Wireshark is a popular tool used in cybersecurity. What is its main purpose?
Think about what Wireshark does with data moving through a network.
Wireshark captures network packets and allows users to inspect their contents to understand network behavior and troubleshoot issues.
You want to view only web traffic using Wireshark. Which display filter should you apply?
HTTP usually uses a specific TCP port number.
HTTP traffic typically uses TCP port 80, so filtering by tcp.port == 80 shows only HTTP packets.
In Wireshark's capture summary, what does the 'No. of packets' column indicate?
Consider what the summary shows before applying any filters.
The 'No. of packets' column shows the total packets captured during the session, regardless of filters.
During a capture, you notice some expected packets are missing. What is a likely reason?
Think about how network interfaces receive packets not addressed to them.
If the interface is not in promiscuous mode, it only captures packets addressed to it, missing others on the network.
Choose the option that accurately describes the difference between capture filters and display filters in Wireshark.
Consider when each filter type is applied in the capture process.
Capture filters decide which packets are recorded during capture, reducing file size. Display filters only change what is shown after capture without removing packets.