Assessing The Network with Common Security Tools

Overview

This lab focused on assessing both Local Area Network (LAN) and Wide Area Network (WAN) environments using common network security and analysis tools. The objective was to observe network behavior, identify active hosts, and analyze traffic patterns to better understand how networks communicate and how they can be assessed from a security perspective.

Objectives

  • Explore LAN and WAN configurations

  • Capture and analyze network traffic

  • Compare different network scanning techniques

  • Identify active hosts and open ports

  • Perform basic reconnaissance on a firewall

Tools and Technologies

  • Wireshark (packet analysis)

  • tcpdump (packet capture via CLI)

  • ipconfig / ifconfig (network configuration)

  • ARP cache inspection

  • Network scanning tools (e.g., ping, regular, and intense scans)

  • pfSense firewall

Key Activities

LAN Analysis

  • Examined IP configurations of multiple systems

  • Observed ARP cache behavior and local address resolution

  • Captured ICMP and ARP traffic using Wireshark

Traffic Analysis

  • Filtered and analyzed ICMP and ARP packets

  • Compared results between ping, regular, and intense scans

  • Identified differences in traffic visibility across scan types

WAN Exploration

  • Investigated remote systems using ifconfig and ipconfig

  • Observed ARP behavior in a wider network context

  • Captured packets using tcpdump, including TCP handshakes

Firewall Reconnaissance

  • Conducted a scan against a pfSense firewall interface

  • Identified ICMP activity including timestamp requests

  • Observed DNS and ARP traffic behavior

  • Discovered open ports: 80 (HTTP) and 22 (SSH)

Key Findings

  • Different scan types produce varying levels of detectable traffic

  • ARP traffic is primarily limited to local network communication

  • ICMP responses can vary depending on scan intensity

  • Packet capture tools provide valuable insight into network behavior

  • Firewalls may still expose critical services if not properly secured

Conclusion

This lab provided hands-on experience with essential network security tools and techniques. It demonstrated how traffic analysis and scanning can reveal important information about network structure, active hosts, and potential vulnerabilities. These skills are foundational for network defense, monitoring, and security assessment.

Lab File