nerdexam
EC-Council

312-50V11 · Question #613

Which of the following Nmap commands would be used to perform a stack fingerprinting?

The correct answer is A. Nmap -O -p80 <host(s.>. The -O flag in Nmap enables OS detection by analyzing TCP/IP stack responses, a technique known as stack fingerprinting. Pairing it with -p80 directs the probe to a commonly open port to improve accuracy.

Scanning Networks

Question

Which of the following Nmap commands would be used to perform a stack fingerprinting?

Options

  • ANmap -O -p80 <host(s.>
  • BNmap -hU -Q<host(s.>
  • CNmap -sT -p <host(s.>
  • DNmap -u -o -w2 <host>
  • ENmap -sS -0p target

How the community answered

(24 responses)
  • A
    88% (21)
  • B
    4% (1)
  • D
    4% (1)
  • E
    4% (1)

Why each option

The -O flag in Nmap enables OS detection by analyzing TCP/IP stack responses, a technique known as stack fingerprinting. Pairing it with -p80 directs the probe to a commonly open port to improve accuracy.

ANmap -O -p80 <host(s.>Correct

Nmap's -O flag activates OS detection by sending a series of specially crafted TCP and UDP packets to the target and comparing the responses against a built-in database of known TCP/IP stack signatures. This process is called stack fingerprinting because different operating systems implement the TCP/IP stack slightly differently, producing unique response patterns. The -p80 option focuses the probe on port 80, which is frequently open and increases the chance of a successful fingerprint.

BNmap -hU -Q<host(s.>

The flags -hU and -Q are not valid Nmap options, making this command syntactically incorrect and non-functional.

CNmap -sT -p <host(s.>

The -sT flag initiates a TCP connect scan to enumerate open ports but does not perform OS detection without the -O flag.

DNmap -u -o -w2 <host>

The flags -u -o -w2 do not correspond to valid Nmap OS fingerprinting options and would not perform stack fingerprinting.

ENmap -sS -0p target

While -sS performs a SYN scan, the token '-0p' is malformed - it uses the digit zero instead of the letter O and omits a port number - making the command invalid.

Concept tested: Nmap OS detection via TCP/IP stack fingerprinting

Source: https://nmap.org/book/man-os-detection.html

Topics

#Nmap#OS fingerprinting#stack fingerprinting#TCP/IP stack

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice