TOP WIRESHARK INTERVIEW QUESTIONS AND ANSWERS EXPLAINED.
1. You are required to monitor all incoming packets from the ip address 192.168.1.1 on a particular system. Which wireshark filter would you use.
All incoming packets would contain the source IP address as 192.168.1.1. The following filter is applied to filter the appropriate packets
2. Which filter would you use to monitor ping packets on a network using wireshark
ping uses icmp protocol. So the filter icmp is used to monitor ping packets.
3. Does wireshark work on both Windows and Linux
4. Which protocol should you use to filter all web traffic
5. What is the name of the command line of wireshark
6. You are required to setup wireshark to monitor all packets on a particular switch port. Which feature on the switch would you use.
7. Name one alternative to wireshark which you have used
8. A user raises a ticket stating that he is unable to access any websites, but is able to ping any IP address on the internet. How would you use wireshark to identify the problem.
Setup wireshark on the users system. Check if DNS packets are sent from the PC, when browsing is initiated. Check if DNS resolution is working by verifying DNS request and reply messages. Browsing issues are normally caused due to DNS resolution problems.
9. You are unable to ping a particular PC on the network. You would want to check if the ping is blocked by a firewall on the PC. How can you do it with wireshark
When a ping is initiated, a ping reply should be received. If the ping response is not received, a firewall could be blocking it. To check, icmp reply packets should be filtered on wireshark.