Appendix A: Answers to Chapter Tests
The appendix provides the answers to all the chapter tests in this book.
Chapter One Answers
-
What is the difference between the "packet" and "protocol" offset values?
Packet offsets begin at the very beginning of the packet (the start of the MAC header). Protocol offsets start after the MAC header.
-
What website should you access to get the default port numbers used by SNMP communications?
Go to www.iana.org to view the Protocol Numbers and Assignment section. In this section, view the Port numbers listing.
-
Get used to doing hexadecimal to decimal translations - you'll do that a lot when you work the various analyzers. Perform the following translations either manually or with a calculator (such as the Windows calculator in scientific mode):
Hexadecimal
Decimal
0x2E
46d
0x0C
12d
0x10
16d
0x14
20d
0x28
40d
0x1C
28d
-
You have a set of filters that are only partially defined. They have the data values entered, but they are missing the offset value. Look carefully to see whether "packet" or "protocol" is selected for the offset and enter in the offset value.
-
Enter the offsets (in hexadecimal and decimal) used to catch the following traffic. Also note whether your filter is a packet or protocol offset filter.
| Offset (0x/d) | Focus |
|---|---|
| 16(0x) /22(d) | Capture traffic to port 524d (NetWare NCP over IP). This is a protocol offset filter. |
| 08(0x) /8(d) | Capture traffic with an IP Time-to-Live of 1. This is a protocol offset filter. |
| 00(0x) /0(d) | Capture traffic to the broadcast hardware address. This is a packet offset filter. |
| 14(0x) /20(d) | Capture traffic from the DHCP client port number. This is a protocol offset filter. |
EAN: 2147483647
Pages: 65