312-50V11 · Question #796
Which of the following tools can be used for passive OS fingerprinting?
The correct answer is A. tcpdump. Passive OS fingerprinting analyzes captured network traffic without sending probes, making tcpdump the correct tool among the options listed.
Question
Which of the following tools can be used for passive OS fingerprinting?
Options
- Atcpdump
- Bnmap
- Cping
- Dtracert
How the community answered
(31 responses)- A90% (28)
- B6% (2)
- D3% (1)
Why each option
Passive OS fingerprinting analyzes captured network traffic without sending probes, making tcpdump the correct tool among the options listed.
tcpdump is a passive packet capture utility that listens on a network interface without generating any probe traffic of its own - it can be used alongside tools like p0f to examine TCP/IP stack characteristics such as TTL values, window sizes, and TCP options in captured packets to infer remote host operating systems without alerting the target.
nmap actively sends crafted probe packets and analyzes responses for OS fingerprinting via its -O flag, making it an active reconnaissance tool, not a passive one.
ping actively transmits ICMP echo request packets to a target host, which constitutes active probing rather than passive traffic observation.
tracert actively injects packets with incrementing TTL values to map the network path to a destination, which is an active technique incompatible with passive fingerprinting.
Concept tested: Passive OS fingerprinting with packet capture tools
Source: https://www.tcpdump.org/manpages/tcpdump.1.html
Topics
Community Discussion
No community discussion yet for this question.