A network protocol analyzer (or network sniffer) such as Wireshark can used for legitimate as well as illegitimate purposes. In a one page paper describe basic uses of a protocol analyzer and discuss how it can be used for legitimate network management as well as attackers seeking network vulnerabilities.
Create a zone file for the domain wareagle.com This zone contains:
DNS servers: nsl.wareagle.com, ns2.wareagle.com and ns3.wareagle.com
A web server: www.wareagle.com or wareagle.com
An email server: mail.wareagle.com
A FTP server: ftp.ns.wareagle.com
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.The usage of network sniffers is closely related to Ethernet concept and data link layer of the OSI model. Regardless whether the protocol analyzers are used for legitimate or illegitimate purposes, in all situations they decode the network traffic in a human readable format. Basically, the sniffer can be connected to a network device and set in promiscuous mode to listen the connections for that segment of network.
They can be passive and active, depending on the role played in the equation regarding the capture of packets. Among the legitimate purposes of using a network analyzer by system administrators, security practitioners or network engineers, there can be outlined a series of situations like (i.e. when these tools are useful for monitoring and understanding network traffic and used protocols/services): transformation of binary data into human readable format, discovery of network bottlenecks, intrusion detection, logging network traffic for further analysis/digital evidences, find defective network interface cards, discover spyware, troubleshoot network issues, network programming, penetration testing or vulnerability assessment....