In Wireshark, what does the filter 'tcp.port != 21' accomplish?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

In Wireshark, what does the filter 'tcp.port != 21' accomplish?

Explanation:
The filter is querying TCP traffic by port and uses a “not equal” condition. In Wireshark, tcp.port refers to either the source or destination port of a TCP segment, and the operator != means “not equal to.” So tcp.port != 21 includes only those TCP packets where neither end of the connection uses port 21. Since port 21 is the well-known FTP control port, this filter effectively hides FTP control traffic and shows all other TCP traffic. It does not restrict to traffic on port 21 (that would be tcp.port == 21), and it does not exclude all TCP traffic or filter by packet size.

The filter is querying TCP traffic by port and uses a “not equal” condition. In Wireshark, tcp.port refers to either the source or destination port of a TCP segment, and the operator != means “not equal to.” So tcp.port != 21 includes only those TCP packets where neither end of the connection uses port 21. Since port 21 is the well-known FTP control port, this filter effectively hides FTP control traffic and shows all other TCP traffic. It does not restrict to traffic on port 21 (that would be tcp.port == 21), and it does not exclude all TCP traffic or filter by packet size.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy