TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during
standard layer 4 network communications. Which of the following tools can be used for passive OS
fingerprinting?
A.
nmap
B.
pingC. tracert
D.
tcpdump
The answer is D.tcpdump
What about tracert and ping? You can obtain the TTL with both tools and therefore determine the OS. I think that this question might be multichoice
Correct Answer: A
Explanation/Reference:
The passive operating system fingerprinting is a feature built into both the pf and tcpdump tools.
References: http://geek00l.blogspot.se/2007/04/tcpdump-privilege-dropping-passive-os.html
Ooops TCPDUMP
C.
Answer:
tcpdump
Explanation:
The passive operating system fingerprinting is a feature built into both the pf and tcpdump tools.
References: http://geek00l.blogspot.se/2007/04/tcpdump-privilege-dropping-passive-os.html
i think that nmap,ping, tracert work in layer 3
but the question mention layer 4 so the correct answer is tcpdump
D
It is tcpdump I believe because it is used without directly interacting with the target, it is a sniffer. Wireshark would also be passive.
nmap, ping and tracert have to interact with the target (sending and receiving their probe packets) and are thus active as opposed to passive.