Quiz : How Well Do You Know Wireshark?

Reviewed by Godwin Iheuwa
Godwin Iheuwa, MS (Computer Science) |
Database Administrator
Review Board Member
Godwin Iheuwa, a Database Administrator at MTN Nigeria, holds an MS in Computer Science, specializing in Agile Methodologies and Database Administration from the University of Bedfordshire and a Bachelor's in Computer Science from the University of Port Harcourt. His proficiency in SQL Server Integration Services (SSIS) and SQL Server Management Studio contributes to his expertise in database management.
 , MS (Computer Science)
Approved & Edited by ProProfs Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Ed Walsh
E
Ed Walsh
Community Contributor
Quizzes Created: 1 | Total Attempts: 5,067
Questions: 20 | Attempts: 5,075
SettingsSettingsSettings
Please wait...
Create your own Quiz
Quiz : How Well Do You Know Wireshark? - Quiz


Wireshark is an open-source, free packet analyzer. How well do you know about it? The program is mainly used for analysis, troubleshooting, education, software, and communications protocol development, etc. Are you well aware of the intricate details of this software? Well then, let's test your knowledge with a super fun quiz! Just answer a few questions, and you will get your scores immediately! You are expected to answer all the questions. Keep learning and have fun!

Wireshark Analyzer Questions and Answers

  • 1. 

    You can use Wireshark's Expressions to build display filters.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Wireshark's Expressions can indeed be used to build display filters. Display filters allow users to selectively view specific network traffic based on various criteria such as source or destination IP addresses, protocols, port numbers, and more. By using Wireshark's Expressions, users can customize and fine-tune their display filters to focus on the specific network traffic they are interested in analyzing.

    Rate this question:

  • 2. 
      Which statement about the setting is shown in the Preference window above - ProProfs

      Which statement about the setting is shown in the Preference window above

    • A.

      The Microsoft device interface is hidden.

    • B.

      Wireshark will use inverse name queries to resolve local host address to IP address.

    • C.

      Wireshark will only capture traffic to the local adapter, broadcast, or multicast address

    • D.

      None of the above

    Correct Answer
    C. Wireshark will only capture traffic to the local adapter, broadcast, or multicast address
    Explanation
    The correct answer is "Wireshark will only capture traffic to the local adapter, broadcast, or multicast address." This means that Wireshark will only capture network traffic that is sent to the local network adapter, as well as any broadcast or multicast traffic on the network. It will not capture traffic that is sent to other devices or addresses on the network.

    Rate this question:

  • 3. 

    Which feature is only available with promiscuous mode operation?

    • A.

      Enable an interface to capture packets that are sent to any MAC address

    • B.

      Enable an interface to capture gratuitous ARP request/response packets

    • C.

      Enable an interface to capture packets addressed to broadcast and multicast addresses

    Correct Answer
    A. Enable an interface to capture packets that are sent to any MAC address
    Explanation
    Promiscuous mode operation allows an interface to capture packets that are sent to any MAC address. This means that the interface can capture all network traffic, regardless of the destination MAC address. This is useful for network monitoring and troubleshooting purposes, as it allows for the analysis of all packets on the network, including those not intended for the interface itself. It is a feature commonly used by network administrators and security professionals.

    Rate this question:

  • 4. 

    A custom column can be added to and rearranged in the Packet List pane.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    A custom column can be added to and rearranged in the Packet List pane, allowing users to customize the display of information in the pane according to their preferences. This feature provides flexibility and convenience for users to organize and view the packet data in a way that best suits their needs.

    Rate this question:

  • 5. 
    Which statement about the TCP stream shown above is correct? - ProProfs

    Which statement about the TCP stream shown above is correct?

    • A.

      The HTTP client requested a graphic file

    • B.

      The HTTP server redirected the client's request to another server.

    • C.

      The HTTP client sent an HTTP GET request to the HTTP server

    • D.

      None of the above

    Correct Answer
    C. The HTTP client sent an HTTP GET request to the HTTP server
    Explanation
    The correct answer is that the HTTP client sent an HTTP GET request to the HTTP server. This can be inferred from the information given in the question, which states that the TCP stream shown above is related to an HTTP transaction. The HTTP GET request is the most common method used by an HTTP client to request a resource from an HTTP server.

    Rate this question:

  • 6. 

    Which drive is used to capture packets when Wireshark is running on a Apple computer?

    • A.

      Macpcap

    • B.

      Libpcap

    • C.

