header bg

Question:

Which of the following is most likely being attempted in the situation that one of your team members is analyzing TTL fields and TCP window sizes in order to fingerprint the OS of a target?

A Passive OS fingerprinting
Explaination

In general, any action stated in a query that does not directly specify you are constructing packets and injecting them into a system shows you are passively observing traffic—most likely using a sniffed traffic log.