Prepare for the CompTIA CySA+ Exam with comprehensive tests and detailed explanations. Enhance your knowledge with multiple question formats and expert insights. Ace your exam with confidence!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


In tcpdump, which flag must be used to capture ethernet frames during a packet capture?

  1. -n

  2. -nn

  3. -e

  4. -X

The correct answer is: -e

To capture Ethernet frames using tcpdump, the -e flag is essential. This flag instructs tcpdump to include the link-level header in the output, which is necessary for analyzing Ethernet frames. When using tcpdump, the data link layer's information, which encompasses Ethernet-specific fields such as source and destination MAC addresses, is crucial for a comprehensive packet capture in network troubleshooting or analysis. The other flags serve different purposes. For instance, the -n flag disables DNS lookups for IP addresses, which can speed up the output but does not pertain directly to capturing Ethernet frames. The -nn flag goes a step further by preventing both DNS lookups and service name resolution for ports, which can be useful for clarity in the output but still does not allow for capturing Ethernet-specific information. The -X flag displays packet contents in both hexadecimal and ASCII format, providing insights into payload data but again, does not influence the actual capturing of Ethernet frames. Thus, the correct choice is the -e flag, which is necessary to facilitate the capture of link-layer information alongside the packet data.