Chapter Three Answers
The answers to this chapter test are located in Appendix A, "Answers to Chapter Tests."
-
Which protocol filters should you use when you want to check for any IP routing issues on the network?
Depending on your network, you might look for IPX RIP or NLSP, IP RIP, IP RIP2, OSPF, IGRP, or even ICMP.
-
Which protocol filters should you use when you want to catch all name lookups on the IP network?
DNS, NetBIOS and SLP.
-
What protocol filter should you use when you want to capture error and information messages crossing the IP network?
ICMP
-
What protocol filter should you use when you want to capture all FTP, HTTP and other connection-oriented communications?
TCP
-
What field and value do you think the following predefined filters are based on?
Filter Name
Field
Value
IP
EtherType
0x0800
IPX
EtherType
0x8137
TCP
Protocol
0x06
DNS
Port (S/D)
53d
HTTP
Port (S/D)
80
HTTPS
Port (S/D)
443
ARP
EtherType
0x0806
-
Your boss has asked you to track all FTP traffic to and from your network. You decide to use the prebuilt filters for FTP, but there's a gnawing feeling of doom in the back of your mind… Hmm…. Didn't Laura say you might want to make that filter using the pattern filters? What was she talking about?
Don’t trust the pre-built filters if you have a suspicion of hacking on your network. Anyone can set up an FTP server to use another port number such as 80. Build your filter based on the application commands.
-
Answer the following questions as true (T), false (F) or absolutely ridiculous (AR). You might have to look up some information on the protocols and protocol numbers.
-
There are only about 5 protocols to filter on.
Absolultely Ridiculous-there are hundreds
-
Predefined filters can only be used as display filters.
False
-
Protocol filters only work above the network layer.
False
-
You cannot combine protocol and address filters.
False
-
EAN: 2147483647
Pages: 65