Home > Articles > Networking

  • Print
  • + Share This
This chapter is from the book


Workshop time! Here's a brief quiz to help you make the most out of this hour's lesson as well as some activities for you to try on your own.


  1. A "distributed" analyzer is one that has the

    1. Ability to get into trouble

    2. Ability to capture frames on several different segments

    3. Ability to decode more than one network protocol

    4. Ability to produce charts and graphs

  2. Most analyzers have which two functions?

    1. Capture the flag and a secret decoder ring

    2. Packet capture and packet decode

    3. Capture of data and decode of Ethernet

    4. Drill and fill

  3. A protocol analyzer requires a computer and a __________ network card.

    1. promiscuous

    2. promethean

    3. amorous

    4. packetized

  4. True or False: Identifying how and when to filter is a highly important part of learning how to use an analyzer.

  5. A filter can be _____________________.

    1. Workstation related

    2. Protocol related

    3. Both A and B

    4. Neither A nor B

  6. True or False: If your analyzer does not gather network names (such as DNS or NetBIOS), it's impossible for you to identify whose computer corresponds to a particular MAC address.

  7. You're about to connect an analyzer to a network segment. For best results, what should you have done first?

    1. Sniffed packets

    2. Formed an option

    3. Come up with a theory

    4. Decided not to use a filter

  8. A SYN packet is

    1. The beginning of an IBM SNA session

    2. The beginning of a TCP session

    3. A folder containing misdeeds

    4. The beginning of a Telnet session

Answers to Quiz Questions

  1. B

  2. B

  3. A

  4. True

  5. B

  6. False

  7. C

  8. B


  1. Capture a session where you log in via Telnet to a Linux server. (You'll need, of course, to have a Linux server connected to a hub, with the Telnet service on. In RedHat 7.2 and above, try service telnet start.) Practice finding the username. What else can you see? (Hint: Can you say "security problem?") Make sure to turn off the Telnet service if it wasn't on at the beginning of your test.

  2. Build a filter to capture all SMB packets. Then, copy a large file; in the middle of the copy, remove the workstation's network cable. Then, plug it back in. Look at the trace: does it tell you anything?

  • + Share This
  • 🔖 Save To Your Account