nerdexam
GIAC

GSLC · Question #268

GSLC Question #268: Real Exam Question with Answer & Explanation

The correct answer is C. Itunnel D. Ptunnel. Ptunnel and Itunnel are purpose-built tools that encapsulate arbitrary TCP data inside ICMP echo request and reply packets to tunnel traffic through firewalls.

Question

Which of the following tools can be used to perform ICMP tunneling? Each correct answer represents a complete solution. Choose two.

Options

  • AWinTunnel
  • BEthereal
  • CItunnel
  • DPtunnel

Explanation

Ptunnel and Itunnel are purpose-built tools that encapsulate arbitrary TCP data inside ICMP echo request and reply packets to tunnel traffic through firewalls.

Common mistakes.

  • A. WinTunnel is not a recognized or documented ICMP tunneling tool; it does not perform ICMP encapsulation.
  • B. Ethereal (now Wireshark) is a passive packet capture and protocol analysis tool, not a tunneling utility, so it cannot create ICMP tunnels.

Concept tested. ICMP tunneling tools and covert channel techniques

Reference. https://www.sans.org/reading-room/whitepapers/covert/icmp-covert-channel-35555

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice