ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 59 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 59
Topic #: 1
[All 312-50v12 Questions]

Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization’s OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address.
Which of the following Nmap commands helped Jim retrieve the required information?

  • A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
  • B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
  • C. nmap -Pn -sT -p 46824 < Target IP >
  • D. nmap -Pn -sT -p 102 --script s7-info < Target IP >
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by eli117 at April 4, 2023, 6:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
eli117
Highly Voted 1 year, 9 months ago
Selected Answer: B
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP > Explanation: The Ethernet/IP protocol is commonly used in industrial control systems (ICS) and critical infrastructure. Jim targeted an organization that is operating critical industrial infrastructure, and he used Nmap to scan open ports and running services on systems connected to the organization's OT network. To identify Ethernet/IP devices connected to the Internet and gather information such as the vendor name, product code and name, device name, and IP address, Jim used the Nmap script "enip-info". This script is designed to scan for Ethernet/IP devices and gather information about them.
upvoted 9 times
Vincent_Lu
1 year, 6 months ago
The port 44818 should be the TCP (explicit) and port 2222 is the UDP (implicit). I'm curious why the answer is "B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >`", but not "B. nmap -Pn -sT -p 44818 --script enip-info < Target IP >`"?
upvoted 5 times
Beter0
1 year, 2 months ago
This is probably because the option "-sU" specifies just an UDP scan for open port, but the option "--script enip-info" specifies to also scan for TCP port 44818. See the nmap documentation: https://nmap.org/nsedoc/scripts/enip-info.html This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP.
upvoted 2 times
...
...
...
y2mk1ng
Most Recent 11 months ago
He wants to identify Ethernet/IP devices, therefore he can use --script enip-info. And this script uses TCP 44818.
upvoted 1 times
...
insaniunt
1 year ago
Selected Answer: B
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP > Module 18 Page 2980
upvoted 1 times
...
IPconfig
1 year, 2 months ago
Selected Answer: B
Scanning Ethernet/IP Devices (OT) nmap -Pn -sU -p 44818 --script enip-info <Target IP> Ethernet/IP is a popular protocol implemented by many industrial networks. Ethernet/IP uses Ethernet as a transport layer protocol, and CIP is used to provide services for industrial applications. This protocol operates on UDP port number 44818. Using the above command, attackers can gather information such as the name of the vendor, product code and name, device name, IP address, etc. CEH V12 page 2981
upvoted 1 times
...
eronmelo
1 year, 3 months ago
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP > nmap --script enip-info -sU -p 44818 <host> PORT STATE SERVICE REASON 44818/tcp open EtherNet-IP-2 syn-ack | enip-info: | type: Communications Adapter (12) | vendor: Rockwell Automation/Allen-Bradley (1) | productName: 1769-L32E Ethernet Port | serialNumber: 0x000000 | productCode: 158 | revision: 3.7 | status: 0x0030 | state: 0x03 |_ ipAddress: 192.168.1.123 https://nmap.org/nsedoc/scripts/enip-info.html#:~:text=This%20NSE%20script,the%20Device%20IP.
upvoted 1 times
...
581777a
1 year, 5 months ago
Selected Answer: B
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
upvoted 1 times
...
jeremy13
1 year, 8 months ago
Selected Answer: B
EtherNet/IP makes use of TCP port number 44818 for explicit messaging and UDP port number 2222 for implicit messaging https://en.wikipedia.org/wiki/EtherNet/IP
upvoted 4 times
Vincent_Lu
1 year, 6 months ago
The port 44818 should be the TCP (explicit) and port 2222 is the UDP (implicit). I'm curious why the answer is "B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >`", but not "B. nmap -Pn -sT -p 44818 --script enip-info < Target IP >`"?
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel