nerdexam
EC-Council

312-50V11 · Question #753

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

The correct answer is B. TCP. TCP uses predictable 32-bit sequence numbers to manage packet ordering, making sessions vulnerable to sequence number guessing in man-in-the-middle attacks.

Session Hijacking

Question

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Options

  • AICMP
  • BTCP
  • CUPX
  • DUPD

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    87% (34)
  • C
    3% (1)
  • D
    8% (3)

Why each option

TCP uses predictable 32-bit sequence numbers to manage packet ordering, making sessions vulnerable to sequence number guessing in man-in-the-middle attacks.

AICMP

ICMP is a connectionless diagnostic protocol (used by ping and traceroute) and does not maintain sessions or use sequence numbers for data ordering.

BTCPCorrect

TCP (Transmission Control Protocol) assigns sequence numbers to every byte of data exchanged in a connection. If these numbers are predictable or weakly randomized, an attacker can forge packets with a valid sequence number and inject them into an established session, effectively hijacking or intercepting the communication. This is the basis of TCP session hijacking attacks.

CUPX

UPX is an executable packer and compression utility, not a network protocol, and is entirely unrelated to network sessions.

DUPD

UDP (User Datagram Protocol) is connectionless and stateless, meaning it does not use sequence numbers or maintain session state that could be hijacked.

Concept tested: TCP sequence number prediction and session hijacking

Source: https://www.rfc-editor.org/rfc/rfc793

Topics

#session hijacking#TCP sequence numbers#man-in-the-middle#TCP/IP

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice