Sniffers and Evasion
This chapter includes questions from the following topics:
• Sniffing and protocols that are susceptible to sniffing
• Describing active and passive sniffing
• Describing ethical hacking techniques for layer 2 traffic
• Sniffing tools and displays
• Describing sniffing countermeasures
• Intrusion detection system (IDS) types, use, and placement
• Describing signature analysis within Snort
• Listing IDS evasion techniques
• Firewall types, use, and placement
• Describing firewall hacking tools and techniques
• Use and placement of a honeypot
When I joined the Air Force many, many years ago, our basic training in San Antonio, Texas was somewhat unique: We were one of the first to have a “sister” flight right next door (I guess while we had billions of dollars to develop new planes, we didn’t have the cash to build separate dormitory buildings for men and women). So, basically, one side of the building was men and the other side women—with nothing but a wall between the two flights. As you can imagine, being locked in a dorm for 13 weeks with 40 other guys—and only guys—left a little to be desired, and the impediment a mere 6 to 8 inches of wood, sheetrock, and nails separating us from the fairer sex wasn’t much of an impediment at all.
We spent a lot of our time trying to figure out where they would be, when they would be there, and how long they would be hanging out. We even identified specific “targets” of our individual attention and in our spare moments of free time enumerated what she liked and didn’t like (making this entire scenario some real-world but oddly twisted corollary for the beginning stages of a pen test, but that’s getting off target). One of the best avenues for information we had was a small pinhole one of the guy was successful in cutting through the wall (we couldn’t make it too big—our training instructor would’ve noticed it and killed us via pushups, sit-ups, and bad Air Force dining hall food). If you were quiet enough and cupped your hands around that little hole, you could hear what the ladies were saying and what they were planning on doing. In effect, we were sniffing traffic without their knowledge, and that’s what we’ll be studying in this chapter.
STUDY TIPS Just as with the previous chapter, review your basic network knowledge thoroughly. You’ll see lots of questions designed to test your knowledge on how networking devices handle traffic, how addressing affects packet flow, and which protocols are susceptible to sniffing. Additionally, learn Wireshark really well. Pay particular attention to filters within Wireshark—how to set them up, and what syntax they follow—and how to read a capture (not to mention the “follow TCP stream” option). If you haven’t already, download Wireshark and start playing with it. Right now, before you even read the questions that follow.
Snort is another tool you’ll need to know inside and out. Be very well versed in configuring rules and reading output from a Snort capture/alert. And when it comes to those captures, oftentimes you can peruse an answer just by pulling out port numbers and such, so don’t panic when you see them.
Lastly, don’t forget your firewall types—you won’t see many questions on identifying a definition, but you’ll probably see a least a couple of scenario questions where this knowledge comes in handy.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.