312-50V11 · Question #601
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
The correct answer is A. -sO. The -sO switch in Nmap performs an IP protocol scan to identify which IP protocols are open and supported on a target system.
Question
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
Options
- A-sO
- B-sP
- C-sS
- D-sU
How the community answered
(26 responses)- A88% (23)
- C4% (1)
- D8% (2)
Why each option
The -sO switch in Nmap performs an IP protocol scan to identify which IP protocols are open and supported on a target system.
The -sO flag performs an IP protocol scan by iterating through IP protocol numbers (TCP, UDP, ICMP, IGMP, etc.) and analyzing responses to determine which protocols are open on the target. It identifies protocol-level openings rather than scanning individual TCP/UDP port numbers. This provides a broad view of what communication channels exist on the target.
-sP performs a ping scan to discover which hosts are alive on a network, not to enumerate open ports or protocols.
-sS performs a TCP SYN half-open stealth scan targeting TCP ports specifically, not a general IP protocol scan.
-sU performs a UDP-specific port scan to find open UDP services, not a scan across all IP protocols.
Concept tested: Nmap IP protocol scan switch -sO
Source: https://nmap.org/book/scan-methods-ip-protocol-scan.html
Topics
Community Discussion
No community discussion yet for this question.