Packet Filtering: Catching the Cool Packets

The answers to this chapter test are located in Appendix A, "Answers to Chapter Tests."

  1. Which protocol filters should you use when you want to check for any IP routing issues on the network?

    _____________________________________________

  2. Which protocol filters should you use when you want to catch all name lookups on the IP network?

    _____________________________________________

  3. What protocol filter should you use when you want to capture error and information messages crossing the IP network?

    _____________________________________________

  4. What protocol filter should you use when you want to capture all FTP, HTTP and other connection-oriented communications?

    _____________________________________________

  5. What field and value do you think the following predefined filters are based on?

    Filter Name

    Field

    Value

    IP

    _____________________________

    _____________________________

    IPX

    _____________________________

    _____________________________

    TCP

    _____________________________

    _____________________________

    DNS

    _____________________________

    _____________________________

    HTTP

    _____________________________

    _____________________________

    HTTPS

    _____________________________

    _____________________________

    ARP

    _____________________________

    _____________________________

  6. Your boss has asked you to track all FTP traffic to and from your network. You decide to use the prebuilt filters for FTP, but there's a gnawing feeling of doom in the back of your mind… Hmm…. Didn't Laura say you might want to make that filter using the pattern filters? What was she talking about?

    _____________________________________________

    _____________________________________________

  7. Answer the following questions as true (T), false (F) or absolutely ridiculous (AR). You might have to look up some information on the protocols and protocol numbers.

    1. There are only about 5 protocols to filter on.

      T F AR

    2. Predefined filters can only be used as display filters.

      T F AR

    3. Protocol filters only work above the network layer.

      T F AR

    4. You cannot combine protocol and address filters.

      T F AR

Related

Категории