Certified Incident Handler (ECIH v3) — Question 57
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:
Answer options
- A. Snort
- B. Wireshark
- C. Cain & Able
- D. nmap
Correct answer: B
Explanation
The correct answer is Wireshark, which is specifically designed for TCP/IP protocol analysis and packet capture. Snort is primarily an intrusion detection system, Cain & Able is a password recovery tool, and nmap is a network scanning tool, none of which serve the same purpose as Wireshark.