New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-38 Exam - Topic 1 Question 115 Discussion

Actual exam question for Eccouncil's 312-38 exam
Question #: 115
Topic #: 1
[All 312-38 Questions]

Which of the following filters can be used to detect UDP scan attempts using Wireshark?

Show Suggested Answer Hide Answer
Suggested Answer: A

The correct filter to detect UDP scan attempts using Wireshark is not listed among the options provided. To detect UDP scan attempts, a Wireshark filter that targets UDP traffic specifically would be used, rather than an ICMP type and code filter. A common method to detect a UDP scan is to look for a large amount of UDP packets sent to different ports, which can be indicative of a scanning activity. The filter would typically include parameters that isolate UDP traffic, such asudp.portorudp.dstportcombined with a range or list of ports.


by Shelia at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nicolette
3 days ago
Haha, I bet the exam writer is trying to trick us with these options. A is the only logical choice here.
upvoted 0 times
...
Lynette
8 days ago
I think option C is the way to go. ICMP type 8 and 0 should catch the UDP scans.
upvoted 0 times
...
Louann
14 days ago
The correct answer is A. ICMP type 3 code 3 is the way to detect UDP scan attempts.
upvoted 0 times
...
Yolande
19 days ago
I thought ICMP type 8 and 0 were for echo requests and replies, so they probably wouldn't help with UDP scans, right?
upvoted 0 times
...
Felix
24 days ago
I practiced a question similar to this, and I feel like A is definitely the most relevant option for detecting UDP scans.
upvoted 0 times
...
Suzan
29 days ago
I'm not entirely sure, but I remember something about ICMP type 3 indicating unreachable errors, which could relate to UDP scans.
upvoted 0 times
...
Jamika
1 month ago
I think UDP scans might show up as ICMP unreachable messages, so maybe A is the right choice?
upvoted 0 times
...
Lilli
1 month ago
B seems like the best option, but I want to double-check the ICMP message types to be sure.
upvoted 0 times
...
Bobbye
1 month ago
I'm a bit confused on the difference between UDP scans and other types of scans. I'll need to review that before answering.
upvoted 0 times
...
Dona
2 months ago
C looks promising, since ICMP echo request/reply could be used to detect some types of scans.
upvoted 0 times
...
Ruthann
2 months ago
Hmm, I'm not sure about this one. I'll need to think through the ICMP message types more carefully.
upvoted 0 times
...
Rene
2 months ago
I think the answer is B, since UDP scans would trigger ICMP port unreachable messages.
upvoted 0 times
...

Save Cancel