We've already covered the two basic scan types that Nmap suggests—TCP connect scans (-sT) and the SYN stealth scan (-sS). These "full" and "half" connection scans will get you through almost any situation, and are absolutely the "go-to" scan types for almost every security professional, system administrator, network engineer, and hobbyist.

However, despite the flexibility that these types of scans can produce, there are occasional reasons to try different flags on packets. For these scans, we will introduce three new scan types: FIN, Xmas Tree, and Null scans.

The driving concept behind running these scans is that a closed port will attempt to reset the connection by issuing a RST (reset) packet, whereas an open port will just ...