Exam 312-50v12 topic 1 question 222 discussion

The default value for maxhosts is 99, by using -m 5 you effectively limit tracing to 5 hops. Which may not result in finished trace. The correct answer is D - ntptrace with no parameters.

The ntptrace command traces a chain of Network Time Protocol (NTP) servers back to their master time source. By default, running ntptrace without any arguments starts the trace from the localhost. However, to trace the NTP servers for a specific server, you should provide its hostname or IP address as an argument. In this case, ntptrace 192.168.1.1 will trace the NTP server chain starting from the server at 192.168.1.1. The -n option disables the resolution of hostnames, displaying IP addresses instead. The -m option sets the maximum number of levels to trace. While these options can be useful, they are not necessary for the basic functionality of tracing the NTP server chain. Therefore, the simplest and most direct command to achieve your objective is ntptrace 192.168.1.1.

It's A, there is a typo with a " " missing between 5 and the IP address.

I am confused in the book CEH V12 Module 4 Page it is clearly mentioned A, and most of people are answering D

A. ntptrace -n -m 5192.168.1.1 This usage is incorrect because -m expects a numerical argument that specifies the maximum number of hosts to trace, not an IP address. B. ntptrace -m 5192.168.1.1 Similar to option A, this is a misuse of the -m option. It wrongly places an IP address where a number should be, indicating the depth of the trace. C. ntptrace -n localhost This command will start tracing from the local host, and the -n option will ensure that the output remains numerical (IP addresses only), which might not be as informative if you're unfamiliar with the IPs but does provide clean data output. D. ntptrace 192.168.1.1 This is the basic form of the command and correctly targets an NTP server by IP address. It lacks any specific options for depth of trace (-m) or format (-n), but correctly initiates a trace to the specified server.

It's D. A &B: You're not trying to find max host but trace source of time. C: you use the -n command which means it should give you IP of local host(127.0.0.1) instead of local host , host name.

D. ntptrace 192.168.1.1

The -n option is not necessary unless you prefer to see IP addresses instead of hostnames, and the -m option is not necessary unless you want to limit the number of hosts traced. Option C would only be correct if you were running the command on the NTP server itself and you wanted to see IP addresses instead of hostnames.So, the correct answer is option D, ntptrace 192.168.1.1.

I think A is more suitable

CEHv12 pg 446 CORRECT ANSWER is A ntptrace This command determines where the NTP server obtains the time from and follows the chain of NTP servers back to its primary time source. Attackers use this command to trace the list of NTP servers connected to the network. Its syntax is as follows: ntptrace [-n] [-m maxhosts] [servername/IP_address]

I think is D. ntptrace 192.168.1.1 -m and -n are opcional

5192.168.1.1? if: B. ntptrace -m 192.168.1.1 thats correct