Certified Ethical Hacker (CEH v12) — Question 58

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization’s OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address.
Which of the following Nmap commands helped Jim retrieve the required information?

Answer options

• A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
• B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
• C. nmap -Pn -sT -p 46824 < Target IP >
• D. nmap -Pn -sT -p 102 --script s7-info < Target IP >

Correct answer: B

Explanation

The correct answer is B because the command uses the enip-info script specifically designed to gather detailed information about Ethernet/IP devices, which includes vendor and product details. Option A is a basic TCP scan without any specific script for Ethernet/IP. Option C is a TCP scan on a different port that does not include the necessary script. Option D also uses a different script unrelated to Ethernet/IP devices.