Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 212-89 Topic 3 Question 68 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 68
Topic #: 3
[All 212-89 Questions]

Rose is an incident-handling person and she is responsible for detecting and eliminating

any kind of scanning attempts over the network by any malicious threat actors. Rose

uses Wireshark tool to sniff the network and detect any malicious activities going on.

Which of the following Wireshark filters can be used by her to detect TCP Xmas scan

attempt by the attacker?

Show Suggested Answer Hide Answer
Suggested Answer: D

A TCP Xmas scan is a type of network scanning technique used by attackers to identify open ports on a target machine. The name 'Xmas' comes from the set of flags that are turned on within the packet, making it 'lit up like a Christmas tree'. Specifically, the FIN, PSH, and URG flags are set, which corresponds to the hexadecimal value 0X029 in the TCP header's flags field. Wireshark, a popular network protocol analyzer, allows users to create custom filters to detect specific types of network traffic, including malicious scanning attempts. By using the filter tcp.flags==0X029, Rose can detect packets that have these specific flags set, indicating a potential TCP Xmas scan attempt.


Contribute your Thoughts:

Emmett
2 months ago
I'm going with Option A. Who doesn't love a good port 7 scan, am I right? That's the port for the classic 'quote of the day' service, so it's bound to be a winner.
upvoted 0 times
...
Stacey
2 months ago
Option D is the way to go, no doubt. Rose is gonna have a blast hunting down those pesky Xmas scan attempts with that filter. Just make sure to have some eggnog on hand to celebrate the victory!
upvoted 0 times
...
Rashida
2 months ago
Hmm, I'm not sure about this one. Wouldn't Option C, the tcp.flags.reset==1 filter, be better for detecting a Xmas scan? Gotta love those tricky TCP flag questions!
upvoted 0 times
...
Gilberto
2 months ago
I think B is the correct answer. The Xmas scan sets all the TCP flags to 0, so the tcp.flags==0X000 filter should catch that.
upvoted 0 times
...
Annita
2 months ago
Option D looks like the right answer to me. The Xmas scan sets the FIN, URG, and PSH flags on the TCP packet, which matches the 0x029 hex value.
upvoted 0 times
Marla
9 days ago
That's good to know. Rose can now effectively detect and eliminate any malicious scanning attempts on the network.
upvoted 0 times
...
Sharen
12 days ago
So, Rose can use the filter tcp.flags==0X029 in Wireshark to detect TCP Xmas scan attempts.
upvoted 0 times
...
Genevieve
20 days ago
Yes, you are right. The hex value 0x029 matches the flags set in a TCP Xmas scan.
upvoted 0 times
...
Javier
1 months ago
I think option D is correct because the Xmas scan sets the FIN, URG, and PSH flags on the TCP packet.
upvoted 0 times
...
...
Olive
2 months ago
TCP Xmas scan, huh? Sounds like a real holiday headache. Wireshark's the perfect tool to unwrap that mystery. I vote for option D!
upvoted 0 times
...
Lizette
2 months ago
Gotta love how these hackers try to get all festive with their scans. Option D sounds like the way to go - let's hope Rose can sleigh this one.
upvoted 0 times
Julieta
1 months ago
Let's hope Rose can catch them in the act and stop their malicious activities.
upvoted 0 times
...
Barabara
1 months ago
Yeah, those hackers sure do get creative with their scanning techniques.
upvoted 0 times
...
My
2 months ago
I agree, option D looks like the right choice to detect the TCP Xmas scan.
upvoted 0 times
...
...
Teri
2 months ago
Haha, Xmas scan? More like 'Bah, humbug' scan! Rose's got her work cut out for her, but with Wireshark, I'm sure she'll deck the halls with the attacker's plans.
upvoted 0 times
Adela
1 months ago
C) tcp.flags.reset==1
upvoted 0 times
...
Sean
1 months ago
B) tcp.flags==0X000
upvoted 0 times
...
Dulce
1 months ago
A) tcp.dstport==7
upvoted 0 times
...
...
Amie
2 months ago
I'm not sure about the answer. Can someone explain why A) tcp.dstport==7 or D) tcp.flags==0X029 are not correct options?
upvoted 0 times
...
Hyman
2 months ago
I agree with Letha. C) tcp.flags.reset==1 makes sense as it targets the specific flag used in a TCP Xmas scan.
upvoted 0 times
...
Moon
3 months ago
The Xmas scan is definitely a crafty one. Let's see, option D looks like it could do the trick. Wireshark knows how to sniff out those pesky scan attempts!
upvoted 0 times
Jeannine
2 months ago
Yes, the Xmas scan is tricky, but with the right Wireshark filter like tcp.flags==0X029, Rose can catch those attackers in the act.
upvoted 0 times
...
Lonna
2 months ago
I agree, Wireshark is really handy for sniffing out malicious activities. Option D looks like the filter Rose should use.
upvoted 0 times
...
Pauline
2 months ago
Option D) tcp.flags==0X029 seems like the right choice. Wireshark is a powerful tool for detecting these types of scans.
upvoted 0 times
...
...
Letha
3 months ago
I think the answer is C) tcp.flags.reset==1 because it specifically looks for the reset flag set in a TCP Xmas scan.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77