nerdexam
EC-Council

312-50V10 · Question #796

Which of the following tools can be used for passive OS fingerprinting?

The correct answer is A. tcpdump. Passive OS fingerprinting involves capturing network traffic without sending probes; tcpdump is a passive packet capture tool suited for this purpose.

Scanning Networks

Question

Which of the following tools can be used for passive OS fingerprinting?

Options

  • Atcpdump
  • Bnmap
  • Cping
  • Dtracert

How the community answered

(41 responses)
  • A
    90% (37)
  • B
    7% (3)
  • D
    2% (1)

Why each option

Passive OS fingerprinting involves capturing network traffic without sending probes; tcpdump is a passive packet capture tool suited for this purpose.

AtcpdumpCorrect

tcpdump passively captures raw network packets off the wire without sending any probe packets, allowing analysts to infer OS characteristics from observed traffic attributes like TCP window size, TTL values, and TCP options - making it a valid passive fingerprinting tool.

Bnmap

nmap performs active OS fingerprinting by sending crafted probe packets to the target and analyzing responses, which is an active - not passive - technique.

Cping

ping actively sends ICMP echo request packets to a target and waits for replies, making it an active probing tool rather than a passive one.

Dtracert

tracert actively sends packets with incrementing TTL values to discover network paths, which is an active - not passive - reconnaissance technique.

Concept tested: Passive OS fingerprinting using packet capture

Source: https://www.tcpdump.org/

Topics

#passive OS fingerprinting#tcpdump#traffic analysis#OS detection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice