WEEK 4 :: PRACTICE QUIZ :: NETWORK MONITORING
What factors would limit your ability to capture packets? Check all that apply.
- Network interface not being in promiscuous or monitor mode - Access to the traffic in question. If your NIC isn't in monitor or promiscuous mode, it'll only capture packets sent by and sent to your host. In order to capture traffic, you need to be able to access the packets. So, being connected to a switch wouldn't allow you to capture other clients' traffic.
What factors should you consider when designing an IDS installation? Check all that apply.
- Traffic bandwidth - Storage capacity It's important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet capture retention reasons.
What is the difference between an Intrusion Detection System and an Intrusion Prevention System?
An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic. An IDS only detects intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack traffic.
What does tcpdump do? Select all that apply.
- Captures packets - Analyzes packets and provides a textual analysis tcpdump is a popular, lightweight command line tool for capturing packets and analyzing network traffic.
What does wireshark do differently from tcpdump? Check all that apply.
- It understands more application-level protocols - It has graphical interface. tcpdump is a command line utility, while wireshark has a powerful graphical interface. While tcpdump understands some application-layer protocols, wireshark expands on this with a much larger complement of protocols understood.