Which display filter filters traffic to or from 10.0.0.5?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter filters traffic to or from 10.0.0.5?

Explanation:
Filtering traffic by IP on either end of a conversation. To see all packets that involve 10.0.0.5, use a filter that matches the IP address regardless of whether it's the source or the destination. ip.addr does that: it matches packets where either the source or destination IP address is 10.0.0.5, catching both inbound and outbound traffic for that host. The other options look at only one side or a different protocol field: ip.dst finds packets where 10.0.0.5 is the destination, ip.src finds packets where it is the source, and tcp.dst tests the TCP destination port (a number), not an IP address, so it won't match 10.0.0.5.

Filtering traffic by IP on either end of a conversation. To see all packets that involve 10.0.0.5, use a filter that matches the IP address regardless of whether it's the source or the destination. ip.addr does that: it matches packets where either the source or destination IP address is 10.0.0.5, catching both inbound and outbound traffic for that host. The other options look at only one side or a different protocol field: ip.dst finds packets where 10.0.0.5 is the destination, ip.src finds packets where it is the source, and tcp.dst tests the TCP destination port (a number), not an IP address, so it won't match 10.0.0.5.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy