Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Applied Network Security
Applied Network Security

Applied Network Security: Proven tactics to detect and defend against all kinds of network attack

Arrow left icon
Profile Icon Michael McLafferty Profile Icon Salmon Profile Icon Warun Levesque
Arrow right icon
$9.99 $39.99
eBook Apr 2017 350 pages 1st Edition
eBook
$9.99 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Michael McLafferty Profile Icon Salmon Profile Icon Warun Levesque
Arrow right icon
$9.99 $39.99
eBook Apr 2017 350 pages 1st Edition
eBook
$9.99 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$9.99 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Applied Network Security

Sniffing the Network

In this chapter, we will focus on the various tools and methods used to monitor network traffic. The objective for this chapter is to help the reader gain an understanding of Nmap, Wireshark, and the importance of monitoring a network for potential attacks. This chapter will provide the most common commands used in Nmap. We will provide screenshots and demonstrate how to use the syntax. In this chapter, we will mostly focus on two main network monitoring tools. We will discuss Nmap first because it is a command-line-based tool. Nmap also has a GUI-based version, known as Zenmap. There are advantages to developing your skill with command-line-based tools. They will allow you to gain a better understanding of how the tools function and allow you more flexibility, dependability, and control. GUI-based monitoring tools such as Wireshark also have advantages; we will discuss this in this chapter...

What is network sniffing?

Network sniffing is a collection of packet data that is transmitted throughout the network. Network sniffing is also known as packet analysis. There are different types of network sniffers. Two of the most common are Ethernet sniffers and wireless sniffers. A network sniffer is a piece of software or hardware that can capture and log network traffic.

Nmap is a popular network sniffing tool used by many cyber security professionals. Before using this tool, you must learn how to install it. You also need to be able to check the version and locate the user manual. It is recommended that you use Kali Linux as the operating system when using Nmap. Kali Linux comes with many pre-installed tools such as Nmap and Wireshark. If you are using a version of Linux without pre-installed tools, you must perform a fresh install. The best and most efficient way to install Nmap is to clone the repository...

Lab 1-a scan to search for DDoS reflection UDP services

Scan for UDP DDoS reflectors nmap -sU -A -PN -n -pU:19,53,123,161 -script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.1.0/24

This Nmap command will scan a target list for systems with open UDP services that allow reflection attacks to take place:


Using Wireshark filters

If you're not familiar with Wireshark, then you'll soon find out how powerful and effective this tool can be. Wireshark is a packet analyzer software that's open source and free to use. It can be used to troubleshoot networking issues and hunt down malicious activities. Basically, every bit (literally) of information that flows in and out of a network can be captured and dumped into a single location. Then we can take our time analyzing this information, using filters to narrow down our search. As of writing this book, the current version of Wireshark is 2.2.2, but always make sure that yours is up-to-date:

  1. When you launch Wireshark, you should see the following screen. You will need to select the interface you want to scan on, depending on whether you use an Ethernet or a wireless connection. I am connected via Wi-Fi, so that is what I choose. Yours may be named differently...

Wireshark filter cheat sheet

This will only show packets containing the selected IP address. This can be either the source or the destination IP:

ip.addr ==x.x.x.x

This will show the communication between two IP addresses, which can be from the direction of the source or the destination:

ip.addr ==x.x.x.x && ip.addr ==x.x.x.x

You could also just type in the name of the protocol that you want to see:

http or dns

This filter will only show the TCP packets that are passing through the specified port number:

tcp.port==xxx

You may further specify the details of this filtering option to narrow your search of the TCP packets:

tcp.flags.reset==1

To identify certain types of web traffic, such as requests that are being made to certain websites on the network, enter the following:

http.request

Put an exclamation in front followed by the initial parentheses:

!(arp or icmp or dns)

tcp contains searches for exact...

Lab 2

Another tool used for network scanning is Sparta. The following lab demonstrates how this tool works. For this lab, we are using Kali Linux running in VMware.

Sparta is built into Kali 2.0, but if you don't have it, you can get it from the Kali repository by typing kali > apt-get install Sparta:

  1. To get started, open a terminal window and type sparta. The following screenshot demonstrates the first screen you will see:
  1. When you click on it, a GUI resembling the following will open:
  1. Once Sparta has started, we need to add some hosts. If we click on the space that says Click here to add host(s) to scope, it opens a window where we can add IP addresses or the range of IP addresses we want to scan. We are also able to use CIDR notation to indicate an entire subnet, such as 192.168.181.0/24:
  1. After adding our IP host range in the window, click Add to scope. Sparta will start scanning your hosts...

