A security analyst is trying to capture network traffic in a web server that is suspected of using the DNS service for exfiltrating information out of the network. The server usually transfers several gigabytes of data per day, and the analyst wants the size of the capture to be as reduced as possible. Which of the following commands should the analyst use to achieve such goals?
tcpdump tcp port 53 -i eth0 -w evidence1.pcap
tcpdump udp port 53 -i eth0 -w evidence1.pcap
tcpdump port 53 -i eth0 -w evidence1.pcap
tcpdump -i eth0 -w evidence1.pcap
The command used for the above said purpose is:
tcpdump port53 -i etho -w evidence1.pcap
Here the security analyst is trying to capture the network traffic,captured one will saved in evidence1.pcap here. etho defines the interface.Port53 describes the DNS port(analyst wish to see if any DNS service is using ).We have to execute command with -w option since analyst have to save the captured file for analysing.By using the option -i, it will capture the packets from a single defined interface.
Get Answers For Free
Most questions answered within 1 hours.