1. Given the following Wireshark filter, what is the attacker attempting to view?
A. SYN, SYN/ACK, ACK
B. SYN, FIN, URG, and PSH
C. ACK, ACK, SYN, URG
D. SYN/ACK only
A. You’ll see bunches of Wireshark questions on your exam, and EC-Council just loves the “TCP flags = decimal numbers” side of it all. Wireshark also has the ability to filter based on a decimal numbering system assigned to TCP flags. The assigned flag decimal numbers are FIN = 1, ...