Review Questions 233
- What is the generic syntax of a Wireshark filter?
A. protocol.field operator value
B. field.protocol operator value
C. operator.protocol value field
D. protocol.operator value field- Tiffany is analyzing a capture from a client’s network. She is particularly interested in Net-
BIOS traffic. What port does Tiffany filter for?
A. 123
B. 139
C. 161
D. 110 - Based on the packet capture shown in the graphic, what is contained in the highlighted sec-
tion of the packet?
A. The frame value of the packet
B. The MAC address of the sending host
C. Source and destination IP addresses
D. The routed protocol value- Jason is using TCPdump to capture traffic on his network. He would like to review a
capture log gathered previously. What command can Jason use?
A. tcpdump –r capture.log
B. tcpdump – l capture.log
C. tcpdump –t capture.log
D. tcpdump –w capture.log - Wireshark requires a network card to be able to enter which mode to sniff all network
traffic?
A. Capture mode
B. Promiscuous mode
C. pcap mode
D. Gather mode