CEH exam may ask the differences between nmap scans like; Full-open scan, Half-open scan, Xmas scan, FIN scan and Null scan.
There are many good postings out there written by other experts that fully describe the characteristics of each scan, how they work, how to execute one using port scanning tools like nmap. So, I’m not gonna do the same over again, instead, I’ll just get to the bottom line.. here,
|Name||Also goes by||nmap command||When Port opened||When Port closed|
|Full-Open scan||Three-way handshake||nmap –sT <ip address or range>||Returns ACK||Returns RST|
|Half-Open scan||Stealth or SYN scan||nmap –sS <ip address or range>||No Response||Retruns RST|
|Xmas Tree Scan||–||nmap –sX –v <target IP address>||No Response||Retruns RST|
|FIN Scan||–||nmap –sF <target IP address>||No Response||Retruns RST|
|Null SCan||–||nmap –sN <target IP address>||No Response||Retruns RST|
Memorizing this table would help the ‘ nmap ‘ part of CEH exam. Cheers!