Which of the following Wireshark filters should be applied to a packet capture to detect applications that send passwords in cleartext to a REST API located at 10.1.2.3?

A. ip.proto == tcp

B. http.request.method == "POST" && ip.dst == 10.1.2.3

C. ip.dst == 10.1.2.3

D. http.request.method == "POST"

To detect applications sending passwords in cleartext to a REST API at 10.1.2.3, the Wireshark filter to apply is http.request.method=="POST" && ip.dst==10.1.2.3, which identifies HTTP POST requests to the specified IP address. Option b is the answer.

Explanation:

To detect applications that send passwords in cleartext to a REST API located at the IP address 10.1.2.3 using Wireshark, you should apply a filter that looks for HTTP POST requests to that specific IP address. This is because passwords are typically sent to REST APIs via POST requests. Therefore, the most appropriate Wireshark filter from the provided options would be:

http.request.method=="POST" && ip.dst==10.1.2.3

This filter looks for packets that use the HTTP POST method (which are likely to contain body data such as passwords) and are destined for the IP address 10.1.2.3. Using this filter in Wireshark will help you inspect packets that could potentially contain unencrypted sensitive information such as passwords.

Which of the following Wireshark filters should be applied to a packet capture to detect applications that send passwords in cleartext to a REST API located at 10.1.2.3?A. ip.proto == tcpB. http.request.method == "POST" && ip.dst == 10.1.2.3C. ip.dst == 10.1.2.3D. http.request.method == "POST"

Answer :

Final answer:

Explanation:

Other Questions