Bird
0
0

A network forensic analyst wrote this command to capture packets:

medium📝 Analysis Q14 of 15
Cybersecurity - Digital Forensics
A network forensic analyst wrote this command to capture packets:
tcpdump -i eth0 -w capture.pcap

But the file capture.pcap is empty after running. What is the most likely error?
AThe file <code>capture.pcap</code> cannot be created on Windows
BThe command syntax is wrong
CThe interface name <code>eth0</code> is incorrect or inactive
Dtcpdump does not capture packets
Step-by-Step Solution
Solution:

  1. Step 1: Check the command syntax

    The command syntax is correct for capturing packets on interface eth0.

  2. Step 2: Consider interface issues

    If eth0 is wrong or inactive, no packets are captured, resulting in an empty file.

  3. Final Answer:

    The interface name eth0 is incorrect or inactive -> Option C

  4. Quick Check:

    Wrong interface = empty capture file [OK]
Quick Trick: Verify network interface name before capturing [OK]
Common Mistakes:
MISTAKES
  • Assuming syntax error without checking interface
  • Thinking tcpdump cannot capture packets
  • Ignoring OS differences but command is valid on Linux

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Advanced Threat Protection - Endpoint Detection and Response (EDR) - Quiz 15hard Compliance and Governance - Security policy development - Quiz 6medium Digital Forensics - Memory forensics basics - Quiz 15hard Digital Forensics - Mobile device forensics - Quiz 3easy Emerging Security Topics - IoT security challenges - Quiz 6medium Emerging Security Topics - Why security evolves with technology - Quiz 11easy Emerging Security Topics - Why security evolves with technology - Quiz 14medium Incident Response - Detection and analysis phase - Quiz 4medium Incident Response - Incident response lifecycle - Quiz 11easy Incident Response - Why incident response plans save organizations - Quiz 13medium