Computer Hacking Forensic Investigator (CHFI v10) — Question 608

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?

Answer options

• A. src port 23 and dst port 23
• B. udp port 22 and host 172.16.28.1/24
• C. net port 22
• D. src port 22 and dst port 22

Correct answer: C

Explanation

The correct answer is C, 'net port 22', because SFTP operates over SSH, which uses port 22 for both incoming and outgoing traffic. The other options specify incorrect ports or protocols that do not pertain to SFTP traffic, making them unsuitable for George's needs.