ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-38 All Questions

View all questions & answers for the 312-38 exam
Go to Exam

Exam 312-38 topic 1 question 453 discussion

Actual exam question from ECCouncil's 312-38
Question #: 453
Topic #: 1
[All 312-38 Questions]

John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt? (Choose all that apply.)

  • A. tcp.flags=0x00
  • B. tcp.options.wscale_val==20
  • C. tcp.flags==0x2b
  • D. tcp.options.mss_val<1460
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by [deleted] at April 4, 2025, 10:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
joaovqbraga
1 month ago
Selected Answer: AD
Correct: A. tcp.flags=0x00: This filter matches a TCP packet with no flags set, also called a TCP NULL scan. It is often used by fingerprinting tools to find out how the system responds to strange packets. D. tcp.options.mss_val<1460: A lower than normal MSS (Maximum Segment Size) value may indicate an attempt to manipulate TCP packets, a common practice in fingerprinting to see how different systems react. Incorrect: B. tcp.options.wscale_val==20: Although the Window Scale value is part of the fingerprinting analysis, this specific value (20) is not necessarily suspicious or common to identify fingerprinting directly. C. tcp.flags==0x2b: 0x2b represents the FIN, PSH, URG, and SYN flags being set at the same time — a highly unusual and invalid value. Legitimate or fingerprinting tools do not usually use this combination, making this filter ineffective.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel