The document discusses different techniques for determining if a port is open on a server using the TCP protocol, including ACK, FIN, Maimon, NULL, TCP SYN, TCP Connect, and Window scans. It explains that the TCP protocol has 8 flags in its frame header that can be used to identify the scan type based on which flags packets sent by an attacker set and the response flags set by the victim.

1. There exist many different techniques using the TCP protocol for determining if a port is open on a
server, such as ACK, FIN, Maimon, NULL, TCP SYN, TCP Connect, Window and Christmas Tree
scans. The TCP protocol has 8 flags in its frame header. These flags can be used to identify the scan
type.
Attacker:
Scans
FIN
SYN
connect()
PSH
ACK
URG
ECE
CWR
URG
ECE
CWR
URG
ECE
CWR
1st
SYN
RST
1st
FIN
1st
XMAS
1st
1st
1st
NULL
Maimon
1st
1st
ACK
1st
Window
1st
Victim:
Scans
FIN
SYN
RST
2nd
2nd
2nd
SYN
2nd
2nd
FIN
2nd
XMAS
2nd
NULL
2nd
Maimon
2nd
ACK
2nd
Window
2nd
connect()
Attacker:
Scans
connect()
SYN
FIN
XMAS
NULL
Maimon
ACK
Window
FIN
SYN
RST
PSH
PSH
ACK
ACK
3rd