For your journal entry answer the following questions
In the lab, you use Nmap to scan the network and Wireshark to capture packets on the network.
- What information can you obtain by network footprinting using Nmap?
Penetration tests use Nmap to trace the vulnerabilities within a network. If there are weakness found the Tester will patch them making it harder for a hacker to obtain needed information.
information discovered:
Port numbers
Email addresses
Operating System information
Firewall identification
DNS information
(Nmap, n.d.)
- How could an attacker use this information?
By knowing which port numbers are frequently being used an attacker can use that port number knowing that his/her packets will go through undetected
By knowing what type of operating system and firewall are being used they can focus on exploits that are known to those Applications.
- How can packet sniffing be used to detect potential threats on a network?
By monitoring all the packets of a healthy network a pattern will naturally form of standard operating traffic. So if there are any attempts to attack the network the traffic inconsistency will be easy to identify and dealt too.
- Analyse the packet capture and assess what is happening
Nmap. (n.d.). Nmap Cheat Sheet: From Discovery to Exploits – Part 1: Introduction to Nmap. Retrieved from resources.infosecinstitute.com: https://resources.infosecinstitute.com/nmap-cheat-sheet/#gref
Bachelor of Information Technology (NMIT) 