114 Chapter 5 ■ Scanning Networks
To perform an Xmas tree scan with Nmap, enter the following at the command line:NMAP –sX –v <target IP address>Current versions of Windows (typically Windows XP or later) do not
respond to this type of attack.FIN Scan
In this type of scan, the attacker sends frames to the victim with the FIN flag set. The result
is somewhat similar to what happens in a Xmas tree scan. The victim’s response depends
on whether the port is open or closed. Much like the Xmas tree scan, if an FIN is sent to an
open port there is no response, but if the port is closed the victim returns an RST. Figure
5.4 illustrates this process.FIGURE 5.4 An FIN scan against a closed port and an open portRSTFIN + Port
Host A Host BAn FIN scan in Nmap can be performed by issuing the following command:NMAP –sF <target IP address>NULL Scan
In this type of scan, the attacker sends frames to the victim with no flag set. The result
is somewhat similar to what happens in an FIN scan. The victim’s response depends on
whether the port is open or closed. Much like the FIN and Xmas tree scans, if no flags are
set on a frame that is sent to an open port there is no response, but if the port is closed, the
victim returns an RST. Figure 5.5 illustrates this process.FIGURE 5.5 A NULL scan against a closed and an open portRSTFIN + PortClosedHost A Host BOpenFIN + Port
Host A Host B