Module H2: Common Network Traffic

Question 1

What type of data does an Ethernet frame hold?

Abstracted Data
Logical Data
Imported Data
Encapsulated Data

Answer 1

Encapsulated Data

Question 2

What IEEE standard defines Ethernet connections?

Answer 2

802.3

Question 3

How many bytes are in Ethernet frame preamble?

Answer 3

7

Question 4

How many bits are in an Ethernet frame preamble?

Answer 4

56

Question 5

Which comes first in an Ethernet frame, the destination or source address?

Answer 5

destination

Question 6

Which part of the Ethernet frame enables synchronization?

Answer 6

preamble

Question 7

What is contained in the destination address field?

Answer 7

mac address

Question 8

What is the maximum amount of bytes that the data field can have?

Answer 8

1500

Question 9

If the minimum length of the data field is not met, what is the process called of added zero byte values to make the data field meet the requirements?

• Padding
• Stretching
• Buffing
• Zeroing

Answer 9

Padding

Question 10

If you wanted to create a filter in wireshark that only showed packets from a specific mac address what would that filter look like?

Answer 10

eth.src ==

Question 11

What do the first 3 bytes of the destination or source mac address show us?

• Frame Source
• Destination Address
• OUI / organizationally unique identifier
• Hop Count

Answer 11

OUI / organizationally unique identifier

Question 12

What are the three types of network traffic communications?

• NCP, NBP, RGP
• Unicast, broadcast, multicast
• Comcast, Dreamcast, OutKast
• 2.4 GHz, 5 GHz, 11 GHz

Answer 12

Unicast, broadcast, multicast

Question 13

What is a command line tool for packet capture on most unix systems?

Answer 13

tcpdump

Question 14

What type of scan is used to see if ports are open or active on a remote device?

Answer 14

port

Question 15

What part of the Ethernet frame is always set to 0xAB

Answer 15

Start Frame Delimiter

Question 16

What is the total size of an IPv4 datagram (in bytes)?

Answer 16

65,535

Question 17

If mapping for a local destination host is not found in the source host ARP cache, what does the source host do to send the request?

Answer 17

broadcast

Question 18

This kind of data transmission allows data to be transmitted in both directions on a signal carrier at the same time.

For instance, one workstation can be sending data on the line while another workstation is receiving data.

Answer 18

full duplex

Question 19

On an Ethernet network, this is the unit of data that is transmitted between network points.

It has explicit minimum and maximum lengths and a set of required pieces of information that must appear within it.

Answer 19

frame

Question 20

What happens if two devices on the same Ethernet network determine the network is free, but attempt to transmit data at exactly the same time.

Answer 20

collision

Question 21

What is the BPF to filter for the Ethertype in the Ethernet header?

Answer 21

ether[12:2]

Question 22

What is Ethertype 0x0800?

• IPv4
• ARP
• VLAN Tagging
• IPv6

Answer 22

IPv4

Question 23

What is byte 0 on the Ethernet header?

Answer 23

Destination MAC Address

Question 24

What is the byte offset of the “Ethertype” field in the Ethernet header?

Answer 24

12

Question 25

What is the Ethertype for IPv6?

Answer 25

0x86DD

Question 26

What is the Wireshark Filter to filter source MAC address of 00:8b:3c:54:f8:00

Answer 26

eth.src == 00:8b:3c:54:f8:00

Question 27

What is the Wireshark Filter to filter source MAC address of 00:8b:3c:54:f8:00?

Answer 27

eth.src == 00:8b:3c:54:f8:00

Question 28

What is the Ethertype for VLAN Tagging?

Answer 28

0x8100

Question 29

Which TCPDump switch option is used to show the MAC addresses associated with a packet?

Answer 29

-e