nerdexam
EC-Council

312-50V11 · Question #485

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for pass

The correct answer is D. tcpdump. Passive OS fingerprinting requires a tool that only captures existing traffic without sending probes; tcpdump is the only passive packet-capture tool among the choices.

Scanning Networks

Question

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?

Options

  • Anmap
  • Bping
  • Ctracert
  • Dtcpdump

How the community answered

(37 responses)
  • A
    14% (5)
  • B
    5% (2)
  • C
    8% (3)
  • D
    73% (27)

Why each option

Passive OS fingerprinting requires a tool that only captures existing traffic without sending probes; tcpdump is the only passive packet-capture tool among the choices.

Anmap

nmap performs active OS fingerprinting by sending specially crafted probe packets to the target and analyzing responses, making it an active tool.

Bping

ping actively generates and sends ICMP echo request packets to a target host, which is an active rather than passive technique.

Ctracert

tracert (traceroute) actively sends packets with incrementing TTL values to discover network hops and is therefore an active tool.

DtcpdumpCorrect

tcpdump passively captures raw network packets off the wire without injecting any traffic. By inspecting TCP/IP header fields such as TTL values, window sizes, and TCP option ordering in captured packets, an analyst can infer the remote host's operating system. This is the definition of passive fingerprinting - observing traffic already in transit.

Concept tested: Passive OS fingerprinting using packet capture tools

Source: https://www.tcpdump.org/manpages/tcpdump.1.html

Topics

#OS fingerprinting#passive fingerprinting#TCP/IP stack#tcpdump

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice