Network Analysis

Question 1

This is the process of recording, reviewing, and analyzing network traffic for the purpose of performance, security and/or general network operations and management.

Answer 1

Network Traffic Analysis

Question 2

What are the three parts of the TCP three-way handshake?

Answer 2

SYN - SYN/ACK - ACK

Question 3

What involves examining certain fields within packets sent from the target to determine the operating system in use?

Answer 3

OS Fingerprinting

Question 4

Actively sending specially crafted packets to the target to elicit replies that will reveal the operating system on the target’s machine.

Answer 4

Active Fingerprinting

Question 5

Accomplished by not actively sending any packets to the host. Listening only to the packets the target host is sending and receiving.

Answer 5

Passive Fingerprinting

Question 6

A column view of packets received giving brief information per columns selected.`

Answer 6

Packet List Pane

Question 7

Shows a canonical hex dump of the packet data. Each line contains the data offset, sixteen hexadecimal bytes, and sixteen ASCII bytes.

Answer 7

Packet Bytes Pane

Question 8

Data for packet selected as it is related to the OSI and TCP/IP model layers

Answer 8

Packet Detail Pane

Question 9

What 5 things can Wireshark` be used for?

Answer 9

1. Baselines
2. Host Enumeration
3. Terrain Mapping
4. Malware Detection
5. Operator Accountability