Software Tools Flashcards
What is a network protocol analyser?
Protocol analyser = a tool/software/hardware used for network packet capture (presents them in a human readable format) that can then be used to diagnose problems and optimise network performance.
e.g. Wireshark
Can:
-identify unknown traffic
-verify packet filtering and security controls
-perform big data analytics over time
What is Nmap?
Nmap = a network discovery and vulnerability detecting open source tool. (active scan)
E.g. can port scan a device to see all open ports on that device and what services are running on each port.
Discover the OS + version on a device without logging into it.
Can scan a range of IP addresses to build a map of network devices - and can then see any rogue devices.
NSE (Nmap Scripting Engine) - so you can write customised vulnerability scans etc.
What is the function of LLDP (Link Layer Discovery Protocol)?
LLDP - is a network discovery protocol for finding out and sending out information about devices on the network - good for mapping the network topology.
CDP (Cisco Discovery Protocol) - proprietary LLDP equivalent for CISCO devices.
What is ICMP?
ICMP - Internet Control Message Protocol = a network layer (layer 3) protocol used for sending messages and error reports on IP (layer 3) networks. It’s vital for diagnosing and managing network connections.
