Top 100+ Network Monitoring Interview Questions And Answers

Question 1. Where Do I Get The Network Monitor Tool?

Answer :

There are  variations of Network Monitor. The complete model is sent with Microsoft Systems Management Server (SMS). A "lite" version is included with Windows NT Server and Windows 2000 Server and includes a subset of the features which are to be had inside the full model.

Question 2. Which Version Should I Use?

Answer :

It depends on what type of site visitors you want to seize. Both variations of Network Monitor can capture visitors that is despatched to or from the host computer (the computer this is strolling NetMon), along with announces and traffic over a dial-up community connection. The full model of Network Monitor also allows you to capture and show any frames from the network phase on which the pc that is jogging NetMon resides, irrespective of whether or not they may be addressed to the host laptop.

Networking Interview Questions
Question 3. What Is The Difference Between The Network Monitor Agent And Network Monitor Tools And Agent?

Answer :

The two number one components of Network Monitor are the Network Monitor Agent and the person interface. The Network Monitor Agent video display units the network and passes traffic as much as the "software" (the consumer interface). The Network Monitor Agent can run on any like minded computer at the same time as the program is going for walks on a separate laptop.

Pc can most effective see community traffic that passes across its network phase. Thus, it can be useful to have a Network Monitor Agent this is walking on a community where the problem is taking place, even as the Network Monitor person interface runs from (for instance) the neighborhood vicinity community (LAN) Administrator's pc on a specific network phase. The LAN Administrator can then manipulate the seize and view the captured information from his or her laptop, even though the LAN Administrator isn't always on the section in which the trouble is taking place.

Question 4. What Security Risks Are Introduced By The Use Of Network Monitor?

Answer :

Network Monitor is a "sniffer," particularly, it detects troubles at the network. Because you can examine visitors on the frame level, all non-encrypted data is visible in a hint. For instance, while you use Microsoft Internet Information Server (IIS) with Basic Authentication, the password is handed as clean text and can be read in a Network Monitor trace.

Networking Tutorial
Question five. What Is The Difference Between A Media Access Control Address And An Ip Address? How Can I Distinguish One From Another?

Answer :

A media get entry to manipulate (MAC) deal with is a completely unique, 12-digit (48-bit), hexadecimal range that the network interface card (NIC) producer "burns into" a laptop's community interface card. On some playing cards, software program can override this range, but the variety remains burned into the cardboard. MAC addresses are also referred to as "Hardware Addresses" and "Universally Administered Addresses" (UAAs). When they are overridden, MAC addresses are called "Locally Administered Addresses" (LAAs). 
The media access manipulate is the bottom layer of the community version that incorporates deal with statistics. All frames on a neighborhood location network contain a MAC address, regardless of the network protocol inside the body. The equal cannot be said about Internet Protocol (IP) addresses, which are living at a better stage of the network model. Non-IP traffic, together with site visitors that makes use of the Novell IPX/SPX protocol, have a MAC cope with however now not an IP address.
An IP cope with is a 32-bit cope with that have to be unique across a Transmission Control Protocol/Internet Protocol (TCP/IP) community. IP addresses are normally represented in dotted-decimal notation, which depicts every octet (eight bits) of an IP deal with as its decimal price and separates each octet with a duration.
Network Security Interview Questions
Question 6. What If The Network Adapter Card Does Not Support Promiscuous Mode? What Is Promiscuous Mode Anyway?

Answer :

Promiscuous mode is a state in which a community adapter card copies all of the frames that pass over the network to a local buffer, no matter the vacation spot address. This mode allows Network Monitor to capture and display all network site visitors.

To use Network Monitor, your computer need to have a network card that supports promiscuous mode. If you are the usage of Network Monitor Agent on a far flung computer, the nearby pc does not want a community adapter card that supports promiscuous mode, however the far off pc does.

Question 7. How Does Network Monitor Interpret The Protocols In A Trace That Has Been Captured?

Answer :

Network Monitor includes protocol parsers that study and interpret key gadgets inside the uncooked information to interpret some of the maximum commonplace protocols. As new standards and implementations evolve, there could be sure protocols for which NetMon does now not comprise parsers. Individuals can write parsers for those protocols, or other agencies can also write a number of these parsers (which can be observed on the Internet). Some additional parsers are protected inside the Microsoft Resource kits.

Network Security Tutorial Hardware and Networking Interview Questions
Question eight. What Is A Three-manner Handshake?

Answer :

Before any statistics can be transmitted through the TCP protocol, a reliable connection must be installed. A "3-manner handshake" is the method that TCP makes use of to establish this connection.

This technique can't be thoroughly described inside the context of this newsletter. Briefly, three frames become aware of a three-manner handshake. In the first frame, Computer1 sends a frame to Computer2 with the TCP SYN flag set. In the second one frame, Computer2 sends a body back to Computer1 with each the SYN and ACK flags set. In the 0.33 body, Computer1 sends a frame to Computer2 with the ACK flag set. Any  computers change those 3 packets every time they installation a TCP connection.

Question nine. How Does A Disconnect Appear In A Netmon Trace?

Answer :

A TCP connection may be resulted in one in all  methods. A "sleek" close uses the TCP FIN flag to reveal that the sender has no extra records to ship. The TCP RST flag is used for an ended ("abortive") session disconnection.

Veritas Volume Manager (VVM or VxVM) Interview Questions
Question 10. What Is The Difference Between A Capture Filter And A Display Filter?

Answer :

Before you run the Capture, you could installation a Capture clear out to decide which frames are stored in the buffer. After the information is saved, you can set up a Display clear out to in addition focus interest on a specific set of frames.

Software trying out Tutorial
Question 11. Can Capture And Display Filters Be Saved As The Default?

Answer :

To shop a Capture or Display clear out as the default, you must write over the existing document. The default Display clear out file is called Default.Df, and the default Capture clear out document is named Default.Cf. These files are commonly located in the WinNT/System32/Netmon/Captures/ folder.

Alternatively, you could shop and load diverse filter out files as needed from inside Network Monitor. To do that, click Load on the Capture Filter or Display Filter conversation box.

SQL Server Management Studio Interview Questions
Question 12. Should I Run Network Monitor On The Client, The Server, Or Both? What If The Client And Server Are The Same Computer?

Answer :

Usually, whilst client and server programs are on the same pc, there is no community traffic. Thus, you can't use Network Monitor to recognize what's occurring between the programs.

When you're troubleshooting HTTP or different textual content-primarily based protocols, if you have two computers, and the patron is getting again surprising effects, run Network Monitor on the server to see if the server is sending the best facts.

You may additionally need to trace on both the patron and server if a firewall or intranet is causing community problems. In this state of affairs, you could compare traces more effectively if you use the Net Time command to synchronize the gadget time on the computer systems.

If you have got 3 computers that talk in a three-tier structure, you could run Network Monitor at the middle tier because all traffic crosses that pc.

Networking Interview Questions
Question thirteen. Can The User Run Other Applications While Network Monitor Is Capturing Or Filtering The Network Traffic?

Answer :

Yes, the overhead of NetMon is minimal, and different applications should not be impacted by means of Network Monitor.