Which of the following statements is true regarding wireshark

Lab #2 - Assessment Worksheet Using Wireshark and NetWitness Investigator to Analyze Wireless Traffic Course Name and Number: ________________________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ________________________________________________________________ Lab Due Date: ________________________________________________________________ Lab Assessment Questions 1. Which tool, Wireshark or NetWitness, provides information about the wireless antenna strength during a captured transmission? 2. Which tool displays the MAC address and IP address information and enables them to be correlated for a given capture transmission? 3. What is the manufacturer-specific ID for the GemTek radio transmitter/receiver? 4. The receiver and/or transmitter address is hard-coded in hardware and cannot be changed; it can always be counted on to correctly identify the device transmitting. True or False? 5. What is the actual web host name to which www.polito.it is resolved? 6. How can one determine that the website www.polito.it is in Italy? 7. Which IP address is for www.polito.it? 8. Which destination organization is the owner of record of www.polito.it? 1. In the lab, Wireshark displayed the transmitter/receiver address in both full hexadecimal (00:14:a5:cd:74:7b) and a kind of shorthand, which was: IEEE 802.11. GemtekTe_IEEE. GemtekTe_00:14:a5. GemtekTe_cd:74:7b. 1 points QUESTION 2 1. Wireshark capture files, like the DemoCapturepcap file found in this lab, have a __________ extension, which stands for packet capture, next generation. .packcng .paccapnextg .pcnextgen .pcapng 1 points QUESTION 3 1. Which of the following statements is true? The Wireshark protocol analyzer has limited capabilities and is not considered multifaceted. Wireshark is used to find anomalies in network traffic as well as to troubleshoot application performance issues. Both Wireshark and NetWitness Investigator are expensive tools that are costprohibitive for most organizations. NetWitness Investigator is available at no charge while Wireshark is a commercial product. 1 points QUESTION 4 1. The Wireless Toolbar (View > Wireless Toolbar) is used only: when using a pre-captured file. when capturing live traffic. when reviewing wireless traffic. in a virtual lab environment. 1 points QUESTION 5 1. In the IEEE 802.11 Quality of Service information and Flags fields, Wireshark displays information about the __________, which enables the network administrator to determine which Media Access Control (MAC) addresses match each of them. antennae and signal strength transmitters and receivers of the data payload and frame information Domain System and Internet Protocol version 1 points QUESTION 6 1. Matching the __________ to their appropriate transmitter and receiver addresses can provide the needed forensic evidence of which devices are involved in a particular communication. MAC addresses IP addresses brand names IEEE numbers 1 points QUESTION 7 1. Regardless of whether the packet is sent through the air or on a wire, the ultimate payload in an investigation is: information regarding the transmitters and receivers of the data. detail about the Internet Protocol version. a Domain Name System query. evidence of any suspicious activity. 1 points QUESTION 8 1. What is the actual web host name to which www.polito.it is resolved? web01.polito.gov web01.polito.it web01.polito.com www.polito.com 1 points QUESTION 9 1. Which of the following statements is true regarding NetWitness Investigator? NetWitness Investigator is available for free so it is only used for some initial analysis. NetWitness Investigator is often used only by skilled analysts for specific types of analysis. Investigators with little training typically can capture needed information using NetWitness Investigator. Wireshark provides a more in-depth, security-focused analysis than NetWitness Investigator. 1 points QUESTION 10 1. Which of the following statements is true regarding the fields displayed in Wireshark? There are hundreds of fields of data available and there are many different ways to interpret them. There are a few dozen fields of data available but there are many different ways to interpret them. There are very few fields of data available and most administrators will interpret them in the same or a similar way. Although there are very few fields of data available, most administrators will interpret them differently. ...
Purchase answer to see full attachment