What capture filter would drop all ARP traffic during capture?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

What capture filter would drop all ARP traffic during capture?

Explanation:
Capture filters use simple expressions to decide which packets to collect. To drop ARP traffic, you want to exclude ARP packets from what gets captured. The filter not arp does exactly that: it captures all packets except those using the ARP protocol. ARP maps IP addresses to MAC addresses on the local network and is not an IP-based transport, so excluding it leaves other protocols like IPv4, IPv6 (if present), TCP, UDP, etc., to be captured. Why the others don’t fit: arp would capture only ARP packets, not drop them. not ipv6 would exclude IPv6 but still include ARP packets. not tcp would exclude TCP but still include ARP packets. So not arp is the correct choice for dropping ARP traffic during capture.

Capture filters use simple expressions to decide which packets to collect. To drop ARP traffic, you want to exclude ARP packets from what gets captured. The filter not arp does exactly that: it captures all packets except those using the ARP protocol. ARP maps IP addresses to MAC addresses on the local network and is not an IP-based transport, so excluding it leaves other protocols like IPv4, IPv6 (if present), TCP, UDP, etc., to be captured.

Why the others don’t fit: arp would capture only ARP packets, not drop them. not ipv6 would exclude IPv6 but still include ARP packets. not tcp would exclude TCP but still include ARP packets. So not arp is the correct choice for dropping ARP traffic during capture.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy