Network Traffic Monitoring Flashcards
1
Q
Which of the following suspicious traffic signatures exposes malicious attempts such as
ping sweep, port scan, and DNS querying?
A
Reconnaissance
2
Q
Which of the following filters in Wireshark displays only the traffic in a LAN (192.168.x.x)
between workstations and servers with no Internet?
A
ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16
3
Q
Which of the following display filters in Wireshark is used to perform filtering by multiple
IP addresses?
A
ip.addr == 10.0.0.4 or ip.addr == 10.0.0.5