Chapter One Test

The answers to this chapter test are located in Appendix A, "Answers to Chapter Tests."

1. What is the difference between the "packet" and "protocol" offset values?

   _______________________________________________________________________________________________________________________________________

2. What website should you access to get the default port numbers used by SNMP communications?

   _______________________________________________________________________________________________________________________________________

3. Get used to doing hexadecimal to decimal translations - you'll do that a lot when you work the various analyzers. Perform the following translations either manually or with a calculator (such as the Windows calculator in scientific mode or Hex Workshop):

   Hexadecimal	Decimal
   0x2E	__ d
   0x___	12 d
   0x10	__ d
   0x14	__ d
   0x___	40 d
   0x___	28 d

4. You have a set of filters that are only partially defined. They have the data values entered, but they are missing the offset value. Look carefully to see whether "packet" or "protocol" is selected for the offset and enter in the offset value.

   

   

   

   

5. Enter the offsets (in hexadecimal and decimal) used to catch the following traffic. Also note whether your filter is a packet or protocol offset filter.

   Offset (0x/d)	Focus
   ____(0x) /____(d)	Capture traffic to port 524d (NetWare NCP over IP).
   ____(0x) /____(d)	Capture traffic with an IP Time-to-Live of 1.
   ____(0x) /____(d)	Capture traffic to the broadcast hardware address.
   ____(0x) /____(d)	Capture traffic from the DHCP client port number.