Exam 312-49v10 All QuestionsBrowse all questions from this exam
Go to Exam
Question 161

You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

    Correct Answer: C

    When using tools like Ethereal (now known as Wireshark) to capture traffic on a router, you are monitoring at the Data Link layer (Layer 2) of the OSI model. This layer is responsible for framing, error control, and flow control of data transmitted over a network. Monitoring at this layer allows you to see packet headers, MAC addresses, and other information related to the local network segment, which helps in analyzing traffic to and from the router and identifying potential attacker activity.

Discussion
4bd3116Option: A

The Answer is right. The OSI model's network layer (Layer 3) includes IP addresses and routing information.

aqeel1506Option: C

The correct answer is C. When using Ethereal (now known as Wireshark) to capture traffic on a router, you are monitoring at the Data Link layer (Layer 2) of the OSI model. This layer is responsible for framing, error control, and flow control of data transmitted over a network. At the Data Link layer, you can see packet headers, MAC addresses, and other information related to the local network segment. This allows you to monitor and analyze traffic to and from the router, including potential attacker activity. A. Network (Layer 3): This layer is responsible for routing and addressing, but you're not monitoring at this layer with Ethereal. B. Transport (Layer 4): This layer is responsible for reliable data transfer, but you're not monitoring at this layer with Ethereal. D. Session (Layer 5): This layer is responsible for establishing, managing, and terminating connections, but you're not monitoring at this layer with Ethereal.

ala76nlOption: C

Capturing you do at datalink layer