Packet Filtering: Catching the Cool Packets
The answers to this chapter test are located in Appendix A, "Answers to Chapter Tests."
-
What is the difference between the "packet" and "protocol" offset values?
_______________________________________________________________________________________________________________________________________
-
What website should you access to get the default port numbers used by SNMP communications?
_______________________________________________________________________________________________________________________________________
-
Get used to doing hexadecimal to decimal translations - you'll do that a lot when you work the various analyzers. Perform the following translations either manually or with a calculator (such as the Windows calculator in scientific mode or Hex Workshop):
Hexadecimal
Decimal
0x2E
__ d
0x___
12 d
0x10
__ d
0x14
__ d
0x___
40 d
0x___
28 d
-
You have a set of filters that are only partially defined. They have the data values entered, but they are missing the offset value. Look carefully to see whether "packet" or "protocol" is selected for the offset and enter in the offset value.
-
Enter the offsets (in hexadecimal and decimal) used to catch the following traffic. Also note whether your filter is a packet or protocol offset filter.
Offset (0x/d)
Focus
____(0x) /____(d)
Capture traffic to port 524d (NetWare NCP over IP).
____(0x) /____(d)
Capture traffic with an IP Time-to-Live of 1.
____(0x) /____(d)
Capture traffic to the broadcast hardware address.
____(0x) /____(d)
Capture traffic from the DHCP client port number.