EC-Council CEH

CEH v4 Domain #4: Network and Perimeter Hacking

Greg Belding
November 25, 2021 by
Greg Belding

Organizations that want to maximize the chances of not being another statistic of malicious hacking can hire a certified ethical hacker. These “white hat” hackers test an organization's systems, networks, and overall information security. The Certified Ethical Hacker, or CEH, certification is a well-renowned cert that verifies the knowledge and skills of these “white hat” heroes.

The CEH certification is currently on Exam Blueprint v4.0, which has brought some changes to how the Domains of knowledge are presented. This article will detail Domain #4 of CEH Exam Blueprint v4.0, Network and Perimeter Hacking. It will explore what the CEH certification is, changes since the last exam version, the target audience, and the content that domain #4 of the CEH exam certification will cover.

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

What is the CEH certification?

The CEH certification verifies that the holder has a practical understanding of the phases of ethical hacking, the various attack vectors, and the preventative countermeasures used by ethical hackers. It certifies that the holder knows how to think and act like a malicious hacker to better position your organization’s information security measures and better defend against real-world attacks. It is premised on the idea that if you understand vulnerabilities and system weaknesses your organization faces, you can better strengthen system security controls in the face of malicious activity and attacks.

Who is the target audience for CEH?

From a high-level view, any information security professional wants their organization to be better positioned in the face of attacks and malicious activity. Below is a list of roles that typically earn this certification:

  • Information Security Analyst
  • Information Assurance Security Officer
  • Information Security Manager/Specialist
  • Information Systems Security Engineer/Manager
  • Information Security Professionals/Officers
  • Risk/Threat/Vulnerability Analyst
  • Information Security/IT Auditors

What has changed since CEH Exam Blueprint v3?

They say that the only thing constant in life is change and this saying applies to the new CEH Exam Blueprint. Normally, I offer a side-by-side comparison of the old and new exam versions, but in the case of CEH, so much has changed we will keep it brief. Domain #4 of CEH Exam Blueprint v3.0 was entitled “Tools/Systems/Programs,” and it consisted of three subdomains, making up 28.91% of CEH exam content and accounting for a whopping 36 exam questions.

In CEH Exam Blueprint v4.0, Domain #4 is now titled “Network and Perimeter Hacking,” which covers 14% of CEH exam content and represents 18 of the CEH certification exam questions. The five subdomains of domain #4 are as follows:

  • Sniffing
  • Social Engineering
  • Denial-of-Service
  • Session Hijacking
  • Evading IDS, Firewalls, and Honeypots

Let’s explore this content below.


  • Sniffing Concepts
    • Types of Sniffing
      • Active Sniffing
      • Passive Sniffing
    • Hardware Protocol Analyzer
    • Span Port
    • Wiretapping
    • Lawful Interception
    • Planning Tool or Resource Integration Synchronization and Management (PRISM)
  • Sniffing Technique: MAC Attacks
  • Sniffing Technique: DHCP Attacks
  • Sniffing Technique: ARP Poisoning
  • Sniffing Technique: Spoofing Attacks
  • Sniffing Technique: DNS Poisoning
  • Sniffing Tools
  • Sniffing Countermeasures
  • Sniffing Detection Techniques

Social engineering

  • Social Engineering Concepts
    • Vulnerabilities leading to Social Engineering Attacks
    • Phases of a Social Engineering Attack
      • Research
      • Select Target
      • Relationship
      • Exploit

  • Social Engineering Techniques
    • Human-based Social Engineering
    • Computer-based Social Engineering
    • Mobile-based Social Engineering
  • Insider Threats
  • Impersonation on Social Networking Sites
  • Identity Theft
  • Social Engineering Countermeasures


  • DoS/DDoS Concepts
  • DoS/DDoS Attack Techniques
    • Volumetric Attacks
    • Fragmentation Attacks
    • TCP-State-Exhaustion Attacks
    • Application Layer Attacks
    • Bandwidth Attacks
    • Service Request Floods
    • SYN Attack/Flooding
    • ICMP Flood Attack
    • Peer-to-Peer Attacks
    • Permanent Denial-of-Service Attack
    • Application-Level Flood Attacks
    • Distributed Reflection Denial-of-Service (DRDoS)
  • Botnets
  • DDoS
  • Case Study
  • DoS/DDoS Attack Tools
    • Pandora DDoS Bot Toolkit
    • Other DDoS Attack Tools
      • Derail
      • HOIC
      • DoS HTTP
      • BanglaDos

  • DoS/DDoS Countermeasures
    • Activity Profiling
    • Wavelet Analysis
    • Sequential Change-Point Detection
  • DoS/DDoS Protection Tools

Session hijacking

  • Session Hijacking Concepts
    • Techniques
      • Stealing
      • Guessing
      • Brute-Forcing

    • The Session Hijacking Process
      • Sniffing
      • Monitoring
      • Session Desynchronization
      • Session ID
      • Command Injection

    • Types of Session Hijacking
      • Active Attack
      • Passive Attack

  • Application Level Session Hijacking
    • Compromising Session IDs using
      • Sniffing
      • By predicting Session Token
      • A Man-in-the-Middle Attack
      • A Man-in-the-Browser Attack
      • Client-Side Attacks

  • Network Level Session Hijacking
    • The Three-Way Handshake
    • TCP/IP Hijacking
    • Source Routing
    • RST Hijacking
    • Blind Hijacking
    • Forged ICMP and ARP Spoofing
    • UDP Hijacking
  • Session Hijacking Tools
  • Session Hijacking Countermeasures
    • IPsec
    • IPsec Components
      • Ipsec Drivers
      • Internet Key Exchange (IKE)
      • Internet Security Association Key Management Protocol
      • Oakley
      • IPsec Policy Agent
    • IPsec Tunnel Mode
    • IPsec Transport Mode

Evading IDS, firewalls and honeypots

  • IDS, IPS, Firewall, and Honeypot Concepts
  • IDS, IPS, Firewall, and Honeypot Solutions
  • Evading IDS
  • IDS/Firewall Evading Tools
  • Detecting Honeypots
  • IDS/Firewall Evasion Countermeasures

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

Understanding the CEH domain 4

Certified Ethical Hacker, or CEH, is a certification intended for information security professionals who want to bring ethical hacking benefits to their organization. You have to pass the CEH certification exam to earn this certification, which is now operating under the v4.0 Exam Blueprint and has significantly changed the material covered in CEH domain #4, Network and Perimeter Hacking. Use this article as your roadmap to this Domain of the CEH exam that you will have to master to earn this ethical hacking certification. 



Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.