Certified Ethical Hacker (CEH) — Question 111

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

Answer options

• A. tcp.src == 25 and ip.host == 192.168.0.125
• B. host 192.168.0.125:25
• C. port 25 and host 192.168.0.125
• D. tcp.port == 25 and ip.host == 192.168.0.125

Correct answer: D

Explanation

The correct answer is D because it accurately specifies that traffic should be filtered based on TCP port 25 and the IP address of 192.168.0.125. Option A incorrectly uses 'tcp.src' which does not capture both directions of traffic. Option B does not use the appropriate syntax for filtering TCP traffic, and option C fails to specify that it is TCP traffic on port 25.