In TCP port scanning, what does receiving a SYN-ACK indicate?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

In TCP port scanning, what does receiving a SYN-ACK indicate?

Explanation:
In a TCP SYN scan, a SYN-ACK reply means the port is open. The target’s TCP stack has an active service listening on that port and is willing to proceed with the TCP three-way handshake. After seeing a SYN-ACK, the scanner typically sends a reset (RST) to avoid completing the connection and leaving the target with a half-open state. If the port were closed, the usual response to a SYN is a RST, not a SYN-ACK. If the port is filtered, there might be no response at all or an ICMP error, making the port appear blocked. So, receiving a SYN-ACK directly indicates the port is open.

In a TCP SYN scan, a SYN-ACK reply means the port is open. The target’s TCP stack has an active service listening on that port and is willing to proceed with the TCP three-way handshake. After seeing a SYN-ACK, the scanner typically sends a reset (RST) to avoid completing the connection and leaving the target with a half-open state. If the port were closed, the usual response to a SYN is a RST, not a SYN-ACK. If the port is filtered, there might be no response at all or an ICMP error, making the port appear blocked. So, receiving a SYN-ACK directly indicates the port is open.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy