Nmap Xmas Scan
Explore how to perform the Nmap Xmas scan that uses FIN, PSH, and URG TCP flags to identify open ports. Understand how to run custom scans by altering TCP headers, enabling stealthy and flexible network probing to avoid detection by firewalls.
We'll cover the following...
In this lesson, we’ll look at the Xmas scan in detail. We’ll also learn how to use custom TCP headers to create more flexible scan types.
What is Nmap’s Xmas scan?
The Nmap Xmas scan is a type of network scan that we can use to identify open TCP ports on a target host. This scan sets the FIN, PSH, and URG flags in the TCP header, which is why we call it a Christmas scan; the flags resemble the lights on a Christmas tree.
We use the -sX flag to perform an Xmas scan. Here’s an example.
nmap -sX scanme.nmap.org
This will send a series of TCP packets to the target host with the FIN, PSH, and URG flags set. If the host responds with an RST packet, it means that the port is ...