232 Chapter 9 ■ Sniffers
- Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic
from the segment he is connected to. What can Bob do to gather all switch traffic?
A. MAC flooding
B. MAC spoofing
C. IP spoofing
D. DOS attack - What technique funnels all traffic back to a single client, allowing sniffing from all con-
nected hosts?
A. ARP redirection
B. ARP poisoning
C. ARP flooding
D. ARP partitioning - Which Wireshark filter displays only traffic from 192.168.1.1?
A. ip.addr =! 192.168.1.1
B. ip.addr ne 192.168.1.1
C. ip.addr == 192.168.1.1
D. ip.addr – 192.168.1.1 - What common tool can be used for launching an ARP-poisoning attack?
A. Cain and Abel
B. Nmap
C. Scooter
D. TCPdump - Which command launches a CLI version of Wireshark?
A. Wireshk
B. dumpcap
C. tshark
D. editcap - Jason is using TCPdump to capture traffic on his network. He would like to save the cap-
ture for later review. What command can Jason use?
A. tcpdump –r capture.log
B. tcpdump – l capture.log
C. tcpdump –t capture.log
D. tcpdump –w capture.log