wireshark interview questions and answers

TOP WIRESHARK INTERVIEW QUESTIONS AND ANSWERS EXPLAINED.

1. You are required to monitor all incoming packets from the ip address 192.168.1.1 on a particular system. Which wireshark filter would you use.

All incoming packets would contain the source IP address as 192.168.1.1. The following filter is applied to filter the appropriate packets

ip.src==192.168.1.1

2. Which filter would you use to monitor ping packets on a network using wireshark

ping uses icmp protocol. So the filter icmp is used to monitor ping packets.

3. Does wireshark work on both Windows and Linux

Yes

4. Which protocol should you use to filter all web traffic

https

5. What is the name of the command line of wireshark

tshark

6. You are required to setup wireshark to monitor all packets on a particular switch port. Which feature on the switch would you use.

port mirroring

7. Name one alternative to wireshark which you have used

tcpdump

8. A user raises a ticket stating that he is unable to access any websites, but is able to ping any IP address on the internet. How would you use wireshark to identify the problem.

Setup wireshark on the users system. Check if DNS packets are sent from the PC, when browsing is initiated. Check if DNS resolution is working by verifying DNS request and reply messages. Browsing issues are normally caused due to DNS resolution problems.

9. You are unable to ping a particular PC on the network. You would want to check if the ping is blocked by a firewall on the PC. How can you do it with wireshark

When a ping is initiated, a ping reply should be received. If the ping response is not received, a firewall could be blocking it. To check, icmp reply packets should be filtered on wireshark.

——————————————————————————————————————
Click here to check out our 250 Network and Security administrator interview questions and answers Ebook on Amazon
—————————————————————————————————————–