312-50V10 · Question #601
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
The correct answer is A. -sO. The NMAP -sO switch performs an IP protocol scan to discover which IP-layer protocols are open and supported on a target system.
Question
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
Options
- A-sO
- B-sP
- C-sS
- D-sU
How the community answered
(47 responses)- A89% (42)
- B6% (3)
- C2% (1)
- D2% (1)
Why each option
The NMAP -sO switch performs an IP protocol scan to discover which IP-layer protocols are open and supported on a target system.
The -sO flag directs NMAP to iterate through IP protocol numbers (such as TCP, UDP, ICMP, IGMP, and others) to determine which protocols are active and therefore open on the target. This operates at the IP layer rather than the port layer, revealing which protocol-level services have been left enabled on the target host. It is the appropriate switch when the goal is enumerating open protocol channels across a network rather than scanning specific TCP or UDP port numbers.
-sP (superseded by -sn in modern NMAP versions) is a host discovery ping scan used only to determine whether hosts are alive, not to identify open ports or protocols.
-sS performs a TCP SYN half-open stealth scan targeting only TCP ports and does not enumerate IP protocol types or detect UDP or ICMP availability.
-sU performs a scan limited to UDP ports only and does not provide a broad IP-protocol-level view of all open channels on the target.
Concept tested: NMAP -sO IP protocol scan switch function
Source: https://nmap.org/book/scan-methods-ip-protocol-scan.html
Topics
Community Discussion
No community discussion yet for this question.