You are a network analyst tasked with investigating a suspected data exfiltration attempt. Which tcpdump command would you use to capture all packets from the IP address '192.168.1.100' and store the output in a file named 'capture.pcap'?
The correct tcpdump command syntax to capture packets from a specific IP address using the interface 'eth0' and save them to a file involves using the '-i' flag to specify the interface, the '-w' flag to specify the output file, and the 'host' keyword to filter traffic. The correct command is tcpdump -i eth0 -w capture.pcap host 192.168.1.100. This command ensures that packets are captured on the interface 'eth0', written to the file 'capture.pcap', and filtered by the specified IP address. Other commands either miss specifying the interface or use incorrect filters, leading to incomplete or incorrect packet captures.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is tcpdump and how does it work?
Open an interactive chat with Bash
What do the flags '-i' and '-w' mean in the tcpdump command?