John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization’s network.
Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?
A . Tcp.flags==0x2b
B . Tcp.flags=0x00
C . Tcp.options.mss_val<1460
D . Tcp.options.wscale_val==20
Answer: C
Explanation:
TCP OS fingerprinting attempts can be identified by analyzing various TCP/IP stack behaviors, one of which is the TCP Maximum Segment Size (MSS). The MSS value indicates the size of the largest segment of TCP data that a device is willing to receive. Different operating systems have different default MSS values, and a value less than 1460 can suggest an OS fingerprinting attempt, as it may indicate that the sender is trying to avoid fragmentation or is probing to discover the OS based on MSS response.
Reference: The use of Wireshark to monitor and analyze network traffic, including identifying TCP OS fingerprinting attempts, is covered in the EC-Council’s Certified Network Defender (CND) course. The course materials would include detailed explanations on how to use Wireshark filters to detect such activities, and the reference to MSS values is consistent with standard network analysis practices for identifying OS fingerprinting attempts.
Latest 312-38 Dumps Valid Version with 120 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund