Intrusion Detection and Prevention Quiz 2

Ace your homework & exams now with Quizwiz!

Please examine the following two packets. What is the sequence number of the packet sent from port 3224 to port 6020? 23:29:04.050167 spider.3224 > 66-28-147-032.servercentral.net.6020: . ack 36517 win 16044 23:29:04.059645 66-28-174-032.servercentral.net.6020 > spider.3224: P 36517:37969(1452) ack 1 win 5840 (DF)

a. 1 b. 0 c. 36517 d. 37969 ans: b

A server sends a SYN + ACK packet from port 23 to port 5678 of a client to acknowledge the request to build a TCP session. The sequence number of the SYN + ACK packet is 1010, and acknowledgement number is 100. What are the starting sequence numbers used by the client and the server respectively for data transfer?

a. 1009, 100 b. 99, 1010 c. 1010, 99 d. 1010, 100 ans: b

The following is a TCP packet captured by Tcpdump. If an acknowledgement is sent from port 32772 to 33635 to acknowledge the data received from port 33635, what would be the acknowledgement number? 16:23:01.079553 churchward.erg.abdn.ac.uk.33635 > gordon.erg.abdn.ac.uk.32772: P 12765:12925(160) ack 19829 win 24820 (DF)

a. 12926 b. 12925 c. 12765 d. 12766 ans: b

In the case of closing a TCP session, the server side acknowledges the FIN request of the client side with sequence number 400, and acknowledgement number 200. So the client side acknowledges the FIN + Ack packet of the server side using Sequence number _______, and Acknowledgement number ______________.

a. 400, 201 b. 401, 200 c. 401, 201 d. 200, 401 ans: d

In three way handshake of establishing a TCP connection, if a client sends a SYN packet to a server with source port, destination port, sequence number, and acknowledgement number as the following respectively. 8971, 22, 156, 305 And also the SYN is acknowledged by a packet with sequence number 588. In the last step to set up the TCP connection, the client needs to send an ACK to the server. What are the values of source port, destination port, sequence number and the acknowledgement number of the ACK respectively?

a. 8971, 22, 157, 589 b. 8971, 22, 589, 157 c. 22, 8971, 157, 589 d. 8971, 22, 157, unknown ans: a

Which of the following cannot be used to capture computer network traffic?

a. Tcpdump b. Wireshark c. Snort d. Ethernet ans: d

Based on the following packet captured by Tcpdump, we can conclude that __________ 09:32:43:910000 nmap.edu.1173 > dns.net.21 S 62697789:62697789(0) win 512

a. The host "nmap.edu" tried to make a TCP session to the host "dns.net" b. This is a UDP packet from the host "nmap.edu" to the host "dns.net" c. This is a DNS request packet sent to DNS server d. The host "dns.net" tries to make a TCP session to the host "nmap.edu" ans: a

In establishing a TCP connection between a client and a server, which one is correct?

a. The server side is active open b. Both the client and the server are active open c. The client side is passive open d. The server side is passive open ans: d

The following packet captured by Tcpdump shows "win 512" which indicates ____________________. 09:32:43:910000 nmap.edu.1173 > dns.net.21 S 62697789:62697789(0) win 512

a. host "dns.net" total window buffer size is 512 bytes b. host "dns.net" available buffer size is 512 bytes c. host "nmap.edu" total window buffer size is 512 bytes d. host "nmap.edu" available buffer size is 512 bytes ans: b

Which command can capture all the network traffic from host 168.128.35.26 going to any host on port 8190, and print out absolute TCP sequence number for each packet captured?

a. tcp -nnvvS src 168.128.35.26 and dst port 8190 b. tcpdump - nnvvS src 168.128.35.26 or dst port 8190 c. tcpdump -nnvv src 168.128.35.26 and dst port 8190 d. tcpdump -nnvvS src 168.128.65.26 and dst port 8190 ans: d

Capture all traffic coming from 192.168. x.x and going to the 10.x.x.x, or 172.16.x.x networks and show hex output with no host name resolution and one level extra verbosity.

a. tcpdump -X src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16 b. tcpdump -nvL src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16 c. tcpdump -nvX src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16 d. tcpdump -nvX src net 192.168.0.0 and dst net 10.0.0.0 or 172.16.0.0 ans: c

