Writers Solution

The Wireshark protocol analyzer has limited capabilities and is not considered multi-faceted.

20 questions , multiple choice

Question 1

1.       Which of the following statements is true?

[removed] The Wireshark protocol analyzer has limited capabilities and is not considered multi-faceted.
[removed] Wireshark is used to find anomalies in network traffic as well as to troubleshoot application performance issues.
[removed] Both Wireshark and NetWitness Investigator are expensive tools that are cost-prohibitive for most organizations.
[removed] NetWitness Investigator is available at no charge while Wireshark is a commercial product.

5 points   

Question 2

1.       Wireshark capture files, like the DemoCapturepcap file found in this lab, have a __________ extension, which stands for packet capture, next generation.

[removed] .packcng
[removed] .paccapnextg
[removed] .pcnextgen
[removed] .pcapng

5 points   

Question 3

1.       The Wireless Toolbar (View > Wireless Toolbar) is used only:

[removed] when using a pre-captured file.
[removed] when capturing live traffic.
[removed] when reviewing wireless traffic.
[removed] in a virtual lab environment.

5 points   

Question 4

1.       In the frame detail pane, which of the following was a field unique to wireless traffic, confirming that it is a wireless packet?

[removed] The Encapsulation type: Per-Packet Information header
[removed] The Arrival time: May 11, 2007 15:30:37 041165000 Pacific Daylight Time
[removed] The Capture Length: 181 bytes
[removed] The Epoch Time: 1178922637.041165000 seconds

5 points   

Question 5

1.       Which of the following tools provides information about the antennae signal strengths, noise ratios, and other antennae information during a captured transmission?

[removed] Windows Explorer
[removed] DemoCapture
[removed] Wireshark
[removed] NetWitness

5 points   

Question 6

1.       Which of the following can be used to map who is able to communicate with whom, the measured strength of signals, and what frequencies are used, as well as be used for jamming certain frequencies and for determining which devices were likely used to set off remote bombs and Improvised Explosive Devices (IEDs)?

[removed] MAC+PHY (MAC and Physical Layer)
[removed] IEEE Layer
[removed] Flags fields
[removed] Quality of Service information

5 points   

Question 7

1.       In the IEEE 802.11 Quality of Service information and Flags fields, Wireshark displays information about the __________, which enables the network administrator to determine which Media Access Control (MAC) addresses match each of them.

[removed] antennae and signal strength
[removed] transmitters and receivers of the data
[removed] payload and frame information
[removed] Domain System and Internet Protocol version

5 points   

Question 8

1.       In the lab, Wireshark displayed the transmitter/receiver address in both full hexadecimal (00:14:a5:cd:74:7b) and a kind of shorthand, which was:

[removed] IEEE 802.11.
[removed] GemtekTe_IEEE.
[removed] GemtekTe_00:14:a5.
[removed] GemtekTe_cd:74:7b.

5 points   

Question 9

1.       Matching the __________ to their appropriate transmitter and receiver addresses can provide the needed forensic evidence of which devices are involved in a particular communication.

[removed] MAC addresses
[removed] IP addresses
[removed] brand names
[removed] IEEE numbers

5 points   

Question 10

1.       Which of the following statements is true regarding the fields displayed in Wireshark?

[removed] There are hundreds of fields of data available and there are many different ways to interpret them.
[removed] There are a few dozen fields of data available but there are many different ways to interpret them.
[removed] There are very few fields of data available and most administrators will interpret them in the same or a similar way.
[removed] Although there are very few fields of data available, most administrators will interpret them differently.

5 points   

Question 11

1.       Which of the following is a packet capture add-on that is frequently installed with Wireshark that enables the capture of more wireless information?

[removed] 3Com
[removed] QoS
[removed] GemtekTE
[removed] AirPcap

5 points   

Question 12

1.       Regardless of whether the packet is sent through the air or on a wire, the ultimate payload in an investigation is:

[removed] information regarding the transmitters and receivers of the data.
[removed] detail about the Internet Protocol version.
[removed] a Domain Name System query.
[removed] evidence of any suspicious activity.

