312-50V13 · Question #485
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports
The correct answer is C. Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood. Explanation Option C (Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 --flood) is correct because it combines the essential elements for spoofed scanning: -S sends TCP SYN packets, -a 192.168.1.254 spoofs the source IP address to mask the attacker's identity, -p 22 targets a specifi
Question
Options
- AHping3 -1 10.0.0.25 -ICMP
- BNmap -sS -Pn -n -vw --packet-trace -p- --script discovery -T4
- CHping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood
- DHping3 -2 10.0.0.25-p 80
How the community answered
(38 responses)- A3% (1)
- B11% (4)
- C79% (30)
- D8% (3)
Explanation
Explanation
Option C (Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 --flood) is correct because it combines the essential elements for spoofed scanning: -S sends TCP SYN packets, -a 192.168.1.254 spoofs the source IP address to mask the attacker's identity, -p 22 targets a specific port, and --flood sends packets rapidly for auditing purposes - directly satisfying the requirement for IP spoofing during probing.
Why the distractors are wrong:
- Option A uses
-1(ICMP mode) with-ICMPas a flag, which performs a simple ICMP ping sweep with no spoofing capability specified. - Option B is an Nmap command focused on comprehensive port/service discovery with scripting; while powerful, it does not spoof the source IP address and uses the wrong tool for this specific requirement.
- Option D uses
-2(UDP mode) targeting port 80, which is a UDP scan - but critically, it contains no-aflag, meaning no IP spoofing occurs.
Memory Tip
Think of the "-a" flag in Hping3 as "anonymous" - whenever you need to spoof (anonymize) your IP address in Hping3, the -a flag is your go-to option. If you don't see -a, there's no spoofing happening!
Topics
Community Discussion
No community discussion yet for this question.