An Intrusion Detection System (IDS) has alerted the n
etwork administrator to a possibly malicious sequence of packets sent to a Web server in the networks external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.
What type of network tool can be used to determine if these packets a
re genuinely malicious or simply a false positive?
A. Protocol analyzer
B. Intrusion Prevention System (IPS)
C. Network sniffer
D. Vulnerability scanner
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer-”or
, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network. A packet analyzer can analyze packe
t traffic saved in a PCAP file.
References: