Which flag performs a Xmas Tree scan?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which flag performs a Xmas Tree scan?

Explanation:
Understanding how Nmap encodes scan types in flag combinations is the key. A Xmas Tree scan is performed by sending a TCP packet with the FIN, PSH, and URG flags all set in the same segment, which makes the packet look like a lit Xmas tree. On many systems, this odd pattern yields no response for open or filtered ports and an RST from a closed port, letting the scanner infer state; that’s why this flag is used. For context, other scans use different flag patterns: a FIN scan uses FIN only, a Null scan uses no flags, and an ACK scan uses ACK, each producing different responses depending on the target’s TCP stack and firewall rules.

Understanding how Nmap encodes scan types in flag combinations is the key. A Xmas Tree scan is performed by sending a TCP packet with the FIN, PSH, and URG flags all set in the same segment, which makes the packet look like a lit Xmas tree. On many systems, this odd pattern yields no response for open or filtered ports and an RST from a closed port, letting the scanner infer state; that’s why this flag is used. For context, other scans use different flag patterns: a FIN scan uses FIN only, a Null scan uses no flags, and an ACK scan uses ACK, each producing different responses depending on the target’s TCP stack and firewall rules.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy