GIAC
GCIH · Question #177
GCIH Question #177: Real Exam Question with Answer & Explanation
The correct answer is C: nmap -O -p. Nmap's -O flag enables OS detection by analyzing TCP/IP stack responses from a target host. Combined with -p to specify ports, this is the standard method for OS fingerprinting.
Question
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint. Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?
Options
- Anmap -sS
- Bnmap -sU -p
- Cnmap -O -p
- Dnmap -sT
Explanation
Nmap's -O flag enables OS detection by analyzing TCP/IP stack responses from a target host. Combined with -p to specify ports, this is the standard method for OS fingerprinting.
Common mistakes.
- A. nmap -sS performs a TCP SYN (half-open) stealth scan to discover open ports, not to fingerprint the operating system.
- B. nmap -sU -p performs a UDP port scan on specified ports, which is used to discover open UDP services rather than perform OS fingerprinting.
- D. nmap -sT performs a full TCP connect scan to identify open TCP ports, and does not perform OS or TCP/IP stack fingerprinting.
Concept tested. Nmap OS detection and TCP/IP stack fingerprinting
Reference. https://nmap.org/book/man-os-detection.html
Community Discussion
No community discussion yet for this question.