Overview
This lab is part of a series of lab exercises intended to support courseware for Ethical Hacker training. The development of this document is funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48.
In this lab, students will enumerate hosts on the network using various tools.
OUTCOMES:
In this lab, you will learn to:
- Set Up the Sniffer
- Detect Unwanted Incoming Traffic
- Detect Unwanted Outgoing Traffic
Key terms and descriptions
Wireshark
A protocol analyzer that read binary capture files. Wireshark will also allow you to capture network traffic and runs on Windows, Linux, and on Mac OS X.
snort
An Intrusion Detection System, or an IDS, that can be used to analyze and capture traffic. By using signatures, snort can provide information about activity within a capture file. Snort can be downloaded from www.snort.org and is a free and commercial tool. Sourcefire, a Columbia, Maryland–based company, maintains and develops snort.
tcpdump
A Linux/UNIX program that allows you to capture network traffic. The tcpdump program comes installed on many Linux distributions by default.
Sniffer
A Sniffer is used to capture network traffic on a network. Software programs like tcpdump, Wireshark, and Network Miner can be used to sniff traffic.
PCAP File
Programs that can sniff network traffic like tcpdump, Wireshark, and Network Miner allow you to save the network capture to a PCAP file format. In order to read the PCAP format, you need a tool like Wireshark or Network Miner.