CheckPoint Exam 156-582 Topic 4 Question 1 Discussion

Actual exam question for CheckPoint's 156-582 exam

Question #: 1
Topic #: 4

Is it possible to analyze ICMP packets with tcpdump?

AYes, tcpdump is not limited to TCP specific issues

BNo, use fw monitor instead

CNo, tcpdump works from layer 4. ICMP is located in the network layer (layer 3), therefore is not applicable to this scenario

DNo, since ICMP does not have any source or destination ports, but specification of port numbers is mandatory

Show Suggested Answer

Suggested Answer: A

Yes, it is possible to analyze ICMP packets with tcpdump. While tcpdump is often associated with capturing TCP packets, it is not limited to them and can capture and analyze any protocol that traverses the network, including ICMP, which operates at Layer 3 (Network Layer) of the OSI model. ICMP packets do not use ports, but tcpdump can filter and display these packets based on other criteria such as type and code fields.

by Amie at Jan 10, 2025, 02:48 AM

Limited Time Offer

25%

Off

Get Premium 156-582 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

18 days ago

No way, option C is the right answer. ICMP is at layer 3, and tcpdump works at layer 4, so it can't analyze ICMP.

upvoted 0 times

Shala

1 days ago

A) Yes, tcpdump is not limited to TCP specific issues

upvoted 0 times

...

Tina

28 days ago

I agree with Una. Since ICMP does not have source or destination ports, tcpdump may not be the best tool for analyzing ICMP packets.

upvoted 0 times

...

Una

1 months ago

No, tcpdump works from layer 4. ICMP is located in the network layer, so it may not be applicable for analyzing ICMP packets.

upvoted 0 times

...

2 months ago

Yes, tcpdump is not limited to TCP specific issues. I think it is possible to analyze ICMP packets with tcpdump.

upvoted 0 times

...