Also called half-open / stealth scan Sends a SYN packet, the first step in the TCP three-way handshake
- Nmap sends a SYN Packet
- Target responds with:
- SYN/ACK: the port is OPEN
- RST: the port is CLOSED
- Nothing: the port is FILTERED
- If received SYN/ACK, Nmap sends a RST packet to close the connection (opt)
Sends a packet with no flags set (unusual for TCP packets)
- Nmap sends a NULL Packet (no flags)
- Target responds with:
- RST: the port is CLOSED
- Nothing: the port is OPEN or FILTERED
Sends a packet with the ACK flag set, simulating an already established connection. Used to map out firewall rulesets, determining whether ports are filtered (stateful forewalls) or unfiltered. Used to check filtering status.
- Nmap sends a ACK Packet
- Target responds with:
- RST: the port is UNFILTERED
- Nothing: the port is FILTERED
Sends a packet with the FIN flag set, typically used to gracefully end a connection.
- Nmap sends a FIN Packet
- Target responds with:
- RST: the port is CLOSED
- Nothing: the port is OPEN or FILTERED
Sends an unusual packet. Called XMAS because of its look.
- Nmap sends a FIN, PSH, URG Packet
- Target responds with:
- RST: the port is CLOSED
- Nothing: the port is OPEN or FILTERED
Sends an UDP packet.
- Nmap sends a UDP Packet
- Target responds with:
- ICMP Port Unreachable message: the port is CLOSED
- Nothing: the port is OPEN or FILTERED
- UDP Response: the port is OPEN and a service responds