TCP Xmas Tree Scan: Which scan sends the FIN, PSH, and URG flags to resemble a Christmas tree?

The idea being tested is how a TCP Xmas Tree scan works. This scan sends a packet with FIN, PSH, and URG flags all set, which creates a pattern in the TCP header that researchers liken to a lit Christmas tree. In Nmap this behavior is invoked with the -sX switch. The reason this is the best answer is that the -sX option is specifically designed to perform the Xmas Tree scan, relying on the way different TCP stacks respond to such a unusual flag combination to infer port state. Typically, a closed port will respond with a RST, while an open or filtered port often yields no response, helping differentiate states without completing a full handshake. Other scan types use different flag sets or methods—NULL scan (no flags), ACK scan, and Idle scan—so they don’t produce the characteristic FIN/PSH/URG pattern associated with the Xmas Tree approach.