What is an idle (s0) scan and how does -sI <zombie> work?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

What is an idle (s0) scan and how does -sI <zombie> work?

Explanation:
Idle scanning uses a zombie host as a timing controller to infer port states without sending direct probes from your machine. The scanner spoofs the zombie’s IP address when contacting the target, so the target’s replies go to the zombie, not to you. By watching how the zombie’s IPID field changes between carefully timed measurements, the scanner can determine whether the target port is open, closed, or filtered. The -sI <zombie> switch tells Nmap to perform this idle scan and specifies which host to use as the zombie. This method hinges on predictable IPID behavior from the zombie and is not primarily about ping-based host discovery, UDP probes, or IPv6-only scanning.

Idle scanning uses a zombie host as a timing controller to infer port states without sending direct probes from your machine. The scanner spoofs the zombie’s IP address when contacting the target, so the target’s replies go to the zombie, not to you. By watching how the zombie’s IPID field changes between carefully timed measurements, the scanner can determine whether the target port is open, closed, or filtered. The -sI switch tells Nmap to perform this idle scan and specifies which host to use as the zombie. This method hinges on predictable IPID behavior from the zombie and is not primarily about ping-based host discovery, UDP probes, or IPv6-only scanning.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy