Certified Ethical Hacker (CEH v11) — Question 91

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address.
Which of the following Nmap commands helped Jim retrieve the required information?

Answer options

• A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
• B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
• C. nmap -Pn -sT -p 46824 < Target IP >
• D. nmap -Pn -sT -p 102 --script s7-info < Target IP >

Correct answer: B

Explanation

The correct answer is B because the command uses the `--script enip-info` option, which is specifically designed to gather information about Ethernet/IP devices. The other options either do not use the appropriate script or target different ports that are not intended for retrieving Ethernet/IP device details.