312-50V11 · Question #485
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for pass
The correct answer is D. tcpdump. Passive OS fingerprinting requires a tool that only captures existing traffic without sending probes; tcpdump is the only passive packet-capture tool among the choices.
Question
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?
Options
- Anmap
- Bping
- Ctracert
- Dtcpdump
How the community answered
(37 responses)- A14% (5)
- B5% (2)
- C8% (3)
- D73% (27)
Why each option
Passive OS fingerprinting requires a tool that only captures existing traffic without sending probes; tcpdump is the only passive packet-capture tool among the choices.
nmap performs active OS fingerprinting by sending specially crafted probe packets to the target and analyzing responses, making it an active tool.
ping actively generates and sends ICMP echo request packets to a target host, which is an active rather than passive technique.
tracert (traceroute) actively sends packets with incrementing TTL values to discover network hops and is therefore an active tool.
tcpdump passively captures raw network packets off the wire without injecting any traffic. By inspecting TCP/IP header fields such as TTL values, window sizes, and TCP option ordering in captured packets, an analyst can infer the remote host's operating system. This is the definition of passive fingerprinting - observing traffic already in transit.
Concept tested: Passive OS fingerprinting using packet capture tools
Source: https://www.tcpdump.org/manpages/tcpdump.1.html
Topics
Community Discussion
No community discussion yet for this question.