nerdexam
EC-Council

312-50V10 · Question #753

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

The correct answer is B. TCP. TCP uses 32-bit sequence numbers to maintain session state, making it the target protocol for session hijacking attacks that rely on sequence number prediction.

Session Hijacking

Question

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Options

  • AICMP
  • BTCP
  • CUPX
  • DUPD

How the community answered

(61 responses)
  • A
    3% (2)
  • B
    87% (53)
  • C
    2% (1)
  • D
    8% (5)

Why each option

TCP uses 32-bit sequence numbers to maintain session state, making it the target protocol for session hijacking attacks that rely on sequence number prediction.

AICMP

ICMP is a diagnostic and error-reporting protocol that does not maintain stateful sessions with exploitable sequence numbers.

BTCPCorrect

TCP (Transmission Control Protocol) maintains stateful connections using sequence numbers to track packet order and acknowledge delivery. In a man-in-the-middle or session hijacking attack, an attacker predicts or sniffs these sequence numbers to inject crafted packets into an established session. This exploit, known as TCP session hijacking, directly abuses the sequence numbering mechanism defined in the TCP specification.

CUPX

UPX is a binary file compressor and packer utility, not a network protocol, and is entirely unrelated to man-in-the-middle attacks.

DUPD

UDP is connectionless and stateless, meaning it does not use sequence numbers to maintain session state, so session hijacking via sequence number prediction does not apply.

Concept tested: TCP sequence number prediction for session hijacking

Source: https://www.rfc-editor.org/rfc/rfc9293

Topics

#TCP sequence numbers#session hijacking#MITM#TCP/IP

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice