Download Latest 312-50v13 Questions

Comprehensive and Detailed Explanation:

ARP Poisoning (Address Resolution Protocol Poisoning) is a classic Man-in-the-Middle (MiTM) attack in a LAN environment. It works by sending fake ARP replies to devices on a network to associate the attacker’s MAC address with the IP address of another host (typically the default gateway). As a result:

Network traffic meant for the gateway is sent to the attacker instead.

The attacker can then intercept, modify, or forward the traffic to the actual destination, performing a full MiTM.

This allows the attacker to:

Sniff sensitive data (e.g., credentials, emails)

Hijack sessions

Inject malicious payloads

From CEH v13 Courseware:

Module 8: Sniffing

Topic: MiTM Attacks → ARP Spoofing Techniques

Incorrect Options:

A. Password Sniffing is a result of MiTM but not a technique itself.

C. MAC Flooding is a switch attack that floods the CAM table to make the switch act like a hub.

D. DHCP Sniffing relates to capturing DHCP messages but is not commonly used for MiTM.

-sA (TCP ACK scan)

This scan is different than the others discussed so far in that it never determines open (or even open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered.

The ACK scan probe packet has only the ACK flag set (unless you use --scanflags). When scanning unfiltered systems, open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don't respond, or send certain ICMP error messages back (type 3, code 0, 1, 2, 3, 9, 10, or 13), are labeled filtered.

In CEH v13 Module 03: Scanning Networks, ICMP scan types are covered under host discovery techniques in Nmap/Zenmap.

The -PP option in Nmap is used to perform an ICMP timestamp request scan.

This method sends an ICMP timestamp request and listens for a timestamp reply from the target.

It helps analysts determine the system uptime and verify whether the host is alive (for stealthy discovery).

Option Clarification:

A. -PY: SCTP INIT Ping (used for SCTP-based hosts).

B. -PU: UDP Ping (sends UDP packets).

C. -PP: ICMP Timestamp Ping — correct answer.

D. -Pn: Skips host discovery (treats all hosts as alive), not a ping type.

Increase your web site’s performance and grow! Add Web-Stat to your site (it’s free!) and watch individuals act together with your pages in real time.

Learn how individuals realize your web site. Get details concerning every visitor’s path through your web site and track pages that flip browsers into consumers.

One-click install. observe locations, in operation systems, browsers and screen sizes and obtain alerts for new guests and conversions