A FIN scan is when an attacker sends a packet with only the FIN flag enabled. If an attacker sends the FIN packet to the target, it means the attacker is requesting the connection be terminate but there was no established connection to close. This would confuse the target. If the target does not respond, it means the port is open. If the target replies with an RST packet, the port on the target is closed. The following figure illustrates this process:
A FIN scan detecting a closed and open port
To execute a FIN scan, select FIN from the list in the nmap window in the NetHunter App and enter the target IP address:
FIN scan selection from dropdown