Certified Network Defender (CND) — Question 137

James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack. Which of the following Wireshark filters will he use?

Answer options

• A. Icmp.type==8 or icmp.type==16
• B. icmp.type==8 or icmp.type==0
• C. icmp.type==8 and icmp.type==0
• D. Icmp.type==0 and icmp.type==16

Correct answer: B

Explanation

The correct answer is B because icmp.type==8 refers to an Echo Request (PING) and icmp.type==0 refers to an Echo Reply. Together, they effectively identify PING sweeps. Options A and D include incorrect types, while option C uses 'and' instead of 'or', which would exclude valid traffic analysis.