Network Monitoring Practice Quiz Week 4

Questions and Answers

What does tcpdump do? (Select all that apply)

Creates graphical analysis of packets

Blocks network traffic

Captures packets (correct)

Analyzes packets and provides a textual analysis (correct)

What does Wireshark do differently from tcpdump? (Check all that apply)

It has a graphical interface (correct)

It only captures packets

It is a command line utility

It understands more application-level protocols (correct)

What factors should you consider when designing an IDS installation? (Check all that apply)

Storage capacity (correct)

Number of users on the network

Type of firewall used

Traffic bandwidth (correct)

What is the difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?

An IDS can alert on detected attack traffic, while an IPS can actively block attack traffic.

What factors would limit your ability to capture packets? (Check all that apply)

Access to the traffic in question

Study Notes

tcpdump Functionality

• Captures packets from network traffic for analysis.
• Provides a textual analysis of the captured packets.

Differences Between tcpdump and Wireshark

• Wireshark has a graphical interface, enhancing user interaction and ease of use.
• Wireshark understands a wider array of application-level protocols compared to tcpdump.

Considerations for IDS Installation Design

• Traffic bandwidth must be assessed to ensure the IDS can process the expected volume of network data.
• Sufficient storage capacity is crucial for retaining logs and captured packets over time.

IDS vs. IPS

• An Intrusion Detection System (IDS) detects and alerts on intrusions but does not take action to block them.
• An Intrusion Prevention System (IPS) actively blocks detected threats by modifying firewall rules.

Limitations on Packet Capture

• Network interface cards (NICs) must be in promiscuous or monitor mode to capture all traffic; otherwise, they only capture packets directly addressed to them.
• Access limitations may arise from network architecture, such as being connected to a switch that prevents capturing traffic from other devices.

Description

Test your knowledge on network monitoring tools like tcpdump and Wireshark in this Week 4 practice quiz. Learn the key differences and functionalities of these essential networking utilities through various flashcards.