Network Traffic Analysis Flashcards

1
Q

Wireshark

A

Cross platform & open source software that gathers and parses network traffic
uses “Ncap” driver on windows
exports and imports network traffic files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Capture filters

A

predetermined filters that can be used before capturing traffic and cannot be modified during the capture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Apply as Filter

A

uses the information as a filter without additional changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Prepare as Filter

A

adds the information filter to the filter bar, and allows you to modify it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

&&

A

filter can be used for packets that include AND statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

||

A

displays packets that include OR statments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Statistics

A

provide a more enhanced overview of captured packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HTTP Statistics

A

Provide a broader overview of HTTP connections, based on the host and URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Protocol Hierarchy

A

Hierarchical tree of all protocols found in the capture traffic
shows statistics about the protocols being used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Automatic Extractions

A

The list is automatically refreshed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Wireshark Protocol Extraction

A
Dicom
HTTP
IMF
SMB
TFTP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Manual Extractions

A

is done for protocols that Wireshark does not handle, such as FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do you use to get entire stream of the file on Wireshark?

A

TCP Stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When is “Save as..” used in Wireshark

A

for raw data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network Miner

A

is an open-source NFAT tool for Windows
used for simple file extraction from capture traffic
free edition extracts only PCAP files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly