What packet pattern indicates an open port?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What packet pattern indicates an open port?

Explanation:
Understanding how TCP responds to a SYN is central here. When a server port is open, a SYN from a requester typically receives a SYN/ACK in reply, indicating that the port is ready to establish a connection. In many scanning techniques, to avoid completing the full connection, the requester then sends a RST to tear down the half-open connection. Observed together in a capture, this sequence looks like SYN, then SYN/ACK from the target, and then RST from the initiator. That pattern—SYN → SYN/ACK → RST—signals an open port being probed without actually completing the handshake. If the port were closed, the host would usually respond with RST to the initial SYN, not with SYN/ACK, so you wouldn’t see the SYN/ACK followed by RST. A normal full handshake would end with an ACK after the SYN/ACK, not with a RST, so the three-step pattern described is specific to the half-open open-port case.

Understanding how TCP responds to a SYN is central here. When a server port is open, a SYN from a requester typically receives a SYN/ACK in reply, indicating that the port is ready to establish a connection. In many scanning techniques, to avoid completing the full connection, the requester then sends a RST to tear down the half-open connection. Observed together in a capture, this sequence looks like SYN, then SYN/ACK from the target, and then RST from the initiator. That pattern—SYN → SYN/ACK → RST—signals an open port being probed without actually completing the handshake.

If the port were closed, the host would usually respond with RST to the initial SYN, not with SYN/ACK, so you wouldn’t see the SYN/ACK followed by RST. A normal full handshake would end with an ACK after the SYN/ACK, not with a RST, so the three-step pattern described is specific to the half-open open-port case.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy