GCIH · Question #799
Based on the results below what type of nmap scan was run?
The correct answer is C. OS Detection. The nmap OS detection scan (-O or -A flag) uses TCP/IP stack fingerprinting by sending crafted probes and analyzing responses to identify the target operating system.
Question
Based on the results below what type of nmap scan was run?
Exhibit
Options
- AUDP Only Scan
- BPing Sweep
- COS Detection
- DBanner Grabbing
How the community answered
(36 responses)- A11% (4)
- B3% (1)
- C81% (29)
- D6% (2)
Why each option
The nmap OS detection scan (-O or -A flag) uses TCP/IP stack fingerprinting by sending crafted probes and analyzing responses to identify the target operating system.
A UDP-only scan (-sU) probes for open UDP ports by sending UDP packets and analyzing ICMP port-unreachable responses, providing no OS identification data.
A ping sweep (-sn or -sP) only determines host availability by sending ICMP echo requests, producing a list of live hosts without any port or OS information.
OS Detection in nmap is triggered by the -O or -A flag and works by sending a series of specially crafted TCP, UDP, and ICMP probes to the target, then comparing the response patterns against a database of known OS fingerprints. The output typically includes the predicted OS name, version, and confidence level, which distinguishes it from simpler scan types.
Banner grabbing uses service version detection (-sV) to capture application banners from open ports, identifying service software versions rather than the underlying OS.
Concept tested: Nmap OS detection via TCP/IP fingerprinting
Source: https://nmap.org/book/man-os-detection.html
Topics
Community Discussion
No community discussion yet for this question.
