nerdexam
Exams210-255Questions#114
Cisco

210-255 · Question #114

210-255 Question #114: Real Exam Question with Answer & Explanation

The correct answer is A: [src|dst] host <host host >. In Berkeley Packet Filter syntax used by tcpdump and Wireshark, the 'host' primitive with an optional src or dst qualifier filters traffic by IP address or hostname.

Network Intrusion Analysis

Question

Which expression creates a filter on a host IP address or name?

Options

  • A[src|dst] host <host host >
  • B[tcp|udp] [src|dst] port<port>
  • Cether [src|dst] host<ehost>
  • Dgateway host <host>

Explanation

In Berkeley Packet Filter syntax used by tcpdump and Wireshark, the 'host' primitive with an optional src or dst qualifier filters traffic by IP address or hostname.

Common mistakes.

  • B. This expression filters by TCP or UDP port number using the port primitive, not by IP address or hostname.
  • C. The 'ether host' primitive filters on Layer 2 Ethernet MAC addresses, not on Layer 3 IP addresses or hostnames.
  • D. The 'gateway host' primitive matches packets that were routed through a specific intermediate host, which tests routing path rather than source or destination identity.

Concept tested. BPF pcap filter syntax for host-based capture

Reference. https://www.tcpdump.org/manpages/pcap-filter.7.html

Topics

#BPF filter#tcpdump#packet capture#host filter syntax

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice