Chapter 1: The Network Security Tool Paradigm
Figure 1.1: The modular model of network security tool design.
Figure 1.2: Components.
Figure 1.3: Techniques.
Figure 1.4: Traceroute.
Figure 1.5: The modular model of network security tool design and the software development lifecycle.
Chapter 3: The Libnet Library
Figure 3.1: Libnet packet creation.
Figure 3.2: Libnet-supported protocols and their relationships.
Chapter 5: The Libsf Library
Figure 5.1: Libsf TCP packet with options shown exploded.
Chapter 8: Passive Reconnaissance Techniques
Figure 8.1: Demultiplexing of an Ethernet frame.
Figure 8.2: Scoop packet sniffer.
Chapter 9: Active Reconnaissance Techniques
Figure 9.1: Full-open TCP port scan.
Figure 9.2: FTP bounce prot scan.
Figure 9.3: Half-open TCP port scan.
Figure 9.4: UDP port scan.
Figure 9.5: Fragmented port scan.
Figure 9.6: IP expiry.
Figure 9.7: Firewalking host breakdown.
Figure 9.8: Firewalking phase one: hopcount ramping.
Figure 9.9: Firewalking phase two: a packet passes the ACL
Figure 9.10: Firewalking phase two: a packet violates the ACL.
Figure 9.11: Early filtering of a firewalk probe.
Figure 9.12: Adjacent target and metric
Figure 9.13: Knock port scanner.
Chapter 10: Attack and Penetration Techniques
Figure 10.1: Vulnerability scanner breakdown.
Figure 10.2: Sift DNS vulnerability scanner.
Chapter 11: Defensive Techniques
Figure 11.1: Descry network intrusion detection tool.
Figure 11.2: Descry program logic.
Chapter 12: Tying Everything Together—Firewalk
Figure 12.1: Firewalk
Figure 12.2: Firewalk top-level flowchart.
Figure 12.3: Firewalk initialization flowchart.
Figure 12.4: Firewalk context.
Figure 12.5: Firewalk context after initialization.
Figure 12.6: Firewalk ramping phase flowchart.
Figure 12.7: Firewalk scanning phase flowchart.
Figure 12.8: Firewalk packet capture flowchart.
Figure 12.9: Firewalk packet verification (ramping phase) flowchart.
Figure 12.10: Firewalk packet verification (scanning phase) flowchart.