Q: 10
Which of the following scanning method splits the TCP header into several packets and makes it
difficult for packet filters to detect the purpose of the packet?
Options
Discussion
Option C
C . SYN/FIN scan with IP fragments is the classic way to break up the TCP header so basic filters can't read flag info easily. D doesn't actually split up the TCP header, it just probes IDs. Not 100% but this lines up with what I've seen in CEH practice.
C or D? But I'm going with C here. SYN/FIN scanning using IP fragments actually splits the TCP header, making it tough for basic packet filters to spot the scan's intent. D (IPID scanning) is more about sequence numbers, doesn't really split headers. Correct me if someone knows a recent update.
Guessing D
Kind of a trick question if you ask me, that's D.
Nah, it's not D here, has to be C. Only SYN/FIN scanning with IP fragments actually splits the TCP header up to evade basic packet filters. D's about IPID field, which isn't about header fragmentation.
Its D
Had something like this in a mock, pretty sure it's C. SYN/FIN using IP fragments splits the TCP header so standard packet filters can't see the flags or port right away. Open to corrections if anyone's seen otherwise.
Probably D for this one
D , IPID scanning could sneak past some basic filters since it uses IPID field analysis, not splitting headers but still tricky. Though C’s about fragments, I just think D might fit better for "difficult to detect." Might be off here.
Be respectful. No spam.
