Computer Hacking Forensic Investigator (CHFI) Practice Exam

The presence of non-native DNS packets in network traffic strongly indicates DNS poisoning. DNS poisoning, also known as DNS spoofing, occurs when corrupt DNS data is inserted into the cache of a DNS resolver or server, resulting in the incorrect resolution of domain names.

When a network traffic analysis reveals non-native DNS packets, it may suggest that these packets are manipulating DNS queries and responses, redirecting users to malicious sites without their knowledge. This attack compromises the integrity of the DNS resolution process, often leading to phishing attacks or the distribution of malware.

In contrast, cookie poisoning involves altering the cookies stored in a web browser to hijack an active session, while session poisoning pertains to hijacking a session typically by taking over a user's active session. Packet sniffing refers to the practice of capturing data packets as they traverse a network, which does not involve manipulating DNS queries or responses directly. Therefore, the observations of non-native DNS packets are indicative of DNS poisoning as it directly correlates with tampering in the domain name resolution process.