An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of
packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and
saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely malicious or simply a false
positive?
A.
Protocol analyzer
B.
Intrusion Prevention System (IPS)
C.
Network sniffer
D.
Vulnerability scanner
Explanation:
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular
types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware
that can intercept and log traffic that passes over a digital network or part of a network. A packet analyzer can
analyze packet traffic saved in a PCAP file.
https://en.wikipedia.org/wiki/Packet_analyzer