As a Computer Hacking Forensics Investigator, you are analyzing a TCP dump of network traffic during a suspected breach. During the investigation, you noticed that the “Packets dropped by kernel” count was unusually high. Given that the network has a high load, what could be the most probable reason for this situation?

A. The Tcpdump tool was run without the -c flag, causing it to capture packets indefinitely

B. The TCP packets were not matching the input expression of Tcpdump

C. The Boolean expression used with Tcpdump was too restrictive, missing some packets

D. The buffer space in the OS running Tcpdump was insufficient, leading to dropped packets








 

Suggested Answer: D

Community Answer: D



This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam
For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.