00
susceptible to a denial of service attack,
00:00
it could also be done to
00:00
fingerprint your operating system.
00:00
Here's a typical Wi-Fi analyzer.
00:00
You can see what it has discovered
00:00
as numerous Wi-Fi networks.
00:00
It's also communicating their strength of signal.
00:00
With some of these, you can even determine
00:00
Wi-Fi access points that aren't broadcasting addresses.
00:00
It's actually very common,
00:00
and you may be able to determine that security if any.
00:00
These devices can be very powerful,
00:00
but this device is exactly
00:00
the reason that you really don't get
00:00
security by disabling your SSID broadcast.
00:00
All access points send out
00:00
that SSID broadcast that's configured when setup,
00:00
but the problem is with any type of device,
00:00
you're going to be able to determine that access point.
00:00
In addition to these,
00:00
you might have a Wi-Fi sniffer like Ariston or Kismet,
00:00
where you can intercept traffic on the network.
00:00
Very useful as a network speed test.
00:00
This tells me my performance as far as bandwidth
00:00
goes and what my connection speed is.
00:00
Sometimes you're connecting to a service
00:00
online and it seems to be dragging,
00:00
and your question is,
00:00
is it my Internet connection?
00:00
You might be one of the millions
00:00
Zoom calls that are today,
00:00
it seems [LAUGHTER],
00:00
maybe zoom isn't performing properly.
00:00
But I go to my network speed test and I find that
00:00
I've got really strong upload and download speeds.
00:00
That might tell me that the issue is more with
00:00
Zoom than with my computer.
00:00
These are very helpful and you can
00:00
download these from the Internet
00:00
or tests through the Internet.
Up Next