In a SYN scan, which statement is true regarding the handshake?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

In a SYN scan, which statement is true regarding the handshake?

Explanation:
In a SYN scan, the goal is to probe port state without establishing a full TCP connection. You send a SYN to the target port. If the port is open, the host replies with a SYN-ACK, but you don’t complete the handshake; you immediately send a RST to tear down the half-open connection. If the port is closed, the host usually replies with a RST. If the path is filtered, there may be no reply at all. Because the handshake is never completed, the connection isn’t fully established, which is what makes SYN scans stealthier. The TCP handshake uses SYN, SYN-ACK, and ACK; FIN packets relate to terminating connections or other scan types, not to the normal handshake. UDP has no role here, since this technique targets TCP.

In a SYN scan, the goal is to probe port state without establishing a full TCP connection. You send a SYN to the target port. If the port is open, the host replies with a SYN-ACK, but you don’t complete the handshake; you immediately send a RST to tear down the half-open connection. If the port is closed, the host usually replies with a RST. If the path is filtered, there may be no reply at all. Because the handshake is never completed, the connection isn’t fully established, which is what makes SYN scans stealthier. The TCP handshake uses SYN, SYN-ACK, and ACK; FIN packets relate to terminating connections or other scan types, not to the normal handshake. UDP has no role here, since this technique targets TCP.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy