You need to create a file named DNSdata.cap from the existing capture file that contains only DNS-related data

You perform a security audit of a server named CRM1. You want to build a list of all DNS requests
that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1.
You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that
the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing
capture file that contains only DNS-related data. What should you do?

You perform a security audit of a server named CRM1. You want to build a list of all DNS requests
that are initiated by the server. You install the Microsoft Network Monitor 3.0 application on CRM1.
You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that
the size of the file is more than 1 GB. You need to create a file named DNSdata.cap from the existing
capture file that contains only DNS-related data. What should you do?

A.
Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.

B.
Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.

C.
Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.

D.
Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.

Explanation:
Below is a sample i created :
C:\Users\Administrator\Documents\Network Monitor 3\Captures>nmcap.exe /inputcapture
data.cap /capture
DNS /file dnsdata.cap
Network Monitor Command Line Capture (nmcap) 3.4.2350.0
Loading Parsers …
[INFO] sparser.npb:001.000 Successfully unserialized NPL parser ‘C:\ProgramData\
Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers\Profiles\64BAA24A-0AAD-44
e6-9846-3BE43D698FF6\sparser.npb. (0x83008006)
Saving info to: C:\Users\Administrator\Documents\Network Monitor 3\Captures\dnsdata.
cap – using circular buffer of size 20.00 MB.
ATTENTION: Conversations Enabled: consumes more memory (see Help for details)
Note: Process Filtering Enabled.
Exit by Ctrl+C
Processing | Received: 4045 Saved: 23 | Time: 0 seconds.
Closing generated capture files …
Completed | Received: 4045 Saved: 23 | Time: 0 seconds.
C:\Users\Administrator\Documents\Network Monitor 3\Captures>\
‘\’ is not recognized as an internal or external command,
operable program or batch file.



Leave a Reply 0

Your email address will not be published. Required fields are marked *