An unauthorized network scan may be detected by parsing network sniffer data for:
An unauthorized network scan may be detected by parsing network sniffer data for:
A. IP traffic from a single IP address to multiple IP addresses. Explanation: Unauthorized network scans typically involve a single attacker attempting to probe multiple IP addresses in a network to discover open ports, services, or vulnerabilities. This results in IP traffic originating from the attacker's IP address targeting numerous other IP addresses. Why the other answers are less suitable: B. IP traffic from a single IP address to a single IP address: This indicates typical communication between two hosts, not a scan. C. IP traffic from multiple IP addresses to a single IP address: This pattern could suggest load balancing or distributed traffic, but it's not indicative of a scan. D. IP traffic from multiple IP addresses to other networks: This pattern suggests general network traffic distribution or inter-network communication.