If you write ip.addr==A and ip.addr==B, what is required for a match?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

If you write ip.addr==A and ip.addr==B, what is required for a match?

Explanation:
ip.addr matches an IP address in the packet’s IP header, either the source or the destination. When you combine two such tests with AND, both conditions must be true for the same packet. So ip.addr==A and ip.addr==B will only match if the IP packet has A as one endpoint and B as the other—that is, the packet carries both addresses in its header (the two endpoints of that IP flow). A packet from A to someone else or from someone else to B would fail because one of the conditions wouldn’t be met. The protocol doesn’t matter here; any IP packet can match as long as its source/destination pair satisfies the two-address requirement.

ip.addr matches an IP address in the packet’s IP header, either the source or the destination. When you combine two such tests with AND, both conditions must be true for the same packet. So ip.addr==A and ip.addr==B will only match if the IP packet has A as one endpoint and B as the other—that is, the packet carries both addresses in its header (the two endpoints of that IP flow). A packet from A to someone else or from someone else to B would fail because one of the conditions wouldn’t be met. The protocol doesn’t matter here; any IP packet can match as long as its source/destination pair satisfies the two-address requirement.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy