Module 8 - Sniffing Flashcards
Sniffing Concepts:
Is the process of monitoring and capturing all data packets passing through a given network using a software application or hardware device.
a. Packet Analyzing
b. Packet Monitoring
c. Packet Shifting
d. Packet Sniffing
d. Packet Sniffing
Sniffing Concepts:
_______ turns the NIC of a system to the promiscuous mode so that it listens to all the data transmitted on its segment.
Sniffer
Sniffing Technique:
Involves flooding of CAM table with fake MAC address and IP pairs until it is full.
a. MAC Flooding
b. CAM Flooding
c. SYN Flooding
d. Packet Flooding
a. MAC Flooding.
Sniffing Technique:
Is a stateless protocol used for resolving IP addresses to machine (MAC) addresses.
a. CAM
b. MAC
c. DNS
d. ARP
d. ARP
Sniffing Technique:
- Refers to altering or adding forged DNS records into the DNS resolver cache so that a DNS query is redirected to a malicious site.
- If the DNS resolver cannot validate that the DNS responses have been received from an authoritative source, it will cache the incorrect entries locally, and serve them to the users who make the similar request.
a. Intranet DNS Spoofing
b. DNS
c. DNS Cache Poisoning
d. Internet DNS Spoofing
c. DNS Cache Poisoning
Sniffing Tools:
Of the following Display Filters, which one is correct for Monitoring Specific Ports:
a. tcp.port=23
b. ip.addr==192.168.1.100 && tcp.port==23
c. ip.addr==192.168.1.100 && tcp.port=23
d. ip.addr==192.168.1.100 or tcp.port 23
c. ip.addr==192.168.1.100 && tcp.port=23
Error. Also in pdc doc.
Testing in wireshark the rigth answer is:
b. ip.addr==192.168.1.100 && tcp.port==23
Other option could be tcp.port==23
Sniffing Detection Techniques:
Allows a network device to intercept and read each network packet that arrives in its entirety.
a. Promiscuous Mode
b. Preventive Mode
c. Protective Mode
d. Proactive Mode
a. Promiscuous Mode