Module 8 - Sniffing

Question 1

Sniffing Concepts:

Is the process of monitoring and capturing all data packets passing through a given network using a software application or hardware device.

a. Packet Analyzing
b. Packet Monitoring
c. Packet Shifting
d. Packet Sniffing

Answer 1

d. Packet Sniffing

Question 2

Sniffing Concepts:

_______ turns the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment.

Answer 2

Sniffer

Question 3

Sniffing Technique:

Involves flooding of CAM table with fake MAC address and IP pairs until it is full.

a. MAC Flooding
b. CAM Flooding
c. SYN Flooding
d. Packet Flooding

Answer 3

a. MAC Flooding

Question 4

Sniffing Technique:

Is a stateless protocol used for resolving IP addresses to machine (MAC) addresses.

a. CAM
b. MAC
c. DNS
d. ARP

Answer 4

d. ARP

Question 5

Sniffing Technique:

• Refers to altering or adding forged DNS records into the DNS resolver cache so that a DNS query is redirected to a malicious site.
• If the DNS resolver cannot validate that the DNS responses have been received from an authoritative source, it will cache the incorrect entries locally, and serve them to the users who make the similar request.
  a. Intranet DNS Spoofing
  b. DNS
  c. DNS Cache Poisoning
  d. Internet DNS Spoofing

Answer 5

c. DNS Cache Poisoning

Question 6

Sniffing Tools:

Of the following Display Filters, which one is correct for Monitoring Specific Ports:

a. tcp.port=23
b. ip.addr==192.168.1.100 && tcp.port==23
c. ip.addr==192.168.1.100 && tcp.port=23
d. ip.addr==192.168.1.100 or tcp.port 23

Answer 6

c. ip.addr==192.168.1.100 && tcp.port=23

Question 7

Sniffing Detection Techniques:

Allows a network device to intercept and read each network packet that arrives in its entirety.

a. Promiscuous Mode
b. Preventive Mode
c. Protective Mode
d. Proactive Mode

Answer 7

a. Promiscuous Mode