BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 212-89 Topic 3 Question 68 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 68
Topic #: 3
[All 212-89 Questions]

Rose is an incident-handling person and she is responsible for detecting and eliminating

any kind of scanning attempts over the network by any malicious threat actors. Rose

uses Wireshark tool to sniff the network and detect any malicious activities going on.

Which of the following Wireshark filters can be used by her to detect TCP Xmas scan

attempt by the attacker?

Show Suggested Answer Hide Answer
Suggested Answer: D

A TCP Xmas scan is a type of network scanning technique used by attackers to identify open ports on a target machine. The name 'Xmas' comes from the set of flags that are turned on within the packet, making it 'lit up like a Christmas tree'. Specifically, the FIN, PSH, and URG flags are set, which corresponds to the hexadecimal value 0X029 in the TCP header's flags field. Wireshark, a popular network protocol analyzer, allows users to create custom filters to detect specific types of network traffic, including malicious scanning attempts. By using the filter tcp.flags==0X029, Rose can detect packets that have these specific flags set, indicating a potential TCP Xmas scan attempt.


by Cordell at Sep 17, 2024, 10:02 AM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Emmett
14 days ago
I'm going with Option A. Who doesn't love a good port 7 scan, am I right? That's the port for the classic 'quote of the day' service, so it's bound to be a winner.
upvoted 0 times
...
Stacey
15 days ago
Option D is the way to go, no doubt. Rose is gonna have a blast hunting down those pesky Xmas scan attempts with that filter. Just make sure to have some eggnog on hand to celebrate the victory!
upvoted 0 times
...
Rashida
16 days ago
Hmm, I'm not sure about this one. Wouldn't Option C, the tcp.flags.reset==1 filter, be better for detecting a Xmas scan? Gotta love those tricky TCP flag questions!
upvoted 0 times
...
Gilberto
18 days ago
I think B is the correct answer. The Xmas scan sets all the TCP flags to 0, so the tcp.flags==0X000 filter should catch that.
upvoted 0 times
...
Annita
19 days ago
Option D looks like the right answer to me. The Xmas scan sets the FIN, URG, and PSH flags on the TCP packet, which matches the 0x029 hex value.
upvoted 0 times
Javier
7 days ago
I think option D is correct because the Xmas scan sets the FIN, URG, and PSH flags on the TCP packet.
upvoted 0 times
...
...
Olive
26 days ago
TCP Xmas scan, huh? Sounds like a real holiday headache. Wireshark's the perfect tool to unwrap that mystery. I vote for option D!
upvoted 0 times
...
Lizette
27 days ago
Gotta love how these hackers try to get all festive with their scans. Option D sounds like the way to go - let's hope Rose can sleigh this one.
upvoted 0 times
Julieta
1 days ago
Let's hope Rose can catch them in the act and stop their malicious activities.
upvoted 0 times
...
Barabara
11 days ago
Yeah, those hackers sure do get creative with their scanning techniques.
upvoted 0 times
...
My
15 days ago
I agree, option D looks like the right choice to detect the TCP Xmas scan.
upvoted 0 times
...
...
Teri
1 months ago
Haha, Xmas scan? More like 'Bah, humbug' scan! Rose's got her work cut out for her, but with Wireshark, I'm sure she'll deck the halls with the attacker's plans.
upvoted 0 times
Sean
1 days ago
B) tcp.flags==0X000
upvoted 0 times
...
Dulce
7 days ago
A) tcp.dstport==7
upvoted 0 times
...
...
Amie
1 months ago
I'm not sure about the answer. Can someone explain why A) tcp.dstport==7 or D) tcp.flags==0X029 are not correct options?
upvoted 0 times
...
Hyman
1 months ago
I agree with Letha. C) tcp.flags.reset==1 makes sense as it targets the specific flag used in a TCP Xmas scan.
upvoted 0 times
...
Moon
2 months ago
The Xmas scan is definitely a crafty one. Let's see, option D looks like it could do the trick. Wireshark knows how to sniff out those pesky scan attempts!
upvoted 0 times
Jeannine
14 days ago
Yes, the Xmas scan is tricky, but with the right Wireshark filter like tcp.flags==0X029, Rose can catch those attackers in the act.
upvoted 0 times
...
Lonna
15 days ago
I agree, Wireshark is really handy for sniffing out malicious activities. Option D looks like the filter Rose should use.
upvoted 0 times
...
Pauline
22 days ago
Option D) tcp.flags==0X029 seems like the right choice. Wireshark is a powerful tool for detecting these types of scans.
upvoted 0 times
...
...
Letha
2 months ago
I think the answer is C) tcp.flags.reset==1 because it specifically looks for the reset flag set in a TCP Xmas scan.
upvoted 0 times
...

Save Cancel