Which tool is command-line based for capturing packets?

Prepare for the EC-Council Certified Ethical Hacker (CEH) v13 Exam with our comprehensive study resources. Ace your exam with flashcards and multiple-choice questions complete with hints and explanations. Get exam-ready now!

Multiple Choice

Which tool is command-line based for capturing packets?

Explanation:
Command-line packet capture means intercepting traffic directly from a network interface in text mode, without a graphical interface. tcpdump is the classic tool for this: a pure CLI utility that captures packets on a chosen interface, lets you filter with BPF syntax to limit what you record, and can print summaries or save the data in a pcap file for later analysis. This makes it ideal for quick, scriptable captures in a terminal. Wireshark is primarily GUI-based (though it has a CLI companion), NTP is a time synchronization protocol, and cloud-based detection is a remote service, not a local packet capture utility.

Command-line packet capture means intercepting traffic directly from a network interface in text mode, without a graphical interface. tcpdump is the classic tool for this: a pure CLI utility that captures packets on a chosen interface, lets you filter with BPF syntax to limit what you record, and can print summaries or save the data in a pcap file for later analysis. This makes it ideal for quick, scriptable captures in a terminal. Wireshark is primarily GUI-based (though it has a CLI companion), NTP is a time synchronization protocol, and cloud-based detection is a remote service, not a local packet capture utility.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy