Heroes of Packet Analysis Quiz

Enter the competition and match your skills to those of the Packet Analysis Heroes! Answer all questions correctly for a chance to win a $500 Amazon Gift Card.

Navigate through the questions by clicking on the numbers below.

1   |   2   |    3   |   4   |   5   |   6   |   7   |   8   |   9   |   10   |  11   12   |   13   |   14

5: Given an infected host system with Covert_TCP successfully installed/configured, will the beacon back to the malicious C2 server be successful in traversing the depicted network to its intended destination?


Click on the image to zoom in.

A. No, all WAN optimizers have next-generation firewalls onboard and it would filter this malicious traffic.
B. Yes, the infected host’s Covert_TCP packet will reach its destination since WAN optimizers simply allow traffic to pass through them, inspecting the traffic flow to make better informed decisions about future bandwidth allocation and planning.
C. Yes, the infected host will be able to communicate with the C2 server since Covert_TCP uses TCP header fields that are left unaltered, as packets traverse the network.
D. No, WAN optimizers that use TCP acceleration will create a new TCP session on behalf of the client/server and during the creation of this new session the covert channel information would be dropped.

Question Background:

A host has been compromised on the distant end of a satellite communication link. The host has malware that has been successfully uploaded and is attempting to run the Covert_TCP tool (i.e., covert channels within TCP headers). This tool is being utilized to beacon back to a malicious command & control (C2) server and receive follow-on instructions. The satellite communication path utilizes WAN optimization devices to provide better user experience and utilization of the bandwidth. The system administrator has enabled protocol spoofing, latency optimization, and TCP acceleration on the WAN optimization devices.

Who asked the question:

Brad Palm

Operator at BruteForce LLC

Highly skilled at analyzing and navigating the IT risks that are inherent when adopting technologies, Brad is motivated to work with dynamic, fast-paced, high-performing teams. Brad is operating BruteForce, a digital security and network analysis consulting firm.

Read his White Paper › ProfiShark 1G Use Case Analysis

Please choose your answer via the form.

Answer *:(* required fields)

Answer all questions correctly for a chance to win a $500 Amazon Gift Card.

Join the conversation

Find us on one of the following social platforms to get a sneak peek into the network monitoring world.

Be Part of the Team

We are always on the lookout for passionate people, who are open to change and innovation.
Check the Careers Page

Our Blog

Find the latest insights on network monitoring & analysis so you know which solution suits you best.
Check the Latest Insights