![]() I answered question 5 correctly so I think I'm on the right track and I've done all the other Wireshark labs with similar filters and haven't had any problems with percentages. I've tried other variations too, total packets 10594 and displayed is 86 so i've tried. This filter also avoids any potential problems with whether name resolution is enabled or not, as ip.host isn't necessarily guaranteed to match '\.152' if name resolution is enabled. I used the filter (http.request or = 1 or tcp.flags eq 0x0002) and !(tcp.port eq 25)Ĩ% is displayed in the bottom right but it won't accept my answer. The filter uses the slice operator to isolate the 1st and 4th bytes of the source and destination IP address fields. What percentage of results are then displayed in the capture? ![]() Now take the filter used in the previous question, and add an OR expression which filters by (.tcp flags equal to 0x0002) and a further expression which filters by packets NOT from (tcp port 25). I've tried other variations too, total packets 10594 and displayed is 37 so i've tried. I used the filter (http.request or = 1) stated in the question itself and 3% is displayed in the bottom right but it won't accept my answer. ![]() Display traffic with source or destination port as 443. From the PCAP provided, apply a filter to display all web traffic (http.request or = 1). Here is the Wireshark top 17 display filters list, which I have used mostly by analyzing network traffic. I cannot get the answer to questions 3 or 5 and I don't know what I'm doing wrong.ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |