Exam CS0-002 topic 1 question 152 discussion

Wireshark would allow us to quickly highlight and analyze the VOIP conversation from the packet capture. In fact it has built-in features specific to VOIP. WRONG ANSWERS • B – iptables is used in Linux for building firewall rules. It might be something we could use to direct / filter VOIP access but we already have packets captured. • C – Packets have already been captured by the analyst, so we don’t need to do more packet captures. • D – Net flow can be used to capture and analyze packets, but is primarily designed to generate statistics from that data. We need a deep dive into the contents of the VOIP conversation instead.

A. Wireshark

"The Wireshark program implements a convenient mechanism for diagnosing (analyzing) VoIP calls" - Google (Answer is definitely A)

Option D, NetFlow, is a network protocol that provides traffic visibility and analysis, but it does not have the ability to extract audio from VoIP packets.

Google Wireshark VOIP

WireShark is best for reassembling VoIP

Basically, we use NetFlow format, for collecting SIP information that is commonly used for broadband traffic monitoring. https://silo.tips/download/analysis-of-sip-traffic-behavior-with-netflow-based-statistical-information

Based on my knowledge i can't say which is correct, this maybe help to clarify this https://learningnetwork.cisco.com/s/question/0D53i00000KszWaCAJ/netflow-vs-packet-analyzer

A. Wireshark. Reviewing Session Initiation Protocol (SIP) packets or VOIP , you must use Wireshark. This is now an investigation and analysis and no chance of capturing it again. Wireshark can decode SIP over TLS and Decrypting SDES too. This is what they need for forensic investigation.

Agree with D, although it would be best to use a dedicated protocol analysis application like Wireshark or TCPdump, they aren't typically run passively on enterprise networks. Flows however are very commonly deployed on networks and would still provide you with connection details such as bytes transferred, ports, IPs, timestamps, etc.

It cannot be netflow as it captures traffic as it enters or leaves a router. The tech has already captured the packets. Answer is "A".

Answer is Wireshark, just download it try on VOIP traffic

Not that I spent all day researching but from the research I have done it could be A or D. From CompTIA’s POV I feel like they’d want A as the answer but I don’t know anymore.

Analysis of Telephony Protocols​​ VoIP Analysis Tip: Wireshark has the ability to reconstruct not only VoIP conversations, but also other media streams

Answer is A Wireshark is used to analyze VOIP traffic.

Agree with TheSkyMan. D

Wireshark allows you to capture and analyze VoIP network traffic and packet data from the NEC SL2100 and SL1100. This is a must-read for installers working with or troubleshooting VoIP issues.