The answers to this chapter test are located in Appendix A, "Answers to Chapter Tests."
Which protocol filters should you use when you want to check for any IP routing issues on the network?
Depending on your network, you might look for IPX RIP or NLSP, IP RIP, IP RIP2, OSPF, IGRP, or even ICMP.
Which protocol filters should you use when you want to catch all name lookups on the IP network?
DNS, NetBIOS and SLP.
What protocol filter should you use when you want to capture error and information messages crossing the IP network?
ICMP
What protocol filter should you use when you want to capture all FTP, HTTP and other connection-oriented communications?
TCP
What field and value do you think the following predefined filters are based on?
Filter Name | Field | Value |
---|---|---|
IP | EtherType | 0x0800 |
IPX | EtherType | 0x8137 |
TCP | Protocol | 0x06 |
DNS | Port (S/D) | 53d |
HTTP | Port (S/D) | 80 |
HTTPS | Port (S/D) | 443 |
ARP | EtherType | 0x0806 |
Your boss has asked you to track all FTP traffic to and from your network. You decide to use the prebuilt filters for FTP, but there's a gnawing feeling of doom in the back of your mind… Hmm…. Didn't Laura say you might want to make that filter using the pattern filters? What was she talking about?
Don’t trust the pre-built filters if you have a suspicion of hacking on your network. Anyone can set up an FTP server to use another port number such as 80. Build your filter based on the application commands.
Answer the following questions as true (T), false (F) or absolutely ridiculous (AR). You might have to look up some information on the protocols and protocol numbers.
There are only about 5 protocols to filter on.
Absolultely Ridiculous-there are hundreds
Predefined filters can only be used as display filters.
False
Protocol filters only work above the network layer.
False
You cannot combine protocol and address filters.
False