You are scanning the target network for the first time. You are able to detect few conventional open ports. While attempting to perform conventional service identification by connecting to the open ports, the scan yields either bad or no results. As you are unsure of the protocols in use, you want to discover as many different protocols as possible. Which of the following scan options can help you achieve this?
A.
Nmap scan with the P (Ping scan) switch
B.
Nmap with the O (Raw IP packets) switch
C.
Nessus scan with TCP based pings
D.
Netcatscan with the switches
Explanation:
-sO IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. If we receive an ICMP protocol unreachable message, then the protocol is not in use. Otherwise we assume it is open. Note that some hosts (AIX, HP-UX, Digital UNIX) and firewalls may not send protocol unreachable messages.