nerdexam
Exams210-255Questions#33
Cisco

210-255 · Question #33

210-255 Question #33: Real Exam Question with Answer & Explanation

The correct answer is D: ip.addr == <addr> or ip.host == <host>. Wireshark display filters use ip.addr to match by IP address and ip.host to match by resolved hostname.

Question

Which option creates a display filter on Wireshark on a host IP address or name?

Options

  • Aip.address == <address> or ip.network == <network>
  • B[tcp|udp] ip.[src|dst] port <port>
  • Cip.addr == <addr> or ip.name == <name>
  • Dip.addr == <addr> or ip.host == <host>

Explanation

Wireshark display filters use ip.addr to match by IP address and ip.host to match by resolved hostname.

Common mistakes.

  • A. ip.address and ip.network are not valid Wireshark display filter field names; the correct field for address matching is ip.addr.
  • B. This syntax resembles tcpdump capture filter syntax focused on ports, not a Wireshark display filter for filtering by host address or name.
  • C. ip.name is not a valid Wireshark display filter field; the correct field for hostname-based filtering is ip.host.

Concept tested. Wireshark display filter syntax for host identification

Reference. https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice