2.2.3 Information gathering & Vulnerability scanning: active reconnaissance/ Eavesdropping & wardriving Flashcards
Eavesdropping: what is it?
Refers to the unauthorized interception of private communication, such as phone calls, emails, or data transmissions. In the context of computer networks, eavesdropping can occur through packet sniffing and flow analysis
Eavesdropping: what methods can you use to do it?
● Non-Technical via Social engineering
● Technical via Technology
Eavesdropping: what are the technical ways to do it (2)?
o Packet Sniffing
o Flow Analysis
Eavesdropping: what is packet sniffing and what data can you retrieve?
Attacker captures and analyzes data packets as they travel across the network. This can lead to the exposure of sensitive information, including usernames, passwords, and other confidential data
Eavesdropping: what tool can you use for packet sniffing?
● Wireshark: Contains a graphical user interface and can be used to capture packets, analyze those packets, and identify the desired information if it was unencrypted when sent
● TCPDump
Eavesdropping: how to perform packet sniffing?
● Place network card into promiscuous mode to capture all the traffic it sees and write the packets into a PCAP file
● Set Protocol Analyzer (=packet analyzer): it is a specialized type of software that collects raw packets from the network. Protocol analyzers can help prove or disprove statements made by administrators
Eavesdropping: is it easier to perform packet capture on wireless network and why?
Yes, packet capture is easier to perform on wireless networks since they operate like a hub
Eavesdropping: once your packet is capture, what information should you look at?
Useful Metadata from Encrypted Data:
● Source/Destination IP/Ports
● Protocol types
● Data volume
Eavesdropping: what is flow analysis and what informstion can you retrieve from it?
▪ Identifies which resources and servers are communicating with which type of devices or locations
▪ Highlights trends and patterns in the network traffic. Attacker can gain insights into the behavior of the network, detect anomalies, and identify potential security vulnerabilities
Eavesdropping: what tools can you use for flow analysis?
- NetFlow
- sFlow
- IPFIX
These tools provide insights into network behavior, such as traffic volume, communication patterns, and the types of traffic traversing the network.
Eavesdropping: what is the difference between flow analysis and protocol analyzer (=packet analyzer)?
Flow analysis focuses on metadata, while protocol analyzers can look into the packets and see the data they contain
Wardriving: what is it?
Driving around near a facility to detect if there are any wireless networks you can exploit
Wardriving: what is warwalking?
Walking around near a facility to detect if there are any wireless networks you can exploit
Wardriving: what type of data should you retrieve from wardriving (3)?
▪ Open wireless access points
▪ Encrypted access points: Wireless networks are much less secure than wired networks
▪ Device configurations: Guest network, Business network
Wardriving: what is Wigle.net?
Maps and indexes all open access points that have been found
