A cybersecurity analyst is investigating a compromised workstation that is exhibiting signs of beaconing to an unknown external IP address. To understand the nature of the attack, the analyst needs to capture and perform a deep-dive analysis of the full packet payloads being exchanged. Which of the following tools is BEST suited for this specific task?
Wireshark is the most appropriate tool for this task as it is a network protocol analyzer that captures packets and allows for in-depth inspection of their contents. This enables an analyst to reconstruct the communication between the compromised host and the external IP. Nmap is a network scanner used for discovering hosts and open ports, not for deep packet analysis. Nessus is a vulnerability scanner used to identify security weaknesses, which is not its function here. Metasploit is an exploitation framework used for penetration testing, not for analyzing captured network traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of data can Wireshark analyze?
Open an interactive chat with Bash
How does Wireshark capture network traffic?
Open an interactive chat with Bash
What is the difference between Wireshark and Nmap?