A tester observes suspicious traffic in a lab network. Wireshark is installed on the workstation, but the server involved has no graphical environment. Which course of action will gather and inspect live traffic on that server?
Enumerate each open port on the system using a scanning approach
Redirect traffic to a remote aggregator for log collection
Use a password cracker to attempt attacks against stored credentials
Run a console sniffer that examines raw network data from an interface
A console-based sniffer is effective for looking at data streams in real time. Enumerating ports shows what is open but does not expose the payloads traversing those ports. Password cracking utilities identify weak credentials but do not capture actual packets. Redirecting traffic to an external aggregator might provide logs, yet it does not allow on-the-spot packet analysis from the local host.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a console-based sniffer and how does it work?
Open an interactive chat with Bash
How does packet capturing differ from port enumeration?
Open an interactive chat with Bash
What are the limitations of redirecting traffic to a remote aggregator?