nerdexam
EC-Council

312-50V10 · Question #149

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the follow

The correct answer is B. Modifying and replaying captured network traffic. Passive network sniffing only observes and captures traffic without interacting with or injecting packets into the network, so any action requiring active packet manipulation is outside its scope.

Sniffing

Question

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

Options

  • AIdentifying operating systems, services, protocols and devices
  • BModifying and replaying captured network traffic
  • CCollecting unencrypted information about usernames and passwords
  • DCapturing a network traffic for further analysis

How the community answered

(55 responses)
  • A
    2% (1)
  • B
    95% (52)
  • D
    4% (2)

Why each option

Passive network sniffing only observes and captures traffic without interacting with or injecting packets into the network, so any action requiring active packet manipulation is outside its scope.

AIdentifying operating systems, services, protocols and devices

Passive sniffing can identify operating systems, services, protocols, and devices by analyzing packet headers, TTL values, TCP window sizes, and other observable traffic characteristics without sending any packets.

BModifying and replaying captured network trafficCorrect

Modifying and replaying captured traffic is an active attack technique - specifically a replay attack - that requires injecting crafted packets into the network, which fundamentally contradicts the passive-only nature of passive sniffing where the network adapter simply listens without transmitting.

CCollecting unencrypted information about usernames and passwords

Passive sniffing can capture cleartext credentials transmitted over unencrypted protocols such as FTP, Telnet, HTTP, and POP3 simply by reading the payload of captured packets.

DCapturing a network traffic for further analysis

Capturing network traffic for offline or later analysis is the primary and defining function of passive sniffing, requiring no active interaction with the network.

Concept tested: Passive vs active network sniffing capabilities

Source: https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/

Topics

#passive sniffing#active vs passive#packet capture#traffic replay

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice