How would you capture DHCP related traffic between ABC-DC01 and ABC-WS123?

You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run Microsoft Windows Vista. ABC.com has a computer named ABC-DC01 which utilizes Network Monitor 3.0. ABC.com has recently enabled Network Monitor to use P-mode for capturing traffic to and from the DHCP server.

ABC.com has ABC-DC01 and ABC-WS123 configured as follows:

ABC-DC01 Mac Address: 00-15-5E-CD-3E-83, – IP Address: 192.168.25.84

ABC-WS123 Mac Address: 00-15-F2-CD-2A-FB, – IP Address: 169.108.20.1

During the course of the day while using ABC-WS123 you determined that the IP configuration used is not obtained from ABC-DC01.

How would you capture DHCP related traffic between ABC-DC01 and ABC-WS123?

Note: ABC-DC01 is the DHCP server.

You are employed as an enterprise administrator at ABC.com. The ABC.com has a domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run Microsoft Windows Vista. ABC.com has a computer named ABC-DC01 which utilizes Network Monitor 3.0. ABC.com has recently enabled Network Monitor to use P-mode for capturing traffic to and from the DHCP server.

ABC.com has ABC-DC01 and ABC-WS123 configured as follows:

ABC-DC01 Mac Address: 00-15-5E-CD-3E-83, – IP Address: 192.168.25.84

ABC-WS123 Mac Address: 00-15-F2-CD-2A-FB, – IP Address: 169.108.20.1

During the course of the day while using ABC-WS123 you determined that the IP configuration used is not obtained from ABC-DC01.

How would you capture DHCP related traffic between ABC-DC01 and ABC-WS123?

Note: ABC-DC01 is the DHCP server.

A.
By using the IPv4. Address == 192.168.25.84 && DHCP to build a filter in Network Monitor.

B.
By using the IPv4 address == 169.108.20.1 && DHCP to build a filter in Network Monitor.

C.
By using the Ethernet Address == 0x00155ECD3E83 & DHCP to build a filter in Network Monitor.

D.
By using the Ethernet Address == 0x0015F2CD2AFB & DHCP to build a filter in Network Monitor.

Explanation:
To build a filter in the Network application to capture the DHCP traffic between ABC- DC01and ABC-WS123, you need to use IPv4.Address == 192.168.15.84 && DHCP.

To define a filter, you need to specify IPv4, period, SourceAddress then the equal mark (twice) and the IP address (source). In order to fine tune a specific filter, you can combine several conditions in a specific filter using the AND (&&) and OR (||) logical operators. In this question you need to find the traffic originating from 192.168.15.84 that is DHCP related. Therefore you would use 192.168.15.84 && DHCP.

Reference: A Guide to Network Monitor 3.1 / Building a complex filter (or defining several conditions)

http://blogs.microsoft.co.il/blogs/erikr/archive/2007/08/29/A-Guide-to-Network-Monitor-3.1.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *