Wireshark

Question 1

aim to prevent devices, technologies , and processes from unauthorized data access , identity thefts, and cyberthreats

Answer 1

Network Security tools

Question 2

is an open-source network protocol analyzer
that helps organizations capture real-time
data and track, manage, and analyze
network traffic even with minute details

Answer 2

WIRESHARK

Question 2

TOP 8 NETWORK SECURITY TOOLS

Answer 2

1. wireshark
2. nexpose
3. splunk
4. nagios
5. tor
6. nessus professional
7. metsploit
8. kali linux

Question 2

used for monitoring network security. It
provides both real-time data analysis and historical
data searches. It is a cloud-based platform that
provides insights for petabyte-scale data analytics
across the hybrid cloud.

Answer 2

SPLUNK

Question 3

network security tool that helps to
monitor hosts, systems, and networks. It sends
alerts in real-time. You can select which specific
notifications you would like to receive

Answer 3

nagios

Question 4

a network security software that
provides real-time information about
vulnerabilities and reduces the threats in a
network.

Answer 4

NEXPOSE

Question 5

network security tool that ensures
the privacy of users while using the internet.
It helps in preventing cybersecurity threats
and is useful in safeguarding information
security

Answer 5

TOR

Question 6

security software that contains various tools for executing penetrating testing services.

Answer 6

METASPLOIT

Question 6

is a network security software that can detect vulnerabilities like software bugs and general security problems in software applications, IT devices, and operating systems and manage them appropriately.

Answer 6

NESSUS PROFESSIONAL

Question 6

a penetration testing tool used
to scan IT systems and network
vulnerabilities. The organization can monitor
and maintain its network security systems
on just one platform.

Answer 6

KALI LINUX

Question 6

WHEN
SHOULD
WIRESHARK
BE USED?

Answer 6

1. Wireshark can be used to understand how communication takes place across a network and to analyze what went wrong when an issue in communication arises
2. Wireshark helps: Network administrators troubleshoot problems across a network
3. Security engineers examine security issues across a network
4. QA engineers verify applications
5. Developers debug protocol implementations
6. Network users learn about a specific protocol

Question 6

WHEN
SHOULDN’T
WIRESHARK BE
USED?

Answer 6

1. Help a user who doesn’t understand network protocols
2. cannot grab traffic from all of the other systems on a network
3. Notify you of alerts

Question 6

common packet analyzer which allows the user to display other packets and TCP/IP packets, being transmitted and received over a network attached to the computer

Answer 6

Tcpdump

Question 6

• method to monitor network traffic.
• When it is enabled, the switch sends the copies of all the network packets present at one port to another port

Answer 6

Port mirroring

Question 7

COLOR CODING
IN WIRESHARK

Answer 7

1. PACKETS
2. PACKET COLORIZATION
3. TEMPORARY RULES
4. PERMANENT RULES

Question 8

The packets in the Wireshark are highlighted
with blue, black, and green color

Answer 8

PACKETS

Question 9

These colors help users to identify the types of traffic

Answer 9

PACKET
COLORIZATION

Question 10

are there until the program is in active mode or until we quit the program.

Answer 10

TEMPORARY
RULES

Question 11

The permanent color rules are available until the Wireshark is in use or the next time you run the Wireshark.

Answer 11

PERMANENT
RULES

Question 11

Features of Wireshark

Answer 11

1. CAPTURES
2. SUPPORTS
3. MAIN PURPOSE

Question 12

It can only capture packet on the PCAP (an application programming interface used to capture the network) supported networks.

Answer 12

CAPTURES

Question 13

Wireshark supports a variety of welldocumented capture file
formats such as the PcapNg and Libpcap. These formats are used for storing the captured data.

Answer 13

SUPPORTS

Question 14

It is the no.1 piece of software for its purpose. It has countless applications ranging from the tracing down, unauthorized traffic,
firewall settings, etc.

Answer 14

MAIN
PURPOSE

Question 15

The screen/interface of the Wireshark is divided into five parts:

Answer 15

1. menu bar and the options displayed below
2. packet listing window
3. packet header- detailed window
4. packet contents window
5. filter field

Question 16

This part is at the top of the window. File and the capture
menus options are commonly used in Wireshark. The capture
menu allows to start the capturing process. And the File menu
is used to open and save a capture file.

Answer 16

menu bar and the options displayed

Question 16

• It determines the packet flow or the captured packets in the traffic.
• It includes the packet number, time, source, destination, protocol, length, and info.
• We can sort the packet list by clicking on the columnname.

Answer 16

packet listing window

Question 16

• It contains detailed information about the components of the packets.
• The protocol info can also be expanded or minimized according to the information required

Answer 16

packet header- detailed window

Question 16

which
displays the content in ASCII and hexadecimal format

Answer 16

The bottom window

Question 16

• which is at the top of the display.
• The captured packets on the screen can be filtered based on any component according to your requirements

Answer 16

filter field

Question 17

• this is the number of packets captured
• the bracket indicates that this packet is a part of the conversation

Answer 17

No.

Question 18

• this column shows how long after you started the capture this particular packet
• you can change this value in the settings menu to display different option

Answer 18

time

Question 19

this is the type of packet

Answer 19

source

Question 19

this is the address of the system sent to the packet

Answer 19

source

Question 20

column that shows you packet length, measured in bytes

Answer 20

length

Question 21

this column shows you more information about the packet contents

Answer 21

info

Question 22

• it is used to specify the IP address as the source of destination
• filter based on this IP address as source and destination
• used to source filter
• used to destination filter

Answer 22

ip.addr
ip.src
ip.dst

Question 23

• this command filters based on protocol
• it requres the packet to be either dns protocol or http protocol and will display traffic

Answer 23

protocol
dns and http

Question 24

• it sets filter based on specific port number
• it will filter all the packets with this port number

Answer 24

tcp.port

Question 25

• wireshark can flag tcp problems. this command will only display the issues that wireshark identifies

Answer 25

tcp.analysis.flags

Question 26

• it is used to filter the list of protocols in which we are not interested
• it will remove arp, dns, and icmp, and only remaining will be left or it clean the things that may not be helpful

Answer 26

!(dns, arp, icmp)

Question 27

• it is used if you want to work on a single connection on a tcp conversation
• anything related to the single tcp connection will be displayed on the screen

Answer 27

select any packet
right click
follow tcp stream

Question 28

• it is used to display the packets which contains such words

Answer 28

tcp contains the filter

Question 29

• it will display http requests in trace file

Answer 29

http.request

Question 30

if your command is correct

Answer 30

green

Question 30

• this will display all the packets with the sync built-in tcp header set to 1

Answer 30

tcp.flags.syn==1

Question 31

it is incorrect or the Wireshark does not recognize your command.

Answer 31

red

Question 32

defined as the process to capture the packets of data flowing across a computer network

Answer 32

Packet sniffing

Question 33

layer includes the protocols used by most applications for providing user services.

Answer 33

• Application Layer

Question 34

establishes process-to-process connectivity, and it provides end-to-end services that are independent of underlying user data. To implement the process-to-process communication, the protocol introduces a concept of port

Answer 34

• Transport Layer

Question 35

responsible for sending packets to across networks. It has two functions: 1) Host identification by using IP addressing system (IPv4 and IPv6); and 2) packets routing from source to destination.

Answer 35

• Internet Layer

Question 36

defines the networking methods within the scope of the local network link.

Answer 36

• Link Layer

Question 36

basic tool for observing network packet exchanges in a computer. As the name suggests, a packet sniffer captures (“sniffs”) packets being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured packets.

Answer 36

Packet Sniffer