nerdexam
EC-Council

312-50V9 · Question #277

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attac

The correct answer is C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are. A /28 prefix covers only 16 addresses (192.168.1.64 to 192.168.1.79), so the attacker is scanning the wrong subnet range and the servers at .122-.124 are never reached.

Scanning Networks

Question

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:

nmap 192.168.1.64/28. Why he cannot see the servers?

Options

  • AThe network must be down and the nmap command and IP address are ok.
  • BHe needs to add the command ''''ip address'''' just before the IP address.
  • CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are
  • DHe needs to change the address to 192.168.1.0 with the same mask.

How the community answered

(36 responses)
  • A
    28% (10)
  • B
    6% (2)
  • C
    56% (20)
  • D
    11% (4)

Why each option

A /28 prefix covers only 16 addresses (192.168.1.64 to 192.168.1.79), so the attacker is scanning the wrong subnet range and the servers at .122-.124 are never reached.

AThe network must be down and the nmap command and IP address are ok.

The network is not necessarily down - the problem is the incorrect subnet mask used in the nmap command, not network availability.

BHe needs to add the command ''''ip address'''' just before the IP address.

There is no 'ip address' flag in nmap syntax; this is not a valid nmap option and would not change the scan range.

CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers areCorrect

A /28 subnet mask (255.255.255.240) allocates 16 addresses per subnet, so 192.168.1.64/28 covers 192.168.1.64 through 192.168.1.79. The actual network uses a /26 mask (255.255.255.192), which covers .64 through .127. By specifying /28 instead of /26, the attacker restricts his scan to the first 16 addresses of the block, never reaching the servers at .122, .123, and .124.

DHe needs to change the address to 192.168.1.0 with the same mask.

Changing the address to 192.168.1.0 with /28 would scan .0 to .15, which is an entirely different subnet and still would not reach the servers at .122-.124.

Concept tested: CIDR subnet mask range calculation for network scanning

Source: https://nmap.org/book/man-target-specification.html

Topics

#nmap subnetting#CIDR notation#subnet mask#network scanning range

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice