Joe, the security administrator, has determined that one of his web servers is under attack. Which
of the following can help determine where the attack originated from?

A.
Capture system image

B.
Record time offset

C.
Screenshots

D.
Network sniffing

Explanation:
Network sniffing is the process of capturing and analyzing the packets sent between systems on
the network. A network sniffer is also known as a Protocol Analyzer.

A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. Capturing and analyzing the
packets sent to the web server will help determine the source IP address of the system sending
the packets.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor)
from Microsoft and Wireshark (formerly Ethereal).