Certified Network Defender (CND) — Question 175

John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt? (Choose all that apply.)

Answer options

• A. tcp.flags=0x00
• B. tcp.options.wscale_val==20
• C. tcp.flags==0x2b
• D. tcp.options.mss_val<1460

Correct answer: A, C, D

Explanation

The correct options A, C, and D are relevant filters that can help identify TCP OS fingerprinting attempts, as they focus on specific TCP flags and options that can indicate suspicious activity. Option B is not typically associated with OS fingerprinting and thus is not a suitable filter for this scenario.