312-50V10 · Question #113
What would you enter, if you wanted to perform a stealth scan using Nmap?
The correct answer is B. nmap -sS. The nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the full TCP handshake.
Question
What would you enter, if you wanted to perform a stealth scan using Nmap?
Options
- Anmap -sU
- Bnmap -sS
- Cnmap -sM
- Dnmap -sT
How the community answered
(27 responses)- A4% (1)
- B89% (24)
- D7% (2)
Why each option
The nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the full TCP handshake.
nmap -sU performs a UDP scan, not a stealth scan - it probes UDP ports rather than using the SYN stealth technique.
nmap -sS sends a SYN packet and waits for a response, but never completes the three-way handshake by sending the final ACK. This half-open technique avoids creating a full session, making it harder for logging systems and firewalls to record the connection, which is why it is classified as a stealth scan.
nmap -sM is the Maimon scan (FIN/ACK probe) - a lesser-used technique and not the standard stealth scan method.
nmap -sT performs a full TCP connect scan, which completes the entire three-way handshake and is easily logged by target systems, making it the opposite of stealthy.
Concept tested: Nmap SYN stealth scan flag identification
Source: https://nmap.org/book/synscan.html
Topics
Community Discussion
No community discussion yet for this question.