Which flag performs a FIN scan?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which flag performs a FIN scan?

Explanation:
A FIN scan works by sending TCP packets that have the FIN flag set to every target port. The FIN flag is meant to gracefully close an existing connection, so many stacks don’t establish a response for a FIN on open ports. Typically, closed ports reply with a reset (RST) to a FIN, while open ports tend not to respond (or may be filtered). By comparing which ports generate a RST versus which ports remain silent, you can infer which ports are closed and which are open, without completing a full TCP handshake. This approach is considered stealthier than a full connect scan because it doesn’t establish connections. Thus, the option that uses the FIN flag in the TCP header to perform the scan is the correct choice.

A FIN scan works by sending TCP packets that have the FIN flag set to every target port. The FIN flag is meant to gracefully close an existing connection, so many stacks don’t establish a response for a FIN on open ports. Typically, closed ports reply with a reset (RST) to a FIN, while open ports tend not to respond (or may be filtered). By comparing which ports generate a RST versus which ports remain silent, you can infer which ports are closed and which are open, without completing a full TCP handshake. This approach is considered stealthier than a full connect scan because it doesn’t establish connections.

Thus, the option that uses the FIN flag in the TCP header to perform the scan is the correct choice.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy