What is a key indicator of UDP scanning?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What is a key indicator of UDP scanning?

Explanation:
The main idea is that UDP scanning shows a pattern of probing many ports and receiving ICMP messages in response. When a scanner sends UDP datagrams to a range of ports, closed ports typically reply with ICMP “destination unreachable—port unreachable.” Seeing a sequence of multiple UDP probes followed by ICMP responses fits this behavior and strongly indicates a port scan using UDP. In contrast, a single UDP packet to one port isn’t enough to suggest scanning, a TCP handshake reflects a TCP scan, and ICMP echo requests are simply ping activity, not UDP port discovery.

The main idea is that UDP scanning shows a pattern of probing many ports and receiving ICMP messages in response. When a scanner sends UDP datagrams to a range of ports, closed ports typically reply with ICMP “destination unreachable—port unreachable.” Seeing a sequence of multiple UDP probes followed by ICMP responses fits this behavior and strongly indicates a port scan using UDP. In contrast, a single UDP packet to one port isn’t enough to suggest scanning, a TCP handshake reflects a TCP scan, and ICMP echo requests are simply ping activity, not UDP port discovery.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy