nerdexam
EC-Council

312-50V11 · Question #601

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

The correct answer is A. -sO. The -sO switch in Nmap performs an IP protocol scan to identify which IP protocols are open and supported on a target system.

Scanning Networks

Question

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

Options

  • A-sO
  • B-sP
  • C-sS
  • D-sU

How the community answered

(26 responses)
  • A
    88% (23)
  • C
    4% (1)
  • D
    8% (2)

Why each option

The -sO switch in Nmap performs an IP protocol scan to identify which IP protocols are open and supported on a target system.

A-sOCorrect

The -sO flag performs an IP protocol scan by iterating through IP protocol numbers (TCP, UDP, ICMP, IGMP, etc.) and analyzing responses to determine which protocols are open on the target. It identifies protocol-level openings rather than scanning individual TCP/UDP port numbers. This provides a broad view of what communication channels exist on the target.

B-sP

-sP performs a ping scan to discover which hosts are alive on a network, not to enumerate open ports or protocols.

C-sS

-sS performs a TCP SYN half-open stealth scan targeting TCP ports specifically, not a general IP protocol scan.

D-sU

-sU performs a UDP-specific port scan to find open UDP services, not a scan across all IP protocols.

Concept tested: Nmap IP protocol scan switch -sO

Source: https://nmap.org/book/scan-methods-ip-protocol-scan.html

Topics

#NMAP#port scanning#IP protocol scan#scan types

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice