nerdexam
EC-Council

312-50V11 · Question #799

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

The correct answer is A. tcptrace. tcptrace is the correct tool for analyzing TCP connection data from packet-capture files produced by tcpdump, WinDump, Wireshark, and EtherPeek.

Sniffing

Question

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options

  • Atcptrace
  • BNessus
  • COpenVAS
  • Dtcptraceroute

How the community answered

(34 responses)
  • A
    94% (32)
  • B
    3% (1)
  • D
    3% (1)

Why each option

tcptrace is the correct tool for analyzing TCP connection data from packet-capture files produced by tcpdump, WinDump, Wireshark, and EtherPeek.

AtcptraceCorrect

tcptrace is a TCP connection analysis utility specifically built to read and process packet-capture files from multiple tools including tcpdump, WinDump, Wireshark, and EtherPeek. It extracts TCP session statistics such as throughput, round-trip time, retransmissions, and window size from those capture files, making it the precise match for this use case.

BNessus

Nessus is an active vulnerability scanner that probes live hosts for security weaknesses and has no capability to analyze offline packet-capture files.

COpenVAS

OpenVAS is an open-source vulnerability assessment framework used to scan networks and hosts for known vulnerabilities, not to analyze packet-capture file formats.

Dtcptraceroute

tcptraceroute is a traceroute utility that uses TCP SYN packets to map network paths to a destination - it does not process or analyze existing capture files.

Concept tested: Packet-capture file analysis using tcptrace

Source: http://tcptrace.org/manual.html

Topics

#tcptrace#packet capture analysis#tcpdump#network forensics

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice