Which tool is command-line based for capturing packets?

Elevate your cybersecurity career with the EC-Council Certified Ethical Hacker (CEH) v13 exam. Master essential concepts with multiple choice flashcards and detailed explanations. Achieve success in ethical hacking!

Multiple Choice

Which tool is command-line based for capturing packets?

Explanation:
Command-line packet capture means intercepting traffic directly from a network interface in text mode, without a graphical interface. tcpdump is the classic tool for this: a pure CLI utility that captures packets on a chosen interface, lets you filter with BPF syntax to limit what you record, and can print summaries or save the data in a pcap file for later analysis. This makes it ideal for quick, scriptable captures in a terminal. Wireshark is primarily GUI-based (though it has a CLI companion), NTP is a time synchronization protocol, and cloud-based detection is a remote service, not a local packet capture utility.

Command-line packet capture means intercepting traffic directly from a network interface in text mode, without a graphical interface. tcpdump is the classic tool for this: a pure CLI utility that captures packets on a chosen interface, lets you filter with BPF syntax to limit what you record, and can print summaries or save the data in a pcap file for later analysis. This makes it ideal for quick, scriptable captures in a terminal. Wireshark is primarily GUI-based (though it has a CLI companion), NTP is a time synchronization protocol, and cloud-based detection is a remote service, not a local packet capture utility.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy