A security analyst suspects that an internal machine is participating in a Distributed Denial-of-Service (DDoS) attack. To confirm this, they decide to capture the traffic from the suspected machine. Using tcpdump, which command should the analyst execute to capture all traffic to and from the machine with the IP address 192.168.1.105?
The correct answer is tcpdump host 192.168.1.105, as it specifies the tcpdump command to capture all the packets where either the source or destination IP address is 192.168.1.105. The other options are incorrect: Answer B won't work because it only captures packets with port 80, which may not include all relevant traffic for a DDoS. Answer C would not execute because it has a syntax error with an unnecessary dash. Answer D filters traffic by a specific subnet and not the traffic of a single host.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is tcpdump and how does it work?
Open an interactive chat with Bash
What is a DDoS attack and how is it executed?
Open an interactive chat with Bash
What are IP addresses and why are they important in networking?