14.3.13 Troubleshooting Utilities
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ASCII output only. Which of the following tcpdump options will achieve this output?
-SX port 443 EXPLANATION -SX is the command line option for both full packet capture and hexadecimal and ASCII output of port 443.
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?
ACME, Inc EXPLANATION By looking at the beginning of the packet, you see that Robert Scam is sending an email with a subject line of ACME, Inc Invoice #1543. So, you now know that the name of the company requesting payment is ACME, Inc.
With Wireshark, you've used a filter to capture only the desired packet types. Using the information shown in the image, which of the following BEST describes the effects of using the host 192.168.0.34 filter?
Only packets with 192.168.0.34 in either the source or destination address are captured. EXPLANATION Wireshark's host filter lets you only capture where the specified IP address is in either the source or the destination address.
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?
Port scanner EXPLANATION Use a port scanner to check for open ports on a system or firewall. Compare the list of opened ports with the list of ports allowed by your network design and security policy. Typically, a port is opened when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed towards that port.
Which of the following tools would you use to view the MAC addresses associated with IP addresses that the local workstation has contacted recently?
arp EXPLANATION Use the arp command to view the MAC addresses associated with IP addresses that the local workstation has contacted recently. When a workstation uses ARP to find the MAC address of an IP address, it places that information in its ARP table.
You are troubleshooting a connectivity problem on a Linux server. You're able to connect to another system on the local network but not to a server on a remote network. You suspect that the default gateway information for the system may be configured incorrectly. Which of the following commands would you use to view the default gateway information on the Linux server?
ifconfig EXPLANATION Use the ifconfig command on systems running Linux to view information on the TCP/IP configuration for network adapters.
Which TCP/IP utility gives you the following output?
ipconfig EXPLANATION The ipconfig command shows a computer's TCP/IP configuration information.
Examine the following output: Active ConnectionsProto Local Address Foreign Address StateTCP SERVER1:1036 localhost:4832 TIME_WAITTCP SERVER1:4798 localhost:1032 TIME_WAITTCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAITTCP SERVER1:2150 cpe-66-67-225-118.roc.res.rr.com:14100 ESTABLISHEDTCP SERVER1:268 C872c-032.cpe.net.cale.rers.com:46360 ESTABLISHEDTCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net:23135 ESTABLISHED Which of the following utilities produced this output?
netstat EXPLANATION The netstat command produced the output. netstat reports the TCP/IP ports that are open on the local system, as well as identifying the protocol and remote host connected to that port. This information can be very useful when looking for security weaknesses, as a TCP/IP port that's open to traffic unnecessarily represents a security
Which TCP/IP utility gives the following output?
ping EXPLANATION The ping command displays the results of four echo request/reply contacts with a destination host.
While working on a Linux server, you're unable to connect to the Windows Server system on the internet. You are able to ping the default gateway on your own network, so you suspect that the problem lies outside the local network. Which utility would you use to track the route a packet takes as it crosses the network?
traceroute EXPLANATION traceroute is a Linux utility that allows you to track a packet's route as it traverses the network. The traceroute utility is used on Linux systems, while tracert is used on Windows systems.
