Idle Scan uses which initial TCP flag?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

Idle Scan uses which initial TCP flag?

Explanation:
Idle Scan hinges on initiating a TCP connection from a zombie to the target, which starts with a SYN. The technique relies on the target’s response to that initial handshake (SYN) and the zombie’s predictable IPID behavior to infer whether the port is open or closed. The other flags don’t fit this initiating step: ACK would imply continuing an existing connection, FIN would close a connection, and PSH is a data-flag, not used to start the handshake. So the initial TCP flag used is SYN.

Idle Scan hinges on initiating a TCP connection from a zombie to the target, which starts with a SYN. The technique relies on the target’s response to that initial handshake (SYN) and the zombie’s predictable IPID behavior to infer whether the port is open or closed. The other flags don’t fit this initiating step: ACK would imply continuing an existing connection, FIN would close a connection, and PSH is a data-flag, not used to start the handshake. So the initial TCP flag used is SYN.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy