tcpconnect Scan : TCP full connection scan. Using the Connect () function provided by the system to connect to the target port, if the target port is listening to this port, then the Connect () function will be successfully returned, otherwise, the change port is inaccessible. To determine the status of a target port through a full TCP three handshake (also known as a TCP connection)
Tcpsyn Scan : Semi-open scan. First, the client sends a SYN packet (the first handshake of the TCP connection) to the port to be scanned, and then waits for the syn/ack reply returned by the server (the second handshake of the TCP connection), and if the syn/ack answer is received, the port is in the listening state; if you receive rst/ The ACK (reset connection) is considered to be out of the listening state or rejected by the firewall, and if nothing is received, it is discarded directly by the firewall. The client sends a RST/ACK packet to the port regardless of what grouping it receives, so that no full TCP connection is established, but the client knows if the port is open and the scan does not generate a connection log on the target system.
tcpfin Scan : The client first sends a FIN packet (end connection) to the destination port, and according to RFC793, if the target port is a closed port, then a RST packet will be returned and the request will be ignored if it is an open port.
PS: Valid only for TCP/IP protocol stacks for UNIX
tcpack Scan : This scan is not able to determine whether the target port is open. First, the client sends an ACK directly to the server, and the target port, whether open or not, returns a RST packet, so it is not possible to determine whether the port is open. However, this method can be used to judge the design of firewall configuration and rules, and to test the effectiveness of security policies.
tcpwindows Scan : TCP window Size reporting is irregular and detects open and filtered/unfiltered ports on AIX and FreeBSD systems
Tcpxmas Tree Scans : The client sends Urg to the target port at the same time (indicates that the data is urgent and should be processed immediately), PUSH (force the data into the buffer), the FIN (used at the end of the TCP session), and since these three flags cannot be set at the same time, So it can be used to determine if the port is open, and if the target port is open, the packet will be discarded and nothing will return, and if the target port is open, a RST group is returned.
PS: The same is the use of the RFC793 regulation, only for UNIX-based systems effective
tcpnull Scan : The client sends a TCP packet with no flag bit to the target host, and if the target port is closed, a RST packet is returned, and if the target port is open, nothing is returned, and the packet is discarded directly.
PS: It is also valid only for the Unix-based hosts complying with the RFC793, and the Windows host will return the RST flag regardless of whether it is closed, which can be used to determine the target operating system
TCPRPC scan : Primarily used to identify remote procedure call (RPC) ports and associated programs and version numbers
UDP scan : sends a UDP packet to the destination port, and if the destination port returns an ICMP response unreachable by an ICMP port, the port is closed; if there is no response (it is discarded directly) it is considered open
PS: Due to the connectionless reliability of UDP, the scanning accuracy is disturbed by the outside. In addition, the speed of the scan is slow because the RFC1812 limits the speed at which ICMP error messages are generated