Q1. What is Wireshark primarily used for?

• Video editing
• Audio production
• Network protocol analysis and troubleshooting
• Social networking

Q2. What does Wireshark capture?

• Video streams
• Audio files
• Network traffic packets
• Text messages

Q3. Which layers of the OSI model does Wireshark capture data from?

• Application and Presentation
• Session and Transport
• Physical, Data Link, Network, Transport, and sometimes Application
• None, Wireshark only captures data from the network layer

Q4. What is a packet in Wireshark?

• A network device used to route traffic
• A type of encryption algorithm
• A unit of data transmitted over a network
• A graphical representation of network traffic

Q5. How do you filter captured packets in Wireshark?

• By adjusting the network interface settings
• By rearranging packets in the capture buffer
• By using display filters based on specific criteria such as IP addresses, protocols, or port numbers
• By changing the color scheme of the packet display

Q6. What is the purpose of Wireshark's "Follow TCP Stream" feature?

• To send TCP packets to a different destination
• To analyze UDP packet streams
• To reconstruct and display the entire conversation between client and server for a specific TCP connection
• To filter out TCP traffic from the capture

Q7. How do you save captured packets in Wireshark?

• By exporting packets to an Excel spreadsheet
• By printing packets directly from Wireshark
• By saving the capture file in a supported format such as PCAP or PCAPNG
• By copying and pasting packets into a text document

Q8. What is the purpose of Wireshark's "Expert Info" feature?

• To provide tutorials and guides on network troubleshooting
• To encrypt captured packets for secure transmission
• To provide analysis and insights into potential network issues, such as packet retransmissions or protocol errors
• To generate reports on network traffic trends

Q9. How do you analyze packet timing in Wireshark?

• By measuring the physical distance between network devices
• By analyzing the content of packet payloads
• By examining the timestamps and delta times between captured packets
• By adjusting the capture buffer size

Q10. What is a dissector in Wireshark?

• A tool for capturing network traffic
• A type of network switch
• A plugin or module responsible for interpreting and analyzing specific network protocols, such as HTTP or TCP
• A device used to boost signal strength in wireless networks

Q11. How do you analyze HTTP traffic in Wireshark?

• By inspecting packet payloads for HTTP headers
• By analyzing packet timing between HTTP requests and responses
• By applying a display filter for the HTTP protocol or using Wireshark's "Follow TCP Stream" feature
• By running a network speed test within Wireshark

Q12. What is Wireshark's "Packet List" pane used for?

• To display network interface settings
• To organize captured packets by source and destination IP addresses
• To provide a chronological list of captured packets, including details such as source and destination addresses, protocols, and packet sizes
• To visualize network traffic using graphical representations

Q13. How do you capture packets from a specific network interface in Wireshark?

• By analyzing packet payloads for source and destination addresses
• By adjusting the capture buffer size
• By selecting the desired network interface from the capture options menu
• By applying display filters for specific IP addresses

Q14. What is Wireshark's "Follow UDP Stream" feature used for?

• To analyze TCP packet streams
• To encrypt UDP packets for secure transmission
• To reconstruct and display the entire conversation between client and server for a specific UDP connection
• To filter out UDP traffic from the capture

Q15. What is Wireshark's "Conversations" feature used for?

• To chat with other users on the network
• To create voice and video calls
• To display statistics and details about network conversations between hosts, including the number of packets exchanged, packet sizes, and protocols used
• To synchronize captured packets with a remote server

Q16. How do you analyze DNS traffic in Wireshark?

• By analyzing packet payloads for DNS server addresses
• By adjusting the network interface settings
• By applying a display filter for the DNS protocol or using Wireshark's "Follow UDP Stream" feature for DNS traffic
• By running a ping test within Wireshark

Q17. What is

the purpose of Wireshark's "Protocol Hierarchy" feature?

• To organize captured packets by their physical layer protocols
• To generate a hierarchical diagram of network topologies
• To provide a breakdown of captured packets by protocol type, showing the distribution and usage of different protocols within the captured traffic
• To encrypt captured packets for secure transmission

Q18. How do you analyze SSL/TLS encrypted traffic in Wireshark?

• By decrypting the packets using a built-in encryption key
• By adjusting the capture buffer size
• By configuring Wireshark to capture SSL/TLS keys or certificates and using them to decrypt the encrypted traffic
• By filtering out SSL/TLS traffic from the capture

Q19. What is the purpose of Wireshark's "Expert Info" pane?

• To display real-time network performance metrics
• To provide suggestions for improving network security
• To highlight potential network issues or anomalies detected during packet analysis, such as packet retransmissions or protocol errors
• To visualize network traffic patterns using graphical representations

Q20. How do you analyze TCP window size in Wireshark?

• By adjusting the network interface settings
• By analyzing packet payloads for TCP header information
• By examining the TCP window size field in TCP packet headers and analyzing its changes over time
• By running a trace route within Wireshark