Hosmer - Python Passive Network Mapping

Acquiring Editor: Chris Katsaropoulos

Editorial Project Manager: Benjamin Rearick

Project Manager: Priya Kumaraguruparan

Designer: Matthew Limbert

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright 2015 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802721-9

To our children who inspire me every day and make me realize how blessed I truly am. Whether you take care of the sick and injured, you teach and inspire future generations, you care deeply and fight to protect our environment or you simply bring unconditional love to everyone you touch. To Kira, Tiffany, Trisha and Matty.

Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using the Python programming language. Chet is also the founder of WetStone Technologies, Inc. and has been researching and developing technology and training surrounding forensics, digital investigation and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radios Kojo Nnamdi show, ABCs Primetime Thursday, NHK Japan, CrimeCrime TechTV and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine.

Chet serves as a visiting professor at Utica College where he teaches in the Cybersecurity Graduate program. He is also an Adjunct Faculty member at Champlain College in the Masters of Science in Digital Forensic Science Program. Chet delivers keynote and plenary talks on various cyber security related topics around the world each year.

Chet resides with Wife Janet, Son Matthew along with his four legged family near Myrtle Beach, South Carolina.

Gary C. Kessler , Ph.D., CCE, CCFP, CISSP, is a Professor of Homeland Security at Embry-Riddle Aeronautical University, a member of the North Florida ICAC (Volusia County Sheriffs Department), and president and janitor of Gary Kessler Associates, a training and consulting company specializing in computer and network security and digital forensics. He is the co-author of two professional texts and over 70 articles, a frequent speaker at regional, national, and international conferences, and past editor-in-chief of the Journal of Digital Forensics, Security and Law. More information about Gary can be found at his Web site, http://www.garykessler.net.

It is Monday morning, July 6, 2015 and you have just returned from the long holiday weekend. On your desk sits a note that reads

A vulnerability has been discovered that may affect SCADA based networks. We need to determine if any of our systems are potentially vulnerable or worse have already been compromised. As you know, we cannot actively scan our SCADA network, so we need to passively map network activity and behaviors over the next week and then analyze the results. We need a way to determine/verify every end point on our network, what systems they communicate with, what countries those connections have made to and from.

I Need prelim report by noon tomorrow.

Thanks,

the CISO

P.S. we have no budget for new toys.