A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
A. -sO
B. -sP
C. -sS
D. -sU
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
“A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?”
This is a stupid question with too much confused information. From Nmap perspective, we have these options:
-sO: IP Protocal scan
-sP: Ping sweep scan
-sS: stealth scan
-sU: UDP scan
The answer could be “-sS” and “-sU”, that is why I said this is a stupid question. It should be mentioned TCP or UDP ports.
Agreed it should be C or D based on which type of ports are to be scanned.
Just wanna mension although in CEH -sS is always refered to as a ‘stealth scan’ from Nmap perspective its just a SYN scan and is not even categorized as an evasive scan. Many years ago it mightve been stealthy in some cases.
I strongly agree with you T, actually -sO does not give you the ports!
SHOULD BE C
nmap -sO 192.168.123.8
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 09:55 CST
Nmap scan report for 192.168.123.8
Host is up (0.00030s latency).
Not shown: 255 open|filtered protocols
PROTOCOL STATE SERVICE
1 open icmp
AND
nmap -sS 192.168.123.8
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 09:55 CST
Nmap scan report for 192.168.123.8
Host is up (0.00028s latency).
Not shown: 991 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
554/tcp open rtsp
2869/tcp open icslap
3389/tcp open ms-wbt-server
5357/tcp open wsdapi
10243/tcp open unknown
I think this is completely self explanatory, so, I don’t see in which universe the answer is A, hence, I wouldn’t know what to do in the actual exam with this question if EC Council this idiotic and the “exam answer” is supposed to be A!
the protocol is on the right…
stupid question actually….
https://phoenixnap.com/kb/nmap-scan-open-ports
https://highon.coffee/blog/nmap-cheat-sheet/#os-detection
nmap -sP 10.0.0.0/24
Ping scans the network, listing machines that respond to ping.
nmap -p 1-65535 -sV -sS -T4 target
Full TCP port scan using with service version detection – usually my first scan, I find T4 more accurate than T5 and still “pretty quick”.
nmap -v -sS -A -T4 target
Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services.
i feel like its sP
-sP is for an ICMP ping.
-sO equals to –open where the scan fetches only the open ports.
So A is correct.
I would argue for -sS as well because they are talking about a port scan NOT an IP protocol scan (-sO), the question is a little vague. I hear ports, I think layer 4 (-sS); if they said protocols I would definitely go with -sO.
From ‘man nmap’ —
-sO (IP protocol scan)
IP protocol scan allows you to determine which IP protocols (TCP, ICMP, IGMP, etc.) are
supported by target machines.
I strongly agree with you, actually -sO does not give you the ports!
SHOULD BE C
nmap -sO 192.168.123.8
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 09:55 CST
Nmap scan report for 192.168.123.8
Host is up (0.00030s latency).
Not shown: 255 open|filtered protocols
PROTOCOL STATE SERVICE
1 open icmp
AND
nmap -sS 192.168.123.8
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 09:55 CST
Nmap scan report for 192.168.123.8
Host is up (0.00028s latency).
Not shown: 991 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
554/tcp open rtsp
2869/tcp open icslap
3389/tcp open ms-wbt-server
5357/tcp open wsdapi
10243/tcp open unknown
I think his is completely self explanatory, so, I don’t see in which universe the answer is A, hence, I wouldn’t know what to do in the actual exam with this question, is EC Council this idiotic?