CheckPoint Exam 156-582 Topic 7 Question 12 Discussion

Actual exam question for CheckPoint's 156-582 exam

Question #: 12
Topic #: 7

Is it possible to analyze ICMP packets with tcpdump?

AYes, tcpdump is not limited to TCP specific issues

BNo, use fw monitor instead

CNo, tcpdump works from layer 4. ICMP is located in the network layer (layer 3), therefore is not applicable to this scenario

DNo, since ICMP does not have any source or destination ports, but specification of port numbers is mandatory

Show Suggested Answer

Suggested Answer: A

Yes, it is possible to analyze ICMP packets with tcpdump. While tcpdump is often associated with capturing TCP packets, it is not limited to them and can capture and analyze any protocol that traverses the network, including ICMP, which operates at Layer 3 (Network Layer) of the OSI model. ICMP packets do not use ports, but tcpdump can filter and display these packets based on other criteria such as type and code fields.

by Shaun at May 01, 2025, 04:10 PM

Limited Time Offer

25%

Off

Get Premium 156-582 Questions as Interactive Web-Based Practice Test or PDF