Scribd
Upload
82 views

Network Monitoring

The document contains questions about network monitoring tools such as tcpdump and wireshark, intrusion detection and prevention systems, SNMP, and factors that impact network monitoring like interface mode and access. It also defines common network management terms and provides brief descriptions of SNMP, network monitoring tools, throughput testers, and components of performance and traffic monitoring. The answers explain the functionality of tcpdump and wireshark, considerations for IDS installation, the differences between IDS and IPS, and factors that can limit packet capture ability.

Uploaded by

Madushani Nimeshika
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
82 views

Network Monitoring

The document contains questions about network monitoring tools such as tcpdump and wireshark, intrusion detection and prevention systems, SNMP, and factors that impact network monitoring like interface mode and access. It also defines common network management terms and provides brief descriptions of SNMP, network monitoring tools, throughput testers, and components of performance and traffic monitoring. The answers explain the functionality of tcpdump and wireshark, considerations for IDS installation, the differences between IDS and IPS, and factors that can limit packet capture ability.

Uploaded by

Madushani Nimeshika
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Questions

1. What does tcpdump do?

2. What does wireshark do differently from tcpdump?

3. What factors should you consider when designing an IDS installation?

4. What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

5. What factors would limit your ability to capture packets?

6. Different aspects of network management

7. What is the underlying protocol used in most network monitoring tools?

8. What type of message does a SNMP manager use to pull information from an agent?

9. What tool captures packets queried from a network interface?

10. What tool processes and filters captured files based upon monitoring needs?

11. What tool tracks the bandwidth and utilization of interfaces on devices?

12. What is used by performance monitors to track performance over time?

13. A log of performance indicators that represents a big picture of a network is referred to as?

14. What are the three components to SNMP?

15. Brief description on,

I. Simple Network Management Protocol (SNMP)

II. Network monitoring tools

III. Throughput testers

IV. Status monitoring

V. Traffic monitoring

VI. Route monitoring

VII. Network traffic analysis

VIII. System Performance Monitor


Answers

1. - Captures packets
- Analyzes packets and provides a textual analysis

tcpdump is a popular, lightweight command line tool for capturing packets and analyzing network traffic.

2. - It understands more application-level protocols


- It has graphical interface.
tcpdump is a command line utility, while wireshark has a powerful graphical interface. While tcpdump
understands some application-layer protocols, wireshark expands on this with a much larger
complement of protocols understood.

3. - Traffic bandwidth
- Storage capacity

it’s important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system
is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet
capture retention reasons.

4. An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic. An IDS only detects
intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack
traffic.

5. - Network interface not being in promiscuous or monitor mode

- Access to the traffic in question.


If your NIC isn't in monitor or promiscuous mode, it'll only capture packets sent by and sent to your
host. In order to capture traffic, you need to be able to access the packets. So, being connected to a
switch wouldn't allow you to capture other clients' traffic.

6. Operations, Administration, Maintenance, and Provisioning

7. Simple Network Management Protocol

8. GetRequest
9. Packet Sniffer

10. Protocol analyzer

11. Interface monitors

12. Logs

13. Baseline

14. SNMP Manager, Managed devices, Management information base

15. Descriptions

I. Application-layer (Layer 7) protocol used to collect information from network devices for
diagnostic and maintenance purposes.
II. Capture and analyze traffic; create logs; alert you to events you define; monitor different
interfaces such as routers, switches, and servers; indicate areas of traffic congestion; help you
construct baselines; determine upgrade and forecast needs; and generate reports for
management.
III. Software tools that you can use to measure network throughput and capacity.
IV. Used to gather data related to the status of a network.
V. Used to gather data related to the traffic generated in a network.
VI. Used to trace the route taken by packets and detect routing delays, if any.
VII. Identification of the inbound and outbound protocols.

• Checking whether the protocols acknowledge each other. This step helps identify if the
protocols
communicate unidirectionally or bidirectionally.

• Identifying if ports are open and closed.

• Checking the traffic that passes through a firewall.

• Packet flow monitoring


VIII. Software tool that monitors the state of services or daemons, processes, and resources on a
computing device.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy