Why does the scanner send RST after SYN/ACK?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Why does the scanner send RST after SYN/ACK?

Explanation:
When a TCP scan uses a SYN probe, a response of SYN-ACK indicates the port is open. Rather than completing the three-way handshake by sending the final ACK, the scanner sends a TCP RST to abort the connection. This closes the tentative connection immediately without establishing a full session. The goal is to learn the port state (open or filtered) while keeping the scan stealthy and using fewer resources, since no normal connection is created or logged as an active session.

When a TCP scan uses a SYN probe, a response of SYN-ACK indicates the port is open. Rather than completing the three-way handshake by sending the final ACK, the scanner sends a TCP RST to abort the connection. This closes the tentative connection immediately without establishing a full session. The goal is to learn the port state (open or filtered) while keeping the scan stealthy and using fewer resources, since no normal connection is created or logged as an active session.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy