312-50V11 · Question #155
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?
The correct answer is B. Active. Active OS fingerprinting generates specially crafted probe packets directed at a target and identifies the operating system by analyzing the target's responses, unlike passive fingerprinting which only observes existing traffic.
Question
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?
Options
- APassive
- BActive
- CReflective
- DDistributive
How the community answered
(40 responses)- B90% (36)
- C8% (3)
- D3% (1)
Why each option
Active OS fingerprinting generates specially crafted probe packets directed at a target and identifies the operating system by analyzing the target's responses, unlike passive fingerprinting which only observes existing traffic.
Passive OS fingerprinting identifies the OS by observing and analyzing traffic already flowing on the network without sending any probes, making it stealthier but dependent on capturing existing communications.
Active OS fingerprinting tools such as Nmap send deliberately crafted TCP, UDP, and ICMP probes to the target host to elicit responses. Variations in TCP/IP stack implementation details - such as initial TTL values, TCP window sizes, and handling of unusual flag combinations - are compared against a signature database to identify the OS. Because this approach generates new traffic toward the target, it is detectable by intrusion detection systems, which is the key distinguishing trade-off from passive techniques.
Reflective is not a recognized or standard category of OS fingerprinting technique in security literature or certification curricula.
Distributive is not a recognized or standard category of OS fingerprinting technique in security literature or certification curricula.
Concept tested: Active vs. passive OS fingerprinting techniques
Source: https://nmap.org/book/osdetect.html
Topics
Community Discussion
No community discussion yet for this question.