10.1.17 - Sniffing (Practice Questions)
Cain and Abel, Ettercap, and TCPDump
Which of the following are network sniffing tools?
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?
Sniffing
Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against?
St@y0ut!@
You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?
-SX port 443
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ascii output only. Which of the following tcpdump options will achieve this output?
Only packets with either a source or destination address on the 192.168.0.0 network are captured.
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter?
Wrote packet capture files from interface 1 into mycap.pcap.
Which of the following actions was performed using the WinDump command line sniffer?
ACME, Inc
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, You have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager's email address?
ip.src ne 192.168.142.3
Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address?
Use encryption for all sensitive traffic.
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic?
ARP poisoning
As part of your penetration test, you are using Ettercap in an attempt to spoof DNS. You have configured the target and have selected the dns_spoof option (see image). To complete the configuration of this test, which of the following MITM options should you select?
ARP poisoning is occuring, as indicated by the duplicate response IP address.
As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning?
Only packets with 192.168.0.34 in either the source or destination address are captured.
Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host 192.168.0.34 filter?
