Which scan type involves sending an SCTP COOKIE ECHO chunk to the target, resulting in no response when the port is open?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which scan type involves sending an SCTP COOKIE ECHO chunk to the target, resulting in no response when the port is open?

Explanation:
SCTP COOKIE ECHO scanning takes advantage of how SCTP establishes a connection. In SCTP, a proper association starts with an INIT, the peer responds with INIT ACK containing a cookie, and only then does the client send COOKIE ECHO to prove it owns the cookie. If you send a COOKIE ECHO without having completed that handshake, a listening SCTP port generally won’t generate a reply—so you observe silence when the port is open. This quiet result is what the probe relies on to identify open SCTP ports without triggering a full handshake. This behavior is distinct from a TCP SYN scan, which elicits a SYN-ACK or RST depending on the port state; a UDP ping sweep, which relies on UDP responses or ICMP errors; and an ICMP echo scan, which uses an ICMP echo reply to indicate activity. The silent response pattern for an SCTP COOKIE ECHO probe on an open port is what makes this scan method unique and correct for identifying SCTP-enabled services.

SCTP COOKIE ECHO scanning takes advantage of how SCTP establishes a connection. In SCTP, a proper association starts with an INIT, the peer responds with INIT ACK containing a cookie, and only then does the client send COOKIE ECHO to prove it owns the cookie. If you send a COOKIE ECHO without having completed that handshake, a listening SCTP port generally won’t generate a reply—so you observe silence when the port is open. This quiet result is what the probe relies on to identify open SCTP ports without triggering a full handshake.

This behavior is distinct from a TCP SYN scan, which elicits a SYN-ACK or RST depending on the port state; a UDP ping sweep, which relies on UDP responses or ICMP errors; and an ICMP echo scan, which uses an ICMP echo reply to indicate activity. The silent response pattern for an SCTP COOKIE ECHO probe on an open port is what makes this scan method unique and correct for identifying SCTP-enabled services.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy