What is a NULL scan?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

What is a NULL scan?

Explanation:
A NULL scan sends a TCP segment with no flags set at all. The distinctive feature is that every TCP flag field is off, so the packet has no control bits to indicate a request. How the target responds helps infer port state: if a port is closed, you’ll typically get a RST in reply; if a port is open, there’s usually no response; if the packet is filtered by a firewall, you may also see no reply. This pattern—no flags in the TCP header—is exactly what “NULL” describes, and that’s why the option stating that all flags are turned off is the correct one. The other options describe different scan methods (ICMP-based ping scanning, or scans that use a mix of TCP flags), which are not NULL scans.

A NULL scan sends a TCP segment with no flags set at all. The distinctive feature is that every TCP flag field is off, so the packet has no control bits to indicate a request. How the target responds helps infer port state: if a port is closed, you’ll typically get a RST in reply; if a port is open, there’s usually no response; if the packet is filtered by a firewall, you may also see no reply. This pattern—no flags in the TCP header—is exactly what “NULL” describes, and that’s why the option stating that all flags are turned off is the correct one. The other options describe different scan methods (ICMP-based ping scanning, or scans that use a mix of TCP flags), which are not NULL scans.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy