GIAC Certified Incident Handler (GCIH) — Question 124
What does the term any instruct tcpdump to capture in the following command?
tcpdump -A -i any 'port 21 && host 192.168.100.1'
Answer options
- A. Network Interface
- B. IP address
- C. Port
- D. Protocol
Correct answer: A
Explanation
'any' tells tcpdump to listen on all available network interfaces, allowing it to capture packets from multiple sources. The other options refer to specific elements of network communication: 'IP address' identifies a device, 'Port' refers to the endpoint of communication, and 'Protocol' defines the type of communication, none of which pertain to the scope of 'any'.