nerdexam
GIAC

GCED · Question #5

GCED Question #5: Real Exam Question with Answer & Explanation

The correct answer is B. Follow TCP Stream. Follow TCP Stream is a feature of Wireshark that allows the analysis of a single TCP conversation between two hosts over multiple packets. Filtering packets using tcp in the filter box will return all TCP packets, not grouping by a single TCP conversation. HTTP is TCP not UDP, so

Question

What feature of Wireshark allows the analysis of one HTTP conversation?

Options

  • AFollow UDP Stream
  • BFollow TCP Stream
  • CConversation list > IPV4
  • DSetting a display filter to `tcp'

Explanation

Follow TCP Stream is a feature of Wireshark that allows the analysis of a single TCP conversation between two hosts over multiple packets. Filtering packets using tcp in the filter box will return all TCP packets, not grouping by a single TCP conversation. HTTP is TCP not UDP, so you cannot follow a HTTP stream over UDP.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice