312-50V10 · Question #149
When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the follow
The correct answer is B. Modifying and replaying captured network traffic. Passive network sniffing only observes and captures traffic without interacting with or injecting packets into the network, so any action requiring active packet manipulation is outside its scope.
Question
When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?
Options
- AIdentifying operating systems, services, protocols and devices
- BModifying and replaying captured network traffic
- CCollecting unencrypted information about usernames and passwords
- DCapturing a network traffic for further analysis
How the community answered
(55 responses)- A2% (1)
- B95% (52)
- D4% (2)
Why each option
Passive network sniffing only observes and captures traffic without interacting with or injecting packets into the network, so any action requiring active packet manipulation is outside its scope.
Passive sniffing can identify operating systems, services, protocols, and devices by analyzing packet headers, TTL values, TCP window sizes, and other observable traffic characteristics without sending any packets.
Modifying and replaying captured traffic is an active attack technique - specifically a replay attack - that requires injecting crafted packets into the network, which fundamentally contradicts the passive-only nature of passive sniffing where the network adapter simply listens without transmitting.
Passive sniffing can capture cleartext credentials transmitted over unencrypted protocols such as FTP, Telnet, HTTP, and POP3 simply by reading the payload of captured packets.
Capturing network traffic for offline or later analysis is the primary and defining function of passive sniffing, requiring no active interaction with the network.
Concept tested: Passive vs active network sniffing capabilities
Source: https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/
Topics
Community Discussion
No community discussion yet for this question.