The method described—sending TCP packets with no flags set—is a NULL scan. In TCP header terminology, a NULL packet has all control flags cleared (no SYN, ACK, FIN, RST, PSH, URG). The scanner then interprets the target’s response behavior to infer port state. Traditionally, for many TCP/IP stacks, a closed port responds with RST, while an open port may respond with no reply (silence) because the packet does not correspond to any valid state in the TCP state machine. This behavior can vary by OS and filtering devices, but the defining characteristic is the “no flags” probe.
The scenario also highlights stealth: compared to a TCP connect scan, which completes a full three-way handshake and is easily logged, NULL scans can be less conspicuous because they avoid a normal connection setup. Some intrusion detection systems focus heavily on repeated SYN handshakes or completed connections; unusual flag scans may slip through weak detection, though modern IDS/IPS can still detect them.
Why the other options are incorrect:
TCP Connect Scan (A) uses the operating system’s connect() call to establish a full TCP connection; it is not a “no flags” technique and is generally noisier.
FIN Scan (B) sends packets with the FIN flag set; it is a different “stealth” scan type, but not “no flags.”
ACK Scan (D) sends packets with the ACK flag set and is typically used to map firewall rules (filtered vs unfiltered), not to determine open vs closed ports in the same way, and again it is not “no flags.”
Therefore, the scanning method is C. NULL Scan.
