Certified Ethical Hacker (CEH v12) — Question 219

An ethical hacker is preparing to scan a network to identify live systems. To increase the efficiency and accuracy of his scans, he is considering several different host discovery techniques. He expects several unused IP addresses at any given time, specifically within the private address range of the LAN, but he also anticipates the presence of restrictive firewalls that may conceal active devices. Which scanning method would be most effective in this situation?

Answer options

• A. ICMP ECHO Ping Sweep
• B. ICMP Timestamp Ping
• C. TCP SYN Ping
• D. ARP Ping Scan

Correct answer: D

Explanation

The ARP Ping Scan is the most suitable method here because it operates at the data link layer and can successfully detect live hosts even when firewalls are present. Other methods like ICMP and TCP pings may be blocked by firewalls, leading to inaccurate results. Therefore, ARP Ping is more effective in revealing active devices in a LAN environment.