Some computers on a network are infected with a worm, which occasionally sends out traffic to various hosts on the Internet. You discover that this traffic always uses a certain source TCP port number. You need to identify which computers are infected.
Your solution should include detecting and identifying traffic that is sent by the worm and sending a notification to a network administrator that the infected computer needs to be repaired. Which of the following should you do?
Explanation
Answer - D - To implement a solution with these requirements, you should configure a Network Monitor trigger.
Key Takeaway: Network Monitor is used to generate a trigger when various networking related values change. It captures frames for analysis and provides network utilization statistics and packet traffic. Once Netmon is installed, open Administrative Tools, and select Network Monitor to open the utility. Once Netmon is loaded, you can capture all frames sent to, or retained by, the network adapter of the machine on which it is installed. These captured frames can then be saved or viewed for further analysis.
