Subject Index

A
Active network map, 13, 15, 21, 34, 138
Active scanning, 11, 13, 35
Application firewalls, 17
argparse, 48, 84, 104, 123
B
Bose wave radio, 5, 7
Bring your own device (BYOD) models, 139
C
Captured data, 29
storing of, 39
Cartography, 12
Fra Mauro world map, 13
social network map, 12
Chief information officer (CIO), 2
Chief information security officer (CISO), 2, 117, 118, 132
CISCO network device, 117
Class C physical network, 33
Class C private address block, 33
Code snippet, 41
Command line entry, 59
Commercial gains, 140
Common vulnerabilities and exposure (CVE), 11
Computing resources, 38
Content filters, 17, 139
Conventions, use of, 1
bold, 1
italic, 1
Country lookup option, specifying of, 64, 69
Critical infrastructure, 1, 11
Cross IP link analysis, 140
Cyber assets, 2
Cyber ping command, 5
Cyber security, 2, 5, 17
D
Data leak protection (DLP), 17
Data storage operations, 44
datetime, 41, 44, 48, 59, 84, 104, 112
Deductive reasoning, 34
Demilitarized zone (DMZ), 17
DF flags, 117
Dictionary, 41, 44, 63–65, 72, 76, 80, 84
Direct program output, 66
Dptk package, utilizing of, 102
E
Easy smart configuration utility, 38
Enterprise networks, 1, 2
F
Fra Mauro world map, 13
G
Graphical user interface (GUI), 3, 141
H
Hackers, 34
Heartbleed, 1, 11, 13, 32
Histogram of observations, printing of, 71, 80
Host based sensors, 13
Host lookup option, specifying of, 64, 68
HOST_LOOKUP variable, 68, 77
Host name lookup, 64
Host names, 64, 68, 69, 74, 76
I
ifconfig, 22, 25, 59
Incident response teams, 1, 14
Inductive reasoning, 34
example of, 34
Information technology (IT), 17
devices, 18–20
related incidents, 1
heartbleed, 1
operation shady rat, 1
sample program output, 29
Internal data structures, 39
Internet assigned numbers authority (IANA), 32
service name, 32
transport protocol port number registry, 32
Internet control message protocol (ICMP), 5–7, 9, 14
echo reply type message, 5
echo request message, 5
message types, 7, 8
request type packets, 7
test network, 9
Internet of things (IOT) philosophies, 139
Internet protocol (IP)
activity mapping, 140
addresses, 1
datagrams, 6, 7
layer, 6
observation dictionary, 41, 63
class methods, 44
clientIP, 41
serverIP, 41
Internet service providers (ISP), 34
.ipDict observations, 63, 99, 113
IpObservationDictionary class, 47, 64, 66
IPv6, 140
L
Linux commands, 21
Linux tcpdump command, 37
Lyon, Gordon, 3
M
Maginot line, 17, 18
MAXMIND geolite country database binary/gzip version, 69, 70
N
Near field communication devices (NFC), 19
NETRESEC sample captures, 116
Network mapper (Nmap), 3
Network mapping, 3, 12, 23, 30, 101
active, 21, 34, 138
passive, 23, 34, 65, 137
python passive, 3, 10, 37
wireless passive, 140
Network privacy, 140
Network related predictions, 139
New York Times technology headline 2-5-2015, 139
Network traffic, 30, 37, 63, 134, 138
O
Observation file, loading of, 64, 65
Observations, printing of, 71, 72
client IP address, 72
port type, 72
server IP address, 72
server port number, 72
Observed client list, 71, 76
Observed server list, 74
Observed server to client connections, 71, 77
OpenSSL, 11, 13, 32
Operation Shady Rat, 1
Organizationally unique identifier (OUI), 5
OS, 2
fingerprinting, 30
observed values, 31
open port patterns, 32
TCP/IP default header values, 30, 31
passive fingerprinting, 116
truth table fingerprinting, 116
OSObservationsClass, 47
P
Packet capture (PCAP), 63, 99
analysis performing methods, 71
histogram of observations, printing of, 71
observations, printing of, 71
observed client list, printing of, 71
