How is netcat different from nmap banner grab?
I am preparing for a security exam and a question I failed in a practice has the following: A command line tool that can be used for banner grabbing is called:
A) tcpdump
B) netcat
C) nmap
D) Wireshark
I chose nmap, but the correct solution is apparently netcat. I am aware that netcat is used for banner grabbing, but so is nmap:/multiple-ways-to-banner-grabbing/
What did I miss? Is the question incorrect?
tcpdump & wireshark
You can quickly rule out tcpdump and wireshark since both are used for packet captures. While banners could be grabbed by obtaining full packet captures, an encrypted stream circumvents it. Having access to the private key could decrypt the encrypted stream but not feasible for this question. It's overthinking and unlikely. That leaves netcat and nmap banner grab. nmap Perhaps, for this material, nmap was placed in the network port scanner category. It's good you recognize there's much more functionality for I too see it as the "practical" answer. netcat / nc netcat is best known for establishing network connections which allows file transfers, sending custom requests to services (e.g. SMTP, HTTP, etc), and tunnelling; just to name a few. So with nc handling the lower OSI layers of the connection, the user can manipulate the upper layers as needed. With banners being at the Application layer, nc can be used and likely why it's the desired answer. Alternative Another way to look at it is to consider pivoting. Of all the listed utilities, tcpdump and netcat are natively available on Linux/Unix systems. Thus making netcat the answer. Context Matters As mentioned in the comments, tests often look to evaluate your knowledge of the material. So it's best to approach questions using that lens.