CertNexus Certified Cyber Secure Coder (CSC) — Question 84
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
Answer options
- A. # tcpdump -i eth0 host 88.143.12.123
- B. # tcpdump -i eth0 dst 88.143.12.123
- C. # tcpdump -i eth0 host 192.168.10.121
- D. # tcpdump -i eth0 src 88.143.12.123
Correct answer: B
Explanation
The correct answer is B because using 'dst' targets packets destined for the IP 88.143.12.123, effectively capturing the traffic from the other host. Options A and C would not capture all the necessary traffic between the hosts, as they filter by only one host instead of both. Option D only captures packets originating from 88.143.12.123, missing the other direction of communication.