EC-Council Certified Security Analyst (ECSA v8) — Question 5
Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?
Answer options
- A. Tcpdump
- B. Capinfos
- C. Tshark
- D. Idl2wrs
Correct answer: B
Explanation
The correct answer is C. Tshark is the command-line version of Wireshark that is specifically designed for capturing live packets or analyzing saved capture files. A (Tcpdump) is another packet capture tool but not directly related to Wireshark, B (Capinfos) is a tool for analyzing capture file statistics, and D (Idl2wrs) is not a recognized tool in this context.