tcpdump

Question 1

tcpdump relies on what library

Answer 1

libpcap

Question 2

windump relies on what library

Answer 2

winpcap

Question 3

ttl 64 is typically what OS

Answer 3

Linux

Question 4

how can you tell the OS version for ICMP

Answer 4

ttl

icmp data

Question 5

What OS as icmp data with 0a0b 0c0d 0e0f 1011 1213 1415 …

Answer 5

Linux/Unix

Question 6

Tcpdump default packet capture length prior to version 4.0

Answer 6

68 bytes

Question 7

Tcpdump default packet capture length after 4.0

Answer 7

full packet

Question 8

Ethernet frame header is how many bytes

Answer 8

14 - Don’t forget to include this fact when accounting for bytes in packets. Tcpdump captures everything after frame header.

Question 9

To get fragment offset you have to what?

Answer 9

Convert field from hex to decimal and multiply by 8

Question 10

tcpdump -r does what

Answer 10

read a file pcap file

Question 11

tcpdump -c does what

Answer 11

shows -c # of lines

Question 12

tcpdump -e does what

Answer 12

shows MAC addresses for source and destination as well as OUI for manufacturer if known

Question 13

tcpdump -x shows what

Answer 13

output in hex

Question 14

tcpdump -X shows what

Answer 14

output in hex with ASCII

Question 15

tcpdump source macro is what

Answer 15

src

Question 16

tcpdump destination macro is what

Answer 16

dst

Question 17

What are tcpdump macros for protocols

Answer 17

tcp, udp, ip, icmp

Question 18

tcpdump -vv does what

Answer 18

verbose - shows IP ttl, options etc

Question 19

tcpdump -i

Answer 19

choses an interface

Question 20

ttl of 255 is common for what OS

Answer 20

Cisco and Solaris

Question 21

tcpdump -F does what

Answer 21

reads from filter file you have created

Question 22

tcpdump -n

Answer 22

turn off name resolution

Question 23

tcpdump -nn

Answer 23

turn of name and port resolution