Which of the following best describes a sign of tunneling when SSH appears inside ICMP?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which of the following best describes a sign of tunneling when SSH appears inside ICMP?

Explanation:
When SSH appears inside ICMP, it signals a covert channel being used—SSH data is being tunneled through ICMP messages. SSH normally runs over TCP, so seeing its payload encapsulated in ICMP packets is not standard traffic; it indicates tunneling activity, often used to bypass filters or monitoring. It’s not simply unusual traffic patterns, nor does it imply blocked traffic or ARP spoofing, which involve different mechanisms.

When SSH appears inside ICMP, it signals a covert channel being used—SSH data is being tunneled through ICMP messages. SSH normally runs over TCP, so seeing its payload encapsulated in ICMP packets is not standard traffic; it indicates tunneling activity, often used to bypass filters or monitoring. It’s not simply unusual traffic patterns, nor does it imply blocked traffic or ARP spoofing, which involve different mechanisms.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy