CompTIA PenTest+ (PT0-002) — Question 42

A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?

Answer options

• A. Nmap
• B. Wireshark
• C. Metasploit
• D. Netcat

Correct answer: B

Explanation

Wireshark is specifically designed for analyzing packet captures, making it the best choice for examining a .pcap file for credentials. Nmap is used for network discovery and security auditing, while Metasploit is a penetration testing framework, and Netcat is a networking utility, neither of which are suitable for directly analyzing .pcap files.