When Nmap performs a ping sweep, which of the following sets of requests does it send to the
target device?
A.
ICMP ECHO_REQUEST & TCP SYN
B.
ICMP ECHO_REQUEST & TCP ACK
C.
ICMP ECHO_REPLY & TFP RST
D.
ICMP ECHO_REPLY & TCP FIN
Explanation:
The default behavior of NMAP is to do both an ICMP ping sweep (the usual kind of
ping) and a TCP port 80 ACK ping sweep. If an admin is logging these this will be fairly
characteristic of NMAP.
5 Ping Scan [-sP]
This scan type lists the hosts within the specified range that responded to a ping. It allows you to detect which computers are online, rather than which ports are open. Four methods exist within Nmap for ping sweeping.
The first method sends an ICMP ECHO REQUEST (ping request) packet to the destination system. If an ICMP ECHO REPLY is received, the system is up, and ICMP packets are not blocked. If there is no response to the ICMP ping, Nmap will try a “TCP Ping”, to determine whether ICMP is blocked, or if the host is really not online.
A TCP Ping sends either a SYN or an ACK packet to any port (80 is the default) on the remote system. If RST, or a SYN/ACK, is returned, then the remote system is online. If the remote system does not respond, either it is offline, or the chosen port is filtered, and thus not responding to anything.
When you run an Nmap ping scan as root, the default is to use the ICMP and ACK methods. Non-root users will use the connect() method, which attempts to connect to a machine, waiting for a response, and tearing down the connection as soon as it has been established (similar to the SYN/ACK method for root users, but this one establishes a full TCP connection!)
The ICMP scan type can be disabled by setting -P0 (that is, zero, not uppercase o).
So A and B are correct, not B only
m0 says:
March 19, 2014 at 2:33 pm
So A and B are correct, not B only
No, only B is correct: Default is ACK.
But this is, again, a typical CEH question with discussionable answers.