Chapter 1 Solutions
Answers to Review Questions
1. a, b, c, d
2. d
3. c
4. d
5. a
6. c
7. c, a, d, b
8. False
9. d, b, c, g, f, e, a
10. a, b, c, d
11. a, b
12. a, c, d
13. a
14. b
15. c
16. c, d
17. c
18. b
19. True
20. c
21. d
22. a, b, c, d, e
23. b
24. a, c
,25. a, b, c
Hands-on Projects Discussion
Hands-On Project 1-1
In this project, the students install the Wireshark protocol analyzer software on their
computer for use throughout the course. It’s important to make sure that the software
installs properly.
Hands-On Project 1-2
In this project, the students explore the capabilities of the protocol analyzer. First, they
perform basic protocol analyzer tasks, such as capturing basic packet traffic and observing
basic display and analysis capabilities on the trace buffer, including protocols observed to
be in use, a list of conversations observed on the network while data capture is underway,
the MAC address of a source (sender) computer, packet size distribution, and general
statistics.
It's important for the students to understand how a protocol analyzer works, what it can do,
and the various interface controls in Wireshark. This project is intended to familiarize
students with this important network diagnostic and analysis tool so that they can use it
properly to perform specific tasks in later projects. Make sure they spend the time
necessary to become comfortable with the interface and familiar with the program’s
capabilities.
Note: If students encounter any difficulties running Wireshark, be sure to offer assistance
or get help from a qualified network technician. If the protocol analyzer won’t work, make
sure the network interface controller (NIC) in the computer can indeed run in promiscuous
mode. (If the NIC won’t make that switch, the software won’t work, period.)
Hands-On Project 1-3
In this project, students learn to perform basic tasks that are absolutely necessary to
understanding how to use a protocol analyzer on the job (or at least, on a real network). In
this project, students select a protocol filter to learn how to limit the amount of data that the
protocol analyzer captures and stores. Because the protocol analyzer can capture data only
until the trace buffer is full (or older data must be overwritten with newer data to keep
,going), students should learn how to reduce the amount of data they capture to the precise
focus of their inquiries or interests.
Hands-On Project 1-4
In this project, students learn how to create a display filter. A display filter reduces the
amount of information that Wireshark displays from a trace file. This is helpful when a
student wants to view only specific traffic captured in a trace file, especially if the trace file
has tens or hundreds of packets.
Be sure to emphasize the difference between capture filters (used in the previous Hands-On
Project) and display filters. It's sometimes best to capture all data for a short period of time
and then use a display filter to view only certain packets in the trace file. Other times, it's
best to limit the amount of data captured initially. Every situation is different. You could
give some examples from your own experience.
Hands-On Project 1-5
In this project, students examine the contents of captured packets, as decoded and
displayed by the protocol analyzer software. This gives students their first looks into the
precise data structures and organizations that ultimately define what TCP/IP is and how it
works. Students build on this foundation, and learn how to read more into such decodes
throughout the rest of this course.
Case Projects Discussion
Case Project 1
The correct answer to this question is “at the hub.” On a hub-based network, such as the one
described in this Case Project, all network traffic must transit through the hub as it’s
transmitted by any single machine, and then forwarded to all other machines. Because the
hub is the center of this particular networking environment, it’s the best place to attach the
protocol analyzer. Modern networks are more likely to use switches, and to require use of
devices called network taps to capture traffic targeted at specific switch ports. Hubs make
network monitoring convenient but they no longer represent common practice on today’s
networks.
, From our experience, based on the scenario described, what’s probably happening is that
everyone is attempting to log on at more or less the same time, and the server is probably
choking on downloading all 11 user profiles, logon scripts, and other startup information,
all at once. If the hub itself is congested, one solution is to install a second hub and a second
NIC in the server, then divide the users into two groups—a group of five and a group of six
—to more evenly balance the load between the two groups. If the server is overloaded, it
may be necessary to beef up that machine, or add another machine (if the cost can be
justified) to balance the load in that way.
The simplest solution, however, is to encourage users to arrive at staggered intervals so that
all users do not attempt to log on at the same exact moment!
Case Project 2
The best arguments for switching to IPv6 (or for supporting dual-stack environments where
IPv4 and IPv6 coexist) include the following factors: improved security, a larger and more
flexible address space, and more room to grow in the future. IPv6 includes numerous
enhancements that boost its security across the board as compared to IPv4, with enhanced
support for encryption, stronger authentication, and a richer and more diverse set of
security features. Of course, with 128-bit addresses, and a staggering increase in the
addresses routinely made available on a per-organization basis—remember that the IPv6
addresses issued to most organizations are /64, so that by themselves they include 4 billion
times as many addresses as are available for all of IPv4, organizations do not need to worry
about outgrowing their address allocations. And finally, with IPv4 addresses exhausted, the
only room for future IP network growth lies with IPv6. These are compelling reasons to
include support for IPv6 on today’s networks, and to start planning for migration to IPv6
networks in the future.
Case Project 3
One obvious method is to check the protocols list in a protocol analyzer that’s set up to run
for a day or longer on the network during normal load and activity conditions. Even if
administrators do not capture much data, the statistics analysis will compile a list of all the
TCP/IP protocols it observes in use on the network. By carefully reviewing this list, and
augmenting it with any other protocols that are only seldom used, administrators can easily
build a minimal protocol list for their UNIX machines with ease.
Answers to Review Questions
1. a, b, c, d
2. d
3. c
4. d
5. a
6. c
7. c, a, d, b
8. False
9. d, b, c, g, f, e, a
10. a, b, c, d
11. a, b
12. a, c, d
13. a
14. b
15. c
16. c, d
17. c
18. b
19. True
20. c
21. d
22. a, b, c, d, e
23. b
24. a, c
,25. a, b, c
Hands-on Projects Discussion
Hands-On Project 1-1
In this project, the students install the Wireshark protocol analyzer software on their
computer for use throughout the course. It’s important to make sure that the software
installs properly.
Hands-On Project 1-2
In this project, the students explore the capabilities of the protocol analyzer. First, they
perform basic protocol analyzer tasks, such as capturing basic packet traffic and observing
basic display and analysis capabilities on the trace buffer, including protocols observed to
be in use, a list of conversations observed on the network while data capture is underway,
the MAC address of a source (sender) computer, packet size distribution, and general
statistics.
It's important for the students to understand how a protocol analyzer works, what it can do,
and the various interface controls in Wireshark. This project is intended to familiarize
students with this important network diagnostic and analysis tool so that they can use it
properly to perform specific tasks in later projects. Make sure they spend the time
necessary to become comfortable with the interface and familiar with the program’s
capabilities.
Note: If students encounter any difficulties running Wireshark, be sure to offer assistance
or get help from a qualified network technician. If the protocol analyzer won’t work, make
sure the network interface controller (NIC) in the computer can indeed run in promiscuous
mode. (If the NIC won’t make that switch, the software won’t work, period.)
Hands-On Project 1-3
In this project, students learn to perform basic tasks that are absolutely necessary to
understanding how to use a protocol analyzer on the job (or at least, on a real network). In
this project, students select a protocol filter to learn how to limit the amount of data that the
protocol analyzer captures and stores. Because the protocol analyzer can capture data only
until the trace buffer is full (or older data must be overwritten with newer data to keep
,going), students should learn how to reduce the amount of data they capture to the precise
focus of their inquiries or interests.
Hands-On Project 1-4
In this project, students learn how to create a display filter. A display filter reduces the
amount of information that Wireshark displays from a trace file. This is helpful when a
student wants to view only specific traffic captured in a trace file, especially if the trace file
has tens or hundreds of packets.
Be sure to emphasize the difference between capture filters (used in the previous Hands-On
Project) and display filters. It's sometimes best to capture all data for a short period of time
and then use a display filter to view only certain packets in the trace file. Other times, it's
best to limit the amount of data captured initially. Every situation is different. You could
give some examples from your own experience.
Hands-On Project 1-5
In this project, students examine the contents of captured packets, as decoded and
displayed by the protocol analyzer software. This gives students their first looks into the
precise data structures and organizations that ultimately define what TCP/IP is and how it
works. Students build on this foundation, and learn how to read more into such decodes
throughout the rest of this course.
Case Projects Discussion
Case Project 1
The correct answer to this question is “at the hub.” On a hub-based network, such as the one
described in this Case Project, all network traffic must transit through the hub as it’s
transmitted by any single machine, and then forwarded to all other machines. Because the
hub is the center of this particular networking environment, it’s the best place to attach the
protocol analyzer. Modern networks are more likely to use switches, and to require use of
devices called network taps to capture traffic targeted at specific switch ports. Hubs make
network monitoring convenient but they no longer represent common practice on today’s
networks.
, From our experience, based on the scenario described, what’s probably happening is that
everyone is attempting to log on at more or less the same time, and the server is probably
choking on downloading all 11 user profiles, logon scripts, and other startup information,
all at once. If the hub itself is congested, one solution is to install a second hub and a second
NIC in the server, then divide the users into two groups—a group of five and a group of six
—to more evenly balance the load between the two groups. If the server is overloaded, it
may be necessary to beef up that machine, or add another machine (if the cost can be
justified) to balance the load in that way.
The simplest solution, however, is to encourage users to arrive at staggered intervals so that
all users do not attempt to log on at the same exact moment!
Case Project 2
The best arguments for switching to IPv6 (or for supporting dual-stack environments where
IPv4 and IPv6 coexist) include the following factors: improved security, a larger and more
flexible address space, and more room to grow in the future. IPv6 includes numerous
enhancements that boost its security across the board as compared to IPv4, with enhanced
support for encryption, stronger authentication, and a richer and more diverse set of
security features. Of course, with 128-bit addresses, and a staggering increase in the
addresses routinely made available on a per-organization basis—remember that the IPv6
addresses issued to most organizations are /64, so that by themselves they include 4 billion
times as many addresses as are available for all of IPv4, organizations do not need to worry
about outgrowing their address allocations. And finally, with IPv4 addresses exhausted, the
only room for future IP network growth lies with IPv6. These are compelling reasons to
include support for IPv6 on today’s networks, and to start planning for migration to IPv6
networks in the future.
Case Project 3
One obvious method is to check the protocols list in a protocol analyzer that’s set up to run
for a day or longer on the network during normal load and activity conditions. Even if
administrators do not capture much data, the statistics analysis will compile a list of all the
TCP/IP protocols it observes in use on the network. By carefully reviewing this list, and
augmenting it with any other protocols that are only seldom used, administrators can easily
build a minimal protocol list for their UNIX machines with ease.
