SNCF — Securing Networks with Firepower — Question 132

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192.168.100.100 has the MAC address of 1234.5678.901 to help troubleshoot a connectivity issue. What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?

Answer options

• A. -w capture.pcap -s 1518 host 192.168.100.100 ether
• B. -w capture.pcap -s 1518 host 192.168.100.100 mac
• C. -nm src 192.168.100.100
• D. -ne src 192.168.100.100

Correct answer: D

Explanation

The correct answer is D because the '-ne' option will display the link-layer header, which includes the MAC address in the output. Options A and B do not include the necessary flags for showing the MAC address in the output. Option C is incorrect as it does not use the appropriate syntax to capture MAC addresses.