Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 212-89 Topic 3 Question 68 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 68
Topic #: 3
[All 212-89 Questions]

Rose is an incident-handling person and she is responsible for detecting and eliminating

any kind of scanning attempts over the network by any malicious threat actors. Rose

uses Wireshark tool to sniff the network and detect any malicious activities going on.

Which of the following Wireshark filters can be used by her to detect TCP Xmas scan

attempt by the attacker?

Show Suggested Answer Hide Answer
Suggested Answer: D

A TCP Xmas scan is a type of network scanning technique used by attackers to identify open ports on a target machine. The name 'Xmas' comes from the set of flags that are turned on within the packet, making it 'lit up like a Christmas tree'. Specifically, the FIN, PSH, and URG flags are set, which corresponds to the hexadecimal value 0X029 in the TCP header's flags field. Wireshark, a popular network protocol analyzer, allows users to create custom filters to detect specific types of network traffic, including malicious scanning attempts. By using the filter tcp.flags==0X029, Rose can detect packets that have these specific flags set, indicating a potential TCP Xmas scan attempt.


by Cordell at Sep 17, 2024, 10:02 AM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Teri
2 days ago
Haha, Xmas scan? More like 'Bah, humbug' scan! Rose's got her work cut out for her, but with Wireshark, I'm sure she'll deck the halls with the attacker's plans.
upvoted 0 times
...
Amie
4 days ago
I'm not sure about the answer. Can someone explain why A) tcp.dstport==7 or D) tcp.flags==0X029 are not correct options?
upvoted 0 times
...
Hyman
8 days ago
I agree with Letha. C) tcp.flags.reset==1 makes sense as it targets the specific flag used in a TCP Xmas scan.
upvoted 0 times
...
Moon
17 days ago
The Xmas scan is definitely a crafty one. Let's see, option D looks like it could do the trick. Wireshark knows how to sniff out those pesky scan attempts!
upvoted 0 times
...
Letha
17 days ago
I think the answer is C) tcp.flags.reset==1 because it specifically looks for the reset flag set in a TCP Xmas scan.
upvoted 0 times
...

Save Cancel