Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
You have two machines. The first machine (192.168.153.99) has snort installed and the second machine (192.168.153.150) has kiwi syslog installed. You perform a syn scan in your network and you notice the kiwi syslog is not receiving the alert message from snort. You decide to run Wireshark in the snort machine to check to see if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to the kiwi syslog machine?
udp.dstport==514 && ip.dst==192.168.153.150
udp.srcport==514 && ip.src==192.168.153.99
ipaddress=192.168.153.150 -- port=514"
The OP had 'tcp.dstport'. While it is certainly possible to use TCP for syslog...that isn't the default. See http://www.kiwisyslog.com/help/syslog/index.html?syslogportsused.htm. The default port is UDP 514. I have modified the answers accordingly. As a side note...the answers show only Wireshark "display" filters - Wireshark also has "capture" filters that work like tcpdump (e.g. 'udp and dst port 514 and dst 192.168.153.150').
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.