Network
The Network Panel of the Options Dialog Box includes options related to the management of network interfaces. Follow these steps to set network interface options:
- Select the Tools > Options command from the main menu.
-
Click the Network category to review or edit the available options.
-
Press OK after making any changes.
Network Interface (for packet capture) - Use the Network Interface for packet capture drop-down box to select the network interface that will be used for modules that use PCAP when they are executed in the local agent. The selected interface’s IP address is also used as the URL of the malicious web server for client-side attacks.
Internet connection
This section is used to set connection preferences. Click the radio button that corresponds with how your Core Impact console can connect to the Internet:
Use Internet Explorer Settings - This will use the same connectivity configurations that exist in your Internet Explorer settings.
Direct connection to the Internet - Use this if your Core Impact console has a direct connection to the Internet.
Use a proxy server - Also enter the Address, Port, Username and Password for the proxy server.
These settings are used in two places: when downloading Modules updates, and when connecting to the Internet to get News. These settings are captured and stored from the parameters entered during the Core Impact installation and product activation.
Network Address Translation (NAT)
Core Impact is behind a NAT - Check this box if Core Impact is deployed behind a NAT device.
Public Address - Enter the external IP address of the NAT device.
Port Range - Enter the range of ports that are being redirected (forwarded) from the NAT device to the Console.
The settings in the NAT Panel control the way Core Impact exploits will behave when using different agent connection methods. Note that changing these settings does not change your NAT device configuration. You must do that manually.
To support the Connect from connection method, all the ports within the specified Port Range have to be redirected to the internal address for the host running Core Impact. An agent deployed with the Connect from connection method will try to connect to the Public Address IP on a port within the defined Port Range. The Console will wait for that incoming connection on the same port.
When NAT is activated, the Reuse connection method utilizes the specified Public Address to find the correct TCP session in the target host's memory. In some cases, it will not be possible to exploit the same target service twice in a row using Reuse connection unless the first agent is disconnected before you launch the second attack.
Wireshark
This is a software utility that is required if you plan to use the Wireless AirPcap Traffic Sniffer.
Executable Path - Click the ellipsis button and navigate to the path of your Wireshark executable.