312-50V10 · Question #796
Which of the following tools can be used for passive OS fingerprinting?
The correct answer is A. tcpdump. Passive OS fingerprinting involves capturing network traffic without sending probes; tcpdump is a passive packet capture tool suited for this purpose.
Question
Which of the following tools can be used for passive OS fingerprinting?
Options
- Atcpdump
- Bnmap
- Cping
- Dtracert
How the community answered
(41 responses)- A90% (37)
- B7% (3)
- D2% (1)
Why each option
Passive OS fingerprinting involves capturing network traffic without sending probes; tcpdump is a passive packet capture tool suited for this purpose.
tcpdump passively captures raw network packets off the wire without sending any probe packets, allowing analysts to infer OS characteristics from observed traffic attributes like TCP window size, TTL values, and TCP options - making it a valid passive fingerprinting tool.
nmap performs active OS fingerprinting by sending crafted probe packets to the target and analyzing responses, which is an active - not passive - technique.
ping actively sends ICMP echo request packets to a target and waits for replies, making it an active probing tool rather than a passive one.
tracert actively sends packets with incrementing TTL values to discover network paths, which is an active - not passive - reconnaissance technique.
Concept tested: Passive OS fingerprinting using packet capture
Source: https://www.tcpdump.org/
Topics
Community Discussion
No community discussion yet for this question.