5 points   

Question 13

1.       In the lab, the DNS query indicated an IP address of __________ for

[removed] 177.390.13.6

5 points   

Question 14

1.       What is the actual Web host name to which is resolved?


5 points   

Question 15

1.       In order to use NetWitness Investigator to analyze the same packets that you analyzed with Wireshark, you first had to save the DemoCapturepcap.pcapng file in the older __________ format.

[removed] .libpcap
[removed] .tcpdump-libcap
[removed] .pcapng
[removed] .pcap

5 points   

Question 16

1.       Which of the following statements is true regarding NetWitness Investigator?

[removed] NetWitness Investigator is available for free so it is only used for some initial analysis.
[removed] NetWitness Investigator is often used only by skilled analysts for specific types of analysis.
[removed] Investigators with little training typically can capture needed information using NetWitness Investigator.
[removed] Wireshark provides a more in-depth, security-focused analysis than NetWitness Investigator.

5 points   

Question 17

1.       Which of the following statements is true regarding NetWitness Investigator reports?

[removed] NetWitness reports contain only low-level wireless information, such as command and control.
[removed] NetWitness reports do not provide the kind of sophisticated analysis that is found within Wireshark.
[removed] NetWitness and Wireshark both provide the same information but the two tools differ in how that information is displayed.
[removed] NetWitness is unable to provide information about the geographic location of the transmitter and receiver.

5 points   

Question 18

1.       Which of the following tools displays the MAC address and IP address information and enables them to be correlated for a given capture transmission?




CLICK HERE TO ORDER THIS PAPER AT ON  The Wireshark protocol analyzer has limited capabilities and is not considered multi-faceted.

NO PLAGIARISM, Get impressive Grades in Your Academic Work

[removed] DemoCapture
[removed] Wireshark
[removed] NetWitness Investigator
[removed] Both Wireshark and NetWitness Investigator

5 points   

Question 19

1.       When you were using NetWitness Investigator in the lab, the Destination City report indicated that the Destination Organization of was recorded as:

[removed] Turin Polytechnic.
[removed] Politecnico de Tourino.
[removed] Republic of Italia.
[removed] Turin, Italy.

5 points   

Question 20

1.       Which of the following statements is true regarding the information in the Destination City report?

[removed] The Top Level Domain (TLD) “.it” belongs to Italy.
[removed] The Top Level Domain (TLD) “.it” is proofthat the Web site is physically located in Italy.
[removed] The Top Level Domain (TLD) was actually registered in the United States.
[removed] It indicates that it will be impossible to determine the actual physical location of the server
Writers Solution

Launch your Wireshark and open SMTP_Capture file. Rememer, Wireshark has three panels and you will be looking at these panels to answer the Deliverables


In this activity, you will see the different PDUs in the e-mail messages that you send. However, instead of creating and sending “live” e-mail, I have included here a sample SMTP capture (see Figure 2-21) that you can open with your Wireshark.

book of this course is:


1. Launch your Wireshark and open SMTP_Capture file. Rememer, Wireshark has three panels and you will be looking at these panels to answer the Deliverables.

2. Look at Packet #8, the start of the message from Sender. Click packet # 8 and see what happens in the middle and bottom panels. Take a screenshot of the Sender’s address

3. Click Packet # 14 and see if you can read the message in the bottom panel (see Figure 2-21, p. 54). Take a screenshot of the Sender’s message.

4. Create a WORD document and paste your two screenshots in this document. Write a short essay (3-4 paragraphs) describing your activity. Your essay should include the answers to the three Deliverables (p. 55-56).

5. Click a few more packets and review the displayed information in the middle and bottom panels. Pay attention to the different layers and PDUs of each packet. Are they all the same?

6. Challenge yourself and see if you can use Wireshark and capture SMTP packets using your student e-mail




CLICK HERE TO ORDER THIS PAPER AT ON Launch your Wireshark and open SMTP_Capture file. Rememer, Wireshark has three panels and you will be looking at these panels to answer the Deliverables

NO PLAGIARISM, Get impressive Grades in Your Academic Work