A security engineer is using a sniffer to determine the source of apparently hostile traffic on an organization’s internal routed network. When the engineer examines individual frames, he sees that the source MAC address for the hostile packets matches the MAC address for the router on the local network. What is the best explanation for this?
a. The packets are encapsulated in a tunneling protocol such as PPTP.
b. The packets have a spoofed originating MAC address in order to make identification of the hostile node more difficult.
c. Frames carrying IP traffic originating on another network will have a MAC address for the local network’s router.
d. The packets are IPX protocol, not IP.
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here