Network Defense Essentials (NDE) Practice Exam 2025 - Free Network Defense Practice Questions and Study Guide

The filter used in Wireshark to capture traffic for multiple IP addresses is constructed by referring to the general IP address fields instead of the specific source or destination fields. The correct choice utilizes the "ip.addr" filter, which matches packets regardless of whether the specified IP addresses appear as source or destination in the traffic. This means it will capture any packets where the traffic originates from or is directed to the specified IP addresses, making it a versatile choice for monitoring traffic involving those addresses.

Using "ip.addr" allows for a more comprehensive analysis since it encompasses both incoming and outgoing traffic relative to those addresses. This is vital in network defense and monitoring as it provides insights into the behavior of all packets associated with the specified addresses, rather than restricting the analysis to just those that are either sent from or sent to those specific IP addresses. This approach is particularly useful during incident response and for general network traffic analysis, as it helps in understanding the interactions involving those IPs fully.