ip.src == 10.10.10.10 && tcp.port == 80. What does this line of code do?
Filter capture to show all packets sent from 10.10.10.10 on port 80
From the PCAP provided, apply a filter to display all packets on UDP dstport 59485 with the destination IP 10.6.5.102. What is the transaction ID of this packet response?
0x0000d27b
From the PCAP provided, apply a filter to display all web traffic {http.request or ssl.handshake.type == 1}. What percentage of results are then displayed in the capture?
0.3%
Now take the filter used in the previous question, and add an OR expression which filters by (...tcp flags equal to 0x0002) and a further expression which filters by packets NOT to/from (tcp port 25). What percentage of results are then displayed in the capture?
0.8%
Now using the same filter, alter the tcp flags expression to include a OR dns. What percentage of the results are then displayed in the capture?
1.9%