Which filter shows all TCP and ICMP packets?

Study for the OSCP Linux Exam. Use our flashcards and multiple-choice questions to test your skills. Each query comes with detailed hints and explanations to enhance your preparedness. Get ready to conquer the exam!

Multiple Choice

Which filter shows all TCP and ICMP packets?

Explanation:
Using a logical OR to combine simple protocol checks is the way to show all TCP and ICMP packets. One check matches TCP packets, the other matches ICMP packets. By combining them with OR, a packet passes if it is either TCP or ICMP, so you see every packet of those two protocols. If you used AND, you’d require a packet to be both TCP and ICMP at the same time, which doesn’t happen, so that would yield nothing. If you used TCP with AND NOT ICMP, you’d end up filtering to TCP packets only and explicitly excluding ICMP, which misses ICMP traffic entirely. The form with an alternative OR symbol (like ||) can work in some tools, but the clear, standard way is to use or.

Using a logical OR to combine simple protocol checks is the way to show all TCP and ICMP packets. One check matches TCP packets, the other matches ICMP packets. By combining them with OR, a packet passes if it is either TCP or ICMP, so you see every packet of those two protocols.

If you used AND, you’d require a packet to be both TCP and ICMP at the same time, which doesn’t happen, so that would yield nothing. If you used TCP with AND NOT ICMP, you’d end up filtering to TCP packets only and explicitly excluding ICMP, which misses ICMP traffic entirely. The form with an alternative OR symbol (like ||) can work in some tools, but the clear, standard way is to use or.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy