What is a key indicator of port scanning activity?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What is a key indicator of port scanning activity?

Explanation:
Port scanning shows up when a single host probes many ports across a short period. The clearest sign is a burst of SYN packets directed at multiple ports from the same source, indicating an attempt to map which ports are open for service. In TCP, a SYN starts the handshake, and a scanner often sends many of these to different ports without completing connections, which is characteristic of probing rather than regular access. The other patterns describe different activity: repeated UDP requests to one port from various sources suggest a UDP flood or reflection abuse, not broad port discovery; a long sequence of ICMP echo replies from the destination points to a flood of ping responses, not port probing; and a single TCP connection to one port is normal user/service traffic, not scanning.

Port scanning shows up when a single host probes many ports across a short period. The clearest sign is a burst of SYN packets directed at multiple ports from the same source, indicating an attempt to map which ports are open for service. In TCP, a SYN starts the handshake, and a scanner often sends many of these to different ports without completing connections, which is characteristic of probing rather than regular access.

The other patterns describe different activity: repeated UDP requests to one port from various sources suggest a UDP flood or reflection abuse, not broad port discovery; a long sequence of ICMP echo replies from the destination points to a flood of ping responses, not port probing; and a single TCP connection to one port is normal user/service traffic, not scanning.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy