Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 122

Which of the following packets saved in the file pingout.pcap would be returned with the following Berkley Packet Filters? tcpdump -nn -r pingout.pcap `˜icmp and (dst host 8.8.8.8)'

09:31:00.928389 IP 192.168.1.14.63263 > 8.8.8.8.33595: UDP, length 24

08:54:07.451392 IP 8.8.8.8 > 192.168.1.14: ICMP echo reply, id 36234, seq 3, length 64

09:06:09.085200 IP 192.168.1.14.49655 > 8.8.8.8.22: Flags [S], seq 2144394082, win 65535, options [mss 1460,sackOK,eol], length 0

08:54:07.424996 IP 192.168.1.14 > 8.8.8.8: ICMP echo request, id 36234, seq 3, length 64

Correct Answer: D

The Berkley Packet Filter (tcpdump) specified is looking for ICMP packets where the destination host is 8.8.8.8. Option D captures an ICMP echo request where the destination IP address is 8.8.8.8, which aligns perfectly with the filter criteria. The other options either pertain to different protocols (UDP, TCP) or have different source/destination IP addresses that do not match the filter requirements.

Discussion

straleOption: D

Okay, so filters are ICMP protocol and destination IP address 8.8.8.8 A - protocols is UDP, so not correct B - 8.8.8.8 is source IP address, so not correct C - Flags [S] indicates that this is a TCP SYN flag, which means that protocol is TCP, so not correct D - protocol is ICMP and destination IP address is 8.8.8.8 - CORRECT