Answer :
Final answer:
To detect passwords sent in cleartext to a REST API at 10.1.2.3 in Wireshark, use the filter 'http. request.method=="POST" && ip.dst==10.1.2.3.' This filters for HTTP POST requests to the destination IP where credentials may be transmitted insecurely. The correct option is (b).
Explanation:
To detect applications that send passwords in cleartext to a REST API located at 10.1.2.3, the correct Wireshark filter to apply to a packet capture would be b. http. request.method=="POST" && ip.dst==10.1.2.3. This filter checks for http post requests, which are typically used to send data to a server, to the specified destination IP address of the REST API.
This narrow focus increases the likelihood of capturing packets where credentials are transmitted in cleartext, as secure transmission would usually mean using HTTPS (with SSL/TLS encryption) instead of HTTP. We want to filter HTTP requests with the POST method (which often includes sensitive data like passwords). Additionally, we want to ensure that the destination IP address is 10.1.2.3. This filter will capture HTTP POST requests specifically targeting the specified IP address, which is relevant for detecting potential password submissions.