      Airpcap

    Correct Answer
    B. Libpcap
    Explanation
    Libpcap is the correct answer because it is a portable library used for packet capture and it is compatible with various operating systems, including Apple's macOS. Wireshark, a network protocol analyzer, relies on Libpcap to capture packets on Apple computers and analyze network traffic. Macpcap is a deprecated library that was used in older versions of Wireshark for macOS, while Airpcap is a library specifically designed for capturing wireless packets on Windows systems.

    Rate this question:

  • 7. 

    Type in the name of the pcap driver used when running Wireshark on  a Windows computer

    Correct Answer
    Winpcap
    winpcap
    WinPcap
    Explanation
    The correct answer is Winpcap, winpcap, WinPcap. These are the names of the pcap driver used when running Wireshark on a Windows computer.

    Rate this question:

  • 8. 
    Which statement about the Capture Options window shown above is correct? - ProProfs

    Which statement about the Capture Options window shown above is correct?

    • A.

      Wireshark will resolve IP addresses to host

    • B.

      Wireshark will attempt to resolve OUI values for all MAC addresses

    • C.

      Wireshark will scroll to display the most recent packet captured

    Correct Answer
    C. Wireshark will scroll to display the most recent packet captured
    Explanation
    The correct answer is "Wireshark will scroll to display the most recent packet captured." This means that when capturing packets in Wireshark, the program will automatically scroll to show the most recent packet that has been captured.

    Rate this question:

  • 9. 

    Display filters and capture filters can be interchanged because they use the same syntax.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    Display filters and capture filters cannot be interchanged because they serve different purposes and use different syntax. Display filters are used to filter the packets that are displayed in a network capture, while capture filters are used to filter the packets that are actually captured by a network capture tool. Although both types of filters use a similar syntax, they are not interchangeable as they operate at different stages of the packet-capturing process.

    Rate this question:

  • 10. 

    Which display filter is used to display all DHCP traffic?

    • A.

      Dhcp

    • B.

      Tcp.port == 68

    • C.

      Bootp

    Correct Answer
    C. Bootp
    Explanation
    The correct answer is "bootp". BOOTP (Bootstrap Protocol) is an older version of DHCP (Dynamic Host Configuration Protocol) used to assign IP addresses to devices on a network. By using the "bootp" display filter, all DHCP traffic can be displayed, including both DHCPv4 and DHCPv6 traffic.

    Rate this question:

  • 11. 

    How do you quickly spot large gaps in time between packets in a trace file containing 10,000 packets?

    • A.

      Set the Time column to Seconds Since Epoch and scroll through the trace file

    • B.

      Open and examine the Notes section of Wireshark's Expert infos window

    • C.

      Set the Time column to Seconds Since Previously Displayed Packet and sort the Time column

    Correct Answer
    C. Set the Time column to Seconds Since Previously Displayed Packet and sort the Time column
    Explanation
    By setting the Time column to "Seconds Since Previously Displayed Packet" and sorting the Time column, you can quickly spot large gaps in time between packets in the trace file. This will allow you to easily identify any significant delays or interruptions in the packet transmission.

    Rate this question:

  • 12. 
    Based on the image shown above, Wireshark's time display format is set to Seconds Since the Beginning of Capture. - ProProfs

    Based on the image shown above, Wireshark's time display format is set to Seconds Since the Beginning of Capture.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The correct answer is False because based on the image shown above, Wireshark's time display format is set to Seconds Since Previous Displayed Packet.

    Rate this question:

  • 13. 

    Which of these filters can be used as either a capture or display filter?

    • A.

      Dns

    • B.

      Udp

    • C.

      Dhcp

    Correct Answer
    B. Udp
    Explanation
    The UDP filter can be used as either a capture or display filter. UDP (User Datagram Protocol) is a transport layer protocol that allows data to be sent between applications on the internet. It is a connectionless protocol that does not provide error checking or flow control. As a capture filter, it can be used to capture UDP packets and analyze their contents. As a display filter, it can be used to filter and display only UDP packets in a packet capture file or network traffic.

    Rate this question:

  • 14. 

    When you select Prepare a filter, the filter is immediately applied to the traffice

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    When you select "Prepare a filter," the filter is not immediately applied to the traffic. Instead, the filter is created and prepared for future use. It is not until you manually apply the filter that it will take effect and filter the traffic. Therefore, the correct answer is false.

    Rate this question:

  • 15. 

    The following capture filter will capture all FTP traffic on port 21 regardless of the destination or source host. host www.wiresharkbook.com && port 21

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The given capture filter will only capture FTP traffic on port 21 for the host www.wiresharkbook.com. It will not capture FTP traffic for any other destination or source host. Therefore, the statement that it will capture all FTP traffic on port 21 regardless of the destination or source host is false.

