Wednesday Study Session Flashcards
(15 cards)
Q: What is the main function of ARP?
- Assign IP addresses
- Resolve MAC to IP
- Resolve IP to MAC
- Encrypt data
Correct Answer: Resolve IP to MAC
Explanation: ARP resolves IP addresses to physical MAC addresses on a local network.
Practical Use: Necessary for packet delivery in Layer 2 domains.
Why Others Are Incorrect:
- It does not assign IPs (DHCP does).
- Resolves IP to MAC, not the reverse.
- Encryption is handled by other protocols.
Objective: ARP and Layer 2 mapping
Follow-up: What command displays the ARP table on Windows?
Q: What role does DHCP play in networking?
- Assign MAC addresses
- Assign IP configuration dynamically
- Resolve domain names
- Monitor traffic
Correct Answer: Assign IP configuration dynamically
Explanation: DHCP provides IP address, subnet mask, gateway, and DNS settings to clients.
Practical Use: Automates client configuration.
Why Others Are Incorrect:
- MAC addresses are hardware-based.
- DNS handles name resolution.
- Traffic monitoring is done with tools like Wireshark.
Objective: DHCP functionality
Follow-up: What port does DHCP use?
Q: What is the purpose of DNS?
- Provide IP addresses to hosts
- Resolve MAC to IP
- Resolve domain names to IP addresses
- Check device reachability
Correct Answer: Resolve domain names to IP addresses
Explanation: DNS translates human-readable domain names into machine-readable IPs.
Practical Use: Enables web browsing and service access.
Why Others Are Incorrect:
- DHCP provides IPs.
- ARP resolves MAC/IP.
- ICMP checks reachability.
Objective: DNS and Layer 7 services
Follow-up: What is the default port number for DNS queries?
Q: What protocol is used when a user pings another device?
- DHCP
- TCP
- ICMP
- ARP
Correct Answer: ICMP
Explanation: ICMP is used for diagnostic tasks like echo requests and replies (ping).
Practical Use: Determines connectivity and latency.
Why Others Are Incorrect:
- DHCP is used for IP configuration.
- TCP is used for connection-based communication.
- ARP resolves IP to MAC.
Objective: Diagnostic protocols
Follow-up: What type of ICMP message does a successful ping use?
Q: What differentiates TCP from UDP?
- TCP is faster
- UDP is connection-oriented
- TCP is connection-oriented and reliable
- UDP ensures delivery
Correct Answer: TCP is connection-oriented and reliable
Explanation: TCP establishes a session and ensures data integrity.
Practical Use: Used for email, web browsing, file transfers.
Why Others Are Incorrect:
- UDP is faster but not connection-oriented.
- UDP does not ensure delivery.
- TCP’s reliability is what makes it slower.
Objective: Transport layer protocols
Follow-up: What TCP feature handles retransmissions?
Q: Which Wireshark filter shows all DNS traffic?
- dns.lookup
- ip.addr == 53
- port 53
- dns
Correct Answer: dns
Explanation: The ‘dns’ filter shows all DNS request and response traffic.
Practical Use: Diagnose name resolution problems.
Why Others Are Incorrect:
- ‘dns.lookup’ isn’t valid syntax.
- DNS uses port 53 but filter should target protocol.
- ‘port 53’ shows both TCP/UDP, not just DNS.
Objective: Wireshark filters
Follow-up: What filter would show only DNS responses?
Q: A user can ping an IP but not access websites. What’s the most likely issue?
- DHCP failure
- DNS resolution failure
- ARP cache corruption
- MAC address conflict
Correct Answer: DNS resolution failure
Explanation: If ping works by IP but domain names fail, DNS is the likely problem.
Practical Use: Helps narrow down connectivity issues.
Why Others Are Incorrect:
- DHCP would prevent IP assignment.
- ARP affects MAC resolution, not domain names.
- MAC conflicts cause broader network issues.
Objective: Protocol-based diagnosis
Follow-up: What command clears DNS cache in Windows?
Q: What does the icmp filter show in Wireshark?
- DNS lookups
- Web traffic
- Ping requests and replies
- Email traffic
Correct Answer: Ping requests and replies
Explanation: ICMP filter captures echo requests and replies used for ping.
Practical Use: Track connectivity checks and device reachability.
Why Others Are Incorrect:
- DNS/web/email traffic use different protocols.
Objective: ICMP protocol analysis
Follow-up: How can you filter only echo replies in Wireshark?
Q: What does a DHCP Discover packet indicate?
- Client has a static IP
- Client is requesting DNS resolution
- Client is initiating a request for IP
- Server is assigning IP
Correct Answer: Client is initiating a request for IP
Explanation: Discover is the first step in DHCP 4-step handshake.
Practical Use: Identifies DHCP negotiation initiation.
Why Others Are Incorrect:
- Static IP doesn’t involve DHCP.
- DNS is not part of this step.
- IP is not assigned until the Offer step.
Objective: DHCP packet analysis
Follow-up: What packet follows DHCP Discover?
Q: What’s the function of the ARP cache?
- Store DNS entries
- Track TCP connections
- Store resolved MAC addresses
- Log DHCP transactions
Correct Answer: Store resolved MAC addresses
Explanation: ARP cache holds recently resolved IP-to-MAC address mappings.
Practical Use: Speeds up local frame delivery.
Why Others Are Incorrect:
- DNS entries are in resolver cache.
- TCP connections are tracked elsewhere.
- DHCP logs are separate.
Objective: ARP operations
Follow-up: What command shows the ARP cache on Linux?
Q: Which OSI layer handles DNS queries?
- Layer 3
- Layer 5
- Layer 7
- Layer 2
Correct Answer: Layer 7
Explanation: DNS is an application-level protocol, processed at Layer 7.
Practical Use: Important for services like web and email.
Why Others Are Incorrect:
- Layer 3 handles IP addressing.
- Layer 5 manages sessions.
- Layer 2 handles MAC addressing.
Objective: OSI model
Follow-up: What other protocols operate at Layer 7?
Q: What indicates a successful TCP handshake in Wireshark?
- SYN only
- SYN, SYN-ACK, ACK
- ACK, PSH, RST
- FIN, FIN-ACK
Correct Answer: SYN, SYN-ACK, ACK
Explanation: This 3-way handshake confirms session establishment.
Practical Use: Shows connection setup between client and server.
Why Others Are Incorrect:
- Single SYN doesn’t confirm handshake.
- FIN is used to close connections.
Objective: TCP behavior
Follow-up: What port is typically used in a TCP handshake for HTTPS?
Q: What’s a sign of ARP spoofing in a packet capture?
- Multiple devices using same MAC
- Repeated DNS queries
- Echo requests timing out
- DHCP Offers missing
Correct Answer: Multiple devices using same MAC
Explanation: ARP spoofing involves falsifying MAC addresses to intercept traffic.
Practical Use: Diagnoses man-in-the-middle attacks.
Why Others Are Incorrect:
- DNS queries are unrelated.
- Echo timeouts relate to ICMP.
- DHCP issues are different.
Objective: Security in packet capture
Follow-up: What tool detects ARP spoofing in real time?
Q: What filter shows HTTP traffic in Wireshark?
- port 80
- http
- dns
- icmp
Correct Answer: http
Explanation: Filters all HTTP protocol traffic for analysis.
Practical Use: Useful for web activity inspection.
Why Others Are Incorrect:
- Port 80 captures all traffic, not just HTTP.
- DNS/ICMP are unrelated.
Objective: Wireshark protocol filters
Follow-up: What filter shows secure web traffic (HTTPS)?
Q: What tool is used to capture and analyze packets on a network?
- Traceroute
- ipconfig
- Wireshark
- Nslookup
Correct Answer: Wireshark
Explanation: Wireshark is the primary GUI tool for packet-level inspection.
Practical Use: Analyzes all traffic across the OSI layers.
Why Others Are Incorrect:
- Traceroute maps paths.
- Ipconfig shows local settings.
- Nslookup handles DNS.
Objective: Protocol inspection tools
Follow-up: What is the CLI-based alternative to Wireshark?
