Adam, a malicious hacker, is sniffing an unprotected Wi-FI network located in a local store with
Wireshark to capture hotmail e-mail traffic. He knows that lots of people are using their laptops for
browsing the Web in the store. Adam wants to sniff their e-mail messages traversing the
unprotected Wi-Fi network. Which of the following Wireshark filters will Adam configure to display
only the packets with hotmail email messages?
A.
(http = “login.pass.com”) && (http contains “SMTP”)
B.
(http contains “email”) && (http contains “hotmail”)
C.
(http contains “hotmail”) && (http contains “Reply-To”)
D.
(http = “login.passport.com”) && (http contains “POP3”)
Explanation:
Adam will use (http contains “hotmail”) && (http contains “Reply-To”) filter to display only the
packets with hotmail email messages. Each Hotmail message contains the tag Reply-To: and
“xxxx-xxx- xxx.xxxx.hotmail.com” in the received tag. Wireshark is a free packet sniffer computer
application. It is used for network troubleshooting, analysis, software and communications protocol
development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end,
and many more information sorting and filtering options. It allows the user to see all traffic being
passed over the network (usually an Ethernet network but support is being added for others) by
putting the network interface into promiscuous mode.Wireshark uses pcap to capture packets, so
it can only capture the packets on the networks supported by pcap. It has the following features:
Data can be captured “from the wire” from a live network connection or read from a file that
records the already-captured packets. Live data can be read from a number of types of network,
including Ethernet, IEEE 802.11, PPP, and loopback. Captured network data can be browsed via
a GUI, or via the terminal (command line) version of the utility, tshark. Captured files can be
programmatically edited or converted via command-line switches to the “editcap” program. Data
display can be refined using a display filter. Plugins can be created for dissecting new protocols.
Answer options B, A, and D are incorrect. These are invalid tags.
(http contains “hotmail”) && (http contains “Reply-To”)