Advice for the tools on the C|EH and ICMP

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
Alright so I'm studying for the C|EH. I'm trying to learn as much as I can.

I'm playing with:
Netcat
Nmap
Hping3
Wireshark
Nslookup
dig (started with it)
tcpdump (started with it)

I'm reading the "Practical Packet Analysis" to help reinforce some basic things.

Are there any suggestions for any other tools that I should be learning? I already have a list of tools on my whiteboard such as dnsenum, w3af and nikto. I've used nessus a few times but I'm not sure if they'll put that on the test. I have played around with snort before so I think I'll be okay with it.

Another problem is remembering the ICMP types and codes. I remembered the easier ones but remembering everything is going to take a little while because I don't see it everyday because I can't reproduce everything. Any advice on remembering the types and codes?
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    There are a number of posts in this forum on how to select which tools to favor when studying for the CEH exam. I think Snort, Snort rules, and tshark was mentioned. I assume Cain & Abel, Ettercap, Kismet, and Aircrack-ng are on there too. It's really odd to me that CEH would continue to test on hping2 and hping3 when their replacement, nping, has been out for years now.
  • Stan LeeStan Lee Member Posts: 19 ■□□□□□□□□□
    I had read in various forums downplaying CEH as nothing more than a discussion of tools.

    IMO, one needs to know the various tools to perform pen testing. I had used Metasploit to exploit a vulnerability in a Windows XP SP3 machine which yielded a remote shell. I guess these are the values of the tools. Without Nessus or OpenVAS, how can you possibly perform a vulnerability assessment? Just a thought.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I've been looking through some posts for the C|EH exam but I wasn't sure. I didn't think that they would actually have Cain & Able, Ettercap, Kismet and Aircrack-ng on the test. II guess I have more tools to play with. I'll check out nping as well. Thanks for responding JDMurray.



    Stan, I think I understand what you're talking about.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • certerocertero Member Posts: 18 ■□□□□□□□□□
    Alright so I'm studying for the C|EH. I'm trying to learn as much as I can.

    I'm playing with:
    Netcat
    Nmap
    Hping3
    Wireshark
    Nslookup
    dig (started with it)
    tcpdump (started with it)

    I'm reading the "Practical Packet Analysis" to help reinforce some basic things.

    Are there any suggestions for any other tools that I should be learning? I already have a list of tools on my whiteboard such as dnsenum, w3af and nikto. I've used nessus a few times but I'm not sure if they'll put that on the test. I have played around with snort before so I think I'll be okay with it.

    Another problem is remembering the ICMP types and codes. I remembered the easier ones but remembering everything is going to take a little while because I don't see it everyday because I can't reproduce everything. Any advice on remembering the types and codes?

    While Matt Walkers book was great it didnt really go into to much detail with different features of alot of the tools .. Excluding Nmap(which was covered quite well in his book IMO). So I had to dig around for some other study material that would elaborate more while still being in the context of the CEH exam. As I'm sure you know alot of those tools have many switches for alot of different purposes and it can be a little overwhelming not knowing where to focus. At least it was for me.

    From a few different areas during my study(eccouncil course ware, matt walker, boson, defino) this is the context with which these tools were mentioned most.

    As far as netcat most of what I saw emphasized study wise was how to get into listening mode and connecting to specified port. How to use it as a port scanner and banner grabber as well. Tcpdump how to capture on interface and write captures to a file and of course know what the output means. Hping commands how to spoof an ip address during a scan and different switches for scan types. Unlike Nmap not all the switches are as intuitive ex syn scan -8 , icmp -1, udp -2 etc. As far as nslookup went I saw lots of practice questions on how the tool is used in interactive mode and pulling specific zone records. Interpreting the SOA record etc.. As far as wireshark all the material I studied focused on basic display filters and being able to interpret whats happening in the display. Didnt see a single practice question on how to use Nessus(just what is for and what its not for)

    As far as the script kiddie tools go(which I would not classify any of the above as such). Cain & Abel was one mentioned everywhere I studied. More on what its for not really on going from A-B to get to C if that makes sense. The other ones JDMurray mentioned as well. Know what there are and are not. Eccouncil courseware does demo Aircrack-ng. I believe(not positive) it has been uploaded to youtube. If not there are plenty of you tube vids out there on it that will show you all you need to know about any of those tools(at least for the exam anyway). The eccouncil **** of ton of script kiddie tools in your lap but really only emphasizes a few. Matt Walkers book is a good source to show you the ones you should be most familiar with.

    Icmp codes you just have to memorize. type 3 codes in particular...

    Hope this helps.
  • coty24coty24 Member Posts: 263 ■□□□□□□□□□
    hping3, snort, shark, snort,hping3 (Yes I repeated them, for good reason) ;)
    Passed LOT2 :)Working on FMV2(CHFI v8 ) Done!
Sign In or Register to comment.