nerdexam
EC-Council

312-50V11 · Question #113

What would you enter, if you wanted to perform a stealth scan using Nmap?

The correct answer is B. nmap -sS. The Nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the three-way handshake and therefore often evades logging by the target.

Scanning Networks

Question

What would you enter, if you wanted to perform a stealth scan using Nmap?

Options

  • Anmap -sU
  • Bnmap -sS
  • Cnmap -sM
  • Dnmap -sT

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    90% (19)
  • C
    5% (1)

Why each option

The Nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the three-way handshake and therefore often evades logging by the target.

Anmap -sU

nmap -sU performs a UDP scan, which probes UDP ports rather than conducting a stealthy TCP probe.

Bnmap -sSCorrect

nmap -sS sends a SYN packet and waits for a SYN/ACK or RST response, then immediately sends a RST rather than completing the TCP handshake. Because the full connection is never established, many older logging mechanisms and application-layer monitors do not record the attempt, making it the canonical stealth scanning technique.

Cnmap -sM

nmap -sM performs a TCP Maimon scan (FIN/ACK probe), which is a different evasion technique targeting BSD-derived TCP stacks and is not the standard stealth scan.

Dnmap -sT

nmap -sT performs a full TCP connect scan that completes the three-way handshake, making it easily logged by the operating system and not stealthy.

Concept tested: Nmap TCP SYN stealth scan technique

Source: https://nmap.org/book/man-port-scanning-techniques.html

Topics

#Nmap#SYN scan#stealth scan#port scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice