312-50V13 · Question #547
A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port wit
The correct answer is B. Qrest 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker. Explanation Option B is correct because in Nmap's OS fingerprinting methodology, Test 1 (T1) involves sending a TCP packet with the SYN and ECN-Echo (ECE) flags enabled to an open TCP port, and the specific response flags observed (SYN + ECN-Echo) are characteristic of this test,
Question
Options
- ATest 3: The test was executed to observe the response of the target system when a packet with
- BQrest 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker
- CTest 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL
- DTest 6; The hacker selected this test because a TCP packet with the ACK flag enabled sent to a
How the community answered
(45 responses)- A16% (7)
- B76% (34)
- C4% (2)
- D4% (2)
Explanation
Explanation
Option B is correct because in Nmap's OS fingerprinting methodology, Test 1 (T1) involves sending a TCP packet with the SYN and ECN-Echo (ECE) flags enabled to an open TCP port, and the specific response flags observed (SYN + ECN-Echo) are characteristic of this test, designed to probe how the target's TCP stack responds to ECN-capable connection attempts, which reveals OS-specific behavior.
Option A is incorrect because Test 3 involves sending a TCP packet with different flag combinations (typically SYN, URG, PSH, and FIN), not the SYN/ECN-Echo combination described. Option C is incorrect because Test 2 uses a NULL packet (no flags set), which is the opposite of having flags enabled. Option D is incorrect because Test 6 specifically uses the ACK flag to probe a closed port, not an open one with SYN/ECN-Echo flags.
Memory Tip: Think of T1 = "First Handshake with ECN" - Test 1 is the first probe and uses the SYN flag (the first flag in a TCP handshake), paired with ECN-Echo to test advanced TCP capabilities. If you remember that SYN starts both a handshake and the test sequence, you'll always associate SYN+ECN-Echo with Test 1.
Topics
Community Discussion
No community discussion yet for this question.