312-50V9 · Question #110
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?
The correct answer is B. -sP. The -sP flag performs a ping sweep to identify which IP addresses have active hosts responding on a network.
Question
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?
Options
- A-sO
- B-sP
- C-sS
- D-sU
How the community answered
(39 responses)- A3% (1)
- B92% (36)
- D5% (2)
Why each option
The -sP flag performs a ping sweep to identify which IP addresses have active hosts responding on a network.
-sO performs an IP protocol scan to determine which Layer 3 protocols a target supports, not a host discovery sweep.
The -sP flag (equivalent to -sn in modern Nmap versions) sends ICMP echo requests and TCP probes to each target address to determine which hosts are online, without performing a full port scan. This makes it the correct choice for quickly discovering active IP addresses across a network range.
-sS performs a TCP SYN stealth port scan against a specific target, not a sweep to find which hosts are currently active.
-sU performs a UDP port scan on a known target host and does not identify which IP addresses are live on the network.
Concept tested: Nmap ping sweep for active host discovery
Source: https://nmap.org/book/man-host-discovery.html
Topics
Community Discussion
No community discussion yet for this question.