Which of the following is BEST used to capture and analyze network traffic between hosts on the same
network segment?
A.
Protocol analyzer
B.
Router
C.
Firewall
D.
HIPS
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network
data communications sent between devices on a network. Capturing and analyzing the packets sent from
two systems that are not communicating properly could help determine the cause of the issue.Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from
Microsoft and Wireshark (formerly Ethereal).
Incorrect Answers:
B: A router is used to route traffic between hosts on different networks. It is not used to capture and
analyze network traffic.
C: A firewall is used to block unauthorized traffic from accessing hosts on a network. It is not used to
capture and analyze network traffic.
D: A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for
suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing
intrusion. It is not used to capture and analyze network traffic.http://en.wikipedia.org/wiki/Wireshark