Workshop time! Here's a brief quiz to help you make the most out of this hour's lesson as well as some activities for you to try on your own.
A "distributed" analyzer is one that has the
Ability to get into trouble
Ability to capture frames on several different segments
Ability to decode more than one network protocol
Ability to produce charts and graphs
Most analyzers have which two functions?
Capture the flag and a secret decoder ring
Packet capture and packet decode
Capture of data and decode of Ethernet
Drill and fill
A protocol analyzer requires a computer and a __________ network card.
True or False: Identifying how and when to filter is a highly important part of learning how to use an analyzer.
A filter can be _____________________.
Both A and B
Neither A nor B
True or False: If your analyzer does not gather network names (such as DNS or NetBIOS), it's impossible for you to identify whose computer corresponds to a particular MAC address.
You're about to connect an analyzer to a network segment. For best results, what should you have done first?
Formed an option
Come up with a theory
Decided not to use a filter
A SYN packet is
The beginning of an IBM SNA session
The beginning of a TCP session
A folder containing misdeeds
The beginning of a Telnet session
Answers to Quiz Questions
Capture a session where you log in via Telnet to a Linux server. (You'll need, of course, to have a Linux server connected to a hub, with the Telnet service on. In RedHat 7.2 and above, try service telnet start.) Practice finding the username. What else can you see? (Hint: Can you say "security problem?") Make sure to turn off the Telnet service if it wasn't on at the beginning of your test.
Build a filter to capture all SMB packets. Then, copy a large file; in the middle of the copy, remove the workstation's network cable. Then, plug it back in. Look at the trace: does it tell you anything?