What protocol was found inside ICMP tunneling in the exercise?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What protocol was found inside ICMP tunneling in the exercise?

Explanation:
ICMP tunneling hides another protocol’s traffic inside the payload of ICMP packets, so you identify what protocol is being transported by looking for its characteristic patterns inside that payload. In this exercise, the ICMP payload contained data that matches SSH: the SSH identification string (for example, “SSH-2.0-…”) and the subsequent key-exchange material. That clear SSH handshake pattern inside the ICMP tunnel tells you the inside protocol is SSH. DNS would show DNS query/response structure and domain-name data, ARP isn’t transported over IP in this way, and HTTP would present HTTP request/response headers and methods inside the payload rather than an SSH handshake.

ICMP tunneling hides another protocol’s traffic inside the payload of ICMP packets, so you identify what protocol is being transported by looking for its characteristic patterns inside that payload. In this exercise, the ICMP payload contained data that matches SSH: the SSH identification string (for example, “SSH-2.0-…”) and the subsequent key-exchange material. That clear SSH handshake pattern inside the ICMP tunnel tells you the inside protocol is SSH.

DNS would show DNS query/response structure and domain-name data, ARP isn’t transported over IP in this way, and HTTP would present HTTP request/response headers and methods inside the payload rather than an SSH handshake.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy