nerdexam
EC-Council

312-50V10 · Question #485

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for pass

The correct answer is D. tcpdump. Passive OS fingerprinting involves capturing and analyzing existing network traffic without generating new probe packets. Only tcpdump operates passively by listening to traffic on the wire.

Footprinting and Reconnaissance

Question

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?

Options

  • Anmap
  • Bping
  • Ctracert
  • Dtcpdump

How the community answered

(45 responses)
  • A
    4% (2)
  • B
    4% (2)
  • C
    11% (5)
  • D
    80% (36)

Why each option

Passive OS fingerprinting involves capturing and analyzing existing network traffic without generating new probe packets. Only tcpdump operates passively by listening to traffic on the wire.

Anmap

nmap actively sends crafted probe packets to target hosts to elicit responses, making it an active fingerprinting tool, not passive.

Bping

ping actively transmits ICMP Echo Request packets to a target and waits for replies, which is the opposite of passive collection.

Ctracert

tracert actively sends packets with incrementing TTL values to discover network path hops, generating its own traffic on the network.

DtcpdumpCorrect

tcpdump is a passive packet capture utility that records live network traffic without injecting any packets of its own. By examining TCP header fields such as TTL values, window sizes, and TCP options in captured packets, analysts can infer the remote host OS without ever alerting it - satisfying the 'passive' requirement of TCP/IP stack fingerprinting.

Concept tested: Passive OS fingerprinting using packet capture

Source: https://www.tcpdump.org/manpages/tcpdump.1.html

Topics

#OS fingerprinting#passive reconnaissance#TCP/IP stack#tcpdump

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice