New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-89 Exam - Topic 3 Question 68 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 68
Topic #: 3
[All 212-89 Questions]

Rose is an incident-handling person and she is responsible for detecting and eliminating

any kind of scanning attempts over the network by any malicious threat actors. Rose

uses Wireshark tool to sniff the network and detect any malicious activities going on.

Which of the following Wireshark filters can be used by her to detect TCP Xmas scan

attempt by the attacker?

Show Suggested Answer Hide Answer
Suggested Answer: D

A TCP Xmas scan is a type of network scanning technique used by attackers to identify open ports on a target machine. The name 'Xmas' comes from the set of flags that are turned on within the packet, making it 'lit up like a Christmas tree'. Specifically, the FIN, PSH, and URG flags are set, which corresponds to the hexadecimal value 0X029 in the TCP header's flags field. Wireshark, a popular network protocol analyzer, allows users to create custom filters to detect specific types of network traffic, including malicious scanning attempts. By using the filter tcp.flags==0X029, Rose can detect packets that have these specific flags set, indicating a potential TCP Xmas scan attempt.


by Cordell at Sep 17, 2024, 10:02 AM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alica
3 months ago
I thought Xmas scans used a different flag altogether!
upvoted 0 times
...
Gearldine
3 months ago
Option B seems too vague for this.
upvoted 0 times
...
Sherron
3 months ago
Wait, is it really that specific? Sounds odd.
upvoted 0 times
...
Louvenia
4 months ago
Definitely agree with that!
upvoted 0 times
...
Johanna
4 months ago
I think option D is the right filter for TCP Xmas scans.
upvoted 0 times
...
Marjory
4 months ago
I recall that Xmas scans set multiple flags, so I think option D is the one to go with, but I wish I had reviewed the flag values more thoroughly.
upvoted 0 times
...
Berry
4 months ago
I practiced a similar question where we had to identify flags for different types of scans. I feel like option B could be relevant, but I'm not confident.
upvoted 0 times
...
Jerry
4 months ago
I think the correct filter might be related to the TCP flags, possibly option D since it mentions a specific combination that could indicate a Xmas scan.
upvoted 0 times
...
Jerry
5 months ago
I remember something about TCP Xmas scans involving specific flag combinations, but I'm not entirely sure which filter to use.
upvoted 0 times
...
Tenesha
5 months ago
This is a good opportunity to demonstrate my knowledge of network security and Wireshark usage. I'm pretty sure the correct answer is option D, which checks for the specific TCP flag combination used in a Xmas scan.
upvoted 0 times
...
Daron
5 months ago
I'm a little confused by the question. Is a TCP Xmas scan the Pamellae as a TCP SYN scan? I'll need to review my network scanning techniques before I can confidently answer this.
upvoted 0 times
...
Louann
5 months ago
Okay, let me think this through. A TCP Xmas scan sets the FIN, URG, and PSH flags, so the filter would need to look for that specific combination. I'm going to go with option D.
upvoted 0 times
...
Gregoria
5 months ago
Hmm, I'm a bit unsure about this one. I know Wireshark can be used to detect network scans, but I'm not sure which specific filter would be used for a TCP Xmas scan.
upvoted 0 times
...
Pamella
5 months ago
This looks like a pretty straightforward Wireshark filtering question. I think I can handle this one.
upvoted 0 times
...
Emmett
1 year ago
I'm going with Option A. Who doesn't love a good port 7 scan, am I right? That's the port for the classic 'quote of the day' service, so it's bound to be a winner.
upvoted 0 times
...
Stacey
1 year ago
Option D is the way to go, no doubt. Rose is gonna have a blast hunting down those pesky Xmas scan attempts with that filter. Just make sure to have some eggnog on hand to celebrate the victory!
upvoted 0 times
...
Rashida
1 year ago
Hmm, I'm not sure about this one. Wouldn't Option C, the tcp.flags.reset==1 filter, be better for detecting a Xmas scan? Gotta love those tricky TCP flag questions!
upvoted 0 times
...
Gilberto
1 year ago
I think B is the correct answer. The Xmas scan sets all the TCP flags to 0, so the tcp.flags==0X000 filter should catch that.
upvoted 0 times
...
Annita
1 year ago
Option D looks like the right answer to me. The Xmas scan sets the FIN, URG, and PSH flags on the TCP packet, which matches the 0x029 hex value.
upvoted 0 times
Marla
1 year ago
That's good to know. Rose can now effectively detect and eliminate any malicious scanning attempts on the network.
upvoted 0 times
...
Sharen
1 year ago
So, Rose can use the filter tcp.flags==0X029 in Wireshark to detect TCP Xmas scan attempts.
upvoted 0 times
...
Genevieve
1 year ago
Yes, you are right. The hex value 0x029 matches the flags set in a TCP Xmas scan.
upvoted 0 times
...
Javier
1 year ago
I think option D is correct because the Xmas scan sets the FIN, URG, and PSH flags on the TCP packet.
upvoted 0 times
...
...
Olive
1 year ago
TCP Xmas scan, huh? Sounds like a real holiday headache. Wireshark's the perfect tool to unwrap that mystery. I vote for option D!
upvoted 0 times
...
Lizette
1 year ago
Gotta love how these hackers try to get all festive with their scans. Option D sounds like the way to go - let's hope Rose can sleigh this one.
upvoted 0 times
Julieta
1 year ago
Let's hope Rose can catch them in the act and stop their malicious activities.
upvoted 0 times
...
Barabara
1 year ago
Yeah, those hackers sure do get creative with their scanning techniques.
upvoted 0 times
...
My
1 year ago
I agree, option D looks like the right choice to detect the TCP Xmas scan.
upvoted 0 times
...
...
Teri
1 year ago
Haha, Xmas scan? More like 'Bah, humbug' scan! Rose's got her work cut out for her, but with Wireshark, I'm sure she'll deck the halls with the attacker's plans.
upvoted 0 times
Adela
1 year ago
C) tcp.flags.reset==1
upvoted 0 times
...
Sean
1 year ago
B) tcp.flags==0X000
upvoted 0 times
...
Dulce
1 year ago
A) tcp.dstport==7
upvoted 0 times
...
...
Amie
1 year ago
I'm not sure about the answer. Can someone explain why A) tcp.dstport==7 or D) tcp.flags==0X029 are not correct options?
upvoted 0 times
...
Hyman
1 year ago
I agree with Letha. C) tcp.flags.reset==1 makes sense as it targets the specific flag used in a TCP Xmas scan.
upvoted 0 times
...
Moon
1 year ago
The Xmas scan is definitely a crafty one. Let's see, option D looks like it could do the trick. Wireshark knows how to sniff out those pesky scan attempts!
upvoted 0 times
Jeannine
1 year ago
Yes, the Xmas scan is tricky, but with the right Wireshark filter like tcp.flags==0X029, Rose can catch those attackers in the act.
upvoted 0 times
...
Lonna
1 year ago
I agree, Wireshark is really handy for sniffing out malicious activities. Option D looks like the filter Rose should use.
upvoted 0 times
...
Pauline
1 year ago
Option D) tcp.flags==0X029 seems like the right choice. Wireshark is a powerful tool for detecting these types of scans.
upvoted 0 times
...
...
Letha
1 year ago
I think the answer is C) tcp.flags.reset==1 because it specifically looks for the reset flag set in a TCP Xmas scan.
upvoted 0 times
...

Save Cancel