Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.1  Devices

Previous Topic/Section
Security Issues with IDS
Previous Page
Pages in Current Topic/Section
Next Page
Security Issues with Network Monitoring Tools
Next Topic/Section

3.1.10  Network Monitoring / Diagnostics

Most networks larger than small workgroups incorporate network monitoring or diagnostic tools, to assist with network management. In section 1.7, we touched on their usefulness for auditing.

These tools may be devices to monitor and diagnose hardware issues or physical cable issues, such as TDR’s (Time Domain Reflectometers).

Sometimes an IDS includes some network monitor functionality, but the category of “network monitoring” is usually considered to be more generic than the capabilities provided by an IDS.

There are also software packages that monitor and diagnose network issues. Some of these include tools which:

monitor and capture network traffic (such as the Windows Network Monitor feature and the open source tcpdump network packet “sniffer”, which listens on the network for packets of interest and records them to a log)

diagnose network configuration glitches (such as the “dig” and “nslookup” tools to investigate name server issues, “traceroute” to check a packet’s route across the Internet from source to destination, “netstat” to view current connections on a system, “ipconfig” to check which name server a system is using for name-to-IP-address resolution, etc.).

look for available system services and vulnerabilities (port scanners, described below)

A “port scanner” is a software-based network service investigation tool which will inspect a network and report the hosts on it and which ports/services are available on each host. Often used specifically for security auditing purposes, a port scanner may also be used to verify application server availability or for other non-security-related purposes. Some port scanner packages, like nmap302, will report the OS’s run by systems on the network, and even whether or not packet filters or other monitoring tools are present on the network. These scanning tools were discussed in more detail in section 1.7 (Auditing.)

Network Monitoring/Diagnostic Tools Can Be…

Network monitoring/diagnostic tools can be hardware or software.

Hardware devices include TDR’s and network devices like switches that provide status information via reporting protocols like SNMP

Types of monitoring packages include packet sniffing/capture, network configuration analysis (DNS, routing, etc.) and port scanning tools that enable you to check for system vulnerabilities.

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
Security Issues with IDS
Previous Page
Pages in Current Topic/Section
Next Page
Security Issues with Network Monitoring Tools
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.