Sparta

One of the best features of Sparta is that it integrates so many tools into one single GUI. When we click on the Tools tab, Sparta displays the numerous tools that we can apply to this target system, including the following:

  • Mysql-default
  • nikto
  • Snmp-enum
  • Smtp-enum-vrfy
  • Snmp-default
  • Snmp-check

Brute-force passwords

Sparta can also brute-force passwords. Using hydra, you can specify the IP, port, and service, then brute-force it:

For those who want a single scanning and enumeration tool with an easy-to-use GUI, Sparta is the perfect reconnaissance tool.

Lab 3-scanning

The following demonstration will be a more detailed Nmap lab to reinforce what you have learned earlier in the chapter. This lab uses Kali Linux running in VMware:

  1. Open Nmap in Kali.
  2. Open a terminal in Kali and type nmap.

When you do so, Nmap will display its help screen, as shown in the following screenshot:

  1. Let's try to use the -sS and -sT scans.

Using Nmap's basic syntax, type in the following:

          nmap <scantype> IP address

We get results like those shown in the following screenshot, showing all of the TCP ports that are open on our target machine and the default service for each port:

  1. Next, we can scan for a specific port or port range.

Nmap uses the -p switch to designate a port or port range. So, if we were only looking for ports 100-200, we could use the following:

          kali > nmap 192.168.10.70 -p100-200

As you can see, this command scans and reveals...

Scanning a subnet

Often, we want to scan more than a single IP address. Nmap allows us to use CIDR notation to designate an entire subnet. So, for instance, to scan on the entire class C subnet (256 hosts), type nmap 192.168.10.0/24:

Spoofing and decoy scans

When we are scanning machines that are not ours, we often want to hide our IP (our identity). Obviously, every packet must contain our source address or else the response from the target system will not know where to return to. The same applies to spoofing our IP when using Nmap. We can spoof our IP address (-S) in Nmap, but as a result, any response and any info we are trying to gather will return to the spoofed IP. Not very useful if we are scanning in order to gather info. A better solution is to obfuscate...

Evading firewalls

Many firewalls and routers block or drop the ICMP (echo request and echo reply) ping. This is meant to obscure the presence of the hosts behind the firewall and protect against a possible DoS using the ping packet. When you use Nmap to scan a system or network, by default, it sends out a ping to see if the host is up. If it gets a response, it then sends the specified packets to scan the system. If the ping is blocked or dropped, Nmap gives up and says, host is down. To get around firewalls and routers that block or drop the ping, we need to suppress Nmap's default behavior of sending out that initial ping and get past the firewall that is blocking us. We can do this by using the -P0 switch. Type nmap -sS -P0 192.168.10.70:

Gathering version info

When Nmap runs a port scan, it retrieves the port info (open/closed/filtered) and then gives us the default service that is running on that port. As one can run any service on any port, that may not be adequate information. If our attack requires a particular service on a particular port, gathering the default information may not be enough. We need to know what service is actually running on that port, not the default service. For instance, knowing that port 80 is open and running HTTP is good to know, but if our attack is specific to Apache, and the target has Microsoft's IIS running on that port, it won't work. We often need the service on the port.

Nmap has a feature that interrogates the service running on each port scanned. It can be used with the -sV switch. Type nmap -sV 192.168.10.70:

Note that, in the output we received, the server is running an older version of IIS on...

Starting the listener

First, we need to start our listener:

  1. Open Metasploit by typing msfconsole.
  2. Type use exploit/multi/handler.
  3. As stated before, we will be using meterpreter reverse_tcp payload. To set the payload, type the following:
      set payload windows /meterpreter/reverse_tcp

This module doesn't have any settings that we can touch by default, so we need to add a payload. This tells the module what sort of reverse shell we're listening for; it'll help manage it for us:

  • use exploit/multi/handler: handles the incoming connection
  • set payload windows/meterpreter/reverse_tcp: reverses the TCP payload
  • show options: shows the available options to set
  1. We also need to set up the LHOST and LPORT and make sure they're the same as the ones you set up in Step 3.

