nerdexam
EC-Council

312-50V9 · Question #382

A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to d

The correct answer is C. Protocol analyzer. A protocol analyzer is the correct tool for opening and inspecting a PCAP file to determine whether captured packets are malicious.

Sniffing

Question

A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?

Options

  • AIntrusion Prevention System (IPS)
  • BVulnerability scanner
  • CProtocol analyzer
  • DNetwork sniffer

How the community answered

(63 responses)
  • A
    5% (3)
  • B
    8% (5)
  • C
    71% (45)
  • D
    16% (10)

Why each option

A protocol analyzer is the correct tool for opening and inspecting a PCAP file to determine whether captured packets are malicious.

AIntrusion Prevention System (IPS)

An Intrusion Prevention System operates inline on live network traffic to block threats in real time and cannot open or analyze saved PCAP files.

BVulnerability scanner

A vulnerability scanner probes live hosts or applications for known weaknesses and is not designed to parse or analyze packet capture files.

CProtocol analyzerCorrect

A protocol analyzer such as Wireshark can open PCAP files and decode packet contents at each protocol layer, allowing a network administrator to inspect headers, payloads, and traffic patterns to identify malicious sequences. This offline, deep-inspection capability makes it the best tool for forensic analysis of a saved packet capture.

DNetwork sniffer

A network sniffer captures live traffic from a network interface and is optimized for collection rather than the deep protocol-level forensic decoding of a pre-saved PCAP file.

Concept tested: Protocol analyzer use for PCAP forensic packet analysis

Source: https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html

Topics

#PCAP analysis#protocol analyzer#IDS#packet capture

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice