Read as
Last updated: April 29, 2026
Connections have states: SYN_SENT, ESTABLISHED, FIN_WAIT, TIME_WAIT, CLOSE_WAIT. Each has duration; each leaks information.
Connections have states: SYN_SENT, ESTABLISHED, FIN_WAIT, TIME_WAIT, CLOSE_WAIT. Each has duration; each leaks information.
SYN scans use the half-open state. CLOSE_WAIT exhaustion is a DoS. TIME_WAIT-buildup limits concurrency.
Connection-level information leaks: working set of source ports reveals scan patterns. RTT distribution reveals geographic location. Header field defaults reveal OS.
The mindset: connection-state telemetry is forensic evidence.
🧠
Check your understanding
Module Quiz · 2 questions
Pass with 80%+ to mark this module complete. Unlimited retries. Each question shows an explanation.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants