What is the difference between -S (spoof source IP) and --source-port, and when would you use each?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Nmap/ZenMap Switches Test. Prepare with flashcards and multiple choice questions, each question provides hints and explanations. Get ready for your exam!

Multiple Choice

What is the difference between -S (spoof source IP) and --source-port, and when would you use each?

Explanation:
In Nmap, you’re controlling what the probe looks like to the network. The two options change different parts of the packet headers. Spoofing the source IP means the packets are crafted to appear as if they come from a different IP address. This can test how a target’s filters respond to traffic from another origin and can help study IP-based access rules. But you won’t get reliable responses back to you, since replies go to the spoofed address. This technique generally requires elevated privileges and should only be used in a permitted, controlled environment. Setting the source port changes the transport-layer port the probe uses, while leaving the source IP unchanged. This affects how the target and any intermediate devices treat the packet and where responses are directed, which can help with evading simple filters that rely on ports or with matching a expected service context. It does not hide your true origin, it just tweaks the port used on the sending side. Use the spoofed IP to explore how filtering behaves with traffic from another address; use a specific source port to influence filtering decisions and the path of replies, all within an authorized testing scope.

In Nmap, you’re controlling what the probe looks like to the network. The two options change different parts of the packet headers.

Spoofing the source IP means the packets are crafted to appear as if they come from a different IP address. This can test how a target’s filters respond to traffic from another origin and can help study IP-based access rules. But you won’t get reliable responses back to you, since replies go to the spoofed address. This technique generally requires elevated privileges and should only be used in a permitted, controlled environment.

Setting the source port changes the transport-layer port the probe uses, while leaving the source IP unchanged. This affects how the target and any intermediate devices treat the packet and where responses are directed, which can help with evading simple filters that rely on ports or with matching a expected service context. It does not hide your true origin, it just tweaks the port used on the sending side.

Use the spoofed IP to explore how filtering behaves with traffic from another address; use a specific source port to influence filtering decisions and the path of replies, all within an authorized testing scope.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy