Which port state is used only for the IP ID idle scan where Nmap can't determine if closed or filtered?

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

Which port state is used only for the IP ID idle scan where Nmap can't determine if closed or filtered?

Explanation:
IP ID idle scan relies on how the zombie host’s IP ID value changes in response to spoofed probes to infer the target’s state. When a port’s behavior is ambiguous—there’s no clear sign that it’s open or closed, and the result could plausibly be due to filtering by a firewall—the scanner can’t decide between closed and filtered. In that situation, Nmap uses the combined state close|filtered to indicate this ambiguity. This label is specifically used for the IP ID idle scan because other scans can usually classify between closed or filtered more directly, but idle scan sometimes yields results that can only be described as “either closed or filtered.” So the correct choice reflects that unique, ambiguous outcome.

IP ID idle scan relies on how the zombie host’s IP ID value changes in response to spoofed probes to infer the target’s state. When a port’s behavior is ambiguous—there’s no clear sign that it’s open or closed, and the result could plausibly be due to filtering by a firewall—the scanner can’t decide between closed and filtered. In that situation, Nmap uses the combined state close|filtered to indicate this ambiguity. This label is specifically used for the IP ID idle scan because other scans can usually classify between closed or filtered more directly, but idle scan sometimes yields results that can only be described as “either closed or filtered.” So the correct choice reflects that unique, ambiguous outcome.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy