GIAC GSNA Exam - Topic 1 Question 77 Discussion

Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer

network, thus creating a 'map' of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In

addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime,

software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area

network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc.

Answer D is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any

wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be

used for the following tasks:

To identify networks by passively collecting packets

To detect standard named networks

To detect masked networks

To collect the presence of non-beaconing networks via data traffic

Answer A is incorrect. Nessus is proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a

non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. It is capable of checking various types of

vulnerabilities, some of which are as follows:

Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.

Misconfiguration (e.g. open mail relay, missing patches, etc).

Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an

external tool) to launch a dictionary attack.

Denials of service against the TCP/IP stack by using mangled packets.

Answer B is incorrect. A sniffer is a software tool that is used to capture any network traffic. Since a sniffer changes the NIC of the LAN

card into promiscuous mode, the NIC begins to record incoming and outgoing data traffic across the network. A sniffer attack is a passive

attack because the attacker does not directly connect with the target host. This attack is most often used to grab logins and passwords from

network traffic. Tools such as Ethereal, Snort, Windump, EtherPeek, Dsniff are some good examples of sniffers. These tools provide many

facilities to users such as graphical user interface, traffic statistics graph, multiple sessions tracking, etc.