{"id":778,"date":"2019-08-06T07:45:49","date_gmt":"2019-08-06T12:45:49","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=778"},"modified":"2020-02-25T09:32:03","modified_gmt":"2020-02-25T15:32:03","slug":"ccna-cyberops-secops-objective-2-2","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/","title":{"rendered":"CCNA CyberOps SECOPS &#8211; Objective 2.2"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Describe the fields in these protocol headers as they relate to intrusion analysis: Ethernet frame, IPv4, IPv6, TCP, UDP, ICMP, HTTP<\/p><cite><strong>Implementing Cisco Cybersecurity Operations (210-255) <\/strong> <\/cite><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Ethernet Frames<\/h2>\n\n\n\n<p><a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Ethernet_Type_II_Frame_format.svg#\/media\/File:Ethernet_Type_II_Frame_format.svg\"><img decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/thumb\/1\/13\/Ethernet_Type_II_Frame_format.svg\/1200px-Ethernet_Type_II_Frame_format.svg.png\" alt=\"Ethernet Type II Frame format.svg\"><\/a><br>Public Domain, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=1546835\">Link<\/a><\/p>\n\n\n\n<p>The biggest thing for the Ethernet frame is to be able to identify the source and destination MAC address. Often you will be looking at packets in Wireshark which will automatically decode the frame.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IPv4<\/h2>\n\n\n\n<p><a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Ipv4_header.svg#\/media\/File:Ipv4_header.svg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/54\/Ipv4_header.svg\" alt=\"Ipv4 header.svg\" height=\"301\" width=\"640\"><\/a><br>By <a href=\"\/\/commons.wikimedia.org\/wiki\/User:Mro\" title=\"User:Mro\">Mro<\/a> &#8211; <span class=\"int-own-work\" lang=\"en\">Own work<\/span>, <a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/3.0\" title=\"Creative Commons Attribution-Share Alike 3.0\">CC BY-SA 3.0<\/a>, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=10402871\">Link<\/a><\/p>\n\n\n\n<p>Internet Protocol version 4 (IPv4) is what most people are used to seeing currently.  The key points are the Time To Live, Protocol, Source Address and Destination Address.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IPv6<\/h2>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/6\/6b\/IPv6_header_rv1.png\" alt=\"IPv6 header rv1.png\" height=\"401\" width=\"640\"><br><a href=\"http:\/\/creativecommons.org\/licenses\/by-sa\/3.0\/\" title=\"Creative Commons Attribution-Share Alike 3.0\">CC BY-SA 3.0<\/a>, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=168564\">Link<\/a><\/p>\n\n\n\n<p>IPv6 is actually simpler than an IPv4 header in the basic form. It is extendable in that other headers are added using the Next Header pointer. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">TCP<\/h2>\n\n\n\n<p><img decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/0\/08\/TCP_Header.png\" alt=\"TCP Header.png\"><br>By <a href=\"\/\/commons.wikimedia.org\/w\/index.php?title=User:Sajidur89&amp;action=edit&amp;redlink=1\" class=\"new\" title=\"User:Sajidur89 (page does not exist)\">Sajidur89<\/a> &#8211; <span class=\"int-own-work\" lang=\"en\">Own work<\/span>, <a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/3.0\" title=\"Creative Commons Attribution-Share Alike 3.0\">CC BY-SA 3.0<\/a>, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=30159214\">Link<\/a><\/p>\n\n\n\n<p>TCP headers are useful in tracking packets to make sure that protocols are behaving the way they are supposed to be behaving. One thing that comes into play is the analysis of the sequence number, ack number and the flags in the 8 bits after the TCP Header Length. It is important to know how the TCP three-way handshake works. First, a packet is sent from the client to the server with the SYN flag. Then the server responds with a packet with the SYN and ACK flags set. The ACK acknowledges the initial SYN. Finally, the client responds with an ACK to acknowledge the server&#8217;s SYN.<\/p>\n\n\n\n<p><a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:TCP_Three-Way_Handshake.svg#\/media\/File:TCP_Three-Way_Handshake.svg\"><img decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/thumb\/7\/71\/TCP_Three-Way_Handshake.svg\/1200px-TCP_Three-Way_Handshake.svg.png\"><\/a><br>By <a href=\"\/\/commons.wikimedia.org\/wiki\/User:Fleshgrinder\" title=\"User:Fleshgrinder\">Fleshgrinder<\/a> and <a rel=\"nofollow\" class=\"external text\" href=\"http:\/\/tango.freedesktop.org\/The_People\">The People<\/a> from The Tango! Desktop Project. &#8211; <span class=\"int-own-work\" lang=\"en\">Own work<\/span>\n<a href=\"\/\/commons.wikimedia.org\/wiki\/File:Network-server.svg\" title=\"File:Network-server.svg\">Tango! Desktop Project Network Server<\/a>\n<a href=\"\/\/commons.wikimedia.org\/wiki\/File:Computer.svg\" title=\"File:Computer.svg\">Tango! Desktop Project Computer<\/a>, Public Domain, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=36225970\">Link<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">UDP<\/h2>\n\n\n\n<p><img decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/7\/75\/UDP_Header_-en.png\"><br>By <a href=\"\/\/commons.wikimedia.org\/wiki\/User:MichelBakni\" title=\"User:MichelBakni\">MichelBakni<\/a> &#8211; <span class=\"int-own-work\" lang=\"en\">Own work<\/span>, <a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\" title=\"Creative Commons Attribution-Share Alike 4.0\">CC BY-SA 4.0<\/a>, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=61598500\">Link<\/a><\/p>\n\n\n\n<p>UDP headers are quite simple with just the source and destination port, length and a checksum.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ICMP<\/h2>\n\n\n\n<p>ICMP (Internet Control Message Protocol) is commonly held synonymously with the ping utility, but it does more than just that. Ping is done with echo and echo-reply packets. Destination unreachable messages can report back to ping or traceroute that a host is unavailable or unreachable.<\/p>\n\n\n\n<p><img decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/3\/34\/ICMP.png\"><br>By <a href=\"\/\/commons.wikimedia.org\/w\/index.php?title=User:Austinvernsonger&amp;action=edit&amp;redlink=1\" class=\"new\" title=\"User:Austinvernsonger (page does not exist)\">Austinvernsonger<\/a> &#8211; <span class=\"int-own-work\" lang=\"en\">Own work<\/span>, <a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\" title=\"Creative Commons Attribution-Share Alike 4.0\">CC BY-SA 4.0<\/a>, <a href=\"https:\/\/commons.wikimedia.org\/w\/index.php?curid=73846946\">Link<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">HTTP<\/h2>\n\n\n\n<p>HTTP headers contain a lot of useful information to security analysts. Wireshark dissects these and makes them easier to understand. A good reference is the <a href=\"https:\/\/en.wikipedia.org\/wiki\/List_of_HTTP_header_fields\">Wikipedia guide<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Describe the fields in these protocol headers as they relate to intrusion analysis: Ethernet frame, IPv4, IPv6, TCP, UDP, ICMP, HTTP Implementing Cisco Cybersecurity Operations (210-255) Ethernet Frames Public Domain, Link The biggest thing for the Ethernet frame is to be able to identify the source and destination MAC address. Often you will be looking [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":651,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CCNA CyberOps SECOPS - Objective 2.2 #ciscocert #ccnacyberops #ciscochampions","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,105,31,24],"tags":[107,90,106,149],"class_list":["post-778","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ccna-cyberops","category-certification","category-cisco","tag-ccna-cyberops","tag-certification","tag-cisco","tag-cisco-certified-cyber-ops-associate"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CCNA CyberOps SECOPS - Objective 2.2 -<\/title>\n<meta name=\"description\" content=\"Analysis of headers at multiple OSI layers is an important skill for cybersecurity analysts. This article looks at TCP, UDP, ICMP, IPv4, IPv6, Ethernet and HTTP headers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CCNA CyberOps SECOPS - Objective 2.2 -\" \/>\n<meta property=\"og:description\" content=\"Analysis of headers at multiple OSI layers is an important skill for cybersecurity analysts. This article looks at TCP, UDP, ICMP, IPv4, IPv6, Ethernet and HTTP headers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-06T12:45:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-25T15:32:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i1.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CCNA CyberOps SECOPS &#8211; Objective 2.2\",\"datePublished\":\"2019-08-06T12:45:49+00:00\",\"dateModified\":\"2020-02-25T15:32:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/\"},\"wordCount\":383,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2012\\\/01\\\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1\",\"keywords\":[\"CCNA CyberOps\",\"certification\",\"cisco\",\"Cisco Certified Cyber Ops Associate\"],\"articleSection\":[\"Blog\",\"CCNA CyberOps\",\"Certification\",\"cisco\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/\",\"name\":\"CCNA CyberOps SECOPS - Objective 2.2 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2012\\\/01\\\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1\",\"datePublished\":\"2019-08-06T12:45:49+00:00\",\"dateModified\":\"2020-02-25T15:32:03+00:00\",\"description\":\"Analysis of headers at multiple OSI layers is an important skill for cybersecurity analysts. This article looks at TCP, UDP, ICMP, IPv4, IPv6, Ethernet and HTTP headers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2012\\\/01\\\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2012\\\/01\\\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1\",\"width\":640,\"height\":426},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/06\\\/ccna-cyberops-secops-objective-2-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CCNA CyberOps SECOPS &#8211; Objective 2.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CCNA CyberOps SECOPS - Objective 2.2 -","description":"Analysis of headers at multiple OSI layers is an important skill for cybersecurity analysts. This article looks at TCP, UDP, ICMP, IPv4, IPv6, Ethernet and HTTP headers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/","og_locale":"en_US","og_type":"article","og_title":"CCNA CyberOps SECOPS - Objective 2.2 -","og_description":"Analysis of headers at multiple OSI layers is an important skill for cybersecurity analysts. This article looks at TCP, UDP, ICMP, IPv4, IPv6, Ethernet and HTTP headers.","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-08-06T12:45:49+00:00","article_modified_time":"2020-02-25T15:32:03+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/i1.