CompTIA CySA+CS0-002 – Question152

During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call that originated from the suspicious IP address. Which of the following should the analyst use to accomplish this task?

A.
Wireshark
B. iptables
C. Tcp dump
D. Net flow

Correct Answer: A