CompTIA Linux+ (XK0-004) — Question 288

A junior systems administrator needs to make a packet capture file that will only capture HTTP protocol data to a file called test.pcap.
Which of the following commands would allow the administrator to accomplish this task?

Answer options

• A. netcat -p 80 -w test.pcap
• B. tshark -r test.pcap -o http
• C. tcpdump -i eth0 port 80 -r test.pcap
• D. tcpdump -i eth0 port 80 -w test.pcap

Correct answer: B

Explanation

The correct answer is D because it uses tcpdump to capture packets on interface eth0 specifically for port 80 (HTTP) and writes the output to test.pcap. Option A is incorrect as netcat does not create a capture file in the desired format. Option B is wrong because it attempts to read a file rather than capture packets. Option C incorrectly uses the '-r' option, which is for reading files, not capturing data.