Essential Security Tools

Master the foundational tools that every cybersecurity analyst uses daily. This module provides a hands-on look at Wireshark, Nmap, and Metasploit—the trifecta of network analysis, mapping, and penetration testing.

Wireshark: The Network Sniffer

Packet Analysis

Wireshark captures and inspects individual packets to reveal their headers and payload, which is essential for analyzing malicious traffic and understanding an attack.

Following TCP Streams

Reconstruct entire conversations between hosts to see the exact data exchanged, such as HTTP requests, FTP commands, or plaintext credentials.

Filtering Traffic

Use powerful display filters to isolate specific traffic, like finding all DNS requests from a potentially infected host or viewing all traffic for a specific IP.

# Show only traffic from a specific IP
ip.addr == 192.168.1.54

# Filter for DNS traffic
dns

Nmap: The Network Mapper

Ping Scan

Discovers which hosts on a network are online without sending any packets to the hosts themselves, making it a stealthy first step in reconnaissance.

# Discover live hosts on the network
nmap  sn 192.168.1.0/24

Port & Service Scan

Scans for open ports and attempts to determine the version of the service running on them. This is crucial for finding outdated and vulnerable software.

# Service version detection scan
nmap -sV 192.168.1.10

OS Detection

Nmap analyzes TCP/IP packet fingerprints to make an educated guess about the operating system of the target host, helping tailor specific exploits.

# Attempt to identify the OS
nmap -O 192.168.1.10

Metasploit: The Exploitation Framework

Exploits

An exploit is code that takes advantage of a specific software vulnerability. Metasploit contains a massive, curated database of exploits for various systems.

Payloads

A payload is the code that runs on the target system after an exploit is successful. Payloads can range from a simple command shell to a sophisticated Meterpreter session.

Auxiliary Modules

These are tools for scanning, fuzzing, sniffing, and other actions that aren't direct exploits. They are used for reconnaissance and information gathering.