Which display filter shows packets where 192.168.1.2 is the source address?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter shows packets where 192.168.1.2 is the source address?

Explanation:
To show packets where the IPv4 source is a specific address, use the ip.src field. The filter ip.src==192.168.1.2 selects only packets whose IP header source equals 192.168.1.2, giving exactly the packets that originate from that host. Other filters behave differently: ip.addr would match that address whether it’s the source or the destination, which isn’t what’s asked; ip.dst would match packets where that address is the destination; and eth.src filters the Ethernet layer’s source MAC address, not an IP address, so it wouldn’t match an IP address at all.

To show packets where the IPv4 source is a specific address, use the ip.src field. The filter ip.src==192.168.1.2 selects only packets whose IP header source equals 192.168.1.2, giving exactly the packets that originate from that host. Other filters behave differently: ip.addr would match that address whether it’s the source or the destination, which isn’t what’s asked; ip.dst would match packets where that address is the destination; and eth.src filters the Ethernet layer’s source MAC address, not an IP address, so it wouldn’t match an IP address at all.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy