Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 312-38 Topic 9 Question 109 Discussion

Actual exam question for Eccouncil's 312-38 exam
Question #: 109
Topic #: 9
[All 312-38 Questions]

A network administrator is monitoring the network traffic with Wireshark. Which of the following filters will she use to view the packets moving without setting a flag to detect TCP Null Scan attempts?

Show Suggested Answer Hide Answer
Suggested Answer: A

In Wireshark, to detect TCP Null Scan attempts, the filter used istcp.flags==0. This filter will show packets where no TCP flags are set, which is indicative of a TCP Null Scan. A TCP Null Scan is a type of network reconnaissance technique where the attacker sends TCP packets with no flags set to the target system. If the target system responds with a RST packet, it indicates that the port is closed, while no response suggests that the port is open or filtered. This method is used because some systems do not log these null packets, allowing the scan to go unnoticed.


by Jacklyn at Jul 14, 2025, 03:07 AM

Limited Time Offer

25%

Off

Get Premium 312-38 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
a