Which scan type involves sending an SCTP COOKIE ECHO chunk to the target, resulting in no response when the port is open?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which scan type involves sending an SCTP COOKIE ECHO chunk to the target, resulting in no response when the port is open?

Explanation:
SCTP COOKIE ECHO scanning takes advantage of how SCTP establishes a connection. In SCTP, a proper association starts with an INIT, the peer responds with INIT ACK containing a cookie, and only then does the client send COOKIE ECHO to prove it owns the cookie. If you send a COOKIE ECHO without having completed that handshake, a listening SCTP port generally won’t generate a reply—so you observe silence when the port is open. This quiet result is what the probe relies on to identify open SCTP ports without triggering a full handshake. This behavior is distinct from a TCP SYN scan, which elicits a SYN-ACK or RST depending on the port state; a UDP ping sweep, which relies on UDP responses or ICMP errors; and an ICMP echo scan, which uses an ICMP echo reply to indicate activity. The silent response pattern for an SCTP COOKIE ECHO probe on an open port is what makes this scan method unique and correct for identifying SCTP-enabled services.

SCTP COOKIE ECHO scanning takes advantage of how SCTP establishes a connection. In SCTP, a proper association starts with an INIT, the peer responds with INIT ACK containing a cookie, and only then does the client send COOKIE ECHO to prove it owns the cookie. If you send a COOKIE ECHO without having completed that handshake, a listening SCTP port generally won’t generate a reply—so you observe silence when the port is open. This quiet result is what the probe relies on to identify open SCTP ports without triggering a full handshake.

This behavior is distinct from a TCP SYN scan, which elicits a SYN-ACK or RST depending on the port state; a UDP ping sweep, which relies on UDP responses or ICMP errors; and an ICMP echo scan, which uses an ICMP echo reply to indicate activity. The silent response pattern for an SCTP COOKIE ECHO probe on an open port is what makes this scan method unique and correct for identifying SCTP-enabled services.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy