Which of the following tools is an open source network intrusion prevention and detection system
that operates as a network sniffer and logs activities of the network that is matched with the
predefined signatures?
A.
Dsniff
B.
KisMAC
C.
Snort
D.
Kismet
Explanation:
Snort is an open source network intrusion prevention and detection system that operates as a
network sniffer. It logs activities of the network that is matched with the predefined signatures.
Signatures can be designed for a wide range of traffic, including Internet Protocol (IP),
Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control
Message Protocol (ICMP). The three main modes in which Snort can be configured are as follows:
Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the
console.
Packet logger mode: It logs the packets to the disk.
Network intrusion detection mode: It is the most complex and configurable configuration, allowing
Snort to analyze network traffic for matches against a user-defined rule set.
Answer option A is incorrect. Dsniff is a set of tools that are used for sniffing passwords, e-mail,
and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice,
filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It
uses the arpredirect and macof tools for switching across switched networks. It can also be used
to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.
Answer option D is incorrect. Kismet is a Linux-based 802.11 wireless network sniffer and
intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon)
mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for
the following tasks:
To identify networks by passively collecting packets
To detect standard named networks
To detect masked networks
To collect the presence of non-beaconing networks via data traffic
Answer option B is incorrect. KisMAC is a wireless network discovery tool for Mac OS X. It has a
wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding
those of NetStumbler, its closest equivalent on Windows. The program is geared towards the
network security professionals, and is not as novice-friendly as the similar applications. KisMAC
will scan for networks passively on supported cards, including Apple’s AirPort, AirPort Extreme,
and many third-party cards. It will scan for networks actively on any card supported by Mac OS X
itself.
Cracking of WEP and WPA keys, both by brute force, and exploiting flaws, such as weak
scheduling and badly generated keys is supported when a card capable of monitor mode is used,
and when packet reinsertion can be done with a supported card. The GPS mapping can be
performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap
format and loaded into programs, such as Wireshark.
Snort