Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wireshark to analyze the traffic. What filter did he use to identify ICMP ping sweep attempts?
In Wireshark, to identify ICMP ping sweep attempts, the filtericmp.type == 8 or icmp.type ==0is used. This filter captures ICMP echo requests and echo replies, which are indicative of ping commands. Type 8 represents an echo request used when a source sends a ping, and type 0 represents an echo reply, which is the response from the target. By filtering for these ICMP types, Miko can detect a surge in ping requests across the network, which could indicate a ping sweep attempt—an exploratory activity often used by attackers to discover active hosts on a network by sending ping requests to multiple addresses.
[References:Incident Handler (ECIH v3) courses and study guides often incorporate training on using network analysis tools like Wireshark, including how to use filters to detect specific types of network activities and potential threats., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit