A penetration tester has gained access to a network and would like to determine what other machines are active on the subnet. Which of the following techniques should the tester use to quickly and efficiently enumerate devices on the network without triggering potential intrusion detection systems?
The correct answer is ARP scan. An ARP scan is an efficient and less intrusive method of enumerating live hosts on a local subnet by resolving IP addresses to MAC addresses within the same broadcast domain. It is less likely to be noticed by intrusion detection systems compared to more aggressive scanning techniques that generate a larger amount of network traffic. ICMP echo request might be blocked by firewalls or might trigger IDS systems due to its commonly known usage in scanning activities. Service version scan is not directly used to enumerate active hosts, but rather to identify service versions running on known up hosts. Port scan with SYN packets generates SYN packets, which can be easily detected by IDS systems due to their typical association with reconnaissance activities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ARP scan and how does it work?
Open an interactive chat with Bash
What are the limitations of using an ICMP echo request for enumeration?
Open an interactive chat with Bash
Why are service version scans and port scans with SYN packets not optimal for enumeration?