Subject Index
A
Application firewalls,
17
B
Bose wave radio, ,
Bring your own device (BYOD) models,
139
C
Chief information officer (CIO),
Chief information security officer (CISO), ,
117,
118,
132
CISCO network device,
117
Class C physical network,
33
Class C private address block,
33
Common vulnerabilities and exposure (CVE),
11
Conventions, use of,
bold,
italic,
Country lookup option, specifying of,
64,
69
Critical infrastructure, ,
11
Cross IP link analysis,
140
Cyber assets,
Cyber ping command,
D
Data leak protection (DLP),
17
Data storage operations,
44
Demilitarized zone (DMZ),
17
Direct program output,
66
Dptk package, utilizing of,
102
E
Easy smart configuration utility,
38
Enterprise networks, ,
F
G
Graphical user interface (GUI), ,
141
H
Histogram of observations, printing of,
71,
80
Host lookup option, specifying of,
64,
68
HOST_LOOKUP variable,
68,
77
I
Incident response teams, ,
14
Information technology (IT),
17
related incidents,
heartbleed,
operation shady rat,
sample program output,
29
Internal data structures,
39
Internet assigned numbers authority (IANA),
32
transport protocol port number registry,
32
Internet control message protocol (ICMP),
5–7, ,
14
echo reply type message,
echo request message,
message types, ,
request type packets,
test network,
Internet of things (IOT) philosophies,
139
Internet protocol (IP)
addresses,
datagrams, ,
layer,
observation dictionary,
41,
63
Internet service providers (ISP),
34
IpObservationDictionary class,
47,
64,
66
L
Linux tcpdump command,
37
Lyon, Gordon,
M
MAXMIND geolite country database binary/gzip version,
69,
70
N
Near field communication devices (NFC),
19
NETRESEC sample captures,
116
Network mapper (Nmap),
Network related predictions,
139
New York Times technology headline 2-5-2015,
139
O
Observation file, loading of,
64,
65
Observations, printing of,
71,
72
Observed client list,
71,
76
Observed server to client connections,
71,
77
Operation Shady Rat,
Organizationally unique identifier (OUI),
OS,
TCP/IP default header values,
30,
31
passive fingerprinting,
116
truth table fingerprinting,
116
P
Packet capture (PCAP),
63,
99
analysis performing methods,
71
histogram of observations, printing of,
71
observations, printing of,
71
observed client list, printing of,
71
observed server list, printing of,
71
observed server to client connections, printing of,
71
extractor, executing of,
112,
118
setting up options for,
64
country lookup option, specifying of,
64
host lookup option, specifying of,
64
observation file, loading of,
64
program output, directing of,
64
Passive network mapping,
23,
137
Passive OS fingerprints,
140
Patch management infrastructures,
17
Ping, ,
Ping scan selection,
results of,
extractor, executing of,
112
cross IP link analysis,
140
Graphical user interface
vs command line,
141
passive OS fingerprints,
140
wireless passive network mapping,
140
P2NMAP-Analysis.py script,
84
P2NMAP-Capture script,
80
P2NMAP-OS-fingerprint script,
123
Port mirroring switch supported,
37
remote switched port analyzer (RSPAN),
37
switched port analyzer (SPAN),
37
Potential criminal activity,
140
Primitive capture script,
47
Python import command,
100
Python-only solution,
138
Python-only source code solution,
138
Python package management system,
69
Python packet capture tool,
63
Python passive network mapping (P2NMAP), ,
10
advantages and disadvantages,
10,
11
environment, setting up of,
37
Python P2NMAP-Analysis.py,
96
Python programming language,
10
Python standard libraries,
68
P2NMAP-Capture, porting of,
140
P2NMAP-OS-Fingerprint,
140
P2NMAP-PCAP-Extractor,
140
R
Remote switched port analyzer (RSPAN),
37
Roku box,
S
SANS internet storm center,
33
Security event and incident management (SEIM),
17
self.observationFileName,
66
self.observationsLoaded attribute,
66
socket,
24–29,
48,
69,
74,
77,
80,
84,
100,
103,
123
Sound navigation and ranging (SONAR),
Sudo command,
Switched port analyzer (SPAN),
37
T
Tcpdump command,
Tcpdump network monitoring program,
Tcpreplay sample captures,
115
Time-to-live (ttl) value
value,
T L-SG108E 8-Port Gigabit Switch,
37,
38
menu driven script, building of,
122
U
V
Vaskovich, Fyodor,
Virtual private networks (VPN),
17
Voice over internet protocol (VOIP) systems,
19
W
Wireless passive network mapping,
140
Wireshark samples captures web page,
115
Z
Zenmap, ,