Conduct a Network Traffic Analysis & Baseline Definition
1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark.
The best tool for protocol analysis is Netwitness.
2. What is promiscuous mode and how does this allow tcpdump, Wireshark, and Netwitness Investigator to perform protocol capture off a live network?
Promiscuous mode causes the controller to pass all traffic it receives to the CPU rather than passing only the frames that the controller is intended to receive. It allows them to perform protocol captures because it is using the network traffic from the system network.
3. What is the significance of the TCP, 3-Way Handshake for applications that utilize TCP as a transport protocol? Which application in your protocol capture uses TCP as a transport protocol?
The significance of the ...view middle of the document...
Yes, the columns â€˜Packet Lengthâ€™ and the â€˜countâ€™, show the packet size distribution of the capture It is important to know and understand what protocols and what size of Ethernet frames are being used for the transmission on the LAN segment. It is an important network traffic baseline-definition.
7. Is FTP data able to be replayed and reconstructed if the packets are captured on the wire? If an attack were to occur between the source and destination IP host with data replayed that has been altered, what kind of attack is this called?
Yes. Network Attack.
8. Why is it important to use protocol capture tools and protocol analyzers as an information systems security professional?
Protocol capture tools and protocol analyzers are important tools for an information systems security professional. These utilities can be used to troubleshoot issues on the network. They can verify adherence to corporate policies, such as whether or not clear text privacy data is being sent on the network. They can be used to test security countermeasures and firewall deployments and are needed to perform audits, security assessments, network baseline definitions, and identification of rogue IP devices.
9. What are some challenges to baseline analysis?
Challenges to baseline analysis include simplifying the data for better analysis, dealing with large-size packet capture files, and working with multiple tools to gain an accurate perspective on the network. It is important to know that base lining is not a one-time task, but a regular part of network monitoring.
10. Why would an information systems security practitioner want to see network traffic on both internal and external network traffic?
Despite the presence of network security devices such as firewalls and other security appliances, today's corporate networks are still vulnerable to both internal and external attacks by hackersâ€™ intent on creating havoc. By proactively scanning and assessing the network, a security professional can be better prepared to reduce the chances of those attack succeeding.