If you would like to read the other parts in this article series please go to:
Computer security and system administration are not really all that different. They both have an end state of having a fully functional network. Both of these jobs take a different approach to reach the goal, but largely have more in common than not. One of the commonalities is the use of tools. It could be a tool designed by Microsoft to help the system administrator’s life or a third party offering. The same applies to computer security and the many tools used in that field of endeavor. One tool that both jobs share is a protocol analyzer. This handy tool helps iron out both network problems and discover potential security issues.
So we have a common theme of tools helping the computer professional out. What I shall do over the course of this three part article series is cover what I would consider some of the “must know” tools for the security world. Seeing as some of these tools have installation quirks I shall detail how you install these tools as well. Furthermore, I will cover some usage examples for the tool and why the tool is important to know. With the baseline of tools detailed in this article series you will also be able to experiment with them in your home computer lab. The tools covered here will allow you to do packet crafting, packet sniffing, port binding, and other neat stuff. With that said, let’s get on with it!
Sniffing packets
Being able to see and verify packets is a critical ability. This also applies when you are at home and trying to understand a tool’s output. It also is of importance when you are trying to troubleshoot a problem on your network. So suffice it to say that you really must have a packet sniffer installed on your computer. I have said in the past that you really should simply install windump vice ethereal for it forces you to become familiar with a packet’s contents. Safe to say I have not changed my opinion since then. Seeing as some of you may be installing these tools on Win XP SP2 I have tried to find the tools that will work with it. I have not been entirely successful, so please realize that I would suggest you have as your test box either Windows 2000 Professional or Windows XP SP1. Sadly with the release of SP2 a lot of raw socket functionality was broken. Some tools have been able to compensate for this and others have not.
With that said let’s go and install our packet sniffer that I know works with XP SP2. Please download the tcpdump tool that we will install. The reason I suggest downloading this tool vice the actual windump.exe is that this version will work with XP SP2. I was unable to get windump.exe to work with XP SP2 and simply gave up as I had found this fully functional alternative, which is pretty much exactly the same. Once downloaded simply uncompress it and install it at the root of C drive ie: C:\ You are now ready to sniff packets!
Figure 1
You will note in the screenshot above some sample syntax to invoke it and what it also looks like. Should you wish to learn more about using a packet sniffer like this one simply read these articles. One last word on the use of packet sniffers! You should always have it up and running prior to playing with some tools or exploit code. That way you can verify at the packet level should you need to verify some condition that occurred during your experimentation.
Another tool please!
For those of you growing impatient with the packet sniffer explanation fear not! We are now going to cover another must have tool: the network scanner. Well, much like the packet sniffer being a must have tool, the same applies to the network scanner. You need the ability to verify whether or not specific ports are open on another computer. Arguably the best tool to do this is Nmap. This was originally a Linux tool, but has since been ported to win32. Once again please bear in mind that you can get this working with XP SP2, but you will have a bit of work to do. It does operate flawlessly on XP SP1 though which is what I shall install it on and show you some example usage of.
On that note please download Nmap for Windows here, and also please be aware that you will need to download winpcap 3.1 as well. Once you have downloaded both go ahead and install winpcap and follow the prompts for its installation. Now uncompress the Nmap download and install the folder at the root of C drive ie: C:\. Once done make sure you reboot to make sure all is good and tidy. Now once the reboot is done bring up a DOS prompt and “cd c:\”. From there “cd nmap-3.95”. You are now in the Nmap directory itself. Please see the screenshot below for one example of syntax usage.
Figure 2
We can see from the above that I sent a SYN packet to the IP address of one of my lab computers, specifically port 135 as seen by the “-p 135”. Having sent this packet to the lab computer in turn elicited some stimulus. Based on this stimulus Nmap was able to make the following conclusions noted in the screenshot. Nmap was able to retrieve the MAC address of the computer and also tell if the port was open or not. Be aware though that in the real world you would not get the actual MAC address of your scanned computer. Each time a packet traverses a router the MAC address that was there is in turn replaced by the MAC address of the router. This is key to remember! Once again this is why it is so vitally important that you have an excellent understanding of TCP/IP and how it works. That is also why running a packet sniffer is so important as well. There will often be times where the output of a tool makes no sense at all. Having the ability to interpret what was sent and received is again very, very important.
Well with that said I shall break the article at this point. You hopefully now understand the importance of having both a packet sniffer and network scanner. More importantly now also is how to install and use them! It will pay dividends later on by taking the time now to build a solid foundation of knowledge. In Part 2 of this article series we will look at tools like Netcat, Ettercap, and Nemesis, which will further help cement our knowledge of key tools. Until then, have fun!
If you would like to read the other parts in this article series please go to:
