Week 10 - Passive & Active Data Collection

Question 1

What is Passive data collection in a network context?

Answer 1

When data is collected from a network in a way that doesn’t emit its own data. You are only passively listening to the data.

Question 2

What is Active data collection in a network context?

Answer 2

When data is collected in a network via direct interaction with devices on that network. You gather data that the devices might have stored. This creates data/logs and leaves a trace which is why it is active.

Question 3

What is a way to collect data from a network?

Answer 3

To directly connect to the network via network cables.

Question 4

Give some examples of network cables.

Answer 4

Optical Fibre
Coaxial Cable
Shielded Twisted Pair
Unshielded Twisted Pair

Question 5

What is a cable tap?

Answer 5

A devices that can allow you to gain access to a network by connecting to the cables (Or device) of a network.

Question 6

What type of network is the easiest to listen in on?

Answer 6

A network with a hub.

Question 7

Why does having a hub in a network make it easy to listen in on?

Answer 7

Because all traffic goes to the hub and the hub sends the traffic back out to everyone. So if you are connected to the hub, you can ‘eavesdrop’ on all the data being sent on the network.

Question 8

Why do switches make it difficult to listen in on data?

Answer 8

Because switches only send data packets to the device they are addressed to. It connects to sender and receiver and sends the traffic between them. This makes it harder to listen in on.

Question 9

What device layer number is a switch?

Answer 9

A layer 2 device

Question 10

How might you listen in on traffic in a switch?

Answer 10

Switches have a port mirroring feature, which allows you to configure the switch to make a copy of all traffic and packets and send them to a specific port. Doing this means you can configure it so you receive all the data going through the switch.

Question 11

What is the most common way to listen to data on a network?

Answer 11

Sniffing.

Question 12

What is the most common way to listen to data on a network passively?

Answer 12

Sniffing.

Question 13

What are some applications/tools for listening in on data in a network using sniffing?

Answer 13

TCP Dump
Win Dump
Wireshark

Question 14

How do you use sniffing?

Answer 14

Make sure you device ins on the network, and then set it to ‘promiscous’ mode. This will let it listen to all the passing data.

Question 15

Why might you actively gather data instead of passively?

Answer 15

Because active data collection allows for the gathering of more specific data like log data on devices, rather than just listening to traffic which may not be useful.

Question 16

How ight you actively gather information on a network?

Answer 16

Network scanning

Executing commands over a network

Question 17

Give example tools for scanning ports.

Answer 17

Netsat

Nmap

Question 18

What information might network scanning give you?

Answer 18

What ports are being used on the network
Information about the devices
What services are being provided on the ports