nerdexam
ExamsGCIHQuestions#29
GIAC

GCIH · Question #29

GCIH Question #29: Real Exam Question with Answer & Explanation

The correct answer is D: sniffer. A packet sniffer captures raw network traffic and can detect session hijacking by identifying abnormal session token usage or duplicate session identifiers across different source IPs.

Web Application Attacks & Post-Exploitation

Question

Which of the following methods can be used to detect session hijacking attack?

Options

  • Anmap
  • BBrutus
  • Cntop
  • Dsniffer

Explanation

A packet sniffer captures raw network traffic and can detect session hijacking by identifying abnormal session token usage or duplicate session identifiers across different source IPs.

Common mistakes.

  • A. Nmap is a port scanner and network discovery tool, not designed to analyze session-layer traffic for hijacking indicators.
  • B. Brutus is a password brute-force tool used to crack authentication credentials, not to monitor or detect session hijacking.
  • C. Ntop is a network traffic usage and flow statistics monitor focused on bandwidth analysis, not on session-token level inspection required to detect hijacking.

Concept tested. Detecting session hijacking using packet sniffers

Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#session hijacking detection#network sniffer#traffic analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice