Which display filter shows all traffic involving IP address 192.168.1.2?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter shows all traffic involving IP address 192.168.1.2?

Explanation:
Filtering for all traffic involving a specific IP means catching any packet where that IP appears in either direction. The display filter ip.addr==192.168.1.2 does exactly that, matching packets regardless of whether 192.168.1.2 is the source or the destination. Using ip.src==192.168.1.2 restricts to packets where 192.168.1.2 is the sender and misses traffic where it’s the recipient. Using ip.dst==192.168.1.2 restricts to packets where 192.168.1.2 is the destination and misses traffic where it’s the source. tcp.addr isn’t a valid field in Wireshark filters. So the best choice to see all traffic involving that IP is ip.addr==192.168.1.2.

Filtering for all traffic involving a specific IP means catching any packet where that IP appears in either direction. The display filter ip.addr==192.168.1.2 does exactly that, matching packets regardless of whether 192.168.1.2 is the source or the destination. Using ip.src==192.168.1.2 restricts to packets where 192.168.1.2 is the sender and misses traffic where it’s the recipient. Using ip.dst==192.168.1.2 restricts to packets where 192.168.1.2 is the destination and misses traffic where it’s the source. tcp.addr isn’t a valid field in Wireshark filters. So the best choice to see all traffic involving that IP is ip.addr==192.168.1.2.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy