nerdexam
GIAC

GCIH · Question #799

Based on the results below what type of nmap scan was run?

The correct answer is C. OS Detection. The nmap OS detection scan (-O or -A flag) uses TCP/IP stack fingerprinting by sending crafted probes and analyzing responses to identify the target operating system.

Reconnaissance, Scanning, and Enumeration

Question

Based on the results below what type of nmap scan was run?

Exhibit

GCIH question #799 exhibit

Options

  • AUDP Only Scan
  • BPing Sweep
  • COS Detection
  • DBanner Grabbing

How the community answered

(36 responses)
  • A
    11% (4)
  • B
    3% (1)
  • C
    81% (29)
  • D
    6% (2)

Why each option

The nmap OS detection scan (-O or -A flag) uses TCP/IP stack fingerprinting by sending crafted probes and analyzing responses to identify the target operating system.

AUDP Only Scan

A UDP-only scan (-sU) probes for open UDP ports by sending UDP packets and analyzing ICMP port-unreachable responses, providing no OS identification data.

BPing Sweep

A ping sweep (-sn or -sP) only determines host availability by sending ICMP echo requests, producing a list of live hosts without any port or OS information.

COS DetectionCorrect

OS Detection in nmap is triggered by the -O or -A flag and works by sending a series of specially crafted TCP, UDP, and ICMP probes to the target, then comparing the response patterns against a database of known OS fingerprints. The output typically includes the predicted OS name, version, and confidence level, which distinguishes it from simpler scan types.

DBanner Grabbing

Banner grabbing uses service version detection (-sV) to capture application banners from open ports, identifying service software versions rather than the underlying OS.

Concept tested: Nmap OS detection via TCP/IP fingerprinting

Source: https://nmap.org/book/man-os-detection.html

Topics

#nmap#OS detection#scan type identification#TCP/IP fingerprinting

Community Discussion

No community discussion yet for this question.

Full GCIH Practice