earlier, we had talked about troubleshooting from either the bottom up or the top. Down in the last section. We looked at hardware based tools, and that's really troubleshooting from the bottom up.
When we use those tools, like the hardware loop back adapter or a time domain reflect a meter, we're looking at cable. We're looking at the physical layer and at the very least, maybe looking into data link layer. But we're definitely working with the services that are the low layer of the S. I.
Now we're going to look at some of the software tools that we can use to verify applications and network traffic so troubleshooting from the top down.
One of the first tools that you're going to look at is a packet sniffer, and this can go by a lot of different names.
You can hear it referred to as a packet sniffer, a protocol analyzer, a network analyzer, a packet analyzer.
All of those terms really speak to the same thing,
and that's going to have a device attached to your network that has an interface that interfaces operating in a mode called promiscuous mode.
Promiscuous mode means that the interface will capture all traffic regardless of the destination address. That's what allows a sniffer to capture all of this traffic in the network.
It's just the configuration settings on its interface or its network card.
If it's just a regular laptop or so,
I need a management utility so I can view the traffic. And I can interpret the results
when you've got wire shark or TCP dump or any of those that really helps you analyze you and make sense of the material.
Certainly, sniffers are used by Attackers to capture traffic and anything going across the network. In plain text, an attacker can see
if you're sending plaintext passwords or you're using one of these protocols that sends plaintext passwords. They will be there for an attacker to view in plain text,
but it's also really helpful for a network administrator.
I want to know what type of traffic is going across the network.
How much broadcast traffic do we have? Sometimes we talk about top talkers and low talkers. This is just one of those tools that I can use to kind of analyze what's going on in the ways of traffic on my network,
essentially, with your packets? Never. It's a device that has a network interface in promiscuous mode, and it has some sort of management utility to help you make sense of the data.
We also have port scanners.
Port scanners are often done in vulnerability assessments, trying to find out what ports are open because often a port can be exploited
if the port is open. It's said to be listening for traffic coming in on that port.
There are certain ports associated with certain services. We've talked about that throughout the course. Make sure you know your ports.
In addition to me finding out your ports that are open from a vulnerability perspective, I also might be trying to figure out by sending certain types of messages to your system what your operating system is.
The reason for that is every host responds to the TCP I p suite a little bit differently.
How your system handles a S y N packet being sent to a port this close might be an indication to me that you're running a specific operating system.
What happens when I send you a TCP packet that has every flag set to one?
There are different ways to scan networks that gives us different information so it might be used to look for vulnerabilities and could conceivably be used to determine if you might be susceptible to a denial of service attack.
You could also be done to fingerprint your operating system.
Here's a typical WiFi analyzer, and you can see what it has discovered is numerous WiFi networks.
It's also communicating their strength of signal
with some of these. You can even determine WiFi access points that aren't broadcasting addresses. It's actually very, very common, and you may be able to determine that security, if any,
these devices can be very powerful. But this device is exactly the reason that you really don't get security by disabling your S s. I d broadcast
all access points. Send out that S S I D broadcasts that's configured when set up. But the problem is any type of device. You're going to be able to determine that access point.
In addition to these, you might have a WiFi sniffer like Paris Nord or Kismet,
where you can intercept traffic on the network.
Very useful as a network speed test. This tells me my performance as far as bandwidth goes and what my connection speed is.
Sometimes you're connecting to a service online, and it seems to be dragging. Your question is, is my Internet connection?
You might be one of a million zoom calls that are today. It seems
maybe Zoom isn't performing properly,
but I go to my network speed test and I find that I've got really strong upload and download speeds that might tell me that the issue is more with Zoom than with my computer.
These are very helpful, and you can download these from the Internet or test through the Internet.