A security analyst suspects that a workstation is periodically reaching out to a command-and-control (C2) server. The analyst needs to capture the workstation's outbound traffic in real time and examine individual packet headers and payloads to confirm whether beaconing is occurring. Which of the following tools would BEST enable the analyst to perform this task?
Wireshark is a packet capture and protocol-analysis tool that allows analysts to record live traffic and drill into packet details, making it ideal for detecting irregular beaconing or other anomalies. Nessus focuses on vulnerability scanning, Splunk aggregates and searches log data as a SIEM/SOAR platform, and Nmap performs host discovery and port scanning-none of which provide interactive packet-level inspection of live traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are packet capture tools and how do they work?
Open an interactive chat with Bash
What kind of anomalies can Wireshark help identify?
Open an interactive chat with Bash
What is the significance of analyzing network traffic?