Then type Set lhost 192.168.10.50 Set lport 8080:

          Set lhost 192.168.10.50
          Set lport 8080
  1. Our handler is...

Summary

In this chapter, we went over how to use Nmap and Wireshark to monitor network traffic. You are now able to use both these tools, since you have an understanding of the commands and filter syntax. By using what you have learned in this chapter, you can now monitor a network for signs of attack. With this knowledge, you can be effective in stopping network attacks before they can do serious damage. You also learned about two valuable tools that can also diagnose non-malicious network anomalies. It is recommended that you master the use of Wireshark and study for a certification in its use. Many employers in the network security field are impressed with extensive knowledge of tools such as Wireshark.

In later chapters, we will discuss other network security tools that can be used in combination with Wireshark.

Left arrow icon Right arrow icon

Key benefits

  • Deep dive into the advanced network security attacks and techniques by leveraging tools such as Kali Linux 2, MetaSploit, Nmap, and Wireshark
  • Become an expert in cracking WiFi passwords, penetrating anti-virus networks, sniffing the network, and USB hacks
  • This step-by-step guide shows you how to confidently and quickly detect vulnerabilities for your network before the hacker does

Description

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network. The book begins by showing you how to identify malicious network behaviour and improve your wireless security. We will teach you what network sniffing is, the various tools associated with it, and how to scan for vulnerable wireless networks. Then we’ll show you how attackers hide the payloads and bypass the victim’s antivirus. Furthermore, we’ll teach you how to spoof IP / MAC address and perform an SQL injection attack and prevent it on your website. We will create an evil twin and demonstrate how to intercept network traffic. Later, you will get familiar with Shodan and Intrusion Detection and will explore the features and tools associated with it. Toward the end, we cover tools such as Yardstick, Ubertooth, Wifi Pineapple, and Alfa used for wireless penetration testing and auditing. This book will show the tools and platform to ethically hack your own network whether it is for your business or for your personal home Wi-Fi.

Who is this book for?

This book is for network security professionals, cyber security professionals, and Pentesters who are well versed with fundamentals of network security and now want to master it. So whether you’re a cyber security professional, hobbyist, business manager, or student aspiring to becoming an ethical hacker or just want to learn more about the cyber security aspect of the IT industry, then this book is definitely for you.

What you will learn

  • Use SET to clone webpages including the login page
  • Understand the concept of Wi-Fi cracking and use PCAP file to obtain passwords
  • Attack using a USB as payload injector
  • Familiarize yourself with the process of trojan attacks
  • Use Shodan to identify honeypots, rogue access points, vulnerable webcams, and other exploits found in the database
  • Explore various tools for wireless penetration testing and auditing
  • Create an evil twin to intercept network traffic
  • Identify human patterns in networks attacks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 28, 2017
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781786469687
Category :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Apr 28, 2017
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781786469687
Category :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 152.97
Mastering Python Networking
$54.99
Penetration Testing Bootcamp
$48.99
Applied Network Security
$48.99
Total $ 152.97 Stars icon
Banner background image

Table of Contents

17 Chapters
Introduction to Network Security Chevron down icon Chevron up icon
Sniffing the Network Chevron down icon Chevron up icon
How to Crack Wi-Fi Passwords Chevron down icon Chevron up icon
Creating a RAT Using Msfvenom Chevron down icon Chevron up icon
Veil Framework Chevron down icon Chevron up icon
Social Engineering Toolkit and Browser Exploitation Chevron down icon Chevron up icon
Advanced Network Attacks Chevron down icon Chevron up icon
Passing and Cracking the Hash Chevron down icon Chevron up icon
SQL Injection Chevron down icon Chevron up icon
Scapy Chevron down icon Chevron up icon
Web Application Exploits Chevron down icon Chevron up icon
Evil Twins and Spoofing Chevron down icon Chevron up icon
Injectable Devices Chevron down icon Chevron up icon
The Internet of Things Chevron down icon Chevron up icon
Detection Systems Chevron down icon Chevron up icon
Advance Wireless Security Lab Using the Wi-Fi Pineapple Nano/Tetra Chevron down icon Chevron up icon
Offensive Security and Threat Hunting Chevron down icon Chevron up icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.