CS0-003 Question #200: Real Exam Question with Answer & Explanation

The correct answer is C: tcpdump -n -r packets.pcap host [IP address]. tcpdump is a command-line tool that can capture and analyze network packets from a given interface or file. The -n option prevents tcpdump from resolving hostnames, which can speed up the analysis. The -r option reads packets from a file, in this case packets.pcap. The host [IP a

Submitted by hans_de· Mar 6, 2026Security Operations

Question

A security analyst is trying to detect connections to a suspicious IP address by collecting the packet captures from the gateway. Which of the following commands should the security analyst consider running?

Options

Agrep [IP address] packets.pcap
Bcat packets.pcap | grep [IP Address]
Ctcpdump -n -r packets.pcap host [IP address]
Dstrings packets.pcap | grep [IP Address]

Explanation

tcpdump is a command-line tool that can capture and analyze network packets from a given interface or file. The -n option prevents tcpdump from resolving hostnames, which can speed up the analysis. The -r option reads packets from a file, in this case packets.pcap. The host [IP address] filter specifies that tcpdump should only display packets that have the given IP address as either the source or the destination. This command can help the security analyst detect connections to a suspicious IP address by collecting the packet captures from the gateway.

Topics

#packet capture#tcpdump#network traffic analysis#suspicious IP

Community Discussion

No community discussion yet for this question.

Full CS0-003 Practice Browse All CS0-003 Questions