Certified Ethical Hacker (CEH) — Question 23
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools can be used for passive OS fingerprinting?
Answer options
- A. nmap
- B. ping
- C. tracert
- D. tcpdump D
Correct answer:
Explanation
The correct answer is D, tcpdump, as it is specifically designed for capturing and analyzing network traffic, making it suitable for passive OS fingerprinting. In contrast, nmap (A) is primarily an active scanning tool, ping (B) is used for checking connectivity, and tracert (C) is for tracing the route to a host, none of which are focused on passive fingerprinting.