Which of the following is a tool that runs on the Windows OS and analyzes iptables log messages
to detect port scans and other suspicious traffic?

A.
Nmap

B.
Hping

C.
NetRanger

D.
PSAD

Explanation:

PSAD is a tool that runs on the Windows OS and analyzes iptables log messages to detect port
scans and other suspicious traffic. It includes many signatures from the IDS to detect probes for
various backdoor programs such as EvilFTP, GirlFriend, SubSeven, DDoS tools (mstream, shaft),
and advanced port scans (FIN, NULL, XMAS). If it is combined with fwsnort and the Netfilter string
match extension, it detects most of the attacks described in the Snort rule set that involve
application layer data.
Answer option C is incorrect. NetRanger is the complete network configuration and information
toolkit that includes the following tools: a Ping tool, Trace Route tool, Host Lookup tool, Internet
time synchronizer, Whois tool, Finger Unix hosts tool, Host and port scanning tool, check multiple
POP3 mail accounts tool, manage dialup connections tool, Quote of the day tool, and monitor
Network Settings tool. These tools are integrated in order to use an application interface with full
online help. NetRanger is designed for both new and experienced users. This tool is used to help
diagnose network problems and to get information about users, hosts, and networks on the
Internet or on a user computer network. NetRanger uses multi-threaded and multi-connection

technologies in order to be very fast and efficient.
Answer option B is incorrect. Hping is a free packet generator and analyzer for the TCP/IP
protocol. Hping is one of the de facto tools for security auditing and testing of firewalls and
networks. The new version of hping, hping3, is scriptable using the Tcl language and implements
an engine for string based, human readable description of TCP/IP packets, so that the
programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very
short time. Like most tools used in computer security, hping is useful to both system administrators
and crackers (or script kiddies).
Answer option A is incorrect. Nmap is a free open-source utility for network exploration and
security auditing. It is used to discover computers and services on a computer network, thus
creating a “map” of the network. Just like many simple port scanners, Nmap is capable of
discovering passive services. In addition, Nmap may be able to determine various details about
the remote computers. These include operating system, device type, uptime, software product
used to run a service, exact version number of that product, presence of some firewall techniques
and, on a local area network, even vendor of the remote network card. Nmap runs on Linux,
Microsoft Windows, etc.