The types of port connections supported are:
TCP Full Connect. This mode makes a full connection to the target's TCP ports and can save any data or banners returned from the target. This mode is the most accurate for determining TCP services, but it is also easily recognized by Intrusion Detection Systems (IDS).
UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target's UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used, or the target does not return the ICMP message which can lead to false positives. It can save any data or banners returned from the target. This mode is also easily recognized by IDS.
TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation.
TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet to the
target port and listens for the appropriate response. Open ports respond with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is less likely to be noted by IDS, but since the connection is never fully completed, it cannot gather data or banner information. However, the attacker has full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet.
TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. Again, the attacker can have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps with analyzing the response based on the flag settings chosen. Each operating system responds differently to these special combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag settings.

The LM hash is computed as follows.
1.The user's password as an OEM string is converted to uppercase.
2.This password is either null-padded or truncated to 14 bytes.
3.The "fixed-length" password is split into two 7-byte halves.
4.These values are used to create two DES keys, one from each 7-byte half.
5.Each of these keys is used to DES-encrypt the constant ASCII string "KGS!@#$%",
resulting in two 8-byte ciphertext values.
6.These two ciphertext values are concatenated to form a 16-byte value, which is the LM
hash.
The hashes them self are sent in clear text over the network instead of sending the
password in clear text.