Certification Magazine - October 2007 - (Page 37)

Ethereal During the course of an attack, or when you suspect one is occurring, one of the key functions an administrator needs to do is monitor the traffic going to and from a specific host or device to determine whether it fits suspicious patterns. Ethereal is an open-source, multiplatform graphical tool that does exactly that. Ethereal places an interface in what is known as “promiscuous” mode, in which the network interface listens not just for traffic destined for the local machine but also for any other traffic that is being sent across the network to which the host is connected. Ethereal can then apply filters or known traffic patterns to attempt to decode what kind of traffic this is, as well as expose the raw packet information for each bit of network traffic for advanced analysis. One of the unique things about Ethereal is the integration of free “interpreting” filters that can be applied to captured network traffic to attempt to examine the conversation of network information according to a specific traffic profile, for example, interpreting the network traffic as HTTP and filtering all traffic not on associated ports or going to associated servers. This allows the administrator to take a deeper look at how connections and data are being passed back and forth to a specific host on the network. Ethereal also has some integrated traffic statistical functions and traffic conversation endpoints examination (which gives insight as to which hosts use the network the most). For more information, visit http://www.ethereal. com/. Metasploit Project The Metasploit Project is actually a framework of individual exploit modules that apply a variety of security-related compromise functions within the interface of the Metasploit tool. Administrators can think of Metasploit as a launch tool that loads many discrete modules that can be used from within the tool but might not be directly associated with the parent Metasploit Project. As Metasploit is another open-source project supported by a community of security professionals and individual developers, there are literally hundreds of modules developed for the framework to build a nearly plug-and-play security assessment tool for any administrator with security responsibilities. Although fully supported, comprehensive tools such as SensePost’s BiDiBLAH are available to the indusTECHNIQUES continued on page 39 With Transcender practice tests you’ll be prepared to ace that certification exam. No other software product prepares you better. In fact, we back it up with an industry-best, 100% guarantee. Give us a try. We’ll teach you everything we know. Visit www.transcender.com or call 1-866-639-8765. © 2007 Kaplan IT, Inc. All rights reserved. TRANSCENDER ® Kaplan IT, Inc. All rights reserved. http://www.transcender.com http://www.transcender.com http://www.ethereal.com

Table of Contents Feed for the Digital Edition of Certification Magazine - October 2007

Editor's Letter Contents Data Stream Tech Careers Dear Techie Academic Connection Virtual Village Rebooting Your Career Development Inside Certification Forensics Investigators: Cybercrime Fighters Interface Building Your Skills Through Security Tools Ad Index Endtag

Certification Magazine - October 2007

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.