Some of these scan types can be useful against specific systems, while others are useful in particular network setups. We will cover the following types of port scans:
- Null Scan
- FIN Scan
- Xmas Scan
- Maimon Scan
- ACK Scan
- Window Scan
- Custom Scan
Moreover, we will cover the following:
- Spoofing IP
- Spoofing MAC
- Decoy Scan
- Idle/Zombie Scan
Let’s start with the following three types of scans:
- Null Scan
- FIN Scan
- Xmas Scan
Null Scan
The null scan does not set any flag; all six flag bits are set to zero. You can choose this scan using the -sN option. A TCP packet with no flags set will not trigger any response when it reaches an open port, as shown in the figure below. Therefore, from Nmap’s perspective, a lack of reply in a null scan indicates that either the port is open or a firewall is blocking the packet.
