» Linux » Examen sur Linux » Examen 202 : Networking Administration » Section 3 » Question 6/20
6.You find that a host (192.168.1.4) being used on one of your client’s networks has been compromised with a backdoor program listening on port 31337. Your client requests a list of originating IP addresses connecting to that port. Using a Linux workstation as traffic analyzer, which of the following commands would gather the data requested by the client?

tcpdump host 192.168.1.4 and port 31337 –w out
nmap host 192.168.1.4:31337
arpwatch –n 192.168.1.4/32 –p 31337> capture
pcap –d 192.168.1.4:31337
ipwatch --syn 192.168.1.4 –p 31337 --log=out

Explanation: Tcpdump is a traffic analyzer package from Ethereal. The “tcpdump host 192.168.1.4 and port 31337 –w out” command will give the required information. The –w option will write the information to a file rather than display it on screen.

Reference: http://www.ethereal.com/tcpdump.8.html

Incorrect Answers
B: This command will not give the required information.
C: This command will not give the required information.
D: This command will not give the required information.
E: This command will not give the required information.
« Question 5 Question 7 »