Which tunneling technique uses ICMP echo and reply packets as carriers of TCP payload to covertly access or control a system?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which tunneling technique uses ICMP echo and reply packets as carriers of TCP payload to covertly access or control a system?

Explanation:
Using ICMP for tunneling relies on sending ICMP echo requests and echo replies as a transport path for data, in this case wrapping TCP payloads inside those ICMP messages. The tunnel endpoint on the sending side clips TCP segments into the ICMP payload, and the receiving side reconstructs the TCP stream from the ICMP replies. Because some networks treat ICMP differently from TCP, this can slip through firewall rules that focus on blocking TCP traffic, making it a covert channel for accessing or controlling a system. This matches the scenario described because it explicitly uses ICMP echo and reply packets as carriers for TCP data. Other techniques, like DNS tunneling, embed data in DNS queries and responses; methods that hide data in the IP Identification field or rely on TCP parameter manipulation use different vectors, not ICMP echo/reply messages.

Using ICMP for tunneling relies on sending ICMP echo requests and echo replies as a transport path for data, in this case wrapping TCP payloads inside those ICMP messages. The tunnel endpoint on the sending side clips TCP segments into the ICMP payload, and the receiving side reconstructs the TCP stream from the ICMP replies. Because some networks treat ICMP differently from TCP, this can slip through firewall rules that focus on blocking TCP traffic, making it a covert channel for accessing or controlling a system.

This matches the scenario described because it explicitly uses ICMP echo and reply packets as carriers for TCP data. Other techniques, like DNS tunneling, embed data in DNS queries and responses; methods that hide data in the IP Identification field or rely on TCP parameter manipulation use different vectors, not ICMP echo/reply messages.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy