312-50V13 · Question #62
312-50V13 Question #62: Real Exam Question with Answer & Explanation
The correct answer is B: tcpdump. Passive OS fingerprinting involves analyzing network traffic without actively sending probes to the target, allowing an attacker to deduce the operating system based on observed characteristics like TCP/IP stack behavior. Tcpdump is a tool that captures network traffic, which can
Question
Which of the following tools can be used for passive OS fingerprinting?
Options
- Anmap
- Btcpdump
- Ctracert
- Dping
Explanation
Passive OS fingerprinting involves analyzing network traffic without actively sending probes to the target, allowing an attacker to deduce the operating system based on observed characteristics like TCP/IP stack behavior. Tcpdump is a tool that captures network traffic, which can then be analyzed passively for OS fingerprinting.
Common mistakes.
- A. Nmap is primarily an active scanner that sends specially crafted packets to a target and analyzes the responses to perform OS fingerprinting, which is not passive.
- C. Traceroute (tracert) is an active network diagnostic tool that sends ICMP echo requests or UDP packets with increasing TTL values to map the path to a destination, not for passive OS fingerprinting.
- D. Ping is an active network diagnostic tool that sends ICMP echo request packets to a host to test reachability and measure round-trip time, not for passive OS fingerprinting.
Concept tested. Passive OS fingerprinting tools
Reference. https://www.wireshark.org/docs/wsug_html_chunked/ChCapIntroduction.html
Topics
Community Discussion
No community discussion yet for this question.