Cisco
210-255 · Question #18
210-255 Question #18: Real Exam Question with Answer & Explanation
The correct answer is D: gateway host <host>. The LibPCAP 'gateway host' primitive filters packets where the named host acted as a Layer 3 gateway by matching its MAC address in the Ethernet header but not its IP in the network header.
Question
Which option filters a LibPCAP capture that used a host as a gateway?
Options
- Atcp|udp] [src|dst] port <port>
- B[src|dst] net <net> [{mask <mask>}|{len <len>}]
- Cether [src|dst] host <ehost>
- Dgateway host <host>
Explanation
The LibPCAP 'gateway host' primitive filters packets where the named host acted as a Layer 3 gateway by matching its MAC address in the Ethernet header but not its IP in the network header.
Common mistakes.
- A. The tcp|udp [src|dst] port syntax filters by transport-layer port number and has no logic to detect whether a host acted as a routing gateway.
- B. The [src|dst] net syntax filters by the IP network address of the source or destination endpoint, not by the intermediate gateway that forwarded the packet.
- C. The ether [src|dst] host syntax matches only on Ethernet MAC address and does not apply the combined Ethernet-versus-IP comparison required to isolate gateway-forwarded traffic.
Concept tested. LibPCAP gateway host capture filter syntax
Reference. https://www.tcpdump.org/manpages/pcap-filter.7.html
Community Discussion
No community discussion yet for this question.