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CCNA CyberOps SECOPS &#8211; Objective 2.2","datePublished":"2019-08-06T12:45:49+00:00","dateModified":"2020-02-25T15:32:03+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/"},"wordCount":383,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1","keywords":["CCNA CyberOps","certification","cisco","Cisco Certified Cyber Ops Associate"],"articleSection":["Blog","CCNA CyberOps","Certification","cisco"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/","name":"CCNA CyberOps SECOPS - Objective 2.2 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1","datePublished":"2019-08-06T12:45:49+00:00","dateModified":"2020-02-25T15:32:03+00:00","description":"Analysis of headers at multiple OSI layers is an important skill for cybersecurity analysts. This article looks at TCP, UDP, ICMP, IPv4, IPv6, Ethernet and HTTP headers.","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1","width":640,"height":426},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/06\/ccna-cyberops-secops-objective-2-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CCNA CyberOps SECOPS &#8211; Objective 2.2"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2012\/01\/colorful-colourful-lan-46218.jpg?fit=640%2C426&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-cy","jetpack-related-posts":[{"id":797,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/08\/ccna-cyberops-secops-objective-2-4\/","url_meta":{"origin":778,"position":0},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.4","author":"Ben Story","date":"August 8, 2019","format":false,"excerpt":"Identify these key elements in an intrusion from a given PCAP file : Source address, Destination address, Source port, Destination port, Protocols, and Payloads Implementing Cisco Cybersecurity Operations (210-255) PCAP files are a way of storing packet data captured using a packet sniffer like Wireshark. The Wireshark website has dozens\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/pcap-3.png?fit=1030%2C422&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":758,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/04\/ccna-cyberops-secops-objective-1-8\/","url_meta":{"origin":778,"position":1},"title":"CCNA CyberOps SECOPS &#8211; Objective 1.8","author":"Ben Story","date":"August 4, 2019","format":false,"excerpt":"Describe the role of attribution in an investigation Implementing Cisco Cybersecurity Operations (210-255) Assets: Any data, device or other aspects of the environment that supports information systems.Threat Actor: The person or group responsible for an attack on an asset.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":463,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/28\/cisco-certified-network-associate-cyberops\/","url_meta":{"origin":778,"position":2},"title":"Cisco Certified Network Associate &#8211; CyberOps","author":"Ben Story","date":"February 28, 2019","format":false,"excerpt":"Cisco's cybersecurity certification is the CCNA CyberOps. The certification is composed of two exams. The first exam is 210-250 SECFND: Understanding Cisco Cybersecurity Fundamentals. This exam sets the foundation for an engineer to understand the terminology and tools used by a Security Operations Center(SOC) engineer. The second half of the\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":819,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/11\/ccna-cyberops-secops-objective-2-8\/","url_meta":{"origin":778,"position":3},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.8","author":"Ben Story","date":"August 11, 2019","format":false,"excerpt":"Compare and contrast impact and no impact for these items: False Positive, False Negative, True Positive, True NegativeImplementing Cisco Cybersecurity Operations (210-255) Security analysts must work to minimize both false positives and false negatives. False positives take up time to determine that the detection is not a problem. False negatives\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/teddy-teddy-bear-association-ill-42230.jpeg?fit=640%2C518&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/teddy-teddy-bear-association-ill-42230.jpeg?fit=640%2C518&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/teddy-teddy-bear-association-ill-42230.jpeg?fit=640%2C518&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":823,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/11\/ccna-cyberops-secops-objective-2-9\/","url_meta":{"origin":778,"position":4},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.9","author":"Ben Story","date":"August 11, 2019","format":false,"excerpt":"Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC) Implementing Cisco Cybersecurity Operations (210-255) FMC Incident FMC Host Profile The firepower management console (FMC) presents information about the incidents and hosts. Impact flag 1 indicates an incident against a host\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":488,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/05\/ccna-cyberops-secfnd-objective-2-2\/","url_meta":{"origin":778,"position":5},"title":"CCNA CyberOps SECFND Objective 2.2","author":"Ben Story","date":"March 5, 2019","format":false,"excerpt":"Compare and contrast these concepts: Risk, Threat, Vulnerability, and Exploit.Understanding Cisco Cybersecurity Fundamentals (210-250) Risk: the possibility that something bad will happenThreat: any potential danger to a security assetVulnerability: exploitable weakness in a system or designExploit: software or commands that take advantage of a vulnerability Risk is the possibility of\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/roulette-roulette-wheel-ball-turn.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/roulette-roulette-wheel-ball-turn.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/03\/roulette-roulette-wheel-ball-turn.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=778"}],"version-history":[{"count":1,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/778\/revisions"}],"predecessor-version":[{"id":1098,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/778\/revisions\/1098"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/651"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}