During a perimeter evaluation, a penetration tester needs to discover which TCP ports are open on several target hosts while keeping the scan as quiet as possible. The tester decides to send a SYN packet to each port, wait for either a SYN/ACK or RST response, and then immediately send a RST instead of completing the TCP three-way handshake. Which Nmap scanning technique best matches this behavior?
A TCP SYN (half-open) scan sends only the first step of the handshake (SYN) and interprets the target's reply before tearing down the attempt with a RST. This reveals open ports while reducing the chance of being logged. A TCP connect scan completes the entire handshake, making it more visible. A TCP NULL scan sets no flags, using a different RFC loophole and producing "open|filtered" results. TCP/IP stack fingerprinting probes are designed for operating-system identification, not simple port discovery.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a partial session approach in port scanning?
Open an interactive chat with Bash
What is the difference between a partial session approach and a complete handshake approach?
Open an interactive chat with Bash
How does a partial session approach compare to a no-flag approach?