You perform a security audit of a server named CRM1. You want to build a list of all DNS requests that are initiated by the server.
You install the Microsoft Network Monitor 3.0 application on CRM1. You capture all local traffic on CRM1 for 24 hours. You save the capture file as data.cap. You find that the size of the file is more than 1 GB.
You need to create a file named DNSdata.cap from the existing capture file that contains only DNSrelated data.
What should you do?
A.
Apply the display filter !DNS and save the displayed frames as a DNSdata.cap file.
B.
Apply the capture filter DNS and save the displayed frames as a DNSdata.cap file.
C.
Add a new alias named DNS to the aliases table and save the file as DNSdata.cap.
D.
Run the nmcap.exe /inputcapture data.cap /capture DNS /file DNSdata.cap command.
Explanation:
Below is a sample i created :
C:UsersAdministratorDocumentsNetwork Monitor 3Captures>nmcap.exe /inputcapture data.cap /capture DNS /file dnsdata.cap
Network Monitor Command Line Capture (nmcap) 3.4.2350.0
Loading Parsers …
[INFO] sparser.npb:001.000 Successfully unserialized NPL parser ‘C:ProgramData
MicrosoftNetwork Monitor 3NPLNetworkMonitor ParsersProfiles64BAA24A-0AAD-44
e6-9846-3BE43D698FF6sparser.npb. (0x83008006)
Saving info to: C:UsersAdministratorDocumentsNetwork Monitor 3Capturesdnsdata.
cap – using circular buffer of size 20.00 MB.
ATTENTION: Conversations Enabled: consumes more memory (see Help for details)
Note: Process Filtering Enabled.
Exit by Ctrl+C
Processing | Received: 4045 Saved: 23 | Time: 0 seconds.
Closing generated capture files …
Completed | Received: 4045 Saved: 23 | Time: 0 seconds.
C:UsersAdministratorDocumentsNetwork Monitor 3Captures>
” is not recognized as an internal or external command,
operable program or batch file.