Exam CS0-001 topic 1 question 36 discussion

The correct answer is NMAP

Nmap is used to discover hosts and services on a computer network by sending packets

I chose Nmap and got it wrong with a Prof. Netstat is right

netstat -tulnp -> last column is PID/Program name nmap -sV -> third column is SERVICE, fourth column is VERSION VERSION will describe the applications associated with the service. Answer: D. nmap

NMAP is the answer is used to scan devices running on the system, also checking services and ports which they are being run from.

netstat -b "Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached." I don't believe NMAP can enumerate the application that created the connection. And there is no reason to assume this is being done remotely.

Nestat- Keyphrase; 'Running Services' nmap wont be able to tell what services are currently running on the host

Which CLI can be used to achieve the purpose in the question?

Nmap sends specially crafted packets to the target host(s) and then analyzes the responses to determine the open ports and services running on those hosts. In addition, nmap can determine the versions of the applications being used on those ports and services. Nmap is a command-line tool for use on Linux, Windows, and macOS systems. The netstat (network statistics) tool is a command-line utility that displays network connections for both incoming and outgoing TCP packets, routing tables, and a number of network interface and network protocol statistics, but it cannot be used to identify open ports and services on a host with their version numbers.

NMAP Version Detection can be used to find applications https://nmap.org/book/solution-find-open-port.html NMAP seems to be the correct answer. Netstat highlights the PID and not the applications.

"Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks" The answer is NMAP...

Netstat is the answer https://www.getfilecloud.com/blog/2016/05/how-to-find-what-application-is-listening-on-a-tcpip-port-in-windows-using-netstat/#.XxRBb-wpC9c

My vote is on C, netstat. We're talking about "applications" assigned to those ports and services. There is no way of doing that with NMAP.

https://techtalk.gfi.com/scanning-open-ports-in-windows-part-3-nmap/

This is another one of those questions where I feel more info is needed. Do we have direct access to the host? Or is this to be done remotely... both NMAP and netstat fit the description here....

COMMAND LINE tool.... netstat

C is correct. Netstat would be the more useful command for an analyst with full access to the host system. Netstat provides more detailed information about open services and ports. Nmap would be for discovering remote systems and ports, but it may not find as much information as the host system would provide through netstat.