Certified Ethical Hacker (CEH) — Question 74

Why would an attacker want to perform a scan on port 137?

Answer options

• A. To discover proxy servers on a network
• B. To disrupt the NetBIOS SMB service on the target host
• C. To check for file and print sharing on Windows systems
• D. To discover information about a target host using NBTSTAT

Correct answer: D

Explanation

The correct answer is D because port 137 is used for NetBIOS Name Service, which can be queried with NBTSTAT to obtain information about the target host. Option A is incorrect as port 137 is not associated with proxy server discovery, B is misleading since disrupting services is not the primary purpose of scanning this port, and C, while related to file sharing, is more about checking configurations rather than gathering host information.