Which expression allows filtering by protocol name rather than a port or IP?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which expression allows filtering by protocol name rather than a port or IP?

Explanation:
Filtering by protocol name uses the protocol’s identifier (the dissector name) to select packets that Wireshark can recognize as carrying that protocol, regardless of which port or IP they use. So you can filter with http to see all HTTP traffic no matter the source or destination port, or similarly with any other protocol you’re interested in. This is exactly what you want when you’re focusing on the protocol itself rather than the transport details. The other options filter by port numbers, IP addresses, or general frame content. ip.addr narrows traffic by who’s communicating, not by the protocol in use. tcp.port restricts by a specific TCP port, which misses traffic of the same protocol on different ports or traffic from other protocols using that port. frame contains data is a broad check on the frame payload and doesn’t target a specific protocol. Note that if the data is encrypted (like HTTPS), the http dissector may not apply, so the protocol-name filter won’t match those packets until decryption is available.

Filtering by protocol name uses the protocol’s identifier (the dissector name) to select packets that Wireshark can recognize as carrying that protocol, regardless of which port or IP they use. So you can filter with http to see all HTTP traffic no matter the source or destination port, or similarly with any other protocol you’re interested in. This is exactly what you want when you’re focusing on the protocol itself rather than the transport details.

The other options filter by port numbers, IP addresses, or general frame content. ip.addr narrows traffic by who’s communicating, not by the protocol in use. tcp.port restricts by a specific TCP port, which misses traffic of the same protocol on different ports or traffic from other protocols using that port. frame contains data is a broad check on the frame payload and doesn’t target a specific protocol. Note that if the data is encrypted (like HTTPS), the http dissector may not apply, so the protocol-name filter won’t match those packets until decryption is available.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy