Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PA > 04 > Flashcards

04 Flashcards

1
Q

What filter gives me the ethernet layers arp traffic?

A

eth.type == 08 06

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is an ICMPv6 Type 0x80 message?

A

Echo request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What filter gives me the ethernet layers ipv4 traffic?

A

eth.type == 08 00

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What filter gives me the ethernet layers ipv6 traffic?

A

eth.type == 86 dd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What filter will give me all of the arp requests/replies?

A

arp.opcode == 1 (requests)
arp.opcode == 2 (reply)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What filter will give me the source ip address of ipv4 within an arp header?

A

arp.src.proto_ipv4 == “”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What filter will show me all ipv4 packets with the more fragments flag turned on?

A

ip.flags.mf==1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What filter will show me all ipv4 packets with the offset turned on?

A

ip.frag_offset>0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What command will give me all ipv6 traffic with the next protocol being UDP?

A

ipv6.nxt == 0x11

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What command will give me all ipv6 traffic with the next protocol being TCP?

A

ipv6.nxt == 0x06

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What command will give me all ipv6 fragmentation traffic

A

ipv6.nxt == 0x2c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What command will give me all ipv6 traffic with the next protocol being ICMPv6?

A

ipv6.nxt == 0x3a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What command will show me all icmpv4 informational traffic?

A

icmp.type in {8 0}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What command will show me all icmpv4 error traffic?

A

icmp.type in {3 5 11}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is this icmpv6 types?
128
129
133
134
135
136
137

A

Echo Request
Echo Reply
Router solicitation
Router advertisement
Neighbor solicitation
Neighbor advertisement
Redirect message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What icmpv6 filter will give me all router solicitation traffic?

A

icmpv6.type == 133

16
Q

How do I get all tcp syn traffic?

A

tcp.flags in {0x02}

17
Q

How do I get all tcp ack traffic?

A

tcp.flags in {0x10 0x12}

18
Q

How do I show all packets coming from a web server?

A

tcp.srcport == 80

19
Q

How do I show all dns quries?

A

udp.port == 53

20
Q

within the ip proto field what does 01 represent?

A

icmp

21
Q

within the ip proto field what does 06 represent?

A

tcp

22
Q

within the ip proto field what does 11 represent?

A

udp

23
Q

within the ipv4 fragments field what does each flag respresent?
0
2
4
8

A

may fragment
more fragments
dont fragment
reserved

PA (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions