nerdexam
EC-Council

312-50V10 · Question #155

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

The correct answer is B. Active. Active OS fingerprinting identifies a remote operating system by sending specially crafted packets and analyzing how the target's TCP/IP stack responds, exploiting implementation differences between operating systems.

Scanning Networks

Question

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

Options

  • APassive
  • BActive
  • CReflective
  • DDistributive

How the community answered

(26 responses)
  • A
    4% (1)
  • B
    92% (24)
  • D
    4% (1)

Why each option

Active OS fingerprinting identifies a remote operating system by sending specially crafted packets and analyzing how the target's TCP/IP stack responds, exploiting implementation differences between operating systems.

APassive

Passive OS fingerprinting only monitors and analyzes traffic already flowing on the network without sending any crafted packets to the target, making it stealthier but dependent on existing traffic.

BActiveCorrect

Active OS fingerprinting tools such as Nmap send deliberately unusual or malformed TCP/IP packets - for example, packets with specific flag combinations or out-of-spec options - and measure how the target OS responds, because each OS implements the TCP/IP stack differently. These behavioral differences in responses, such as window size, TTL values, and handling of edge-case flags, allow the tool to match the response profile to a known OS signature database. This technique requires actively generating and injecting traffic, which distinguishes it from passive fingerprinting that only observes existing network traffic.

CReflective

Reflective is not a recognized category in OS fingerprinting methodology and does not correspond to any standard technique.

DDistributive

Distributive is not a recognized category in OS fingerprinting methodology and does not correspond to any standard technique.

Concept tested: Active versus passive OS fingerprinting techniques

Source: https://nmap.org/book/osdetect.html

Topics

#OS fingerprinting#active fingerprinting#crafted packets#TCP/IP stack analysis

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice