nerdexam
EC-Council

312-50V11 · Question #336

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

The correct answer is B. -sP. The -sP flag performs a ping sweep to identify which hosts are currently active on a network without scanning individual ports. It is the correct switch for fast host discovery.

Scanning Networks

Question

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

Options

  • A-sO
  • B-sP
  • C-sS
  • D-sU

How the community answered

(29 responses)
  • A
    7% (2)
  • B
    90% (26)
  • D
    3% (1)

Why each option

The -sP flag performs a ping sweep to identify which hosts are currently active on a network without scanning individual ports. It is the correct switch for fast host discovery.

A-sO

-sO performs an IP protocol scan to enumerate which Layer 3 protocols a host supports, not a sweep to identify active hosts across a subnet.

B-sPCorrect

The -sP flag (called a ping scan or ping sweep) sends ICMP echo requests combined with TCP and ARP probes to determine which IP addresses have live hosts responding. This is the most direct NMAP method for mapping active addresses across a range and is still functional in modern NMAP versions, though -sn is now the preferred equivalent flag.

C-sS

-sS performs a TCP SYN stealth scan against specific ports on a target to identify open services, requiring a known host rather than discovering live hosts.

D-sU

-sU performs a UDP port scan to find open UDP services on a target host and does not function as a network-wide host discovery mechanism.

Concept tested: NMAP ping sweep for active IP host discovery

Source: https://nmap.org/book/man-host-discovery.html

Topics

#Nmap ping scan#-sP switch#host discovery#live host detection

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice