Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 4

Which option creates a display filter on Wireshark on a host IP address or name?

Answer options

• A. ip.address == <address> or ip.network == <network>
• B. [tcp|udp] ip.[src|dst] port <port>
• C. ip.addr == <addr> or ip.name == <name>
• D. ip.addr == <addr> or ip.host == <host>

Correct answer: D

Explanation

The correct answer, D, accurately filters packets based on a host's IP address or hostname using the ip.addr and ip.host parameters. Option A is incorrect as it uses ip.network instead of ip.host, while option B is focused on TCP or UDP ports rather than host identification. Option C is also incorrect since it includes ip.name, which is not a standard filter in Wireshark.