Packet fragmentation involves splitting a single TCP/IP packet into smaller pieces before transmission.
| Scan Type | Flag Combination | Evasion Mechanism | |-----------|-----------------|--------------------| | ( -sN ) | All flags = 0 | Invalid packet; stateless filters missing SYN flag drop it; closed ports reply with RST, open/filtered ports remain silent | | FIN Scan ( -sF ) | FIN flag only | Mimics connection teardown without session; evades non-stateful firewalls that don't track FIN semantics | | Xmas Scan ( -sX ) | FIN, PSH, URG all set | Like Null/FIN scans, ideal for evading older IDS signatures that detect only SYN-based scans | | ACK Scan ( -sA ) | ACK only | Maps firewall rulesets by determining which ports are filtered vs. unfiltered; can't determine open/closed | closed ports reply with RST
Using non-standard protocols or abnormal packet crafting that the operating system will accept but the IDS will not recognize as malicious. closed ports reply with RST