...
NULL, FIN, and Xmas scans are three scan types that involve manipulating TCP header flags. Each of them results in a RST (or ICMP port unreachable) packet from a closed port and no response from an open or filtered port, and they require that the SYN, RST, and ACK bits are not set. NULL scans send packets with no flags set in their headers, while FIN scans have only the FIN bit set. Xmas scan packets, so called because their headers are reminiscent of being "lit up like a Christmas tree," have the FIN, PSH, and URG flag bits turned on.
UDP Scanning
Like TCP scans, UDP scans send a UDP packet to various ports on a target system and evaluate the response to determine availability of the service and the host. Receiving a UDP packet in response indicates that the port is open, while an ICMP port unreachable error response signifies a closed port. If no response is received, the port could either be open or filtered by a firewall or packet filter.
...