nerdexam
EC-Council

312-50V13 · Question #153

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a s

The correct answer is D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.. To trick a switch into believing a TCP session is already established, an attacker can send IP packets with the ACK bit set from their machine, attempting to spoof or inject into the TCP connection state.

Submitted by khalil_dz· Mar 6, 2026Session Hijacking

Question

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

Options

  • AFred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of
  • BHe can send an IP packet with the SYN bit and the source address of his computer.
  • CFred can send an IP packet with the ACK bit set to zero and the source address of the switch.
  • DFred can send an IP packet to the switch with the ACK bit and the source address of his machine.

How the community answered

(48 responses)
  • A
    2% (1)
  • B
    4% (2)
  • C
    10% (5)
  • D
    83% (40)

Why each option

To trick a switch into believing a TCP session is already established, an attacker can send IP packets with the ACK bit set from their machine, attempting to spoof or inject into the TCP connection state.

AFred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of

A packet with both RST (reset) and SYN (synchronize) bits set is contradictory and would typically result in an error or connection reset, not the establishment of a session.

BHe can send an IP packet with the SYN bit and the source address of his computer.

Sending an IP packet with only the SYN bit set initiates a new connection attempt, rather than tricking a system into thinking a session is already established.

CFred can send an IP packet with the ACK bit set to zero and the source address of the switch.

An ACK bit set to zero means the packet is not an acknowledgment, which would not help in tricking a system into believing a session is established, as established sessions heavily rely on ACKs.

DFred can send an IP packet to the switch with the ACK bit and the source address of his machine.Correct

Sending an IP packet with the ACK bit set is characteristic of an established TCP session, as ACKs acknowledge received data. By sending such a packet with his own source address, Fred attempts to make the switch believe that an ongoing, active session from his machine is already in progress, possibly by guessing or predicting sequence numbers.

Concept tested: TCP session hijacking/spoofing

Source: https://www.cisco.com/c/en/us/support/docs/ip/transmission-control-protocol-tcp/116127-technote-tcp-00.html

Topics

#TCP session#SYN/ACK#packet crafting#network attacks

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice