Wireshark Interview Questions

1. You are required to monitor and display all incoming packets to a particular system from the IP address 192.168.1.1. What filter would you use ?

ip.src==192.168.1.1

2. You are required to monitor all packets on a switch port (A) from another port (B). How would you achieve the solution ?

Setup wireshark on port B and enable port mirroring on the switch to duplicate packets from port A to port B.

3. Which filter would you use to display destination broadcast frames

ether.dst==FF:FF:FF:FF:FF:FF


4. What is the command line tool for wireshark.

Tshark.

5. Which filter would you use to monitor HTTP Web requests

http.request.method==GET.

6. Which filter should be used to monitor packets originating from a DHCP Server.

udp.srcport==67.

7. Which filter would you use to monitor IP traffic between two systems on a network (192.168.1.1 and 192.168.1.2)

ip.src==192.168.1.1 && 192.168.1.2.

8. Which filter should be used to monitor IP packets containing ICMP protocol.

ip.proto==1

<