TCP SYN scan
if response is:
1. TCP SYN/ACK------- port is open
if scanner does a half-connect scan /stealth scan will reply to SYN/ACK with a RST ( half-connect)
if scanner does a full scan, it will complete the 3-way handshake but no data will be sent
2. TCP RST, RST/ACK------- port is closed
3. no response------ packet loss
TCP FIN scan
if response is:
1. no response--- port might be open
2. TCP RST ----- port is closed
3. ICMP Destination Unreachable/ code 1,2,3,9,10 or 13 ------port firewalled
TCP X-mas scan ( FIN, URG, PUSH are set)
if response is:
1. no response--- port might be open
2. TCP RST ----- port is closed
3. ICMP Destination Unreachable/ code 1,2,3,9,10 or 13 ------port firewalled
if response:
1. no response---- port might be open
2. RST--- port is closed
TCP ACK scan ( ACK set)
if response is:
1. RST---- port might be open or closed
2. no response/ ICMP DU/code 1,2,3,9,10,13--- filtered
TCP Windows scan
is TCP ACK scan + it examines the window setting from RST packet
1. if window is >0 -------- port is open
2. if window=0 --------port is closed
UDP scan
if response is:
1. ICMP Destination Ureachable/Port Unreachable---- service unavailable,port closed
2. ICMP Destination Unreachable/ code 1,2,3,9,10 or 13-------- filtered
3. any other reponse------ port might be open
Sources:
http://en.wikipedia.org/wiki/Port_scanner
http://nmap.org/book/man-port-scanning-techniques.html
http://nerv0.blogspot.com/2014/03/port-scanningadvanced.html
