Which scanning technique involves resetting the TCP connection before completion of the three-way handshake, creating a half-open connection?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which scanning technique involves resetting the TCP connection before completion of the three-way handshake, creating a half-open connection?

Explanation:
The technique tests ports by starting a TCP handshake and then stopping short of completing it. It sends a SYN to the target port, and if the port is open, the target replies with SYN-ACK. Rather than finishing the handshake with an ACK, the scanner immediately sends an RST to tear down the connection. Since the three-way handshake is never completed, no full connection is established—hence the term half-open. This behavior makes the scan stealthier because it leaves less evidence in logs and avoids full session creation. That’s why this approach is described as a stealth scan (half-open). The other scans use different TCP flag patterns and do not rely on interrupting the handshake in this way, so they don’t create a half-open state.

The technique tests ports by starting a TCP handshake and then stopping short of completing it. It sends a SYN to the target port, and if the port is open, the target replies with SYN-ACK. Rather than finishing the handshake with an ACK, the scanner immediately sends an RST to tear down the connection. Since the three-way handshake is never completed, no full connection is established—hence the term half-open. This behavior makes the scan stealthier because it leaves less evidence in logs and avoids full session creation.

That’s why this approach is described as a stealth scan (half-open). The other scans use different TCP flag patterns and do not rely on interrupting the handshake in this way, so they don’t create a half-open state.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy