312-50V11 · Question #799
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
The correct answer is A. tcptrace. tcptrace is the correct tool for analyzing TCP connection data from packet-capture files produced by tcpdump, WinDump, Wireshark, and EtherPeek.
Question
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
Options
- Atcptrace
- BNessus
- COpenVAS
- Dtcptraceroute
How the community answered
(34 responses)- A94% (32)
- B3% (1)
- D3% (1)
Why each option
tcptrace is the correct tool for analyzing TCP connection data from packet-capture files produced by tcpdump, WinDump, Wireshark, and EtherPeek.
tcptrace is a TCP connection analysis utility specifically built to read and process packet-capture files from multiple tools including tcpdump, WinDump, Wireshark, and EtherPeek. It extracts TCP session statistics such as throughput, round-trip time, retransmissions, and window size from those capture files, making it the precise match for this use case.
Nessus is an active vulnerability scanner that probes live hosts for security weaknesses and has no capability to analyze offline packet-capture files.
OpenVAS is an open-source vulnerability assessment framework used to scan networks and hosts for known vulnerabilities, not to analyze packet-capture file formats.
tcptraceroute is a traceroute utility that uses TCP SYN packets to map network paths to a destination - it does not process or analyze existing capture files.
Concept tested: Packet-capture file analysis using tcptrace
Source: http://tcptrace.org/manual.html
Topics
Community Discussion
No community discussion yet for this question.