Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all
traffic on her network?

A.
Honeypot

B.
Port scanner

C.
Protocol analyzer

D.
Vulnerability scanner

Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network
data communications sent between devices on a network. By capturing and analyzing the packets sent
between the systems on the network, Ann would be able to quantify the amount of traffic on the
network.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from
Microsoft and Wireshark (formerly Ethereal).
Incorrect Answers:
A: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the
attack to research current attack methodologies. A honeypot is not used to monitor device security. It is
not used to calculate the volume of traffic on a network.
B: A port scanner is typically a software application used to scan a system such as a computer or firewall
for open ports. A malicious user would attempt to access a system through an open port. A security
administrator would compare the list of open ports against a list of ports that need to be open so that
unnecessary ports can be closed thus reducing the vulnerability of the system. A port scanner is not used
to calculate the volume of traffic on a network.
D: A vulnerability scanner is software designed to assess computers, computer systems, networks or
applications for weaknesses. This includes applications or default configurations posing a security risk. A
vulnerability scanner is not used to calculate the volume of traffic on a network.

http://en.wikipedia.org/wiki/Wireshark