# Exercise 1

## Passive Information Gathering

>>>
Are mail servers hosted by the same company? Depending on the company, the
answer to this question can be "yes" or "no". Considering each of these
possibilities, does it make sense targeting mail servers as potential vectors
for penetration attacks?
>>>

Yes, it makes sense to target mail servers especially when they are hosted by
the same company. Servers which are not hosted by the same company are
presumably not included in the penetration testing contract and attacking those
external servers might be illegal.

## Profiling Host Activity

>>>
Imagine using Wireshark for checking all the traffic passing through an
intermediate routing device. Do you think that you could detect hosts performing
horizontal scanning? And vertical scanning? Do you consider Wireshark as a
suitable tool for analyzing large amounts of network traffic data? Why?
>>>

As soon as the amount of traffic routed through the routing device exceeds
hundreds of megabytes, it might not be feasible to use wireshark to analyze the
traffic. Maybe it is possible with a good grip on all the filtering capabilities
of wireshark, but one definitely has to know what to look for. Big amounts of
traffic data are better analyzed using programmatic means.