nerdexam
Exams312-50V11Questions#799
EC-Council

312-50V11 · Question #799

312-50V11 Question #799: Real Exam Question with Answer & Explanation

The correct answer is A: tcptrace. tcptrace is the correct tool for analyzing TCP connection data from packet-capture files produced by tcpdump, WinDump, Wireshark, and EtherPeek.

Sniffing

Question

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

Options

  • Atcptrace
  • BNessus
  • COpenVAS
  • Dtcptraceroute

Explanation

tcptrace is the correct tool for analyzing TCP connection data from packet-capture files produced by tcpdump, WinDump, Wireshark, and EtherPeek.

Common mistakes.

  • B. Nessus is an active vulnerability scanner that probes live hosts for security weaknesses and has no capability to analyze offline packet-capture files.
  • C. OpenVAS is an open-source vulnerability assessment framework used to scan networks and hosts for known vulnerabilities, not to analyze packet-capture file formats.
  • D. tcptraceroute is a traceroute utility that uses TCP SYN packets to map network paths to a destination - it does not process or analyze existing capture files.

Concept tested. Packet-capture file analysis using tcptrace

Reference. http://tcptrace.org/manual.html

Topics

#tcptrace#packet capture analysis#tcpdump#network forensics

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice