Which of the following are indicators of ICMP tunneling?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which of the following are indicators of ICMP tunneling?

Explanation:
ICMP tunneling leaves telltale signs in how ICMP traffic appears. The data being carried through the tunnel ends up in the ICMP payloads, so you’ll often see unusually large ICMP payloads, odd packet sizes, and a high volume of ICMP traffic that doesn’t match typical diagnostic ping behavior. In normal networks, ICMP echo requests and replies are small and infrequent, used simply to check reachability. When you observe big ICMP payloads paired with a spike in ICMP traffic, it strongly suggests a covert channel is being used. The other choices point to different tunneling methods or unrelated protocols (SSH-over-ICMP, DNS tunneling, or ARP/MAC mapping), which are not indicators of ICMP tunneling itself.

ICMP tunneling leaves telltale signs in how ICMP traffic appears. The data being carried through the tunnel ends up in the ICMP payloads, so you’ll often see unusually large ICMP payloads, odd packet sizes, and a high volume of ICMP traffic that doesn’t match typical diagnostic ping behavior. In normal networks, ICMP echo requests and replies are small and infrequent, used simply to check reachability. When you observe big ICMP payloads paired with a spike in ICMP traffic, it strongly suggests a covert channel is being used. The other choices point to different tunneling methods or unrelated protocols (SSH-over-ICMP, DNS tunneling, or ARP/MAC mapping), which are not indicators of ICMP tunneling itself.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy