Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and
operating systems are running on the corporate network. Which of the following should be used to complete
Fingerprinting and password crackers
Fuzzing and a port scan
Vulnerability scan and fuzzing
Port scan and fingerprinting
Different services use different ports. When a service is enabled on a computer, a network port is opened for
that service. For example, enabling the HTTP service on a web server will open port 80 on the server. By
determining which ports are open on a remote server, we can determine which services are running on that
A port scanner is a software application designed to probe a server or host for open ports. This is often used by
administrators to verify security policies of their networks and by attackers to identify running services on a host
with the view to compromise it.
A port scan or portscan can be defined as a process that sends client requests to a range of server port
addresses on a host, with the goal of finding an active port. While not a nefarious process in and of itself, it is
one used by hackers to probe target machine services with the aim of exploiting a known vulnerability of that
service. However, the majority of uses of a port scan are not attacks and are simple probes to determine
services available on a remote machine.
Fingerprinting is a means of ascertaining the operating system of a remote computer on a network.
Fingerprinting is more generally used to detect specific versions of applications or protocols that are run on
network servers. Fingerprinting can be accomplished “passively” by sniffing network packets passing between
hosts, or it can be accomplished “actively” by transmitting specially created packets to the target machine and
analyzing the response