Capture all the traffic going to 192.168.0.2 except ICMP packets

a. tcpdump 192.168.0.2 and dst net and not icmp b. tcpdump dst 192.168.0.2 and src net and not icmp c. tcpdump dst 192.168.0.2 and src net or not icmp d. tcpdump dst 192.168.0.2 or src net or not icmp ans: b

Tom accesses host C with IP address IPC via host B with IP address IPB from host A with IP address IPA using SSH. How to capture all the TCP request and response traffic of the incoming link of Host B?

a. tcpdump tcp host IPA and host IPB and port 22 and 'tcp[13] & 8 !=0' b. tcpdump tcp host IPA and host IPB and src port 22 and 'tcp[13] & 8 !=0' c. tcpdump tcp host IPA or host IPB and port 22 and 'tcp[13] & 8 !=0' d. tcpdump tcp host IPA and host PIB and dst port 22 and 'tcp[13] & 8 !=0' ans: a

Tom accesses host C with IP address IPC via host B with IP address IPB from host A with IP address IPA using SSH. How to capture all the TCP traffic of incoming link of Host B?

a. tcpdump tcp host IPA or host IPB and port 22 b. tcpdump tcp host IPA and host IPB and port 22 c. tcpdump tcp host IPA and port 22 d. tcpdump tcp host IPA or host IPB or port 22 ans: b

Tom accesses host C with IP address IPC via host B with IP address IPB from host A with IP address IPA using SSH. How to capture all the TCP traffic of the outgoing link to Host B?

a. tcpdump tcp host IPB and host IPC and port 5589 b. tcpdump tcp host IPB or host IPC and port 22 c. tcpdump tcp host IPB and host IPC and port 22 d. tcpdump tcp host IPB or host IPC and port 22 ans: c

Tom accesses host C with IP address IPC via host B with IP address IPB from host A with IP address IPA using SSH. How to capture all the TCP traffic from Host A to Host B?

a. tcpdump tcp src IPA or dst IPB and dst port 22 b. tcpdump tcp src IPA and dst IPB and dst port 22 c. tcpdump tcp src IPA and dst IPB and src port 22 d. tcpdump src IPA and dst IPB and dst port 22 ans: d

Tom accesses host C with IP address IPC via host B with IP address IPB from host A with IP address IPA using SSH. How to capture all the TCP response traffic of the incoming link of Host B?

a. tcpdump tcp src IPB and dst IPA and port 22 and 'tcp[13] & 8 !=0' b. tcpdump tcp src IPB and dst IPA and src port 22 and 'tcp[13] & 8 !=0' c. tcpdump tcp src IPB and dst IPA and src port 22 and 'tcp[13] & 16 !=0' d. tcpdump tcp src IPB and dst IPA and dst port 22 and 'tcp[13] & 8 !=0' ans: b

Tom accesses host C with IP address IPC via host B with IP address IPB from host A with IP address IPA using SSH. How to capture all the TCP request traffic of the outgoing link of Host B?

a. tcpdump tcp src IPB and dst IPC and dst port 22 and 'tcp[13] &32!=0' b. tcpdump tcp src IPB and dst IPC and port 22 and 'tcp[13] &16!=0' c. tcpdump tcp src IPB and dst IPC and dst port 22 and 'tcp[13] &8!=0' d. tcpdump tcp src IPB or dst IPC and dst port 22 and 'tcp[13] &8!=0' ans: c

In terms of closing a TCP connection between a client and a server, which one is correct?

a. the client is passive b. the server is not passive c. the client is active d. the client is not active ans: c

The command "tcpdump src host churchward and udp dst port 53" is to capture ______.

a. the tcp packet going to port 53 from host churchward b. the udp packets coming from host curchward, but tcp packets going to port 53 c. the tcp packets coming from host churchward, but udp packets going to port 53 d. the udp packets coming from host churchward, but going to port 53 ans: d


Related study sets

Immunity (Bilal, Sheila, Hannah)

View Set

Grammar: direct objects, nouns, etc.

View Set

BCIS 3610 (BASIC COMPUTER INFORMATION SYSTEMS)

View Set

Special Health Concerns - Group 3

View Set

Environmental- Ecological Footprint

View Set

Stetson Global Marketing - Chapter 1, 2, 9, 10

View Set

System Analysis and Design: Project Management, Ch7

View Set