1[T/F] A traffic capture library typically requires administrative privileges to be instlled.,T,packet_capture
 2which flag prints the link-level header on each dump line: tcpdump -[?] -i eth0,e,packet_capture
 3which flag prevents dns resolution: tcpdump -[?],n,packet_capture
 4which flag specifies the interface to sniff on: tcpdump -[?] eth0,i,packet_capture
 5which flag produces slightly more verbose output: tcpdump -[?],v,packet_capture
 6which flag lists the interfaces available for sniffing: tcpdump -[?],D,packet_capture
 7which flag specifies the file to read from: tcpdump -[?] file,r,packet_capture
 8which flag specifies the file to write to: tcpdump -w [?],w,packet_capture
 9which flag prints each packet in ASCII: tcpdump -[?],A,packet_capture
10which flag prints each packet in hexadecimel: tcpdump -[?],x,packet_capture
11which flag prints each packet in hexadecimel and ASCII: tcpdump -[?],X,packet_capture
12which flag prevents both dns resolution and port resolution: tcpdump -[??],nn,packet_capture
13which interface name is a shortcut for all interfaces: tcpdump -i [?],any,packet_capture
14# limit to number of packets,c,
15# filters: dst
16# filters: src
17# filters: net
18# filters: ip dst
19# filters: ip src
20# filters: ip host
21# filters: ip net
22# filters: portrange
23# filters: port
24# number of bytes,-s 100, 
25# all data in packet: -s [?], 0
26# ip network filter with offset and mask
27# wireshark
28[T/F] Wireshark can sniff packets on the loopback interface on Windows?,F,packet_capture 
29which flag lists the interfaces available for sniffing: tshark -[?],D,packet_capture
30which flag specifies the file to write to: tshark -w [?],w,packet_capture
31which flag specifies the file to read from: tshark -[?] file,r,packet_capture
32#he bpf abbreiviation for Ethernet portion of a frame,ether,packet_capture
33#he bpf abbreviation for the Internet Protocol v4 portion of a frame,ip,packet_capture
34which flag will print the compiled bpf filter: tcpdump -[?] ether[12:2],d,packet_capture
35bpf compiled filter which loads a full word (4 bytes) into the default register,ld,packet_capture
36ether[0:?] what value will result in an ld bpf compiled filter,4,packet_capture
37ether[0:?] what value will result in an ldh bpf compiled filter,2,packet_capture
38ether[0:?] what value will result in an ld1 bpf compiled filter,1,packet_capture
39bpf compiled filter which loads a half word (2 bytes) into the default register,ldh,packet_capture
40bpf compiled filter which loads a single byte into the default regisger,ldb,packet_capture
41bpf compiled filter which jumps to locations if the supplied value and the default register are equal,jeq,packet_capture and the default register
42#he A register is equal to 0x0200, where will this bpf compiled filter jump to? jeq #0x020 jt 3 jt 4,3,packet_capture
43#he A register is equal to 0x0201, where will this bpf compiled filter jump to? jeq #0x020 jt 3 jt 4,4,packet_capture
44#he bpf compiled filter which jumps to locations based on the bitwise "&" of the supplied value and the default register,jset,packet_capture
45#he bpf compiled filter which quits and returns the number of bytes specified,ret,packet_capture
46bpf will translate this expression into what type of load: a[0:1],ldb,packet_capture
47bpf will translate this expression into what type of load: a[0:2],ldh,packet_capture
48bpf will translate this expression into what type of load: a[0:4],ld,packet_capture
49bpf shortcut for matching either source or destination MAC address: ether [?] <MAC>,host,packet_capture
50bpf shortcut for matching source MAC address: ether [?] <MAC>,src,packet_capture
51bpf shortcut for matching destination MAC address: ether [?] <MAC>,dst,packet_capture
52bpf shortcut for matching multicast addressed ethernet frames: ether [?],multicast,packet_capture
53which flag specifies the interface the ICMP packet will exit: (unix) ping -[?] eth0,i,packet_capture