CEH exam may ask the differences between nmap scans like; Full-open scan, Half-open scan, Xmas scan, FIN scan and Null scan.

There are many good postings out there written by other experts that fully describe the characteristics of each scan, how they work, how to execute one using port scanning tools like nmap. So, I’m not gonna do the same over again, instead, I’ll just get to the bottom line.. here,

 

Name Also goes by nmap command When Port opened When Port closed
Full-Open scan Three-way handshake nmap –sT <ip address or range> Returns ACK Returns RST
Half-Open scan Stealth or SYN scan nmap –sS <ip address or range> No Response Retruns RST
Xmas Tree Scan nmap –sX –v <target IP address> No Response Retruns RST
FIN Scan nmap –sF <target IP address> No Response Retruns RST
Null SCan nmap –sN <target IP address> No Response Retruns RST

 

Memorizing this table would help the ‘ nmap ‘ part of CEH exam. Cheers!

LEAVE A REPLY

Please enter your comment!
Please enter your name here