nerdexam
EC-Council

312-50V11 · Question #796

Which of the following tools can be used for passive OS fingerprinting?

The correct answer is A. tcpdump. Passive OS fingerprinting analyzes captured network traffic without sending probes, making tcpdump the correct tool among the options listed.

Scanning Networks

Question

Which of the following tools can be used for passive OS fingerprinting?

Options

  • Atcpdump
  • Bnmap
  • Cping
  • Dtracert

How the community answered

(31 responses)
  • A
    90% (28)
  • B
    6% (2)
  • D
    3% (1)

Why each option

Passive OS fingerprinting analyzes captured network traffic without sending probes, making tcpdump the correct tool among the options listed.

AtcpdumpCorrect

tcpdump is a passive packet capture utility that listens on a network interface without generating any probe traffic of its own - it can be used alongside tools like p0f to examine TCP/IP stack characteristics such as TTL values, window sizes, and TCP options in captured packets to infer remote host operating systems without alerting the target.

Bnmap

nmap actively sends crafted probe packets and analyzes responses for OS fingerprinting via its -O flag, making it an active reconnaissance tool, not a passive one.

Cping

ping actively transmits ICMP echo request packets to a target host, which constitutes active probing rather than passive traffic observation.

Dtracert

tracert actively injects packets with incrementing TTL values to map the network path to a destination, which is an active technique incompatible with passive fingerprinting.

Concept tested: Passive OS fingerprinting with packet capture tools

Source: https://www.tcpdump.org/manpages/tcpdump.1.html

Topics

#passive OS fingerprinting#tcpdump#traffic analysis#OS detection

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice