Fundamentals of Cyber security Operations - Week 3

Question 1

What is an Wireshark ?

Answer 1

Wireshark is a software protocol analyzer, or “packet sniffer” application, used for network troubleshooting, analysis, software and protocol development, and education

Question 2

What is the keyboard shortcut to start Capture in WireShark ?

Answer 2

ctrl + e

Question 3

What is captured by Wireshark ?

Answer 3

PDU - Protocol Data Unit

Question 4

Where to view the source and destination MAC address in Wiresark ?

Answer 4

Select the captured PDU, Click the arrow to the left of the Ethernet II row to view the Destination and Source MAC addresses.

Question 5

What do you mean by remote host ?

Answer 5

Remote host means, host is on another network,

Question 6

When you ping a host on a different Network , then what is the destination MAC address ?

Answer 6

Destination MAC address is the Mac address of default gateway.
Layer 2 frames never leave the LAN. When a ping is issued to a remote host, the source will use the Default Gateway’s MAC address for the frame destination. The Default Gateway receives the packet, strips the Layer 2 frame information from the packet and then creates a new frame header with the next hop’s MAC address. This process continues from router to router until the packet reaches its destination IP address.

Question 7

What is OUI ?

Answer 7

Organizationally Unique Identifier}
The part of the MAC address that identifies the vendor of the network adapter. The OUI is the first three bytes of the six-byte field and is administered by the IEEE. See MAC layer.

Question 8

How many bits are in OUI ?

Answer 8

24 bits

Question 9

How many bits are one octate of MAC Address

Answer 9

8 bits

Question 10

How many bits are in MAC Address ?

Answer 10

48 bits
It has six octets of 8 bit each & expreseed as hexadeximal digits 0-9,A-F

Question 11

How many octates are reserved for OUI ?

Answer 11

First three octates from Left to Right
10:dd:b1:xx:xx:xx

Question 12

What is the frame type of IPv4 address ?

Answer 12

0x0800

Question 13

What is the frame type of ARP ?

Answer 13

0x0806

Question 14

What are the five basic parts of a Ethernet Frame?

Answer 14

1. Destination
   2.Source
2. Type
3. Data
4. FCS (Frame Check Sequence received 10 51051 we iPhone 50 after inter blue)

Question 15

How to capture 50 packets from eth0 interface and save it to pcap file ?

Answer 15

tcpdump -i eth0 -v -w capture.pcap

Question 16

What are the classification of Network ports ?

Answer 16

The port numbers are divided into three ranges:

1. Well-known ports
   The well known ports are those from 0 - 1,023. DCCP well known ports should not be used without IANA registration. The registration procedure is defined in document RFC4340, section 19.9.
2. Registered ports
   The registered ports are those from 1,024 - 49,151. DCCP registered ports should not be used without IANA registration. The registration procedure is defined in document RFC4340, section 19.9.
3. Dynamic and/or private ports
   The dynamic and/or private ports are those from 49,152 - 65,535.

Question 17

Most Vulnerable Ports ?

Answer 17

FTP (20, 21)
SSH (22)
Telnet (23)
SMTP (25)
DNS (53)
NetBIOS over TCP (137, 139)
SMB (445)
HTTP and HTTPS (80, 443, 8080, 8443)
Ports 1433, 1434 and 3306
Remote desktop (3389)

Question 18

How to captutre 50 packets of network card from terminal & save irt in pcap file ?

Answer 18

tcpdump -i eth0 -v -c 50 -w /home/analyst/capture.pcap