Ping scan: Ping scan sends an ICMP echo request to the target and if the response is and ICMP reply, then you can know that target is alive.
TCP half open scan: This is the most common scan type. It is a very quick scan because it doesnt complete the all TCP handshake process. It sends and SYN flag and waits for SYN-ACK but doesnt complete the connection. Connection is not established but you can know that target/port is alive and listening. If you receive a RST packet from target than it means that target is alive but port is not open. If no packet comes from target than you know that target is alive but port is filtered.
TCP connect: Same as half open scan but also we send ACK package back to target. This is slower.
UDP Scan: UDP scans are used to detect DNS, SNMP and DHCP servers. First you send a UDP packet, if you receive ICMP port unreachable error(type 3, code 3) it means that port is closed. Other ICMP port unreachable errors(type 3, code 0,1,2,9,10 or 13) means port is filtered.If a service will respond with a UDP packet, than it means port is open. If there is no reponse than it is accepted as port is filtered. Communication over UDP is unreliable. It doesnt establish connections like TCP does. Or it doesnt have synchronising the packets like TCP does. ALso for this reason UDP scans are very slow.
Stealth Scanning – NULL, FIN, X-MAS: These scans try to get some kind of response from target, without going through the handshaking process.
FIN Scan: FIN scan sends a FIN packet at the beginning. If RST is received, than it means port is closed. If no packets are received at all than it means port is open.
X-MAS Scan: It sends a TCP packet with URG, PUSH and FIN flags. If no packet is recieved it means port is open, if RST is received than it means port is closed. Name is christmas scan because it lights up packet like christmas tree.
NULL Scan: Does not set any flag and send the packet. If there is no response it means port is open, if RST is received than it means port is closed.
