On a Linux host, which tool is best used for network traffic analysis? Group of answer choices ping tcpdump dig nmap
Added by Jes-S P.
Step 1
- **ping**: Used to check the reachability of a host on a network and measure round-trip time for messages sent to the destination. - **tcpdump**: A command-line packet analyzer that allows users to capture and analyze network traffic in real-time. - **dig**: A Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 57 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Texts: Basic attack analysis: 1. Look at captures no. 20 and 22. (You can use the "Go" link at the top of the Wireshark screen to quickly go to a specific capture.) Both packets are ICMP traffic, but there are subtle differences between them. Compare the time-to-live and data field sizes in the two packets. What differences do you see? 2. Do a little Internet research to discover which operating systems use the specific values in their ping commands. What operating system generated the echo request in capture 20? 3. Review packet no. 37 and beyond. What do you think is taking place here? 4. Look at capture 22846. What is suspicious about the flag settings in this packet? 5. What is the IP address of the host being targeted?
Akash M.
Which of these ports would you be least likely to find open to a native service on a Linux host? a) 139 b) 53 c) 22 d) 443 2. What is the netmask of the network associated with host 128.227.224.196 having 8,190 hosts? a) 255.255.255.192 b) 255.255.192.0 c) 255.255.224.0 d) 255.255.255.0 3. Which of these precautions will not interfere with a traditional SSLStrip attack from working? a) Disallowing multiple MAC addresses for a single host in a network b) Always using https c) Using a separate process in each browser d) Navigating to a site whose HSTS super-cookie is loaded in your browser 4. Although nmap warns about -Pn slowing down a scan, proxychains nmap -Pn 10.70.184.1-254 -p 445 actually runs faster than the following nmap: proxychains nmap 10.70.184.1-254 -p 445. Why would that be? a) When -Pn isn't specified, both UDP and TCP ports are scanned. b) If ping fails, nmap will check an extra port (80) c) Because ICMP echo replies are always delivered as fast as port 445 replies. d) When -Pn isn't specified, the 10,000 most popular ports will be scanned. 5. What can Linux file access control lists do that normal file modes cannot do? a) They can provide special permission sets for individual users. b) They can set a file to run as the root user when executed, no matter who the owner of the file is. c) They can restrict permissions for a group of users in /etc/group d) They can set permissions on a link to a file. 6. Which of these ISO layer messages is likely to have the largest number of embedded protocol data units in it? a) Datalink. b) Session c) Network d) Application
What command would you issue from a command prompt to see a listing of the computers in your workgroup? Select one: a. arp -a b. net view c. ipconfig /all d. ping
Sanchit J.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD