Which scanning technique involves using flags that signal the different states of a connection?

The scanning technique that involves using flags to signal the different states of a connection is known as Xmas scanning. This method sends a TCP packet with the FIN, PSH, and URG flags set, effectively turning the packet into a sort of "Christmas tree." The name comes from the idea that the combination of these flags makes the packet light up in the way a Christmas tree would.

When a host receives this type of packet, its response can reveal information about its operating system and the state of its ports. For instance, if a closed port receives this packet, it typically responds with a RST (reset) packet, while an open port might not respond at all. This behavior helps the scanner infer whether a port is open or closed based on the types of responses received.

The other scanning techniques mentioned involve different methodologies. Passive scanning involves monitoring traffic without actively probing, which does not utilize connection flags in this way. Network discovery scanning is about identifying devices in a network but does not specifically use flag manipulation for state indication. TCP ACK scanning uses the ACK flag to identify open ports or determine the state of a firewall, but it's not characterized by the same complex flag combination as Xmas scanning. Therefore, Xmas scanning is the technique that most directly fits the