An analyst is reviewing a packet capture and notices a TCP connection with the following sequence: SYN, SYN-ACK, ACK, SYN, ACK. What does this pattern indicate?
Correct. A second SYN on an established connection indicates an attempt to hijack the session.
Why this answer
After the three-way handshake, a second SYN (from the same source) with the same sequence number suggests a man-in-the-middle (MITM) attack using TCP injection or session hijacking.