Module 8 - Sniffing Flashcards

1
Q

Sniffing Concepts:

Is the process of monitoring and capturing all data packets passing through a given network using a software application or hardware device.

a. Packet Analyzing
b. Packet Monitoring
c. Packet Shifting
d. Packet Sniffing

A

d. Packet Sniffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Sniffing Concepts:

_______ turns the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment.

A

Sniffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Sniffing Technique:

Involves flooding of CAM table with fake MAC address and IP pairs until it is full.

a. MAC Flooding
b. CAM Flooding
c. SYN Flooding
d. Packet Flooding

A

a. MAC Flooding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Sniffing Technique:

Is a stateless protocol used for resolving IP addresses to machine (MAC) addresses.

a. CAM
b. MAC
c. DNS
d. ARP

A

d. ARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sniffing Technique:

  • Refers to altering or adding forged DNS records into the DNS resolver cache so that a DNS query is redirected to a malicious site.
  • If the DNS resolver cannot validate that the DNS responses have been received from an authoritative source, it will cache the incorrect entries locally, and serve them to the users who make the similar request.
    a. Intranet DNS Spoofing
    b. DNS
    c. DNS Cache Poisoning
    d. Internet DNS Spoofing
A

c. DNS Cache Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Sniffing Tools:

Of the following Display Filters, which one is correct for Monitoring Specific Ports:

a. tcp.port=23
b. ip.addr==192.168.1.100 && tcp.port==23
c. ip.addr==192.168.1.100 && tcp.port=23
d. ip.addr==192.168.1.100 or tcp.port 23

A

c. ip.addr==192.168.1.100 && tcp.port=23

Error. Also in pdc doc.

Testing in wireshark the rigth answer is:

b. ip.addr==192.168.1.100 && tcp.port==23

Other option could be tcp.port==23

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Sniffing Detection Techniques:

Allows a network device to intercept and read each network packet that arrives in its entirety.

a. Promiscuous Mode
b. Preventive Mode
c. Protective Mode
d. Proactive Mode

A

a. Promiscuous Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly