312-50V10 · Question #485
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for pass
The correct answer is D. tcpdump. Passive OS fingerprinting involves capturing and analyzing existing network traffic without generating new probe packets. Only tcpdump operates passively by listening to traffic on the wire.
Question
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?
Options
- Anmap
- Bping
- Ctracert
- Dtcpdump
How the community answered
(45 responses)- A4% (2)
- B4% (2)
- C11% (5)
- D80% (36)
Why each option
Passive OS fingerprinting involves capturing and analyzing existing network traffic without generating new probe packets. Only tcpdump operates passively by listening to traffic on the wire.
nmap actively sends crafted probe packets to target hosts to elicit responses, making it an active fingerprinting tool, not passive.
ping actively transmits ICMP Echo Request packets to a target and waits for replies, which is the opposite of passive collection.
tracert actively sends packets with incrementing TTL values to discover network path hops, generating its own traffic on the network.
tcpdump is a passive packet capture utility that records live network traffic without injecting any packets of its own. By examining TCP header fields such as TTL values, window sizes, and TCP options in captured packets, analysts can infer the remote host OS without ever alerting it - satisfying the 'passive' requirement of TCP/IP stack fingerprinting.
Concept tested: Passive OS fingerprinting using packet capture
Source: https://www.tcpdump.org/manpages/tcpdump.1.html
Topics
Community Discussion
No community discussion yet for this question.