Software Tools Flashcards
(5 cards)
What is a network protocol analyser?
Protocol analyser = a tool/software/hardware used for network packet capture (presents them in a human readable format) that can then be used to diagnose problems and optimise network performance.
e.g. Wireshark
Can:
-identify unknown traffic
-verify packet filtering and security controls
-perform big data analytics over time
What is Nmap?
Nmap = a network discovery and vulnerability detecting open source tool. (active scan)
E.g. can port scan a device to see all open ports on that device and what services are running on each port.
Discover the OS + version on a device without logging into it.
Can scan a range of IP addresses to build a map of network devices - and can then see any rogue devices.
NSE (Nmap Scripting Engine) - so you can write customised vulnerability scans etc.
What is the function of LLDP (Link Layer Discovery Protocol)?
LLDP - is a network discovery protocol for finding out and sending out information about devices on the network - good for mapping the network topology.
CDP (Cisco Discovery Protocol) - proprietary LLDP equivalent for CISCO devices.
What is ICMP?
ICMP - Internet Control Message Protocol = a network layer (layer 3) protocol used for sending messages and error reports on IP (layer 3) networks. It’s vital for diagnosing and managing network connections.
What is dnsmasq?
dnsmasq = a lightweight DNS forwarder and DHCP server commonly used in small networks or home labs. It caches DNS queries to speed up name resolution and can assign IP addresses dynamically to clients on the network.
