CompTIA CySA+ (CS0-002) — Question 267

During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call that originated from the suspicious IP address. Which of the following should the analyst use to accomplish this task?

Answer options

• A. Wireshark
• B. iptables
• C. Tcp dump
• D. Net flow

Correct answer: A

Explanation

Wireshark is the most suitable tool for analyzing network packets, including VoIP calls, as it provides detailed insights into the packet structure and content. The other options, such as iptables, are primarily used for firewall rules, Tcp dump is a command-line packet analyzer that lacks the user-friendly interface of Wireshark, and Net flow focuses on flow data rather than packet contents, making them less effective for this specific task.