A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
To capture traffic specifically between two hosts, the correct command would involve specifying both hosts in the tcpdump filter. The command 'tcpdump -i eth0 host 88.143.12.123' will capture all traffic to and from 88.143.12.123. Since tcpdump interprets 'host' as capturing traffic where either the source or destination matches the given IP address, and considering that the command is issued from the host 192.168.10.121, it ensures that all interactions between 192.168.10.121 and 88.143.12.123 are captured.
At a glance, none of the options seems exactly right, providing only partially useful output. Given the limitations of the provided options, we must think critically about the assumptions inherent in the question. In order for any of the answers to be correct, we must assume that the command is being issued from one of the identified hosts. Since "A Linux system administrator found suspicious activity on host IP 192.168.10.121", given the IP structure of the two hosts, we should assume the administrator is issuing the command from the host ending in 121. In this context, the correct answer would be: A. # tcpdump -i eth0 host 88.143.12.123 When this command is issued from host 121 (192.168.10.121), it instructs tcpdump to capture traffic where the specified host (88.143.12.123) is either the source or destination. Essentially, it will capture all traffic involving communication between host 121 and the remote host 88.143.12.123.
The answer is C. So, while option C captures traffic involving 192.168.10.121, it doesn't specifically isolate the traffic between the two hosts.