Python Passive Network Mapping

Python Passive Network Mapping: P2NMAP is the first book to reveal a revolutionary and open source method for exposing nefarious network activity.

The "Heartbleed" vulnerability has revealed significant weaknesses within enterprise environments related to the lack of a definitive mapping of network assets. In Python Passive Network Mapping, Chet Hosmer shows you how to effectively and definitively passively map networks. Active or probing methods to network mapping have traditionally been used, but they have many drawbacks - they can disrupt operations, crash systems, and - most importantly - miss critical nefarious activity. You require an accurate picture of the environments you protect and operate in order to rapidly investigate, mitigate, and then recover from these new attack vectors. This book gives you a deep understanding of new innovations to passive network mapping, while delivering open source Python-based tools that can be put into practice immediately.

Python Passive Network Mapping is for practitioners, forensic investigators, IT teams, and individuals who work together when performing incident response and investigating potential damage, or are examining the impacts of new malware threats. Those defending critical infrastructures will have a special interest in this book, as active or probing methods of network mapping are rarely used within these environments as any resulting impacts can be disastrous. Python Passive Network Mapping is ideally suited for use as a text in a variety of academic programs to expose and engage students in the art of passively mapping enterprise networks, with the added benefit of providing exposure to open source Python solutions.

• First book to show you how to use open source Python to conduct passive network mapping
• Provides a new method for conducting incident response and investigating the extent of potential damage to your systems
• Python code forensics toolkit for network mapping included on the companion website

IT security professionals, forensics investigators, IT professionals (network administrators, IT managers, security managers, directors of security, etc.), and IT teams working on incident response

• Dedication
• Biography
• Preface
• Acknowledgments
• Chapter 1: Introduction
  • Abstract
  • Conventions Used in This Text
  • What is Python Passive Network Mapping or P2NMAP?
  • Why Does This Method Cast a Larger Net?
  • How Can Active Network Mapping Actually Hurt You?
  • Organization of the Book
  • Review
  • Summary Questions
• Chapter 2: What You DON’T Know About Your Network
  • Abstract
  • What’s Running on Your Network Might Surprise You
  • OS Fingerprinting
  • What Open Ports or Services Don’t You Know About?
  • Who’s Touching Your Network?
  • Review
  • Summary Questions
• Chapter 3: Capturing Network Packets Using Python
  • Abstract
  • Setting up a Python Passive Network Mapping Environment
  • The Art of the Silent Capture
  • Python Source Code
  • Review
  • Summary Questions
• Chapter 4: Packet Capture Analysis
  • Abstract
  • Packet Capture Analysis
  • Setting up Options for Analysis
  • Performing Analysis
  • Review
  • Summary Questions
• Chapter 5: PCAP Extractor and OS Fingerprinting
  • Abstract
  • PCAP Extraction
  • Passive OS Fingerprinting
  • Review
  • Summary Questions
• Chapter 6: Future Considerations and Challenge Problems
  • Abstract
  • Author Observations
  • Author Predictions
  • Challenge Problems
  • More Information
• Subject Index