observed server list, printing of, 71
observed server to client connections, printing of, 71
extraction, 99
.ipDict file, 99
.osDict file, 99
extractor, executing of, 112, 118
passive approach, 63
setting up options for, 64
country lookup option, specifying of, 64
host lookup option, specifying of, 64
observation file, loading of, 64
program output, directing of, 64
technical approach, 64
Packet capturing, 37
Packet data, 41, 116
capturing of, 38
Passive network mapping, 23, 137
Passive OS fingerprints, 140
Patch management infrastructures, 17
Pcap files, 65, 99, 102, 140
Pickle module, 65
Ping, 4, 5
Ping scan selection, 4
pip, 69, 70, 84, 99, 104
platform, 3, 38, 48, 63, 116, 138
results of, 4
analysis menu, 64, 65
extractor, executing of, 112
scripts, 137
technologies, 140
cross IP link analysis, 140
Graphical user interface vs command line, 141
IP activity mapping, 140
IPv6, 140
passive OS fingerprints, 140
python 3.3x, 140
wireless passive network mapping, 140
P2NMAP-Analysis.py script, 84
P2NMAP-Analzer.py, 99
P2NMAP-capture.py, 63
execution of, 59
script, review of, 101
network mapping, 101
OS fingerprinting, 101
P2NMAP-Capture script, 80
P2NMAP-OS-fingerprint script, 123
execution of, 131
Port mirroring switch supported, 37
remote switched port analyzer (RSPAN), 37
switched port analyzer (SPAN), 37
Port monitoring, 37
configuration of, 39
Port name conversion, 64
Port number, 24, 32, 40, 64, 72
Potential criminal activity, 140
Primitive capture script, 47
promisc, 21, 25, 48
Pygeoip library, 69, 70
Python code, 68
Python dictionaries, 40
clientIP, 40
duplicate serverIP, 40
lists, 40
serverPort, 40
tuples, 40
Python dir function, 100
Python import command, 100
Python module dpkt, 99
Python-only solution, 138
Python-only source code solution, 138
Python package management system, 69
Python packet capture tool, 63
Python passive network mapping (P2NMAP), 3, 10
advantages and disadvantages, 10, 11
environment, setting up of, 37
Python P2NMAP-Analysis.py, 96
Python programming language, 10
Python script, 29, 37
Python shell, 100
Python source code, 48
Python standard libraries, 68
module, 65, 67, 68
reference, 69
Python 3.3x, 140
P2NMAP-Analyze, 140
P2NMAP-Capture, porting of, 140
P2NMAP-OS-Fingerprint, 140
P2NMAP-PCAP-Extractor, 140
R
Remote switched port analyzer (RSPAN), 37
Roku box, 5
Routers, 8, 13, 40, 117
S
SANS internet storm center, 33
SCADA environments, 138
Security event and incident management (SEIM), 17
Servers, 1, 13, 18, 21, 33, 63, 74, 78, 140
Services, 2, 5, 11, 18, 29, 32, 35
self.observationFileName, 66
self.observationsLoaded attribute, 66
Signal, 48
Social network map, 12
socket, 24–29, 48, 69, 74, 77, 80, 84, 100, 103, 123
Sound navigation and ranging (SONAR), 5
struct, 24, 48, 100
Sudo command, 9
Switched port analyzer (SPAN), 37
sys, 24, 25, 48, 67, 84, 104, 123
T
TCP, 8, 30, 40
Tcpdump command, 9
Tcpdump network monitoring program, 8
Tcpreplay sample captures, 115
Time-to-live (ttl) value
observations, 117
value, 7
T L-SG108E 8-Port Gigabit Switch, 37, 38
Trojan, in network, 33
Truth table, 117
basic, 117
improved, 117
python class, 118
basic functions, 118
menu driven script, building of, 122
U
UDP, 35, 47, 72
Unix commands, 21
V
Vaskovich, Fyodor, 3
Virtual private networks (VPN), 17
Voice over internet protocol (VOIP) systems, 19
W
Warning messages, 66
Web servers, 21
Window size, 117
Wireless passive network mapping, 140
Wireshark samples captures web page, 115
Z
Zenmap, 3, 4
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.183.210