Network forensics Flashcards by Douglas Robinson

what is wireshark

wireshark is a GUI that is used to determine network packets

How well did you know this?

Not at all

Perfectly

What is wireshark used for solving?

troubleshooting network issues
Network security issues
Debugging protocols

How well did you know this?

Not at all

Perfectly

What is a capture filter

Capture filter is a filter that captures traffic that specifically matches that capture filter rule

How well did you know this?

Not at all

Perfectly

What are the benefits of a capture filter

prevents packet loss
saves disk space

How well did you know this?

Not at all

Perfectly

What is a display filter?

to tweak appearance

How well did you know this?

Not at all

Perfectly

What does this filter mean “ ip.addr == 10.0.0.1

Sources/ destination

How well did you know this?

Not at all

Perfectly

What does this filter mean 10.0.0.1 and 10.0.0.2

Communication between packets

How well did you know this?

Not at all

Perfectly

what does this filter mean http or dns

displays filter for all http or dns

How well did you know this?

Not at all

Perfectly

what does this filter mean tcp.port.4000

find the specific tcp port 4000

How well did you know this?

Not at all

Perfectly

what does this filter mean tcp.flags.reset

reset all tcp flags

How well did you know this?

Not at all

Perfectly

what does this filter mean http.request

display all http requests

How well did you know this?

Not at all

Perfectly

what does this filter mean tcp contains reviews

find all tcp packets that contain the word review

How well did you know this?

Not at all

Perfectly

what does this filter mean ! (arp, icmp and dns)

don’t find either of these three protocols

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

Network forensics Flashcards

Know all basic network functions

Brainscape's Knowledge Genome^TM