Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 25.240 Packet Captures > Flashcards

Section 25.240 Packet Captures Flashcards

Objective 4.9 Given a scenario, you must be able to use data sources to support an investigation

1
Q

Packet Capture

A

Captures data going to or from a network device

■ Can be set up on a span port to capture all data going to and from devices on the network

Packet captures in exam are typically short snippets, not massive data dumps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Packet Capture Columns

Watch video again for packet captures examples - helpful for exam

A

■ Number: Packet sequence number in the capture

■ Time: Elapsed time since the capture started

■ Source/Destination IP Addresses: Show where the data is coming from and going to

■ Protocol: Typically TCP or UDP

■ Length: The size of the packet

■ Info: Provides information from the packet header, including flags, sequence, window, length, MSS, source port, and destination port

Look for patterns that indicate attack types, such as SYN floods or DDoS attacks

Consider the relationship between source and destination IP addresses to identify the
type of attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions