Commit 331ed11

bryfry <bryon@fryer.io>
2016-11-03 08:35:16
add questions
master
1 parent e78fa1b
Changed files (3)
corpus
ip.csv
networking.csv
packet_capture.csv
corpus/ip.csv
@@ -0,0 +1,42 @@
+# cidr
+what is the corresponding CIDR for this netmask: 255.255.255.255,/32,cidr
+what is the corresponding CIDR for this netmask: 255.255.255.254,/31,cidr
+what is the corresponding CIDR for this netmask: 255.255.255.252,/30,cidr
+what is the corresponding CIDR for this netmask: 255.255.255.248,/29,cidr
+#,/28,cidr
+#...
+#...
+#,/0,cidr
+
+to which class does this IP address default to: 15.35.32.1,A,class_networks
+# more A questions...
+to which class does this IP address default to: 129.32.98.54,B,class_networks
+# more B questions...
+to whcih class does this IP address default to: 195.168.3.6,C,class_networks
+# more C questions...
+
+what is the broadcast address for this network: 172.16.35.14/12,172.31.255.255
+# lots more of these need written, like 50 of them just so we dont see the same every time
+
+# middle fragment
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff != 0 then this is a middle fragment,T,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff != 0 then this is a whole packet,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff != 0 then this is the first fragment,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff != 0 then this is the last fragment,F,ip_fragmentation
+# first fragment
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff = 0 then this is a middle fragment,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff = 0 then this is a whole packet,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff = 0 then this is the first fragment,T,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0x02 and ip[6:2] & 0x1fff = 0 then this is the last fragment,F,ip_fragmentation
+# last fragment
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff != 0 then this is a middle fragment,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff != 0 then this is a whole packet,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff != 0 then this is the first fragment,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff != 0 then this is the last fragment,T,ip_fragmentation
+# whole packet
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff = 0 then this is a middle fragment,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff = 0 then this is a whole packet,T,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff = 0 then this is the first fragment,F,ip_fragmentation 
+[T/F] if ip[6] & 0x02 = 0 and ip[6:2] & 0x1fff = 0 then this is the last fragment,F,ip_fragmentation 
+
+
corpus/networking.csv
@@ -0,0 +1,4 @@
+#common headers
+what is the length of an ethernet header: ? bytes,14,networking
+what is the lenght of an IPv4 header without options: ? bytes,20,networking
+what is the lenght of an TCP header without options: ? bytes,20,networking
corpus/packet_capture.csv
@@ -11,8 +11,8 @@ which flag specifies the file to write to: tcpdump -w [?],w,packet_capture
 which flag prints each packet in ASCII: tcpdump -[?],A,packet_capture
 which flag prints each packet in hexadecimel: tcpdump -[?],x,packet_capture
 which flag prints each packet in hexadecimel and ASCII: tcpdump -[?],X,packet_capture
-
-# any interface: tcpdump -i [?],any,packet_capture
+which flag prevents both dns resolution and port resolution: tcpdump -[??],nn,packet_capture
+which interface name is a shortcut for all interfaces: tcpdump -i [?],any,packet_capture
 # limit to number of packets,c,
 # filters: dst
 # filters: src
@@ -37,6 +37,9 @@ the bpf abbreviation for the Internet Protocol v4 portion of a frame,ip,packet_c
 the bpf abbreviation for an ICMP portion of a frame,icmp,pacet_capture
 which flag will print the compiled bpf filter: tcpdump -[?] ether[12:2],d,packet_capture
 bpf compiled filter which loads a full word (4 bytes) into the default register,ld,packet_capture
+ether[0:?] what value will result in an ld bpf compiled filter,4,packet_capture
+ether[0:?] what value will result in an ldh bpf compiled filter,2,packet_capture
+ether[0:?] what value will result in an ld1 bpf compiled filter,1,packet_capture
 bpf compiled filter which loads a half word (2 bytes) into the default register,ldh,packet_capture
 bpf compiled filter which loads a single byte into the default regisger,ldb,packet_capture
 bpf compiled filter which jumps to locations if the supplied value and the default register are equal,jeq,packet_capture and the default register
@@ -51,3 +54,4 @@ bpf shortcut for matching either source or destination MAC address: ether [?] <M
 bpf shortcut for matching source MAC address: ether [?] <MAC>,src,packet_capture
 bpf shortcut for matching destination MAC address: ether [?] <MAC>,dst,packet_capture
 bpf shortcut for matching multicast addressed ethernet frames: ether [?],multicast,packet_capture
+