Lesson 3B Flashcards

1
Q

What is an I/G bit?

A

Determines whether a frame is addressed to an individual node (0) or group (1). The latter is used for multicast and broadcast.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?

A

The switch must be configured to mirror traffic to the sniffer’s port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Network Interface Card (NIC)?

A

A NIC is a piece of hardware inside a computer or device that connects it to a network. It has ports where you plug in network cables. Each NIC has a unique ID called a MAC address to identify it on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What speeds do most Ethernet adapters support?

A

Most Ethernet adapters can handle three speeds: 10 Mbps (slow), 100 Mbps (faster), and 1000 Mbps (very fast). This allows them to work with different types of Ethernet networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a MAC address?

A

A MAC address is a unique 48-bit code that identifies each network interface card. It is often written as six pairs of numbers and letters (like 00:14:22:01:23:45) and helps to tell devices apart on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Ethernet frame?

A

An Ethernet frame is like a package of data sent over the network. It includes information like the destination and source addresses. The largest frame can be 1518 bytes long, with the data part (payload) being up to 1500 bytes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the minimum length of an Ethernet frame?

A

To avoid data collisions, an Ethernet frame must be at least 64 bytes long. If the data is less than this, extra bits are added to make up the length.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does error checking work in an Ethernet frame?

A

Each Ethernet frame has a 4-byte error-checking section called CRC (Cyclic Redundancy Check). It checks if the data was damaged during transmission. If the data doesn’t match, the frame is discarded, but the network doesn’t automatically ask for a resend

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are jumbo frames?

A

Jumbo frames are larger than regular Ethernet frames and can be up to 9000 bytes. They are used by some advanced network devices to send more data at once, but they might not work with all devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is tcpdump?

A

tcpdump is a command-line tool used on Linux to capture and view network packets. It allows you to see the data traveling through the network by running commands in a terminal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do you use tcpdump to listen on the eth0 interface?

A

You use the command “tcpdump -i eth0” to start capturing packets on the network interface named eth0. Replace “eth0” with “any” to listen on all network interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do you stop tcpdump?

A

To stop tcpdump, press Ctrl + C on your keyboard. This will stop the packet capture and show you a summary of what was collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What types of filters can you use with tcpdump?

A

You can use filters to focus on specific data:

Type: Filter by a particular host, network, or port.
Direction: Filter by where the data is coming from (source) or going to (destination).
Protocol: Filter by the type of network protocol, like TCP or UDP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Wireshark?

A

Wireshark is a program with a graphical interface (like a window with buttons) for capturing and analyzing network packets. It shows the data in an easy-to-read format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How is the data displayed in Wireshark?

A

In Wireshark:

Top Pane: Lists each captured packet (frame).
Middle Pane: Shows details about the selected packet.
Bottom Pane: Displays the raw data of the packet in hexadecimal and text format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a burned-in address?

A

A burned-in address is the unique MAC address assigned to a NIC by the manufacturer.

17
Q

What is the broadcast address for MAC addresses?

A

The broadcast address is ff:ff:ff:ff:ff:ff. It is used to send data to all devices on the same network segment, so every device on the network receives the message.

18
Q

What is a SPAN/mirror port?

A

A SPAN or mirror port is a special port on a network switch that copies data from other ports so you can monitor network traffic without affecting the network itself.

19
Q

What is a passive TAP?

A

A passive TAP is a device that splits the network signal and sends a copy to a monitoring device. It doesn’t alter the network traffic and works for both copper and fiber optic cables.

20
Q

What is an active TAP?

A

An active TAP is a device that not only copies network traffic but also regenerates the signal to maintain quality. It needs power to operate and can fail if power is lost.

21
Q

What is a protocol analyzer?

A

A protocol analyzer is a tool that helps you examine the data traveling over a network. It uses packet sniffers to capture and analyze network traffic, helping with troubleshooting and network management.

22
Q

What is the maximum length of a standard Ethernet frame?

A

The maximum length of a standard Ethernet frame is 1518 bytes, which includes all parts of the frame except for the preamble.