Exam XK0-004 topic 1 question 113 discussion

Let's start saying when the packet hits "hop 0", connection automatically destroys itself. https://hopzero.com/what-does-hop-count-mean/ So if workstation device has "HOP 0" he can't go throw the network, but can be reached. A. tcpdump => valid because in the header we can see the TTL number; the TTL is the "count register" in the packet header of your devices. https://hopzero.com/wp-content/uploads/hop-count-register-ttl.png B. traceroute => valid because I can hop any step C. route => not valid because doesn't show HOP or TTL, just inside my private network. D. iperf => not valid because that's an external tool and it misures performances and quality of a network link from a client and a server, not TTL/HOPs E. ip => not valid because show about network interface not F. arp => not valid because ISO/OSI level 2, associates a MAC Address to an IP. ping could be a valid option too, but not in the list. i.g.: echo 10 > /proc/sys/net/ipv4/ip_default_ttl ping www.google.it PING www.google.it (142.250.184.99) 56(84) bytes of data. From 142.251.50.137 (142.251.50.137) icmp_seq=1 Time to live exceeded

Tcpdump is your #1 option for this https://danielmiessler.com/study/tcpdump/

B and C are correct. A is not correct because tcpdump is a tool used to monitor network traffic, but it does not show the packets being sent to same subnet.

Same question as #113 yet a different answer... SMH

It is A B. https://hackertarget.com/tcpdump-examples/

This is the same question as 113. I believe the answer is A, B. The question asks us to confirm traffic remains in the subnet. D,E,F do not confirm that. I do not believe C does either.

I tested in the lab and saw that no matter what is the ip_default_ttl value the traceroute ttl keeps increasing. To me it is A and D

It's B C