Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
EC-Council
nmap
gojericho0
Why is the -sS command during an nmap scan considered stealth? I realize it sends just a syn packet, but can't the recieving computer see the source IP of the syn packet? If not if anyone could diagram what the packet looks like that would be great
Thanks!
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
/usr
Because it sends a SYN, waits for a SYN/ACK, and drops the connection, unlike a Connect scan, which goes through the entire 3 way handshake. A lot of machines/firewalls don't log incomplete sessions, hence it is considered stealth.
You can also spoof your IP in nmap. However, if you don't and someone just happens to be sniffing the traffic, then I would assume you could get an IP, yes. However, if it's not logged, the chances of someone watching at that exact moment are slim.
As far as I know, nmap is not on Security+. You're getting into CEH material.
/usr
Great paper by Fyodor.
http://www.insecure.org/nmap/nmap_doc.html
gojericho0
Thanks for the link it was quite helpful
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
