- (Topic 18)
WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use ?
Correct Answer:B
WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level
packet filtering, a network statistics engine and support for remote packet capture.
- (Topic 4)
What is the proper response for a NULL scan if the port is open?
Correct Answer:F
A NULL scan will have no response if the port is open.
- (Topic 3)
What are the four steps is used by nmap scanning?
Correct Answer:ACDF
Nmap performs four steps during a normal device scan. Some of these steps can be modified or disabled using options on the nmap command line.
✑ If a hostname is used as a remote device specification, nmap will perform a DNS
lookup prior to the scan.
✑ Nmap pings the remote device. This refers to the nmap "ping" process, not (necessarily) a traditional ICMP echo request.
✑ If an IP address is specified as the remote device, nmap will perform a reverse DNS lookup in an effort to identify a name that might be associated with the IP address. This is the opposite process of what happens in step 1, where an IP address is found from a hostname specification.
✑ Nmap executes the scan. Once the scan is over, this four-step process is completed. Except for the actual scan process in step four, each of these steps can be disabled or prevented using different IP addressing or nmap options. The nmap process can be as "quiet" or as "loud" as necessary!
- (Topic 23)
If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).
Correct Answer:A
When and ACK is sent to an open port, a RST is returned.
- (Topic 19)
All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?
Correct Answer:D
If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.