Lesson 3B Flashcards
What is an I/G bit?
Determines whether a frame is addressed to an individual node (0) or group (1). The latter is used for multicast and broadcast.
On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?
The switch must be configured to mirror traffic to the sniffer’s port.
What is a Network Interface Card (NIC)?
A NIC is a piece of hardware inside a computer or device that connects it to a network. It has ports where you plug in network cables. Each NIC has a unique ID called a MAC address to identify it on the network.
What speeds do most Ethernet adapters support?
Most Ethernet adapters can handle three speeds: 10 Mbps (slow), 100 Mbps (faster), and 1000 Mbps (very fast). This allows them to work with different types of Ethernet networks.
What is a MAC address?
A MAC address is a unique 48-bit code that identifies each network interface card. It is often written as six pairs of numbers and letters (like 00:14:22:01:23:45) and helps to tell devices apart on a network.
What is an Ethernet frame?
An Ethernet frame is like a package of data sent over the network. It includes information like the destination and source addresses. The largest frame can be 1518 bytes long, with the data part (payload) being up to 1500 bytes.
What is the minimum length of an Ethernet frame?
To avoid data collisions, an Ethernet frame must be at least 64 bytes long. If the data is less than this, extra bits are added to make up the length.
How does error checking work in an Ethernet frame?
Each Ethernet frame has a 4-byte error-checking section called CRC (Cyclic Redundancy Check). It checks if the data was damaged during transmission. If the data doesn’t match, the frame is discarded, but the network doesn’t automatically ask for a resend
What are jumbo frames?
Jumbo frames are larger than regular Ethernet frames and can be up to 9000 bytes. They are used by some advanced network devices to send more data at once, but they might not work with all devices.
What is tcpdump?
tcpdump is a command-line tool used on Linux to capture and view network packets. It allows you to see the data traveling through the network by running commands in a terminal.
How do you use tcpdump to listen on the eth0 interface?
You use the command “tcpdump -i eth0” to start capturing packets on the network interface named eth0. Replace “eth0” with “any” to listen on all network interfaces.
How do you stop tcpdump?
To stop tcpdump, press Ctrl + C on your keyboard. This will stop the packet capture and show you a summary of what was collected.
What types of filters can you use with tcpdump?
You can use filters to focus on specific data:
Type: Filter by a particular host, network, or port.
Direction: Filter by where the data is coming from (source) or going to (destination).
Protocol: Filter by the type of network protocol, like TCP or UDP.
What is Wireshark?
Wireshark is a program with a graphical interface (like a window with buttons) for capturing and analyzing network packets. It shows the data in an easy-to-read format.
How is the data displayed in Wireshark?
In Wireshark:
Top Pane: Lists each captured packet (frame).
Middle Pane: Shows details about the selected packet.
Bottom Pane: Displays the raw data of the packet in hexadecimal and text format.