Wednesday, October 24, 2012

Cyberspace and Cybersecurity: Archive Post B

As of the start of this blog, I am in my second course for my Masters of Science in Cybersecurity. This is an archived posting from the first course.

Topic – Network Tools
Select one network monitoring tool mentioned in the module (Nmap, Nessus, etc.) and provide a more information about it. It is permissible to also discuss a tool that was not mentioned in the module.

From March 30, 2012.

The network monitoring tool I recently found out about it the Microsoft Network Monitor. From the relevant MSDN page, "Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data" (2012) From my experience, it is basically a closed source version of Wireshark published by Microsoft. It has one extremely interesting feature, and that it has the ability to put wireless cards into promiscuous mode with the proprietary Windows drivers. This is a feature I have searched literally for months for and was unable to find. Most everything you can find about promiscuous wireless packet capture is using Linux, but with Microsoft Network Monitor you can perform it in Windows with the default drivers.

I was shocked to find an official, free tool from Microsoft that will put your wireless card into promiscuous mode, capture the traffic, and parse it for you. As Vacca points out, promiscuous mode is useful as a troubleshooting tool, but "it is also a mechanism that can be easily abused by anyone motivated to enable promiscuous mode" (2009, p. 102).

MSDN. (2012) Network Monitor and Parsers. Retrieved from

Vacca, J. R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann.

No comments:

Post a Comment