nerdexam
GIAC

GCED · Question #50

GCED Question #50: Real Exam Question with Answer & Explanation

The correct answer is C. Time to live. In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer. Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send a

Question

A compromised router is reconfigured by an attacker to redirect SMTP email traffic to the attacker's server before sending packets on to their intended destinations. Which IP header value would help expose anomalies in the path outbound SMTP/Port 25 traffic takes compared to outbound packets sent to other ports?

Options

  • AChecksum
  • BAcknowledgement number
  • CTime to live
  • DFragment offset

Explanation

In a case study of a redirect tunnel set up on a router, some anomalies were noticed while watching network traffic with the TCPdump packet sniffer. Packets going to port 25 (Simple Mail Transfer Protocol [SMTP] used by mail servers and other Mail Transfer Agents [MTAs] to send and receive e-mail) were apparently taking a different network path. The TLs were consistently three less than other destination ports, indicating another three network hops were taken. Other IP header values listed, such as fragment offset. The acknowledgement number is a TCP, not IP, header field.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice