In Wireshark, which display filter tokens are used to specify IP addresses and TCP ports?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

In Wireshark, which display filter tokens are used to specify IP addresses and TCP ports?

Explanation:
In Wireshark, you filter on fields from the packet headers. To target IPs you use ip.src for the source IP and ip.dst for the destination IP. For TCP ports, you can use tcp.srcport and tcp.dstport to filter on the ports on each side, or use tcp.port as a convenient way to match either side’s port. So the tokens ip.src, ip.dst, tcp.port, tcp.srcport, and tcp.dstport together cover filtering by IP addresses and TCP ports. Other tokens correspond to DNS names, HTTP host, ARP addresses, or MAC addresses, which aren’t the IP/TCP port fields in question.

In Wireshark, you filter on fields from the packet headers. To target IPs you use ip.src for the source IP and ip.dst for the destination IP. For TCP ports, you can use tcp.srcport and tcp.dstport to filter on the ports on each side, or use tcp.port as a convenient way to match either side’s port. So the tokens ip.src, ip.dst, tcp.port, tcp.srcport, and tcp.dstport together cover filtering by IP addresses and TCP ports. Other tokens correspond to DNS names, HTTP host, ARP addresses, or MAC addresses, which aren’t the IP/TCP port fields in question.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy