nerdexam
Exams312-50V9Questions#277
EC-Council

312-50V9 · Question #277

312-50V9 Question #277: Real Exam Question with Answer & Explanation

The correct answer is C: He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are. A /28 prefix covers only 16 addresses (192.168.1.64 to 192.168.1.79), so the attacker is scanning the wrong subnet range and the servers at .122-.124 are never reached.

Question

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28. Why he cannot see the servers?

Options

  • AThe network must be down and the nmap command and IP address are ok.
  • BHe needs to add the command ''''ip address'''' just before the IP address.
  • CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are
  • DHe needs to change the address to 192.168.1.0 with the same mask.

Explanation

A /28 prefix covers only 16 addresses (192.168.1.64 to 192.168.1.79), so the attacker is scanning the wrong subnet range and the servers at .122-.124 are never reached.

Common mistakes.

  • A. The network is not necessarily down - the problem is the incorrect subnet mask used in the nmap command, not network availability.
  • B. There is no 'ip address' flag in nmap syntax; this is not a valid nmap option and would not change the scan range.
  • D. Changing the address to 192.168.1.0 with /28 would scan .0 to .15, which is an entirely different subnet and still would not reach the servers at .122-.124.

Concept tested. CIDR subnet mask range calculation for network scanning

Reference. https://nmap.org/book/man-target-specification.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice