Certified Ethical Hacker (CEH v10) — Question 153

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Answer options

• A. Protocol analyzer
• B. Network sniffer
• C. Intrusion Prevention System (IPS)
• D. Vulnerability scanner

Correct answer: A

Explanation

A Protocol analyzer is specifically designed to inspect and analyze packet data, making it the best tool for determining the nature of the captured packets. While a Network sniffer can capture traffic, it does not offer the same level of detailed analysis to evaluate malicious intent. An Intrusion Prevention System (IPS) actively blocks threats and does not analyze captured data, and a Vulnerability scanner identifies weaknesses rather than assessing specific packet traffic.