05 Flashcards
The ________ function is sent as the hexadecimal characters __________ and ____________
EOL, 0x0d0a, 0x0d
_____ Host - mapping FQDN to IPv4 address (Forward Lookup)
A1
_____ Canonical Name, Mapping, Alias (commonly used for web servers)
Cname5
____ Mail Exchanger (email servers)
MX15
_____ Pointer – mapping IP to FQDN (Reverse Lookup)
PTR12
____ Start of authority - best source of information for this domain.
SOA6
____ Service Location - locate servers hosting services for a specific
domain. SRV records allow for built-in load balancing of multiple
servers using the priority and weight values in the records.
SRV33
____ Host – mapping FQDN to IPv6 host addresse
AAAA28
____ Zone transfer - transfers of DNS cache/database
AXFR252
___________ involves an individual or malicious software (malware) gathering and
transmitting information by placing information at the beginning of a valid FQDN.
DNS Exfiltration
How do I see all dns header traffic? How do i see more of it?
dns
udp.port == 53
How do I see all valid responses from a server?
dns.a
How do I find specific query types?
dns.qry.type == 1
How do I find all queries/responses specified with a FQDN?
dns.qry.name == “FQDN”
How do I see all dns responses/requests?
dns.flags gt 8000 responses
dns.flags lt 8000
requests
________ A request for information about the communications options available on the
request/response chain.
OPTIONS
_______ A request to retrieve whatever information is identified.
GET
_________ Identical to GET, except the server MUST NOT return a message-body in the
response. This is used to obtain meta information about the requested item
without transferring the item itself, i.e., testing a hyperlink without actually
receiving the next web page.
HEAD
_______ Used to request that the server accept the enclosed item from client as a new
subordinate of the server resource identified in the request.
POST
How do i see all the http request methods in a capture?
How do I see alll tcp traffic everything
http.request.method
tcp.port == 80
How do I see all referers in a capture?
http.referer
What http response code is information?
1xx
What http response code is Success
2xx
What http response code is Redirect
3xx
What http response code is Client Error
4xx
What http response code is Server Error
5xx
________ is an IETF application-layer control/signaling protocol for
creating, modifying, and terminating sessions with one or more participants that uses TCP or
UDP ports _______ and __________
SIP
5060
5061
______________ is a data transfer protocol designed specifically to exchange
real-time sensitive, audio-visual data on IP-based networks.
RTP
How do I see all sip/rtp sessions?
sip
rtp
________ carries statistical and control data, while RTP
delivers the data.
RTCP
:_______ filter shows all telnet application layer packets. How do I see every layers telnet packets?
telnet
tcp.port == 23
How do I pick out specific data from a telnet packet?
telnet.data === data
What ports does snmp use?
udp
161 request
162 trap
How do I see all snmp application layer packets?
snmp
How do I see all snmp request messages?
snmp.port == 161
How do I see all snmp
trap messages?
snmp.port == 162
How do I find specific data from a snmp packet?
snmp.data == <data></data>
