Basic operation of windump just requires that you type windump but you will notice that it's a
Question:
Basic operation of windump just requires that you type "windump" but you will notice that it's a little laggy as by default it does DNS lookups. To kill it, press the break key combination of "CTRL+C" (it may take a few times / seconds to kill it). Confirm that each of your commands works by running it.
Add the option to suppress name resolution. What is it?
Add the option to specify interface 1. What is it?
Add the option that will print the data of each packet (minus its link level header) in hex and ASCII. What is it?
Add the option to set the "snaplen" to 1514 bytes. What is it?
Add the option to write the output to the file packets.dmp. What is the complete command to do so?
Figure out how to read the file packets.dmp. What is the complete command to do so?
There are built in filters (primitives) to look for specific protocols. What is the option that just shows the address resolution protocol?
What is the option that just shows the user datagram protocol?
What is the option that just shows the transmission control protocol?
What is the option that just shows the internet control message protocol?
You can specify ports. What command will look for only TCP traffic to or from port 80?
You can specify networks with the net primitive. What filter will look for traffic to or from 10.10.2.0 with a mask of 255.255.255.0?
The word not can be used to screen out certain things from capture. What command will capture traffic that is not on TCP port 22443?
Multiple conditional statements can be chained by using logical operators for negation (`!' or `not'), concatenation (`&&' or `and'), or alternation (`||' or `or'). What command will look for traffic to or from the network 10.10.2.0 with a mask of 255.255.255.0 and not on port 22443?