nerdexam
ExamsXK0-005Questions#1232
CompTIACompTIA

XK0-005 · Question #1232

XK0-005 Question #1232: Real Exam Question with Answer & Explanation

The correct answer is D: tcpdump -i eth0 port 80 -w test.pcap. To capture only HTTP protocol data and save it to a pcap file, tcpdump with a port filter and write option is the correct command.

System Management

Question

A junior systems administrator needs to make a packet capture file that will only capture HTTP protocol data to a file called test.pcap. Which of the following commands would allow the administrator to accomplish this task?

Options

  • Anetcat -p 80 -w test.pcap
  • Btshark -r test.pcap -o http
  • Ctcpdump -i eth0 port 80 -r test.pcap
  • Dtcpdump -i eth0 port 80 -w test.pcap

Explanation

To capture only HTTP protocol data and save it to a pcap file, tcpdump with a port filter and write option is the correct command.

Common mistakes.

  • A. netcat is a networking utility for reading/writing data across connections, not for capturing raw packets to a pcap file.
  • B. tshark -r test.pcap -o http is used to read and analyze an existing pcap file, not to capture live traffic, and -o sets preferences, not a capture filter.
  • C. tcpdump -i eth0 port 80 -r test.pcap uses -r to read from a pcap file, not to capture live traffic and write to one.

Concept tested. Packet capture with tcpdump

Reference. https://www.tcpdump.org/manpages/tcpdump.1.html

Topics

#Packet Capture#tcpdump#Network Monitoring#Command-line Tools

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XK0-005 PracticeBrowse All XK0-005 Questions