- What operating systems, and services being hosted or used by an organization? Are any hosts running unusual, custom, or outdated operating systems and services?
- Are there unexpected/unusual devices or services on the network?
- What is the topology of the network? What are the routers and modems managing it?
- What services (e.g. dropbox, web-mail, etc.) are running on the network that have not been mentioned by the organizational staff?
- What network assets does an attacker have access to once they have gained access to the internal network?
- Clarify timing and seek permission with staff - some activities can tax the network or cause disruptions.
- Confirm that all devices you are accessing/scanning belong to the organization.
- Delete all devices from your scan that do not belong to the organization.
- Study outputs for any obviously embarrassing personal information (especially traffic sniffing or personal devices connected to the network) before sharing.
- Treat captured network traffic with the utmost security and empathetic responsibility. They may contain very personal data, passwords, and more. These should not be shared except in specific, intentional samples with anyone, including the organization itself.
- Monitoring and analyzing wireless network traffic
- Skill with using nmap/zenmap and its scripting options
- Skill with Wireshark or other packet-capturing tool, as well as possibly more advanced traffic interception tools.
- The reach of and security protections in place on any wireless networks
- A list of hosts, servers, and other network hardware on LAN
- The operating systems and services on each host.
- Services used by the host as identified by decrypted wireless network traffic.
- Possible vulnerable services and practices.vulnerability_analysis
- Guide: "10 Techniques for Blindly Mapping Internal Networks"
- Directory: "Network Forensics Packages and Appliances" (Forensics Wiki)
- Directory: "Scripts and tools related to Wireshark" (Wireshark Wiki)
- Guide: "The Official Nmap Project Guide to Network Discovery and Security Scanning" (Gordon “Fyodor” Lyon)
- Cheat Sheet: “Part 1: Introduction to Nmap” (Nmap Cheat Sheet: From Discovery to Exploits)
- Cheat Sheet: “Part 2: Advance Port Scanning with Nmap And Custom Idle Scan” (Nmap Cheat Sheet: From Discovery to Exploits)
- Cheat Sheet: “Part 3: Gathering Additional Information about Host and Network” (Nmap Cheat Sheet: From Discovery to Exploits)
- Cheat Sheet: “Part 4” (Nmap Cheat Sheet: From Discovery to Exploits)
- Cheat Sheet: “Nmap Cheat Sheet” (See-Security Technologies)
- Overview: “The Purpose of a Graphical Frontend for Nmap” (Zenmap GUI Users' Guide)
- Guide: “Zenmap GUI Users' Guide” (Zenmap GUI Users' Guide)
- Guide: “Surfing the Network Topology” (Zenmap GUI Users' Guide)
- Guide: “Host Detection” (nmap Reference Guide)
Network Mapping Methods:
Network Discovery Methods:
Network Scanning_Network scanning is a technique used to gather information about devices connected on a certain network. It involves enumerating open ports…
Network Access_This activity helps auditors to test the strength of defenses the organizations' network has in place to protect their local area network…
Network Traffic Analysis_Any content that is sent out over the network without encryption is easy to intercept; this includes email, web passwords, and chat messages…
Remote Network and User Device Assessment_This component allows the auditor to work remotely to identify the devices on a host's network, the services that are being used by those…
Router Based Attacks_Many wireless routers still use the default password listed in “Router Default Password Search”, meaning that anyone with access to the…
VoIP Security Assessment_VoIP technologies are commonly used nowadays as it provides an alternate flexible way of communication. With its numerous benefits, from…
Wireless Range Mapping_This component allows the auditor to show the "visibility" of an organization's wireless network to determine how far the organization's…
Monitor Open Wireless Traffic_It can be valuable to to listen to broadcast wireless traffic at the physical office location, even before knowing anything about the…