As we know, Network Security can be considered as one of the assessment when doing Penetration Testing. Another name of Network Security Assessment is called Vulnerability Assessment(VA). The Assessment should be completed within the network environment whether external or internal testing.
Let’s begin the explanation from enumeration phrase where the pentester or tester need to gain information on the network environment.
The first tools that we can use in this phrase would be Wireshark.
Before we go deeper into the testing, we should have a clear understanding of what is going on within the network. Ethereal or now known as Wireshark can work in a promiscuous mode where it will capture all the traffic within the network via TCP broadcast domain
An example of Wireshark Packet is been shown above where we can see the traffic of packet within the network. So normally the pentester or tester will look into any malicious thing that running inside the network itself such as Stray IP Addresses, Spoofed packets, suspicious packet and unknown packet drop from a single IP Address.
Bare in mind that this tool doesn’t have it’s own intelligence function and only provide packets to the tester.
Another tools that we can look into nmap.
The tools have been well-known to a lot of people for almost a decade and been used in many way in Penetration Testing such as crafting packets and performing a normal scan until advanced scan in a target’s machine.
Nmap is well-know for effective to detect any details on remote devices, network device such as firewall, routers and so on. Normally, Network Administration will check on open port using nmap and gain details on vulnerabilities that can be exploited on the open port.