Free Preparation Discussions
MENU
HP Exam HPE7-A02 Topic 1 Question 6 Discussion
Topic #: 1
Refer to the exhibit.
The exhibit shows a saved packet capture, which you have opened in Wireshark. You want to focus on the complete conversation between 10.1.70.90 and 10.1.79.11 that uses source port 5448.
What is a simple way to do this in Wireshark?
Wireshark: Follow TCP Stream:
Wireshark provides an intuitive feature to filter and display a complete TCP conversation.
By right-clicking any packet within the conversation and selecting 'Follow TCP Stream', Wireshark isolates and displays the entire conversation.
This feature allows you to view the communication in a simplified, sequential manner, including requests and responses.
Option Analysis:
Option A: Incorrect. Capture filters only apply during packet capturing, not for analyzing already saved packet captures.
Option B: Incorrect. Sorting packets helps with organizing data but does not isolate a complete conversation.
Option C: Incorrect. A capture filter for TCP port 5448 would have to be applied before capturing; it does not work for saved data.
Option D: Correct. Right-clicking a packet and choosing 'Follow TCP Stream' is the simplest way to display the full conversation between 10.1.70.90 and 10.1.79.11 on port 5448.
Steps in Wireshark to Follow a TCP Stream:
Locate any packet within the desired conversation (e.g., between 10.1.70.90 and 10.1.79.11 on TCP port 5448).
Right-click on the packet.
Choose 'Follow' 'TCP Stream'.
Wireshark will display the entire TCP conversation, including both directions of communication.
This feature is especially useful when troubleshooting or analyzing detailed interactions between hosts.
Cassi
4 days agoDelsie
7 days agoCassi
8 days ago