Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

GAQM Exam CPEH-001 Topic 7 Question 101 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 101
Topic #: 7
[All CPEH-001 Questions]

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

Show Suggested Answer Hide Answer
Suggested Answer: D

When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected.


Contribute your Thoughts:

Willetta
2 months ago
Haha, imagine if the sniffing interface was just invisible. Like, the security vendor was just trolling us the whole time! 'Can't detect it? That's the point!'
upvoted 0 times
...
Stefania
2 months ago
The sniffing interface cannot be detected? No way, that's too easy. I bet we can find a way to set our IP to that of the IDS and look for it as it attempts to knock our computer off the network.
upvoted 0 times
Novella
29 days ago
D) The sniffing interface cannot be detected.
upvoted 0 times
...
Marla
1 months ago
C) Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.
upvoted 0 times
...
Arletta
2 months ago
B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Miriam
2 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...
Paola
2 months ago
I'm not sure, but I think the sniffing interface cannot be detected, so the answer might be D).
upvoted 0 times
...
Reena
3 months ago
I think the answer is to send your attack traffic and look for it to be dropped by the IDS. That's a clever way to detect the sniffing interface.
upvoted 0 times
Dolores
2 months ago
C) Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.
upvoted 0 times
...
Sarah
2 months ago
B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Rosendo
2 months ago
A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...
...
Yvonne
3 months ago
I disagree, I believe the correct answer is B) Send your attack traffic and look for it to be dropped by the IDS.
upvoted 0 times
...
Darci
3 months ago
The sniffing interface can be detected by using a ping flood against the IP of the sniffing NIC and looking for latency in the responses. This is the correct answer.
upvoted 0 times
Van
2 months ago
It's important to be able to detect these sniffing interfaces to ensure the security of the network.
upvoted 0 times
...
Leota
2 months ago
I agree, sending attack traffic and looking for it to be dropped might not be as reliable as using a ping flood.
upvoted 0 times
...
Katina
2 months ago
That makes sense, looking for latency in the responses would indicate the presence of the sniffing interface.
upvoted 0 times
...
Lonna
2 months ago
I think the correct way to detect the sniffing interface is by using a ping flood against the IP of the sniffing NIC.
upvoted 0 times
...
...
Glenna
3 months ago
I think the answer is A) Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77