During a penetration test, you are attempting a network-level session hijack against an unencrypted Telnet connection. After sniffing traffic you have successfully predicted the next TCP sequence number that the client will send. To inject a command into the stream while keeping the session alive, which TCP flag combination must you set in your spoofed packet?
FIN plus PSH, signaling graceful close after the injected data is sent
ACK together with (optional) PSH, using the predicted sequence number and a valid acknowledgment value
SYN only, causing the server to treat the packet as a new connection request
RST only, to force the victim's host to drop the connection while the attacker communicates with the server
To insert data into an established TCP stream the attacker must craft a packet that looks like just another segment in the ongoing conversation. That means the packet has to carry the ACK flag (acknowledging the last sequence number seen from the other side) and may optionally include the PSH flag to request immediate delivery of the payload. Using RST would tear the connection down, FIN would begin an orderly shutdown, and SYN would be rejected because a connection is already established. Therefore, a packet with ACK (often together with PSH) is required to inject data without terminating or resetting the session.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TCP sequence number prediction and why is it important in session hijacking?
Open an interactive chat with Bash
What does the ACK and PSH flag do in a TCP packet, and why are they used together for injecting data?
Open an interactive chat with Bash
Why are RST, FIN, and SYN flags unsuitable for injecting data into an established TCP session?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .