Question 8

Question

[Introduction to Incident Handling and Response]
Darwin is an attacker residing within the organization and is performing network
sniffing by running his system in promiscuous mode. He is capturing and viewing all
the network packets transmitted within the organization. Edwin is an incident handler
in the same organization.
In the above situation, which of the following Nmap commands Edwin must use to
detect Darwin’s system that is running in promiscuous mode?

Accepted Answer

nmap --script=sniffer-detect
[Target IP Address/Range of IP addresses]

Vikram N. · Answer

C or D tbh. C is for sniffers but 'hostmap' in D maps hosts, which could theoretically be used to find devices in odd modes if you parse the results creatively. I think C is more direct but D feels tempting if you just skim the question. Anyone else see a reason to pick D?

Luna B. · Answer

For me, C since the sniffer-detect script is specifically designed to find NICs in promiscuous mode. But do we know if Edwin has credentials or special network access? If the tool needs elevated privileges on target machines, the answer could shift.

Aaron G. · Answer

It's C-sniffer-detect is made for spotting NICs in promiscuous mode, which is what you need here. D is a map script, not for promiscuous detection. Pretty sure about C unless the network blocks that scan.

Chris U. · Answer

I see why people pick C, since sniffer-detect is meant for finding systems in promiscuous mode. D is more about mapping, doesn't really help with sniffers directly. Leaning C here but willing to hear other arguments.

Nina C. · Answer

C makes sense here since -script=sniffer-detect is designed to spot promiscuous mode, which is what the attacker’s using. D just maps hosts but won’t actually help with sniffer detection. Pretty sure it’s C but open to other takes.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE