Which Nmap scan type sends TCP packets with no flags set?

  1. FIN scan (-sF)
  2. Xmas scan (-sX)
  3. SYN scan (-sS)
  4. Null scan (-sN) ✓

Correct answer: Null scan (-sN)

Option D is correct because a null scan, invoked with the -sN flag in Nmap, sends TCP packets with no flags set at all in the TCP header, exploiting RFC 793 behavior where closed ports should respond with a RST packet while open or filtered ports do not respond, allowing stealthy port inference. Option A is incorrect because a FIN scan (-sF) sends packets with only the TCP FIN flag set, not with all flags cleared. Option B is incorrect because an Xmas scan (-sX) sends packets with the FIN, PSH, and URG flags all set simultaneously, giving it a lit-up appearance like a Christmas tree. Option C is incorrect because a SYN scan (-sS) sends TCP packets with only the SYN flag set to initiate a half-open connection, which is a different technique used for stealthy but complete port state determination.

Topic: · nmap, null scan, tcp flags, port scanning

Practice CompTIA PenTest+ (PT0-002) Questions Free