Why would a penetration tester use the nmap -sF command?
- when a TCP SYN scan is detected by a network filter or firewall
- when the tester wants to conclude the scan
- when a TCP SYN scan reports more than one open port
- when the tester needs to time stamp the scan
|
Explanation & Hint: When a network filter or firewall detects a TCP SYN scan, a TCP FIN scan will send a FIN packet to a target port. TCP FIN packets are typically allowed through firewalls and filters.
|