nerdexam
ExamsGCIHQuestions#232
GIAC

GCIH · Question #232

GCIH Question #232: Real Exam Question with Answer & Explanation

The correct answer is D: Nmap. Nmap performs active OS fingerprinting by sending crafted probe packets to a target, making it unsuitable for passive detection.

Reconnaissance, Scanning, and Enumeration

Question

Which of the following applications is NOT used for passive OS fingerprinting?

Options

  • ANetworkminer
  • BSatori
  • Cp0f
  • DNmap

Explanation

Nmap performs active OS fingerprinting by sending crafted probe packets to a target, making it unsuitable for passive detection.

Common mistakes.

  • A. Networkminer is a passive network forensic analyzer that reconstructs OS information from captured packets without sending any probe traffic.
  • B. Satori is a passive fingerprinting tool that identifies devices and operating systems by observing DHCP, mDNS, and other broadcast traffic on the network.
  • C. p0f is a well-known purely passive OS fingerprinting tool that identifies operating systems solely by analyzing the characteristics of incoming TCP/IP packets.

Concept tested. Passive vs. active OS fingerprinting tools

Reference. https://nmap.org/book/man-os-detection.html

Topics

#passive OS fingerprinting#Nmap#active vs passive scanning#network reconnaissance

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice