Why does the host respond to hping2 and not ping packet?
You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet?
[ceh]# ping 10.2.3.4
PING 10.2.3.4 (10.2.3.4) from 10.2.3.80 : 56(84) bytes of data.
— 10.2.3.4 ping statistics —
3 packets transmitted, 0 packets received, 100% packet loss
[ceh]# ./hping2 -c 4 -n -i 2 10.2.3.4
HPING 10.2.3.4 (eth0 10.2.3.4): NO FLAGS are set, 40 headers +
0 data bytes
len=46 ip=10.2.3.4 flags=RA seq=0 ttl=128 id=54167 win=0 rtt=0.8 ms
len=46 ip=10.2.3.4 flags=RA seq=1 ttl=128 id=54935 win=0 rtt=0.7 ms
len=46 ip=10.2.3.4 flags=RA seq=2 ttl=128 id=55447 win=0 rtt=0.7 ms
len=46 ip=10.2.3.4 flags=RA seq=3 ttl=128 id=55959 win=0 rtt=0.7 ms
— 10.2.3.4 hping statistic —
4 packets tramitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.7/0.8/0.8 ms
Which of the following command line switch would you use for OS detection in Nmap?
Which of the following command line switch would you use for OS detection in Nmap?
Which of the following commands runs snort in packet logger mode?
Which of the following commands runs snort in packet logger mode?
What can you infer from this information?
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?
An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.
An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.
What does ICMP (type 11, code 0) denote?
What does ICMP (type 11, code 0) denote?
What should you do next?
You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don’t get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?
A distributed port scan operates by:
A distributed port scan operates by:
what would you infer from this scan?
Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?
what type of scan should you run to get very reliable results?
You are performing a port scan with nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don’t want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results?