A TCP SYN/ACK

No reply at all

A TCP Reset

A TCP FIN

256

1460

4096

1024

-T5, TCP Connect, Xmas and Null scans

OS Fingerprinting, Version Discovery, Trace Roue, Script Scanning

TCP Connect, TCP Stealth, UDP and ICMP Scans

OS Fingerprinting, Vulerabilities and TCP Connect Scans

TCP is a better protocol for testing than ICMP

Not all devices respond to ICMP so Nmap may incorrectly show them as down

ICMP is considered insecure so you need root priveleges to run it

ICMP has no equivalent to the SYN/ACK in TCP

The Stealth Scan is impossible to detect by IDS systems

The TCP Connect Scan will initiate a Client Hello in TLS

The TCP Connect Scan will connect to the application beyond the port

The TCP Connect Scan will finish TCP handshake

tcp.flags.syn==1

tcp.syn==1

tcp.handshake==1

tcp.flags==1

Filtered

Unfiltered

Closed

Available

Open

The IDS blocked the packet

The packet was dropped by the network

The packet was likely filtered by a firewall

The endpoint was too busy to respond

1-8000

0-50000

0-65535

1-1024

It sends several crafted TCP packets to determine how the target TCP stack responds

It fingerprints the OS using starting sequence numbers in the TCP SYN packets

Firewalls will completely block this scan theese days

Nmap uses the IP ID numbers and starting TTL values to fingerprint an OS