What is Network Traffic Analysis in Cybersecurity?

Last Updated :
Discuss
Comments

Question 1

What is the main difference between a capture filter and a display filter in Wireshark?

  • Capture filters are faster; display filters are slower

  • Capture filters are applied before/while capturing packets; display filters are applied after capture on saved data

  • Display filters change packet contents; capture filters do not

  • Display filters work only on live capture

Discuss it

Question 2

In the display filter bar, what does a green background indicate?

  • The filter is invalid

  • The filter is syntactically correct and accepted

  • The filter will capture but not display

  • No packets match the filter

Discuss it

Question 3

Which display filter would show only packets with a source IPv4 address of 192.168.0.5 and length greater than 1500 bytes?

  • ip.src = 192.168.0.5 && frame.len > 1500

  • ip.src == 192.168.0.5 and frame.len > 1500

  • ip.addr == 192.168.0.5 or frame.len > 1500

  • ip.src != 192.168.0.5 and frame.len < 1500

Discuss it

Question 4

Which operator would you use to select packets where the HTTP method is either GET or HEAD?

  • http.request.method == "GET" or "HEAD"

  • http.request.method in {"GET","HEAD"}

  • http.request.method == {"GET","HEAD"}

  • http.request.method && "GET","HEAD"

Discuss it

Question 5

What does the slice expression eth.src[0:3] == 00:00:83 do in a display filter?

  • Compares the last 3 bytes of the Ethernet source to 00:00:83

  • Checks if the Ethernet payload starts with 00:00:83

  • Compares the first 3 bytes of the Ethernet source address to 00:00:83

  • Counts how many frames have that source MAC

Discuss it

There are 5 questions to complete.

Take a part in the ongoing discussion