A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion
Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine
whether this packets are indeed malicious. What tool are you going to use?
A.
Intrusion Prevention System (IPS)
B.
Vulnerability scanner
C.
Protocol analyzer
D.
Network sniffer
A.
Answer: C Protocol Analyzer
A PCAP file is a data file created by Wireshark (formerly Ethereal), a free program used for network analysis; contains network packet data created during a live network capture; used for “packet sniffing” and analyzing data network characteristics; can be analyzed using software that includes the libpcap or WinPcap libraries.
Answer is indeed C.
However, PCAP files are not created by just Wirehark. Any program with libpacp or WinPCAP API can create a PCAP file.
Wireshark is most common. Wireshark is a Protocol-Analyzer.
C