Chapter Questions
What is an Internet socket?
What is network forensics?
What are well-known ports?
Identify the port numbers for the following applications:a. Telnetb. HTTPc. $\mathrm{FTP}$d. DNSe. $\mathrm{DHCP}$
Define the purpose of a connection-oriented protocol. Give an example.
What three packets are exchanged between two hosts when establishing a TCP connection?
What is the purpose of a sequence number (SEQ=) in TCP data packets?
Explain how a host knows whether a data packet was not received.
Describe how a TCP connection is terminated.
What is a connectionless protocol? Give an example.
What is the SYN-SENT state?
What is the SYN-RECEIVED state?
What is the purpose of an ARP request?
This state indicates that the three-packet handshake established a TCP connection.
What is the FIN-WAIT-1 state, and where is it used?
In this state, the terminating host acknowledges the last FIN and waits for the connection to close.
In this TCP Connection state, the host is listening and ready to accept connections.
In this TCP Connection state, the receiving host acknowledges the FIN.
In this TCP Connection State, the terminating host receives the acknowledgment from the receiving host.
The netstat -an command is issued. What does the following indicate?$$\text { TCP } 0.0 .0 .0: 22$$$$0.0 .0 .0: 0$$LISTENING
The netstat -an command is issued. What does the following indicate?TCP 172.16.101.7:49192 199.7.59.72:80 TIME_WAIT
What is the purpose of an ARP reply?
What command is used to view the ARP cache?
What command can be used to display the age of each ARP entry?
What important networking-troubleshooting tool is part of ICMP, and how does it test a network connection?
What is the purpose of the ICMP message type 0 ?
What ICMP message type is Time Exceeded?
What is the purpose of the ICMP message type 8 ?
Expand the acronym $A R P$.
Expand the acronym ICMP.
What is an echo request?
What is the purpose of a protocol analyzer?Included on the companion CD-ROM in the Wireshark capture file folder is a network packet capture file called PacketI Ia.cap. Open this file using Wireshark. The following five questions refer to this file.
What are the MAC addresses of the computers involved?
Which IP addresses correspond to each MAC address?
Which packet IDs correspond to ARP requests?
Which packet IDs correspond to ARP replies?
Which computers are pinging which computers?
In terms of computer security, a switch offers better security than a hub. Why is this?
What is the management information base?
What port does SNMP use and what transport protocol?
The SNMP MIB get request ifDescr returns what information from a router?
What is the purpose of the MIB?
Write the Cisco router command for configuring SNMP on a Cisco router. Assume a community string of networking and set the permissions to read-only. Show the router prompt.
The command show run is entered on a Cisco router. Describe what the output "SNMP-server test RO" means.
What SNMP MIBs were most likely issued to the router discussed in Section 6-4?
Use Figure 6-38 to answer questions 47 to 51.FIGURE 6-38 For problems 47–can't copyWhat MIB was issued?
Use Figure 6-38 to answer questions 47 to 51.FIGURE 6-38 For problems 47–can't copy..What information was returned?
Use Figure 6-38 to answer questions 47 to 51.FIGURE 6-38 For problems 47–can't copy.What port number was used?
Use Figure 6-38 to answer questions 47 to 51.FIGURE 6-38 For problems 47–can't copy.What protocol is being used? How do you know?
Use Figure 6-38 to answer questions 47 to 51.FIGURE 6-38 For problems 47–can't copy.Who is the manufacturer of this networking device?
What is the advantage of SNMPv3?
What security features are provided with SNMPv3?
What is confidentiality?
What is integrity relative to security?
What is authentication relative to security?
What is the purpose of NetFlow?
What is the purpose of the collector when used with "flow" technologies.
What is the following command doing?RouterA (config)\# ip flow-export source Loopback0
What is the purpose of the command ip route-cache flow?
What command is used to display the NetFlow information?
What does the following command do?RouterA (config) \# ip flow-export version 5
What is the purpose of the following command?RouterA (config)\# ip flow-export destination 10.10.101.19 5000
A filter with the ip.addr $=\mathbf{=} \mathbf{1 0 . 1 0 . 1 0 . 1}$ filter is applied to captured network data traffic. What happens?
What filter could be used to display on data packets containing the IP address $192.168 .12 .5 ?$
What filter could be used to only display data files containing the FTP protocol?
What is the purpose of the FTP-DATA filter?
What is the purpose of applying the (arp) II (dhcpv6) filter?
List a filter to remove all occurrences of STP or EIGRP.
List a filter to remove all occurrences of ARP or ICMP.
List a filter that can be used to display only data packets containing the IP address 208.76.11.230?
Use the Wireshark protocol analyzer to capture a file transfer to a TFTP server. Prepare a report on your findings. Identify the port used to establish the TFTP transfer and the source and destination ports used for the TFTP file transfer.
Repeat problem 72 for loading a file from a TFTP server.
Open the sample wireless capture. Cap file provided in the Chapter 6 Wire- shark folder in the textbook CD. Search for the 74.125.239.27 IP address. Describe what is happening at this address.
When issuing a command on a server, there are a lot of TCP state of SYN-RECEIVED and ESTABLISHED showing. Should there be any concerns with what netstat is reporting?