978-0840020932 Chapter 4

Chapter 4

True/False

Indicate whether the statement is true or false.

1. The three types of sniffer are bundled, commercial, and free.

2. Sniffers look only at the traffic passing through the network interface adapter on the machine where the application is

resident.

3. Information traveling across a network is typically in human-readable format.

4. When you transmit information in a data packet to a computer on a network, the request is sent to every computer on

that network that uses the same Ethernet cable or wireless LAN.

Multiple Choice

Identify the choice that best completes the statement or answers the question.

1. ____ comes bundled with Windows. Network Monitor, a component of Microsoft Systems Management Server

(SMS), enables you to detect and troubleshoot problems on LANs,WANs, and serial links running the

Microsoft Remote Access Server (RAS).

a.

Tcpdump

c.

Ethereal

b.

Network Monitor

d.

Wireshark

2. ____ is bundled with the Solaris operating systems. It captures packets from the network and displays their contents.

a.

Tcpdump

c.

netfmt

b.

nettl

d.

Snoop

3. The ____ captures the network traffic from the Ethernet connection.

a.

capture driver

c.

decoder

b.

buffer

d.

packet analysis

4. Previously known as Ethereal, ____ is probably the best-known and most powerful free network protocol analyzer for

UNIX/Linux and Windows.

a.

Tcpdump

c.

Wireshark

b.

Snort

d.

Nessus

5. ____, the most commonly bundled sniffer with Linux distros, is also widely used as a free network diagnostic and

analytic tool for UNIX and UNIX-like operating systems.

a.

Snort

c.

Ethereal

b.

Wireshark

d.

Tcpdump

Completion

Complete each statement.

1. A(n) ____________________ is an application that monitors, filters, and captures data packets transferred over a

network.

2. When a sniffer captures data from a network, it stores the data in a(n) ____________________—a dynamic area of

RAM that holds specified data.

3. In order to identify a particular computer on a network, computers are assigned a unique identifier called a(n)

______________________________ address.

4. A NIC can be set up to retrieve any data packet being transferred throughout the Ethernet network segment. This

mode is known as _________________________.

5. ______________________________ is based on the principle that distance can be measured by computing the time

required for reflected energy to be measured at the source.

Short Answer

1. What are the main characteristics of commercial sniffers?

2. What are the major differences between commercial sniffers and free sniffers?

3. What are the network interfaces supported by TCP/IP?

4. What are the components of a sniffer?

5. Where are sniffers normally placed?