    Rate this question:

  • 16. 

    Which statement about capture filters is correct?

    • A.

      Capture filters can be applied after the capture process begins

    • B.

      Capture filters can be applied while you are opening a trace file

    • C.

      Wireshark includes a default set of capture filters

    • D.

      None of the above

    Correct Answer
    C. Wireshark includes a default set of capture filters
    Explanation
    Wireshark includes a default set of capture filters. This means that when using Wireshark to capture network traffic, there are pre-defined filters available that can be applied to capture specific types of network packets. These capture filters can help in narrowing down the captured data to only the packets of interest, making it easier to analyze and troubleshoot network issues.

    Rate this question:

  • 17. 

    Which Display filter will show only packets for the source address of 192.168.0.25?

    • A.

      Ip.addr == 192.168.0.25 src

    • B.

      Ip.src == 192.168.0.25

    • C.

      !ip.src == 192.168.0.25

    Correct Answer
    B. Ip.src == 192.168.0.25
    Explanation
    The correct answer is "ip.src == 192.168.0.25". This display filter will only show packets that have a source address of 192.168.0.25. It filters out all other packets and only displays the ones that match the specified source address.

    Rate this question:

  • 18. 

    Which display filter operator is the equivalent of AND?

    • A.

      $$

    • B.

      &&

    • C.

      ||

    Correct Answer
    B. &&
    Explanation
    The correct answer is "&&". The "&&" operator in display filtering is the equivalent of the logical AND operator. It is used to combine multiple conditions in a display filter and returns only the packets that satisfy all the specified conditions simultaneously.

    Rate this question:

  • 19. 

    This display filter would remove all packets destined for host 10.0.0.5 ip.dst == 10.100.0.5!

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The given display filter "ip.dst == 10.100.0.5!" would not remove all packets destined for host 10.0.0.5. The filter is checking for packets with a destination IP address of 10.100.0.5, not 10.0.0.5. Therefore, the statement is false.

    Rate this question:

  • 20. 

    Both of the the display filters below will provide the same output.   ip.dst==10.100.0.1 or ip.dst==10.100.0.1   ip.dst==10.100.0.1 || ip.dst==10.100.0.1  

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Both of the display filters provided in the question are the same, as they both specify the same condition for the destination IP address. The "==" operator is used to check for an exact match, and the "||" operator is used for logical OR. In this case, both filters are checking if the destination IP address is equal to 10.100.0.1. Therefore, both filters will provide the same output, which makes the answer true.

    Rate this question:

Godwin Iheuwa |MS (Computer Science) |
Database Administrator
Godwin Iheuwa, a Database Administrator at MTN Nigeria, holds an MS in Computer Science, specializing in Agile Methodologies and Database Administration from the University of Bedfordshire and a Bachelor's in Computer Science from the University of Port Harcourt. His proficiency in SQL Server Integration Services (SSIS) and SQL Server Management Studio contributes to his expertise in database management.

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2024
    Quiz Edited by
    ProProfs Editorial Team

    Expert Reviewed by
    Godwin Iheuwa
  • Nov 11, 2010
    Quiz Created by
    Ed Walsh

Related Topics

Recent Quizzes

Do You Know About Silicon Cowboys? Do You Know About Silicon Cowboys?
Only a few can pass this basic computer science quiz Only a few can pass this basic computer science quiz
Computer Quiz: Choose The Correct Word To Complete Sentences Computer Quiz: Choose The Correct Word To Complete Sentences
Computer Basics Revision Questions And Answers Computer Basics Revision Questions And Answers
Want A Computer Related Job? Start By Taking This Quiz! Want A Computer Related Job? Start By Taking This Quiz!
Deploy a website with Azure virtual machines Deploy a website with Azure virtual machines
Your Guide Test To The Most Basic Computer Terms Your Guide Test To The Most Basic Computer Terms
Is your computer technician worth it? Only if he passes this test Is your computer technician worth it? Only if he passes this test
Input Devices Computer Quiz Input Devices Computer Quiz

Featured Quizzes

Fursona Quiz: Know Your True Animal Spirit Fursona Quiz: Know Your True Animal Spirit
Discrete vs Continuous Quiz Discrete vs Continuous Quiz
Soulmate Quiz: Who Is My Soulmate? Soulmate Quiz: Who Is My Soulmate?
What Is My Korean Name? Quiz What Is My Korean Name? Quiz
Which Movie Character Are You? Quiz Which Movie Character Are You? Quiz
Which Sonic Character Are You? Quiz Which Sonic Character Are You? Quiz

Popular Topics

+ Show more
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.