312-50V9 Question #352: Real Exam Question with Answer & Explanation

The correct answer is D: tcpdump. The correct answer is D. tcpdump. Passive OS fingerprinting means listening to existing network traffic without sending any probes or packets yourself. tcpdump is a passive packet capture tool - it silently captures and analyzes traffic already on the network, allowing analysts t

Question

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?

Options

Anmap
Bping
Ctracert
Dtcpdump

Explanation

The correct answer is D. tcpdump. Passive OS fingerprinting means listening to existing network traffic without sending any probes or packets yourself. tcpdump is a passive packet capture tool - it silently captures and analyzes traffic already on the network, allowing analysts to infer the OS based on TCP/IP stack behavior (TTL values, window sizes, TCP flags, etc.). nmap (A) typically performs active fingerprinting by sending crafted packets to the target. ping (B) and tracert (C) both actively send ICMP packets, making them active tools - not passive. p0f is a well-known passive fingerprinting tool, and tcpdump can serve a similar raw-capture role.

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice