312-50V11 · Question #113
What would you enter, if you wanted to perform a stealth scan using Nmap?
The correct answer is B. nmap -sS. The Nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the three-way handshake and therefore often evades logging by the target.
Question
What would you enter, if you wanted to perform a stealth scan using Nmap?
Options
- Anmap -sU
- Bnmap -sS
- Cnmap -sM
- Dnmap -sT
How the community answered
(21 responses)- A5% (1)
- B90% (19)
- C5% (1)
Why each option
The Nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the three-way handshake and therefore often evades logging by the target.
nmap -sU performs a UDP scan, which probes UDP ports rather than conducting a stealthy TCP probe.
nmap -sS sends a SYN packet and waits for a SYN/ACK or RST response, then immediately sends a RST rather than completing the TCP handshake. Because the full connection is never established, many older logging mechanisms and application-layer monitors do not record the attempt, making it the canonical stealth scanning technique.
nmap -sM performs a TCP Maimon scan (FIN/ACK probe), which is a different evasion technique targeting BSD-derived TCP stacks and is not the standard stealth scan.
nmap -sT performs a full TCP connect scan that completes the three-way handshake, making it easily logged by the operating system and not stealthy.
Concept tested: Nmap TCP SYN stealth scan technique
Source: https://nmap.org/book/man-port-scanning-techniques.html
Topics
Community Discussion
No community discussion yet for this question.