Question

____is a tool for capturing, filtering and analyzing TCP traffic
Routers
O
TCP
O NIDS/NIPS
O tcpdump​

Answer 1

Answer:

Routers is the right answer

Explanation:

Mark Me As Brainliest I will hope it

Answer 2

Answer:

colleges and universities.)

Question types

Written

Matching

Multiple choice

True/False

Start with

Term

Definition

Both

Question limit

55

of 55 available terms

Create new test

Print test

55 Matching questions

HyperText Transfer Protocol (HTTP)

Modes of detection

One-to-many IP adsdresses

Packet analysis techniques

One-to-one IP address

Statistical flow analysis

Flow analysis techniques

DNS/Name Servers

Higher-layer Traffic analysis

Inline Network Taps

Network Intrusion Detection/Prevention Systems

Active Acquisition

Many-to-many IP addresses

Routers

NIDS/NIPS functionality

Traffic acquisition software

NIDS/NIPS Evidence Acquisition

tcpdump

TCP port scan

Network Forensics

Protocol decoding and exporting

TCP

Firewalls

Induction coils

Many-to-one IP addresses

Packet analysis use cases

Open System Interconnection (OSI)

NIDS/NIPS

Web proxies

Internet Control Message Protocol (ICMP)

Flow record processing system

Protocol identification

Intercepting traffic in wired media

Wireless access points

Flow analysis

Application servers

Strategy for collecting evidence

Collector placement and architecture

DHCP Servers

Vampire Taps

Address Resolution Protocol (ARP)

Fiber optic taps

Intercepting traffic in wireless media

Protocol analysis

User Datagram Protocol

Switches

Factors to consider when placing sensors

Intercepting traffic from hubs

Berkley Packet Filter (BPF) language

Domain Name System (DNS)

Intercepting traffic from switches

Authentication Servers

NIDS/NIPS components

Internet Protocol (IP)

Packet analysis

aMay detect attacks in progress, can be tuned to give more granular data

bconnectionless, unreliable, used by DNS, SNMP, audio/video streaming

cTargeted attack, routine server communication

dRules, Alerts, packet capture

eLogs successful/failed login attempts for all devices within its authentication system

fContain IP address to MAC address mapping, the time the IP was leased

gHandles multiplexing of process communication, provides end-to-end reliability, sequencing, flow control, congestion control. Connection established through 3-way handshake.

hDuplication, Time synchronization, Resources, Capacity

iFacilitates sending and receiving documents on the web

jUnderstand how a protocol works, how to identify and dissect it; can use RFCs and standards to understands protocols

kCan be configured to keep logs which serve as digital evidence

lList conversations and flows, export a flow, file and data carving

mMAC flooding (overflowing table) or ARP spoofing (fill table with fake value)

nReveal connection attempts from Internal to external sites/email/SSH servers with timestamps

oRecovering and analyzing digital evidence from network resources

pTraffic itself as well as management traffic (SSID, MAC addresses, supported encryption/authentication algorithms, layer 3 packet content)

qWorks better on UTP

rHigher-layer protocol analysis can be done once the payload of a transport-layer flow has been isolated and reconstructed

sData is broadcasted, easy to eavesdrop

tDevices that pierce the shielding of copper cables

uEasy to eavesdrop traffic that pass through, management and control frames are not encrypted

vWebserver, Email server, network port scanning

wtool for capturing, filtering, and analyzing traffic

xStores web surfing log for an entire organization

ySensor, collector, aggregator, analysis

zExamining related groups of packets in order to identify patterns, suspicious activity or extra data

aaDDOS attack, Syslog server, Drop box, Email server

abComprehensive study of protocols, packets and flows, and methods for dissecting them

acmonitor network traffic and alerts on suspicious activities

adLayer 1 device between two physically connected devices

aeContains tables that store mapping between physical port and MAC addresses

afRefrain from rebooting or powering down device, connect via console rather than network, record system time, collect evidence according to level of volatility, record activities

agConfiguration files, Alert data, Packet header and/or flow record information, Content data, correlation of activities across multiple sensors

ahContains routing tables that map router ports with the network, may function as packet filters

aiProvides mapping between IP addresses and MAC for a local subnet

ajEvidence collected from network device logs

akSignature-based analysis, protocol awareness, behavioral analysis

alBPF filters decide which traffic to capture and inspect and which to ignore

amDistributed database used to map between domain names and IP addresses

anRequires splicing the cable, causes disruption

aoCongestion, security, reliability, capacity

apCommunicates error messages and other conditions via IP datagrams