A network technician has identified a breach and is attempting to determine how the attacker connected to a device on the network. The technician uses tcpdump to perform a port scan and receives the following result:
Which of the following describes how the attacker connected to the device?
The attacker connected to the device using SSH. This can be determined by looking at the SYN-ACK response from port 22. In TCP communications, a SYN-ACK response indicates that a connection has been successfully established. Since port 22 is commonly known for SSH (Secure Shell) connections, the successful SYN-ACK response on this port shows that SSH was used by the attacker.
Syn-ack signifies and SSH connection was successful on port 22.
A I go with Telnet
it is "ssh", he got a syn-ack from port 22 which means connection established
It's C. You could see that Port 23 was RST which means it was terminated and port 22 is Syn-ack which means it was established
GPTTTT
I don't know what to look for here. port 23 failed, port 22 syn-ack and port 3389 just syn. Don't know how to come to the conclusion any of these was the breach... I'm just assumming its RDP cause it tried twice??