Exam 24: Digital Evidence at the Physical and Data-Link Layers

How many bytes per packet does tcpdump capture by default?

One of the drawbacks of copying network traffic using a SPANned port is that a SPANned port copies only valid Ethernet packets.

What is a "gratuitous ARP request" and why is it dangerous?

Sniffers put NICs into_________ , forcing them to listen in on all of the communications that are occurring on the network.

It is not possible to use a sniffer when connected to a network via a modem.

Obtain the MAC address of a computer and describe how you did it.

What is the approximate theoretical maximum number of bytes that can be downloaded in one minute on a 10BaseT network?

Which of the following is a valid MAC address?

Routers use Ethernet addresses to direct data between networks.

It is possible to obtain file names from network traffic as well as the file contents.

DHCP can be configured to assign a static IP address to a particular computer every time it is connected to the network.

By default, tcpdump captures the entire contents of a packet.

Describe how a computer obtains the Ethernet address of another computer that it wants to communicate with.

One key point about MAC addresses is that they do not go beyond the router.