Which filter matches packets where IP is 1.1.1.1 and the TCP port is 80?

Study for the OSCP Linux Exam. Use our flashcards and multiple-choice questions to test your skills. Each query comes with detailed hints and explanations to enhance your preparedness. Get ready to conquer the exam!

Multiple Choice

Which filter matches packets where IP is 1.1.1.1 and the TCP port is 80?

Explanation:
Combining two criteria with and requires both conditions to be true for a packet to match. ip.addr == 1.1.1.1 selects packets where either the source or destination IP is 1.1.1.1. tcp.port == 80 selects TCP packets that use port 80 on either end. Together, they match packets that involve the IP 1.1.1.1 and have TCP port 80, i.e., HTTP traffic to or from that IP on port 80. The other forms are less precise: using or would allow packets that only meet one of the conditions, not both; using a generic port filter (port) would also include non-TCP traffic on port 80; and while synonyms like eq or && can work in some filters, the common, straightforward expression shown is the clearest and most widely supported.

Combining two criteria with and requires both conditions to be true for a packet to match. ip.addr == 1.1.1.1 selects packets where either the source or destination IP is 1.1.1.1. tcp.port == 80 selects TCP packets that use port 80 on either end. Together, they match packets that involve the IP 1.1.1.1 and have TCP port 80, i.e., HTTP traffic to or from that IP on port 80.

The other forms are less precise: using or would allow packets that only meet one of the conditions, not both; using a generic port filter (port) would also include non-TCP traffic on port 80; and while synonyms like eq or && can work in some filters, the common, straightforward expression shown is the clearest and most widely supported.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy