CompTIA Security+ (SY0-601) — Question 473

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

Answer options

• A. Nmap
• B. cURL
• C. Netcat
• D. Wireshark

Correct answer: D

Explanation

Wireshark is specifically designed for analyzing pcap files, making it the most suitable choice for the analyst's needs. Nmap is primarily used for network discovery and security auditing, cURL is used for transferring data with URLs, and Netcat is a networking utility for reading from and writing to network connections, none of which are intended for pcap analysis.