Complete the code to start capturing packets on the default network interface in Wireshark.
wireshark -i [1]The -i eth0 option tells Wireshark to capture packets on the eth0 network interface, which is commonly used as the default.
Complete the command to capture only TCP packets using a capture filter in Wireshark.
wireshark -f "[1]"
The capture filter tcp limits the capture to TCP packets only.
Fix the error in the command to save captured packets to a file named capture.pcap.
wireshark -w [1]The -w option saves the capture to a file, which should have the .pcap extension for packet capture files.
Fill both blanks to create a display filter that shows only HTTP traffic from source IP 192.168.1.10.
http && ip.src == [1] && [2]
The filter ip.src == 192.168.1.10 selects packets from that source IP, and tcp.port == 80 filters HTTP traffic which uses TCP port 80.
Fill all three blanks to create a capture filter that captures only ICMP packets from network 10.0.0.0/24 excluding broadcast address.
icmp and src net [1] and not dst host [2] and not dst host [3]
The filter captures ICMP packets from the 10.0.0.0/24 network, excluding the broadcast addresses 10.0.0.255 and 255.255.255.255.