A NULL scan is a type of TCP scan where no TCP flags are set in the packet. This unconventional packet is used to evade firewalls and intrusion detection systems and to determine the state of a port based on the response.

Behavior:

Open port → No response

Closed port → RST (Reset)

From CEH v13 Courseware:

Module 3: Scanning Networks

Topic: TCP Flag Scanning Methods

CEH v13 Study Guide states:

“A NULL scan sends a TCP packet with all flags turned off. The system’s response (or lack thereof) allows the attacker to infer whether a port is open or closed, especially on UNIX-based systems.”

Incorrect Options:

B: Vague and inaccurate

C: Refers to Xmas scan (URG, PSH, FIN)

D/E: Irrelevant to TCP flags