To filter by a protocol such as HTTP, you should:

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

To filter by a protocol such as HTTP, you should:

Explanation:
Filtering by the protocol name is the most reliable way to isolate HTTP traffic. In Wireshark, each packet that contains HTTP data is dissected as the HTTP protocol, so using a filter like http shows exactly those packets regardless of which port they use. Relying on a numeric port can miss HTTP traffic that appears on nonstandard ports, or traffic where the protocol isn’t identified purely by port. Filtering by frame length doesn’t target the protocol at all, and filtering by IP address only narrows to a host without guaranteeing the packets are HTTP. So using the protocol name leverages Wireshark’s protocol dissectors to accurately surface the packets belonging to that protocol.

Filtering by the protocol name is the most reliable way to isolate HTTP traffic. In Wireshark, each packet that contains HTTP data is dissected as the HTTP protocol, so using a filter like http shows exactly those packets regardless of which port they use. Relying on a numeric port can miss HTTP traffic that appears on nonstandard ports, or traffic where the protocol isn’t identified purely by port. Filtering by frame length doesn’t target the protocol at all, and filtering by IP address only narrows to a host without guaranteeing the packets are HTTP. So using the protocol name leverages Wireshark’s protocol dissectors to accurately surface the packets belonging to that protocol.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy